| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <asm/unistd.h> | 5 #include <asm/unistd.h> |
| 6 #include <fcntl.h> | 6 #include <fcntl.h> |
| 7 #include <sys/mman.h> | 7 #include <sys/mman.h> |
| 8 #include <unistd.h> | 8 #include <unistd.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void *aux) { | 71 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void *aux) { |
| 72 // |aux| is a pointer to our BPF_AUX. | 72 // |aux| is a pointer to our BPF_AUX. |
| 73 std::vector<uint64_t>* const seen_syscall_args = | 73 std::vector<uint64_t>* const seen_syscall_args = |
| 74 static_cast<std::vector<uint64_t>*>(aux); | 74 static_cast<std::vector<uint64_t>*>(aux); |
| 75 BPF_ASSERT(arraysize(args.args) == 6); | 75 BPF_ASSERT(arraysize(args.args) == 6); |
| 76 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); | 76 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); |
| 77 return -ENOMEM; | 77 return -ENOMEM; |
| 78 } | 78 } |
| 79 | 79 |
| 80 ErrorCode CopyAllArgsOnUnamePolicy(int sysno, void *aux) { | 80 ErrorCode CopyAllArgsOnUnamePolicy(int sysno, void *aux) { |
| 81 if (!Sandbox::isValidSyscallNumber(sysno)) { | 81 if (!Sandbox::IsValidSyscallNumber(sysno)) { |
| 82 return ErrorCode(ENOSYS); | 82 return ErrorCode(ENOSYS); |
| 83 } | 83 } |
| 84 if (sysno == __NR_uname) { | 84 if (sysno == __NR_uname) { |
| 85 return Sandbox::Trap(CopySyscallArgsToAux, aux); | 85 return Sandbox::Trap(CopySyscallArgsToAux, aux); |
| 86 } else { | 86 } else { |
| 87 return ErrorCode(ErrorCode::ERR_ALLOWED); | 87 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 88 } | 88 } |
| 89 } | 89 } |
| 90 | 90 |
| 91 // We are testing SandboxSyscall() by making use of a BPF filter that allows us | 91 // We are testing SandboxSyscall() by making use of a BPF filter that allows us |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 175 EXPECT_EQ(8192, SandboxSyscall(__NR_read, fd, buf, 8192L)); | 175 EXPECT_EQ(8192, SandboxSyscall(__NR_read, fd, buf, 8192L)); |
| 176 EXPECT_EQ(0, memcmp(addr2, buf, 8192)); | 176 EXPECT_EQ(0, memcmp(addr2, buf, 8192)); |
| 177 | 177 |
| 178 // Clean up | 178 // Clean up |
| 179 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); | 179 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); |
| 180 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); | 180 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); |
| 181 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd))); | 181 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd))); |
| 182 } | 182 } |
| 183 | 183 |
| 184 } // namespace | 184 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11411254:
SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src