Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(172)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/syscall_unittest.cc

Issue 11419121: SECCOMP-BPF: Added support for greylisting of system calls. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Simplified sandbox policy in unittest Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp-bpf/syscall.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <asm/unistd.h>
6 #include <fcntl.h>
7 #include <sys/mman.h>
8 #include <unistd.h>
9
10 #include "base/posix/eintr_wrapper.h"
11 #include "sandbox/linux/seccomp-bpf/syscall.h"
12 #include "sandbox/linux/tests/unit_tests.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14
15 using namespace playground2;
16
17 namespace {
18
19 // Different platforms use different symbols for the six-argument version
20 // of the mmap() system call. Test for the correct symbol at compile time.
21 #ifdef __NR_mmap2
22 const int kMMapNr = __NR_mmap2;
23 #else
24 const int kMMapNr = __NR_mmap;
25 #endif
26
27 TEST(Syscall, WellKnownEntryPoint) {
28 // Test that SandboxSyscall(-1) is handled specially. Don't do this on ARM,
29 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we
30 // are still testing ARM code in the next set of tests.
31 #if !defined(__arm__)
32 EXPECT_NE(SandboxSyscall(-1), syscall(-1));
33 #endif
34
35 // If possible, test that SandboxSyscall(-1) returns the address right after
36 // a kernel entry point.
37 #if defined(__i386__)
38 EXPECT_EQ(0x80CDu, ((uint16_t *)SandboxSyscall(-1))[-1]); // INT 0x80
39 #elif defined(__x86_64__)
40 EXPECT_EQ(0x050Fu, ((uint16_t *)SandboxSyscall(-1))[-1]); // SYSCALL
41 #elif defined(__arm__)
42 #if defined(__thumb__)
43 EXPECT_EQ(0xDF00u, ((uint16_t *)SandboxSyscall(-1))[-1]); // SWI 0
44 #else
45 EXPECT_EQ(0xEF000000u, ((uint32_t *)SandboxSyscall(-1))[-1]); // SVC 0
46 #endif
47 #else
48 #warning Incomplete test case; need port for target platform
49 #endif
50 }
51
52 TEST(Syscall, TrivialSyscallNoArgs) {
53 // Test that we can do basic system calls
54 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid));
55 }
56
57 TEST(Syscall, ComplexSyscallSixArgs) {
58 int fd;
59 ASSERT_LE(0, fd = SandboxSyscall(__NR_open, "/dev/null", O_RDWR, 0L));
60
61 // Use mmap() to allocate some read-only memory
62 char *addr0;
63 ASSERT_NE((char *)NULL,
64 addr0 = reinterpret_cast<char *>(
65 SandboxSyscall(kMMapNr, (void *)NULL, 4096, PROT_READ,
66 MAP_PRIVATE|MAP_ANONYMOUS, fd, 0L)));
67
68 // Try to replace the existing mapping with a read-write mapping
69 char *addr1;
70 ASSERT_EQ(addr0,
71 addr1 = reinterpret_cast<char *>(
72 SandboxSyscall(kMMapNr, addr0, 4096L, PROT_READ|PROT_WRITE,
73 MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,
74 fd, 0L)));
75 ++*addr1; // This should not seg fault
76
77 // Clean up
78 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr1, 4096L));
79 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd)));
80
81 // Check that the offset argument (i.e. the sixth argument) is processed
82 // correctly.
83 ASSERT_GE(fd = SandboxSyscall(__NR_open, "/proc/self/exe", O_RDONLY, 0L), 0);
84 char *addr2, *addr3;
85 ASSERT_NE((char *)NULL,
86 addr2 = reinterpret_cast<char *>(
87 SandboxSyscall(kMMapNr, (void *)NULL, 8192L, PROT_READ,
88 MAP_PRIVATE, fd, 0L)));
89 ASSERT_NE((char *)NULL,
90 addr3 = reinterpret_cast<char *>(
91 SandboxSyscall(kMMapNr, (void *)NULL, 4096L, PROT_READ,
92 MAP_PRIVATE, fd,
93 #if defined(__NR_mmap2)
94 1L
95 #else
96 4096L
97 #endif
98 )));
99 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096));
100
101 // Just to be absolutely on the safe side, also verify that the file
102 // contents matches what we are getting from a read() operation.
103 char buf[8192];
104 EXPECT_EQ(8192, SandboxSyscall(__NR_read, fd, buf, 8192L));
105 EXPECT_EQ(0, memcmp(addr2, buf, 8192));
106
107 // Clean up
108 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L));
109 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L));
110 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd)));
111 }
112
113 } // namespace
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/syscall.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698