| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <asm/unistd.h> | 5 #include <asm/unistd.h> |
| 6 #include <fcntl.h> | 6 #include <fcntl.h> |
| 7 #include <sys/mman.h> | 7 #include <sys/mman.h> |
| 8 #include <sys/syscall.h> | 8 #include <sys/syscall.h> |
| 9 #include <unistd.h> | 9 #include <unistd.h> |
| 10 | 10 |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 // SIGSYS trap handler that will be called on __NR_uname. | 71 // SIGSYS trap handler that will be called on __NR_uname. |
| 72 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void *aux) { | 72 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void *aux) { |
| 73 // |aux| is a pointer to our BPF_AUX. | 73 // |aux| is a pointer to our BPF_AUX. |
| 74 std::vector<uint64_t>* const seen_syscall_args = | 74 std::vector<uint64_t>* const seen_syscall_args = |
| 75 static_cast<std::vector<uint64_t>*>(aux); | 75 static_cast<std::vector<uint64_t>*>(aux); |
| 76 BPF_ASSERT(arraysize(args.args) == 6); | 76 BPF_ASSERT(arraysize(args.args) == 6); |
| 77 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); | 77 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); |
| 78 return -ENOMEM; | 78 return -ENOMEM; |
| 79 } | 79 } |
| 80 | 80 |
| 81 ErrorCode CopyAllArgsOnUnamePolicy(int sysno, void *aux) { | 81 ErrorCode CopyAllArgsOnUnamePolicy(Sandbox *sandbox, int sysno, void *aux) { |
| 82 if (!Sandbox::IsValidSyscallNumber(sysno)) { | 82 if (!Sandbox::IsValidSyscallNumber(sysno)) { |
| 83 return ErrorCode(ENOSYS); | 83 return ErrorCode(ENOSYS); |
| 84 } | 84 } |
| 85 if (sysno == __NR_uname) { | 85 if (sysno == __NR_uname) { |
| 86 return Sandbox::Trap(CopySyscallArgsToAux, aux); | 86 return sandbox->Trap(CopySyscallArgsToAux, aux); |
| 87 } else { | 87 } else { |
| 88 return ErrorCode(ErrorCode::ERR_ALLOWED); | 88 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 89 } | 89 } |
| 90 } | 90 } |
| 91 | 91 |
| 92 // We are testing SandboxSyscall() by making use of a BPF filter that allows us | 92 // We are testing SandboxSyscall() by making use of a BPF filter that allows us |
| 93 // to inspect the system call arguments that the kernel saw. | 93 // to inspect the system call arguments that the kernel saw. |
| 94 BPF_TEST(Syscall, SyntheticSixArgs, CopyAllArgsOnUnamePolicy, | 94 BPF_TEST(Syscall, SyntheticSixArgs, CopyAllArgsOnUnamePolicy, |
| 95 std::vector<uint64_t> /* BPF_AUX */) { | 95 std::vector<uint64_t> /* BPF_AUX */) { |
| 96 const int kExpectedValue = 42; | 96 const int kExpectedValue = 42; |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 176 EXPECT_EQ(8192, SandboxSyscall(__NR_read, fd, buf, 8192L)); | 176 EXPECT_EQ(8192, SandboxSyscall(__NR_read, fd, buf, 8192L)); |
| 177 EXPECT_EQ(0, memcmp(addr2, buf, 8192)); | 177 EXPECT_EQ(0, memcmp(addr2, buf, 8192)); |
| 178 | 178 |
| 179 // Clean up | 179 // Clean up |
| 180 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); | 180 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); |
| 181 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); | 181 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); |
| 182 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd))); | 182 EXPECT_EQ(0, HANDLE_EINTR(SandboxSyscall(__NR_close, fd))); |
| 183 } | 183 } |
| 184 | 184 |
| 185 } // namespace | 185 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12223109:
SECCOMP-BPF: Refactor the BPF sandbox API to use fewer "static" fields and methods. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src