OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <pthread.h> | 9 #include <pthread.h> |
10 #include <sched.h> | 10 #include <sched.h> |
(...skipping 888 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
899 switch (sysno) { | 899 switch (sysno) { |
900 #if defined(__NR_open) | 900 #if defined(__NR_open) |
901 case __NR_open: | 901 case __NR_open: |
902 flags_argument_position = 1; | 902 flags_argument_position = 1; |
903 #endif | 903 #endif |
904 case __NR_openat: { // open can be a wrapper for openat(2). | 904 case __NR_openat: { // open can be a wrapper for openat(2). |
905 if (sysno == __NR_openat) | 905 if (sysno == __NR_openat) |
906 flags_argument_position = 2; | 906 flags_argument_position = 2; |
907 | 907 |
908 // Allow opening files for reading, but don't allow writing. | 908 // Allow opening files for reading, but don't allow writing. |
909 COMPILE_ASSERT(O_RDONLY == 0, O_RDONLY_must_be_all_zero_bits); | 909 static_assert(O_RDONLY == 0, "O_RDONLY must be all zero bits"); |
910 const Arg<int> flags(flags_argument_position); | 910 const Arg<int> flags(flags_argument_position); |
911 return If((flags & O_ACCMODE) != 0, Error(EROFS)).Else(Allow()); | 911 return If((flags & O_ACCMODE) != 0, Error(EROFS)).Else(Allow()); |
912 } | 912 } |
913 case __NR_prctl: { | 913 case __NR_prctl: { |
914 // Allow prctl(PR_SET_DUMPABLE) and prctl(PR_GET_DUMPABLE), but | 914 // Allow prctl(PR_SET_DUMPABLE) and prctl(PR_GET_DUMPABLE), but |
915 // disallow everything else. | 915 // disallow everything else. |
916 const Arg<int> option(0); | 916 const Arg<int> option(0); |
917 return If(option == PR_SET_DUMPABLE || option == PR_GET_DUMPABLE, Allow()) | 917 return If(option == PR_SET_DUMPABLE || option == PR_GET_DUMPABLE, Allow()) |
918 .Else(Error(ENOMEM)); | 918 .Else(Error(ENOMEM)); |
919 } | 919 } |
(...skipping 24 matching lines...) Expand all Loading... |
944 public: | 944 public: |
945 EqualityStressTest() { | 945 EqualityStressTest() { |
946 // We want a deterministic test | 946 // We want a deterministic test |
947 srand(0); | 947 srand(0); |
948 | 948 |
949 // Iterates over system call numbers and builds a random tree of | 949 // Iterates over system call numbers and builds a random tree of |
950 // equality tests. | 950 // equality tests. |
951 // We are actually constructing a graph of ArgValue objects. This | 951 // We are actually constructing a graph of ArgValue objects. This |
952 // graph will later be used to a) compute our sandbox policy, and | 952 // graph will later be used to a) compute our sandbox policy, and |
953 // b) drive the code that verifies the output from the BPF program. | 953 // b) drive the code that verifies the output from the BPF program. |
954 COMPILE_ASSERT( | 954 static_assert( |
955 kNumTestCases < (int)(MAX_PUBLIC_SYSCALL - MIN_SYSCALL - 10), | 955 kNumTestCases < (int)(MAX_PUBLIC_SYSCALL - MIN_SYSCALL - 10), |
956 num_test_cases_must_be_significantly_smaller_than_num_system_calls); | 956 "kNumTestCases must be significantly smaller than the number " |
| 957 "of system calls"); |
957 for (int sysno = MIN_SYSCALL, end = kNumTestCases; sysno < end; ++sysno) { | 958 for (int sysno = MIN_SYSCALL, end = kNumTestCases; sysno < end; ++sysno) { |
958 if (IsReservedSyscall(sysno)) { | 959 if (IsReservedSyscall(sysno)) { |
959 // Skip reserved system calls. This ensures that our test frame | 960 // Skip reserved system calls. This ensures that our test frame |
960 // work isn't impacted by the fact that we are overriding | 961 // work isn't impacted by the fact that we are overriding |
961 // a lot of different system calls. | 962 // a lot of different system calls. |
962 ++end; | 963 ++end; |
963 arg_values_.push_back(NULL); | 964 arg_values_.push_back(NULL); |
964 } else { | 965 } else { |
965 arg_values_.push_back( | 966 arg_values_.push_back( |
966 RandomArgValue(rand() % kMaxArgs, 0, rand() % kMaxArgs)); | 967 RandomArgValue(rand() % kMaxArgs, 0, rand() % kMaxArgs)); |
(...skipping 1420 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2387 BPF_ASSERT_EQ(ENOSYS, errno); | 2388 BPF_ASSERT_EQ(ENOSYS, errno); |
2388 | 2389 |
2389 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); | 2390 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); |
2390 BPF_ASSERT_EQ(EPERM, errno); | 2391 BPF_ASSERT_EQ(EPERM, errno); |
2391 } | 2392 } |
2392 | 2393 |
2393 } // namespace | 2394 } // namespace |
2394 | 2395 |
2395 } // namespace bpf_dsl | 2396 } // namespace bpf_dsl |
2396 } // namespace sandbox | 2397 } // namespace sandbox |
OLD | NEW |