sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc - Issue 11096012: Add a platform-specific syscall number iterator.

Side by Side Diff: sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

Issue 11096012: Add a platform-specific syscall number iterator. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Rename #define's and extract ARM private syscall logic. Created 8 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« sandbox/linux/seccomp-bpf/sandbox_bpf.cc ('K') | « sandbox/linux/seccomp-bpf/sandbox_bpf.cc ('k') | sandbox/linux/seccomp-bpf/syscall_iterator.h » ('j') | sandbox/linux/seccomp-bpf/syscall_iterator.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <ostream>	5 #include <ostream>

6	6

7 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"	7 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"

8 #include "sandbox/linux/seccomp-bpf/verifier.h"	8 #include "sandbox/linux/seccomp-bpf/verifier.h"

9 #include "testing/gtest/include/gtest/gtest.h"	9 #include "testing/gtest/include/gtest/gtest.h"

10	10

(...skipping 28 matching lines...) Expand all Loading...
39 }	39 }

40	40

41 // A simple blacklist test	41 // A simple blacklist test

42	42

43 ErrorCode BlacklistNanosleepPolicy(int sysno) {	43 ErrorCode BlacklistNanosleepPolicy(int sysno) {

44 if (sysno < static_cast<int>(MIN_SYSCALL) \|\|	44 if (sysno < static_cast<int>(MIN_SYSCALL) \|\|

45 sysno > static_cast<int>(MAX_SYSCALL)) {	45 sysno > static_cast<int>(MAX_SYSCALL)) {

46 // FIXME: we should really not have to do that in a trivial policy	46 // FIXME: we should really not have to do that in a trivial policy

47 return ErrorCode(ENOSYS);	47 return ErrorCode(ENOSYS);

48 }	48 }

	49 #if defined(__arm__)

	50 if (!Sandbox::isArmPrivateSyscall(sysno)) {
	jln (very slow on Chromium) 2012/10/11 22:42:00 I don't understand why this would work. For instan I don't understand why this would work. For instance, for EACCESS, which is not a private syscall, wouldn't we return ENOSYS ? Asides from that, it's a problem to require every black list-style policy to do something so complex. Instead, export a IsValidSysCallNumber() method in the Sandbox class to take care of what's above and here. Jorge Lucangeli Obes 2012/10/12 17:58:23 Done. Show quoted text On 2012/10/11 22:42:00, Julien Tinnes wrote: > I don't understand why this would work. For instance, for EACCESS, which is not > a private syscall, wouldn't we return ENOSYS ? > > Asides from that, it's a problem to require every black list-style policy to do > something so complex. Instead, export a IsValidSysCallNumber() method in the > Sandbox class to take care of what's above and here. Done.
	51 return ErrorCode(ENOSYS);

	52 }

	53 #endif

49 switch (sysno) {	54 switch (sysno) {

50 case __NR_nanosleep:	55 case __NR_nanosleep:

51 return ErrorCode(EACCES);	56 return ErrorCode(EACCES);

52 default:	57 default:

53 return ErrorCode(ErrorCode::ERR_ALLOWED);	58 return ErrorCode(ErrorCode::ERR_ALLOWED);

54 }	59 }

55 }	60 }

56	61

57 BPF_TEST(SandboxBpf, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) {	62 BPF_TEST(SandboxBpf, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) {

58 // nanosleep() should be denied	63 // nanosleep() should be denied

(...skipping 39 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
98 (static_cast<int>(aux)) = kExpectedReturnValue;	103 (static_cast<int>(aux)) = kExpectedReturnValue;

99 return -ENOMEM;	104 return -ENOMEM;

100 }	105 }

101	106

102 ErrorCode BlacklistNanosleepPolicySigsys(int sysno) {	107 ErrorCode BlacklistNanosleepPolicySigsys(int sysno) {

103 if (sysno < static_cast<int>(MIN_SYSCALL) \|\|	108 if (sysno < static_cast<int>(MIN_SYSCALL) \|\|

104 sysno > static_cast<int>(MAX_SYSCALL)) {	109 sysno > static_cast<int>(MAX_SYSCALL)) {

105 // FIXME: we should really not have to do that in a trivial policy	110 // FIXME: we should really not have to do that in a trivial policy

106 return ErrorCode(ENOSYS);	111 return ErrorCode(ENOSYS);

107 }	112 }

	113 #if defined(__arm__)

	114 if (!Sandbox::isArmPrivateSyscall(sysno)) {

	115 return ErrorCode(ENOSYS);

	116 }

	117 #endif

108 switch (sysno) {	118 switch (sysno) {

109 case __NR_nanosleep:	119 case __NR_nanosleep:

110 return Sandbox::Trap(EnomemHandler,	120 return Sandbox::Trap(EnomemHandler,

111 static_cast<void *>(&BlacklistNanosleepPolicySigsysAuxData));	121 static_cast<void *>(&BlacklistNanosleepPolicySigsysAuxData));

112 default:	122 default:

113 return ErrorCode(ErrorCode::ERR_ALLOWED);	123 return ErrorCode(ErrorCode::ERR_ALLOWED);

114 }	124 }

115 }	125 }

116	126

117 BPF_TEST(SandboxBpf, BasicBlacklistWithSigsys,	127 BPF_TEST(SandboxBpf, BasicBlacklistWithSigsys,

(...skipping 54 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
172 }	182 }

173 }	183 }

174	184

175 BPF_TEST(SandboxBpf, SyntheticPolicy, SyntheticPolicy) {	185 BPF_TEST(SandboxBpf, SyntheticPolicy, SyntheticPolicy) {

176 // Ensure that that kExpectedReturnValue + syscallnumber + 1 does not int	186 // Ensure that that kExpectedReturnValue + syscallnumber + 1 does not int

177 // overflow.	187 // overflow.

178 BPF_ASSERT(	188 BPF_ASSERT(

179 std::numeric_limits<int>::max() - kExpectedReturnValue - 1 >=	189 std::numeric_limits<int>::max() - kExpectedReturnValue - 1 >=

180 static_cast<int>(MAX_SYSCALL));	190 static_cast<int>(MAX_SYSCALL));

181	191

182 // TODO(jorgelo): remove this limit once crbug.com/141694 is fixed.	192 // TODO(jorgelo): remove this limit once crbug.com/141694 is fixed.
	jln (very slow on Chromium) 2012/10/11 22:42:00 Do you want to go over this now? Do you want to go over this now? Jorge Lucangeli Obes 2012/10/12 17:58:23 This will still need the new compiler. We're still Show quoted text On 2012/10/11 22:42:00, Julien Tinnes wrote: > Do you want to go over this now? This will still need the new compiler. We're still blowing up the jumptable.
183 #if defined(__arm__)	193 #if defined(__arm__)

184 const int sysno_ceiling = kArmPublicSysnoCeiling;	194 const int sysno_ceiling = kArmPublicSysnoCeiling;

185 #else	195 #else

186 const int sysno_ceiling = static_cast<int>(MAX_SYSCALL);	196 const int sysno_ceiling = static_cast<int>(MAX_SYSCALL);

187 #endif	197 #endif

188	198

189 for (int syscall_number = static_cast<int>(MIN_SYSCALL);	199 for (int syscall_number = static_cast<int>(MIN_SYSCALL);

190 syscall_number <= sysno_ceiling;	200 syscall_number <= sysno_ceiling;

191 ++syscall_number) {	201 ++syscall_number) {

192 if (syscall_number == __NR_exit_group \|\|	202 if (syscall_number == __NR_exit_group \|\|

193 syscall_number == __NR_write) {	203 syscall_number == __NR_write) {

194 // exit_group() is special	204 // exit_group() is special

195 continue;	205 continue;

196 }	206 }

197 errno = 0;	207 errno = 0;

198 BPF_ASSERT(syscall(syscall_number) == -1);	208 BPF_ASSERT(syscall(syscall_number) == -1);

199 BPF_ASSERT(errno == SysnoToRandomErrno(syscall_number));	209 BPF_ASSERT(errno == SysnoToRandomErrno(syscall_number));

200 }	210 }

201 }	211 }

202	212

203 } // namespace	213 } // namespace

OLD	NEW