Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(151)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc

Issue 893993004: Linux sandbox: Provide AssertSingleThreaded() helper (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Use new API. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('j') | sandbox/linux/services/thread_helpers.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <pthread.h> 9 #include <pthread.h>
10 #include <sched.h> 10 #include <sched.h>
(...skipping 25 matching lines...) Expand all
36 #include "sandbox/linux/bpf_dsl/policy.h" 36 #include "sandbox/linux/bpf_dsl/policy.h"
37 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 37 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
38 #include "sandbox/linux/seccomp-bpf/die.h" 38 #include "sandbox/linux/seccomp-bpf/die.h"
39 #include "sandbox/linux/seccomp-bpf/errorcode.h" 39 #include "sandbox/linux/seccomp-bpf/errorcode.h"
40 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" 40 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
41 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 41 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
42 #include "sandbox/linux/seccomp-bpf/syscall.h" 42 #include "sandbox/linux/seccomp-bpf/syscall.h"
43 #include "sandbox/linux/seccomp-bpf/trap.h" 43 #include "sandbox/linux/seccomp-bpf/trap.h"
44 #include "sandbox/linux/services/linux_syscalls.h" 44 #include "sandbox/linux/services/linux_syscalls.h"
45 #include "sandbox/linux/services/syscall_wrappers.h" 45 #include "sandbox/linux/services/syscall_wrappers.h"
46 #include "sandbox/linux/services/thread_helpers.h"
46 #include "sandbox/linux/syscall_broker/broker_file_permission.h" 47 #include "sandbox/linux/syscall_broker/broker_file_permission.h"
47 #include "sandbox/linux/syscall_broker/broker_process.h" 48 #include "sandbox/linux/syscall_broker/broker_process.h"
48 #include "sandbox/linux/tests/scoped_temporary_file.h" 49 #include "sandbox/linux/tests/scoped_temporary_file.h"
49 #include "sandbox/linux/tests/unit_tests.h" 50 #include "sandbox/linux/tests/unit_tests.h"
50 #include "testing/gtest/include/gtest/gtest.h" 51 #include "testing/gtest/include/gtest/gtest.h"
51 52
52 // Workaround for Android's prctl.h file. 53 // Workaround for Android's prctl.h file.
53 #ifndef PR_GET_ENDIAN 54 #ifndef PR_GET_ENDIAN
54 #define PR_GET_ENDIAN 19 55 #define PR_GET_ENDIAN 19
55 #endif 56 #endif
(...skipping 2245 matching lines...) Expand 10 before | Expand all | Expand 10 after
2301 2302
2302 ResultExpr EvaluateSyscall(int sysno) const override { return Allow(); } 2303 ResultExpr EvaluateSyscall(int sysno) const override { return Allow(); }
2303 2304
2304 private: 2305 private:
2305 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy); 2306 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy);
2306 }; 2307 };
2307 2308
2308 SANDBOX_DEATH_TEST( 2309 SANDBOX_DEATH_TEST(
2309 SandboxBPF, 2310 SandboxBPF,
2310 StartMultiThreadedAsSingleThreaded, 2311 StartMultiThreadedAsSingleThreaded,
2311 DEATH_MESSAGE("Cannot start sandbox; process is already multi-threaded")) { 2312 DEATH_MESSAGE(
2313 ThreadHelpers::GetAssertSingleThreadedErrorMessageForTests())) {
2312 base::Thread thread("sandbox.linux.StartMultiThreadedAsSingleThreaded"); 2314 base::Thread thread("sandbox.linux.StartMultiThreadedAsSingleThreaded");
2313 BPF_ASSERT(thread.Start()); 2315 BPF_ASSERT(thread.Start());
2314 2316
2315 SandboxBPF sandbox(new AllowAllPolicy()); 2317 SandboxBPF sandbox(new AllowAllPolicy());
2316 BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED)); 2318 BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED));
2317 } 2319 }
2318 2320
2319 // http://crbug.com/407357 2321 // http://crbug.com/407357
2320 #if !defined(THREAD_SANITIZER) 2322 #if !defined(THREAD_SANITIZER)
2321 SANDBOX_DEATH_TEST( 2323 SANDBOX_DEATH_TEST(
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
2388 BPF_ASSERT_EQ(ENOSYS, errno); 2390 BPF_ASSERT_EQ(ENOSYS, errno);
2389 2391
2390 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); 2392 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300));
2391 BPF_ASSERT_EQ(EPERM, errno); 2393 BPF_ASSERT_EQ(EPERM, errno);
2392 } 2394 }
2393 2395
2394 } // namespace 2396 } // namespace
2395 2397
2396 } // namespace bpf_dsl 2398 } // namespace bpf_dsl
2397 } // namespace sandbox 2399 } // namespace sandbox
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('j') | sandbox/linux/services/thread_helpers.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698