| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ |
| 7 | 7 |
| 8 #include "sandbox/linux/tests/unit_tests.h" | 8 #include "sandbox/linux/tests/unit_tests.h" |
| 9 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 9 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 10 | 10 |
| 11 | 11 |
| 12 namespace sandbox { | 12 namespace sandbox { |
| 13 | 13 |
| 14 // A BPF_DEATH_TEST is just the same as a BPF_TEST, but it assumes that the |
| 15 // test will fail with a particular known error condition. Use the DEATH_XXX() |
| 16 // macros from unit_tests.h to specify the expected error condition. |
| 17 #define BPF_DEATH_TEST(test_case_name, test_name, death, policy, aux...) \ |
| 18 void BPF_TEST_##test_name(sandbox::BpfTests<aux>::AuxType& BPF_AUX); \ |
| 19 TEST(test_case_name, test_name) { \ |
| 20 sandbox::BpfTests<aux>::TestArgs arg(BPF_TEST_##test_name, policy); \ |
| 21 sandbox::BpfTests<aux>::RunTestInProcess( \ |
| 22 sandbox::BpfTests<aux>::TestWrapper, &arg, \ |
| 23 death); \ |
| 24 } \ |
| 25 void BPF_TEST_##test_name(sandbox::BpfTests<aux>::AuxType& BPF_AUX) |
| 26 |
| 14 // BPF_TEST() is a special version of SANDBOX_TEST(). It turns into a no-op, | 27 // BPF_TEST() is a special version of SANDBOX_TEST(). It turns into a no-op, |
| 15 // if the host does not have kernel support for running BPF filters. | 28 // if the host does not have kernel support for running BPF filters. |
| 16 // Also, it takes advantage of the Die class to avoid calling LOG(FATAL), from | 29 // Also, it takes advantage of the Die class to avoid calling LOG(FATAL), from |
| 17 // inside our tests, as we don't need or even want all the error handling that | 30 // inside our tests, as we don't need or even want all the error handling that |
| 18 // LOG(FATAL) would do. | 31 // LOG(FATAL) would do. |
| 19 // BPF_TEST() takes a C++ data type as an optional fourth parameter. If | 32 // BPF_TEST() takes a C++ data type as an optional fourth parameter. If |
| 20 // present, this sets up a variable that can be accessed as "BPF_AUX". This | 33 // present, this sets up a variable that can be accessed as "BPF_AUX". This |
| 21 // variable will be passed as an argument to the "policy" function. Policies | 34 // variable will be passed as an argument to the "policy" function. Policies |
| 22 // would typically use it as an argument to Sandbox::Trap(), if they want to | 35 // would typically use it as an argument to Sandbox::Trap(), if they want to |
| 23 // communicate data between the BPF_TEST() and a Trap() function. | 36 // communicate data between the BPF_TEST() and a Trap() function. |
| 24 #define BPF_TEST(test_case_name, test_name, policy, aux...) \ | 37 #define BPF_TEST(test_case_name, test_name, policy, aux...) \ |
| 25 void BPF_TEST_##test_name(sandbox::BpfTests<aux>::AuxType& BPF_AUX); \ | 38 BPF_DEATH_TEST(test_case_name, test_name, DEATH_SUCCESS(), policy, aux) |
| 26 TEST(test_case_name, test_name) { \ | 39 |
| 27 sandbox::BpfTests<aux>::TestArgs arg(BPF_TEST_##test_name, policy); \ | |
| 28 sandbox::BpfTests<aux>::RunTestInProcess( \ | |
| 29 sandbox::BpfTests<aux>::TestWrapper, &arg);\ | |
| 30 } \ | |
| 31 void BPF_TEST_##test_name(sandbox::BpfTests<aux>::AuxType& BPF_AUX) | |
| 32 | 40 |
| 33 // Assertions are handled exactly the same as with a normal SANDBOX_TEST() | 41 // Assertions are handled exactly the same as with a normal SANDBOX_TEST() |
| 34 #define BPF_ASSERT SANDBOX_ASSERT | 42 #define BPF_ASSERT SANDBOX_ASSERT |
| 35 | 43 |
| 36 | 44 |
| 37 // The "Aux" type is optional. We use an "empty" type by default, so that if | 45 // The "Aux" type is optional. We use an "empty" type by default, so that if |
| 38 // the caller doesn't provide any type, all the BPF_AUX related data compiles | 46 // the caller doesn't provide any type, all the BPF_AUX related data compiles |
| 39 // to nothing. | 47 // to nothing. |
| 40 template<class Aux = int[0]> | 48 template<class Aux = int[0]> |
| 41 class BpfTests : public UnitTests { | 49 class BpfTests : public UnitTests { |
| (...skipping 15 matching lines...) Expand all Loading... |
| 57 friend class BpfTests; | 65 friend class BpfTests; |
| 58 | 66 |
| 59 void (*test_)(AuxType&); | 67 void (*test_)(AuxType&); |
| 60 playground2::Sandbox::EvaluateSyscall policy_; | 68 playground2::Sandbox::EvaluateSyscall policy_; |
| 61 AuxType aux_; | 69 AuxType aux_; |
| 62 }; | 70 }; |
| 63 | 71 |
| 64 static void TestWrapper(void *void_arg) { | 72 static void TestWrapper(void *void_arg) { |
| 65 TestArgs *arg = reinterpret_cast<TestArgs *>(void_arg); | 73 TestArgs *arg = reinterpret_cast<TestArgs *>(void_arg); |
| 66 playground2::Die::EnableSimpleExit(); | 74 playground2::Die::EnableSimpleExit(); |
| 67 if (playground2::Sandbox::supportsSeccompSandbox(-1) == | 75 if (playground2::Sandbox::SupportsSeccompSandbox(-1) == |
| 68 playground2::Sandbox::STATUS_AVAILABLE) { | 76 playground2::Sandbox::STATUS_AVAILABLE) { |
| 69 // Ensure the the sandbox is actually available at this time | 77 // Ensure the the sandbox is actually available at this time |
| 70 int proc_fd; | 78 int proc_fd; |
| 71 BPF_ASSERT((proc_fd = open("/proc", O_RDONLY|O_DIRECTORY)) >= 0); | 79 BPF_ASSERT((proc_fd = open("/proc", O_RDONLY|O_DIRECTORY)) >= 0); |
| 72 BPF_ASSERT(playground2::Sandbox::supportsSeccompSandbox(proc_fd) == | 80 BPF_ASSERT(playground2::Sandbox::SupportsSeccompSandbox(proc_fd) == |
| 73 playground2::Sandbox::STATUS_AVAILABLE); | 81 playground2::Sandbox::STATUS_AVAILABLE); |
| 74 | 82 |
| 75 // Initialize and then start the sandbox with our custom policy | 83 // Initialize and then start the sandbox with our custom policy |
| 76 playground2::Sandbox::setProcFd(proc_fd); | 84 playground2::Sandbox::set_proc_fd(proc_fd); |
| 77 playground2::Sandbox::setSandboxPolicy(arg->policy(), &arg->aux_); | 85 playground2::Sandbox::SetSandboxPolicy(arg->policy(), &arg->aux_); |
| 78 playground2::Sandbox::startSandbox(); | 86 playground2::Sandbox::StartSandbox(); |
| 79 | 87 |
| 80 arg->test()(arg->aux_); | 88 arg->test()(arg->aux_); |
| 81 } else { | 89 } else { |
| 82 // TODO(markus): (crbug.com/141545) Call the compiler and verify the | 90 // TODO(markus): (crbug.com/141545) Call the compiler and verify the |
| 83 // policy. That's the least we can do, if we don't have kernel support. | 91 // policy. That's the least we can do, if we don't have kernel support. |
| 84 playground2::Sandbox::setSandboxPolicy(arg->policy(), NULL); | 92 playground2::Sandbox::SetSandboxPolicy(arg->policy(), NULL); |
| 93 sandbox::UnitTests::IgnoreThisTest(); |
| 85 } | 94 } |
| 86 } | 95 } |
| 87 | 96 |
| 88 private: | 97 private: |
| 89 DISALLOW_IMPLICIT_CONSTRUCTORS(BpfTests); | 98 DISALLOW_IMPLICIT_CONSTRUCTORS(BpfTests); |
| 90 }; | 99 }; |
| 91 | 100 |
| 92 } // namespace | 101 } // namespace |
| 93 | 102 |
| 94 #endif // SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ | 103 #endif // SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11411254:
SECCOMP-BPF: Added supported for inspection system call arguments from BPF filters. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src