sandbox/linux/seccomp-bpf/syscall_unittest.cc - Issue 11363212: Added support for greylisting of system calls.

Side by Side Diff: sandbox/linux/seccomp-bpf/syscall_unittest.cc

Issue 11363212: Added support for greylisting of system calls. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Addressed reviewer's comments Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
	jln (very slow on Chromium) 2012/11/20 01:08:31 General comment: I think in almost all cases when General comment: I think in almost all cases when you write EXPECT_, you mean ASSERT_ You could either just replace all expect with assert or figure out which should be which, as your prefer.
	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include <asm/unistd.h>

	6 #include <fcntl.h>

	7 #include <sys/mman.h>

	8 #include <unistd.h>

	9

	10 #include "base/eintr_wrapper.h"

	11 #include "sandbox/linux/seccomp-bpf/syscall.h"

	12 #include "sandbox/linux/tests/unit_tests.h"

	13 #include "testing/gtest/include/gtest/gtest.h"

	14

	15 using namespace playground2;

	16

	17 namespace {

	18

	19 // Different platforms use different symbols for the six-argument version

	20 // of the mmap() system call. Test for the correct symbol at compile time.

	21 #ifdef __NR_mmap2
	jln (very slow on Chromium) 2012/11/20 01:08:31 Let's avoid #define when possible. What about havi Let's avoid #define when possible. What about having a const int kMmap6NR instead?
	22 #define __NR_mmap6 __NR_mmap2

	23 #else

	24 #define __NR_mmap6 __NR_mmap

	25 #endif

	26

	27 TEST(Syscall, Syscall) {
	jln (very slow on Chromium) 2012/11/20 01:08:31 Please use a less generic name for the test: "Triv Please use a less generic name for the test: "TrivialOneArgSyscall" or something like this?
	28 // Test that we can do basic system calls

	29 EXPECT_EQ(Syscall(__NR_getpid), syscall(__NR_getpid));

	30

	31 // Test that Syscall(-1) is handled specially. Don't do this on ARM, where

	32 // syscall(-1) crashes with SIGILL. Not running the test is fine, as we

	33 // are still testing ARM code in the next set of tests.

	34 #if !defined(__arm__)

	35 EXPECT_NE(Syscall(-1), syscall(-1));

	36 #endif

	37

	38 // If possible, test that Syscall(-1) returns the address right after a

	39 // kernel entry point.

	40 #if defined(__i386__)

	41 EXPECT_EQ(0x80CDu, ((uint16_t *)Syscall(-1))[-1]); // INT 0x80

	42 #elif defined(__x86_64__)

	43 EXPECT_EQ(0x050Fu, ((uint16_t *)Syscall(-1))[-1]); // SYSCALL

	44 #elif defined(__arm__)

	45 #if defined(__thumb__)

	46 EXPECT_EQ(0xDF00u, ((uint16_t *)Syscall(-1))[-1]); // SWI 0

	47 #else

	48 EXPECT_EQ(0xEF000000u, ((uint32_t *)Syscall(-1))[-1]); // SVC 0

	49 #endif

	50 #else

	51 #warning Incomplete test case; need port for target platform

	52 #endif

	53 }

	54

	55 TEST(Syscall, MMap) {

	56 int fd;

	57 EXPECT_LE(0, fd = Syscall(__NR_open, "/dev/null", O_RDWR, 0L));

	58

	59 // Use mmap() to allocate some read-only memory

	60 char *addr0;

	61 EXPECT_NE((char *)NULL,

	62 addr0 = reinterpret_cast<char *>(

	63 Syscall(__NR_mmap6, (void *)NULL, 4096, PROT_READ,

	64 MAP_PRIVATE\|MAP_ANONYMOUS, fd, 0L)));

	65

	66 // Try to replace the existing mapping with a read-write mapping

	67 char *addr1;

	68 EXPECT_EQ(addr0,

	69 addr1 = reinterpret_cast<char *>(

	70 Syscall(__NR_mmap6, addr0, 4096L, PROT_READ\|PROT_WRITE,

	71 MAP_PRIVATE\|MAP_ANONYMOUS\|MAP_FIXED,

	72 fd, 0L)));

	73 ++*addr1; // This should not seg fault

	74

	75 // Clean up

	76 EXPECT_EQ(0, Syscall(__NR_munmap, addr1, 4096L));

	77 EXPECT_EQ(0, HANDLE_EINTR(Syscall(__NR_close, fd)));

	78

	79 // Check that the offset argument (i.e. the sixth argument) is processed

	80 // correctly.

	81 EXPECT_GE(fd = Syscall(__NR_open, "/proc/self/exe", O_RDONLY, 0L), 0);

	82 char addr2, addr3;

	83 EXPECT_NE((char *)NULL,

	84 addr2 = reinterpret_cast<char *>(

	85 Syscall(__NR_mmap6, (void *)NULL, 8192L, PROT_READ,

	86 MAP_PRIVATE, fd, 0L)));

	87 EXPECT_NE((char *)NULL,

	88 addr3 = reinterpret_cast<char *>(

	89 Syscall(__NR_mmap6, (void *)NULL, 4096L, PROT_READ,

	90 MAP_PRIVATE, fd,

	91 #if defined(__NR_mmap2)

	92 1L

	93 #else

	94 4096L

	95 #endif

	96 )));

	97 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096));

	98

	99 // Just to be absolutely on the safe side, also verify that the file

	100 // contents matches what we are getting from a read() operation.

	101 char buf[8192];

	102 EXPECT_EQ(8192, Syscall(__NR_read, fd, buf, 8192L));

	103 EXPECT_EQ(0, memcmp(addr2, buf, 8192));

	104

	105 // Clean up

	106 EXPECT_EQ(0, Syscall(__NR_munmap, addr2, 8192L));

	107 EXPECT_EQ(0, Syscall(__NR_munmap, addr3, 4096L));

	108 EXPECT_EQ(0, HANDLE_EINTR(Syscall(__NR_close, fd)));

	109 }

	110

	111 } // namespace

OLD	NEW

« sandbox/linux/seccomp-bpf/syscall.h ('K') | « sandbox/linux/seccomp-bpf/syscall.cc ('k') | no next file » | no next file with comments »