Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

Issue 10837178: Seccomp: always call setSandboxPolicy in unittest. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <ostream> 5 #include <ostream>
6 6
7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
8 #include "sandbox/linux/seccomp-bpf/verifier.h" 8 #include "sandbox/linux/seccomp-bpf/verifier.h"
9 #include "testing/gtest/include/gtest/gtest.h" 9 #include "testing/gtest/include/gtest/gtest.h"
10 10
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
68 Sandbox::STATUS_AVAILABLE) { 68 Sandbox::STATUS_AVAILABLE) {
69 ExitGroup(1); 69 ExitGroup(1);
70 } 70 }
71 Sandbox::setProcFd(proc_fd); 71 Sandbox::setProcFd(proc_fd);
72 Sandbox::setSandboxPolicy(evaluator, NULL); 72 Sandbox::setSandboxPolicy(evaluator, NULL);
73 Sandbox::startSandbox(); 73 Sandbox::startSandbox();
74 } 74 }
75 75
76 void RunInSandbox(Sandbox::EvaluateSyscall evaluator, 76 void RunInSandbox(Sandbox::EvaluateSyscall evaluator,
77 void (*SandboxedCode)()) { 77 void (*SandboxedCode)()) {
78 // TODO(jln): Implement IsEqual for ErrorCode 78 // TODO(markus): Implement IsEqual for ErrorCode
79 // IsEqual(evaluator(__NR_exit_group), Sandbox::SB_ALLOWED) << 79 // IsEqual(evaluator(__NR_exit_group), Sandbox::SB_ALLOWED) <<
80 // "You need to always allow exit_group() in your test policy"; 80 // "You need to always allow exit_group() in your test policy";
81 StartSandboxOrDie(evaluator); 81 StartSandboxOrDie(evaluator);
82 // TODO(jln): find a way to use the testing framework inside 82 // TODO(jln): find a way to use the testing framework inside
83 // SandboxedCode() or at the very least to surface errors 83 // SandboxedCode() or at the very least to surface errors
84 SandboxedCode(); 84 SandboxedCode();
85 // SandboxedCode() should have exited, this is a failure 85 // SandboxedCode() should have exited, this is a failure
86 ExitGroup(1); 86 ExitGroup(1);
87 } 87 }
88 88
89 // evaluator should always allow ExitGroup 89 // evaluator should always allow ExitGroup
90 // SandboxedCode should ExitGroup(kExpectedReturnValue) if and only if 90 // SandboxedCode should ExitGroup(kExpectedReturnValue) if and only if
91 // things go as expected. 91 // things go as expected.
92 void TryPolicyInProcess(Sandbox::EvaluateSyscall evaluator, 92 void TryPolicyInProcess(Sandbox::EvaluateSyscall evaluator,
93 void (*SandboxedCode)()) { 93 void (*SandboxedCode)()) {
94 // TODO(jln) figure out a way to surface whether we're actually testing 94 // TODO(jln) figure out a way to surface whether we're actually testing
95 // something or not. 95 // something or not.
96 if (Sandbox::supportsSeccompSandbox(-1) == Sandbox::STATUS_AVAILABLE) { 96 if (Sandbox::supportsSeccompSandbox(-1) == Sandbox::STATUS_AVAILABLE) {
97 EXPECT_EXIT(RunInSandbox(evaluator, SandboxedCode), 97 EXPECT_EXIT(RunInSandbox(evaluator, SandboxedCode),
98 ::testing::ExitedWithCode(kExpectedReturnValue), 98 ::testing::ExitedWithCode(kExpectedReturnValue),
99 ""); 99 "");
100 } else {
101 // The sandbox is not available. We should still try to exercise what we
102 // can.
103 // TODO(markus): (crbug.com/141545) let us call the compiler from here.
104 Sandbox::setSandboxPolicy(evaluator, NULL);
100 } 105 }
101 } 106 }
102 107
103 // A simple blacklist test 108 // A simple blacklist test
104 109
105 Sandbox::ErrorCode BlacklistNanosleepPolicy(int sysno) { 110 Sandbox::ErrorCode BlacklistNanosleepPolicy(int sysno) {
106 if (sysno < static_cast<int>(MIN_SYSCALL) || 111 if (sysno < static_cast<int>(MIN_SYSCALL) ||
107 sysno > static_cast<int>(MAX_SYSCALL)) { 112 sysno > static_cast<int>(MAX_SYSCALL)) {
108 // FIXME: we should really not have to do that in a trivial policy 113 // FIXME: we should really not have to do that in a trivial policy
109 return ENOSYS; 114 return ENOSYS;
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
261 } 266 }
262 } 267 }
263 ExitGroup(kExpectedReturnValue); 268 ExitGroup(kExpectedReturnValue);
264 } 269 }
265 270
266 TEST(SandboxBpf, SyntheticPolicy) { 271 TEST(SandboxBpf, SyntheticPolicy) {
267 TryPolicyInProcess(SyntheticPolicy, SyntheticProcess); 272 TryPolicyInProcess(SyntheticPolicy, SyntheticProcess);
268 } 273 }
269 274
270 } // namespace 275 } // namespace
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698