Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(246)

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

Issue 761903003: Update from https://crrev.com/306655 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc ('k') | sandbox/linux/services/credentials.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..7e478b592b9f84e2f24bd8c496a61b8a5592baaa
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
@@ -0,0 +1,85 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <iostream>
+
+#include "base/files/scoped_file.h"
+#include "base/posix/eintr_wrapper.h"
+#include "sandbox/linux/tests/unit_tests.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace sandbox {
+namespace {
+
+// NOTE: most tests for the SandboxBPF class are currently in
+// bpf_dsl_more_unittest.cc.
+
+TEST(SandboxBPF, CreateDestroy) {
+ // Give an opportunity to dynamic tools to perform some simple testing.
+ SandboxBPF sandbox(nullptr);
+ SandboxBPF* sandbox_ptr = new SandboxBPF(nullptr);
+ delete sandbox_ptr;
+}
+
+// This test should execute no matter whether we have kernel support. So,
+// we make it a TEST() instead of a BPF_TEST().
+TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) {
+ // We check that we don't crash, but it's ok if the kernel doesn't
+ // support it.
+ bool seccomp_bpf_supported = SandboxBPF::SupportsSeccompSandbox(
+ SandboxBPF::SeccompLevel::SINGLE_THREADED);
+ bool seccomp_bpf_tsync_supported = SandboxBPF::SupportsSeccompSandbox(
+ SandboxBPF::SeccompLevel::MULTI_THREADED);
+ // We want to log whether or not seccomp BPF is actually supported
+ // since actual test coverage depends on it.
+ std::cout << "Seccomp BPF supported (single thread): "
+ << (seccomp_bpf_supported ? "true." : "false.") << "\n";
+ std::cout << "Seccomp BPF supported (multi thread): "
+ << (seccomp_bpf_tsync_supported ? "true." : "false.") << "\n";
+ std::cout << "Pointer size: " << sizeof(void*) << "\n";
+}
+
+SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) {
+ bool single1 = SandboxBPF::SupportsSeccompSandbox(
+ SandboxBPF::SeccompLevel::SINGLE_THREADED);
+ bool single2 = SandboxBPF::SupportsSeccompSandbox(
+ SandboxBPF::SeccompLevel::SINGLE_THREADED);
+ ASSERT_EQ(single1, single2);
+ bool multi1 = SandboxBPF::SupportsSeccompSandbox(
+ SandboxBPF::SeccompLevel::MULTI_THREADED);
+ bool multi2 = SandboxBPF::SupportsSeccompSandbox(
+ SandboxBPF::SeccompLevel::MULTI_THREADED);
+ ASSERT_EQ(multi1, multi2);
+
+ // Multi threaded support implies single threaded support.
+ if (multi1) {
+ ASSERT_TRUE(single1);
+ }
+}
+
+TEST(SandboxBPF, ProcTaskFdDescriptorGetsClosed) {
+ int pipe_fds[2];
+ ASSERT_EQ(0, pipe(pipe_fds));
+ base::ScopedFD read_end(pipe_fds[0]);
+ base::ScopedFD write_end(pipe_fds[1]);
+
+ {
+ SandboxBPF sandbox(nullptr);
+ sandbox.SetProcTaskFd(write_end.Pass());
+ }
+
+ ASSERT_EQ(0, fcntl(read_end.get(), F_SETFL, O_NONBLOCK));
+ char c;
+ // Check that the sandbox closed the write_end (read will EOF instead of
+ // returning EWOULDBLOCK).
+ ASSERT_EQ(0, read(read_end.get(), &c, 1));
+}
+
+} // namespace
+} // sandbox
« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc ('k') | sandbox/linux/services/credentials.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698