Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(405)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc

Issue 821693003: replace COMPILE_ASSERT with static_assert in sandbox/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase on master Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <pthread.h> 9 #include <pthread.h>
10 #include <sched.h> 10 #include <sched.h>
(...skipping 888 matching lines...) Expand 10 before | Expand all | Expand 10 after
899 switch (sysno) { 899 switch (sysno) {
900 #if defined(__NR_open) 900 #if defined(__NR_open)
901 case __NR_open: 901 case __NR_open:
902 flags_argument_position = 1; 902 flags_argument_position = 1;
903 #endif 903 #endif
904 case __NR_openat: { // open can be a wrapper for openat(2). 904 case __NR_openat: { // open can be a wrapper for openat(2).
905 if (sysno == __NR_openat) 905 if (sysno == __NR_openat)
906 flags_argument_position = 2; 906 flags_argument_position = 2;
907 907
908 // Allow opening files for reading, but don't allow writing. 908 // Allow opening files for reading, but don't allow writing.
909 COMPILE_ASSERT(O_RDONLY == 0, O_RDONLY_must_be_all_zero_bits); 909 static_assert(O_RDONLY == 0, "O_RDONLY must be all zero bits");
910 const Arg<int> flags(flags_argument_position); 910 const Arg<int> flags(flags_argument_position);
911 return If((flags & O_ACCMODE) != 0, Error(EROFS)).Else(Allow()); 911 return If((flags & O_ACCMODE) != 0, Error(EROFS)).Else(Allow());
912 } 912 }
913 case __NR_prctl: { 913 case __NR_prctl: {
914 // Allow prctl(PR_SET_DUMPABLE) and prctl(PR_GET_DUMPABLE), but 914 // Allow prctl(PR_SET_DUMPABLE) and prctl(PR_GET_DUMPABLE), but
915 // disallow everything else. 915 // disallow everything else.
916 const Arg<int> option(0); 916 const Arg<int> option(0);
917 return If(option == PR_SET_DUMPABLE || option == PR_GET_DUMPABLE, Allow()) 917 return If(option == PR_SET_DUMPABLE || option == PR_GET_DUMPABLE, Allow())
918 .Else(Error(ENOMEM)); 918 .Else(Error(ENOMEM));
919 } 919 }
(...skipping 24 matching lines...) Expand all
944 public: 944 public:
945 EqualityStressTest() { 945 EqualityStressTest() {
946 // We want a deterministic test 946 // We want a deterministic test
947 srand(0); 947 srand(0);
948 948
949 // Iterates over system call numbers and builds a random tree of 949 // Iterates over system call numbers and builds a random tree of
950 // equality tests. 950 // equality tests.
951 // We are actually constructing a graph of ArgValue objects. This 951 // We are actually constructing a graph of ArgValue objects. This
952 // graph will later be used to a) compute our sandbox policy, and 952 // graph will later be used to a) compute our sandbox policy, and
953 // b) drive the code that verifies the output from the BPF program. 953 // b) drive the code that verifies the output from the BPF program.
954 COMPILE_ASSERT( 954 static_assert(
955 kNumTestCases < (int)(MAX_PUBLIC_SYSCALL - MIN_SYSCALL - 10), 955 kNumTestCases < (int)(MAX_PUBLIC_SYSCALL - MIN_SYSCALL - 10),
956 num_test_cases_must_be_significantly_smaller_than_num_system_calls); 956 "kNumTestCases must be significantly smaller than the number "
957 "of system calls");
957 for (int sysno = MIN_SYSCALL, end = kNumTestCases; sysno < end; ++sysno) { 958 for (int sysno = MIN_SYSCALL, end = kNumTestCases; sysno < end; ++sysno) {
958 if (IsReservedSyscall(sysno)) { 959 if (IsReservedSyscall(sysno)) {
959 // Skip reserved system calls. This ensures that our test frame 960 // Skip reserved system calls. This ensures that our test frame
960 // work isn't impacted by the fact that we are overriding 961 // work isn't impacted by the fact that we are overriding
961 // a lot of different system calls. 962 // a lot of different system calls.
962 ++end; 963 ++end;
963 arg_values_.push_back(NULL); 964 arg_values_.push_back(NULL);
964 } else { 965 } else {
965 arg_values_.push_back( 966 arg_values_.push_back(
966 RandomArgValue(rand() % kMaxArgs, 0, rand() % kMaxArgs)); 967 RandomArgValue(rand() % kMaxArgs, 0, rand() % kMaxArgs));
(...skipping 1420 matching lines...) Expand 10 before | Expand all | Expand 10 after
2387 BPF_ASSERT_EQ(ENOSYS, errno); 2388 BPF_ASSERT_EQ(ENOSYS, errno);
2388 2389
2389 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); 2390 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300));
2390 BPF_ASSERT_EQ(EPERM, errno); 2391 BPF_ASSERT_EQ(EPERM, errno);
2391 } 2392 }
2392 2393
2393 } // namespace 2394 } // namespace
2394 2395
2395 } // namespace bpf_dsl 2396 } // namespace bpf_dsl
2396 } // namespace sandbox 2397 } // namespace sandbox
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698