| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ |
| 7 | 7 |
| 8 #include "sandbox/linux/tests/unit_tests.h" | 8 #include "sandbox/linux/tests/unit_tests.h" |
| 9 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 9 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 10 | 10 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 57 friend class BpfTests; | 57 friend class BpfTests; |
| 58 | 58 |
| 59 void (*test_)(AuxType&); | 59 void (*test_)(AuxType&); |
| 60 playground2::Sandbox::EvaluateSyscall policy_; | 60 playground2::Sandbox::EvaluateSyscall policy_; |
| 61 AuxType aux_; | 61 AuxType aux_; |
| 62 }; | 62 }; |
| 63 | 63 |
| 64 static void TestWrapper(void *void_arg) { | 64 static void TestWrapper(void *void_arg) { |
| 65 TestArgs *arg = reinterpret_cast<TestArgs *>(void_arg); | 65 TestArgs *arg = reinterpret_cast<TestArgs *>(void_arg); |
| 66 playground2::Die::EnableSimpleExit(); | 66 playground2::Die::EnableSimpleExit(); |
| 67 if (playground2::Sandbox::supportsSeccompSandbox(-1) == | 67 if (playground2::Sandbox::SupportsSeccompSandbox(-1) == |
| 68 playground2::Sandbox::STATUS_AVAILABLE) { | 68 playground2::Sandbox::STATUS_AVAILABLE) { |
| 69 // Ensure the the sandbox is actually available at this time | 69 // Ensure the the sandbox is actually available at this time |
| 70 int proc_fd; | 70 int proc_fd; |
| 71 BPF_ASSERT((proc_fd = open("/proc", O_RDONLY|O_DIRECTORY)) >= 0); | 71 BPF_ASSERT((proc_fd = open("/proc", O_RDONLY|O_DIRECTORY)) >= 0); |
| 72 BPF_ASSERT(playground2::Sandbox::supportsSeccompSandbox(proc_fd) == | 72 BPF_ASSERT(playground2::Sandbox::SupportsSeccompSandbox(proc_fd) == |
| 73 playground2::Sandbox::STATUS_AVAILABLE); | 73 playground2::Sandbox::STATUS_AVAILABLE); |
| 74 | 74 |
| 75 // Initialize and then start the sandbox with our custom policy | 75 // Initialize and then start the sandbox with our custom policy |
| 76 playground2::Sandbox::setProcFd(proc_fd); | 76 playground2::Sandbox::SetProcFd(proc_fd); |
| 77 playground2::Sandbox::setSandboxPolicy(arg->policy(), &arg->aux_); | 77 playground2::Sandbox::SetSandboxPolicy(arg->policy(), &arg->aux_); |
| 78 playground2::Sandbox::startSandbox(); | 78 playground2::Sandbox::StartSandbox(); |
| 79 | 79 |
| 80 arg->test()(arg->aux_); | 80 arg->test()(arg->aux_); |
| 81 } else { | 81 } else { |
| 82 // TODO(markus): (crbug.com/141545) Call the compiler and verify the | 82 // TODO(markus): (crbug.com/141545) Call the compiler and verify the |
| 83 // policy. That's the least we can do, if we don't have kernel support. | 83 // policy. That's the least we can do, if we don't have kernel support. |
| 84 playground2::Sandbox::setSandboxPolicy(arg->policy(), NULL); | 84 playground2::Sandbox::SetSandboxPolicy(arg->policy(), NULL); |
| 85 } | 85 } |
| 86 } | 86 } |
| 87 | 87 |
| 88 private: | 88 private: |
| 89 DISALLOW_IMPLICIT_CONSTRUCTORS(BpfTests); | 89 DISALLOW_IMPLICIT_CONSTRUCTORS(BpfTests); |
| 90 }; | 90 }; |
| 91 | 91 |
| 92 } // namespace | 92 } // namespace |
| 93 | 93 |
| 94 #endif // SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ | 94 #endif // SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11411254:
SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src