Chromium Code Reviews Chromium Code Reviews
Issue 1295513003:
Non-SFI mode: Sandbox support for NaCl async-signals. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. | 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. |
| 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ | 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ |
| 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) | 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) |
| 8 | 8 |
| 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
| 10 | 10 |
| (...skipping 623 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 634 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); | 634 clock_gettime(CLOCK_MONOTONIC_RAW, &ts); |
| 635 } | 635 } |
| 636 | 636 |
| 637 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, | 637 BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, |
| 638 invalid_syscall_crash, | 638 invalid_syscall_crash, |
| 639 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), | 639 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 640 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { | 640 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { |
| 641 sandbox::Syscall::InvalidCall(); | 641 sandbox::Syscall::InvalidCall(); |
| 642 } | 642 } |
| 643 | 643 |
| 644 // The following tests check for several restrictions in tgkill(). A delegate is | |
| 645 // needed to be able to call getpid() from inside the process that will be | |
| 646 // sandboxed, but before the sandbox is installed. | |
| 647 template<void(*callback)(int pid, int tid)> | |
| 648 class TgkillDelegate : public sandbox::BPFTesterDelegate { | |
| 649 public: | |
| 650 TgkillDelegate() {} | |
| 651 ~TgkillDelegate() override {} | |
| 652 | |
| 653 scoped_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override { | |
| 654 // These two values must be obtained when running in the sandboxed process. | |
| 655 // They cannot be set in the constructor and are also not available from | |
| 656 // within |RunTestFunction|. | |
| 657 pid_ = getpid(); | |
| 658 tid_ = syscall(__NR_gettid); | |
| 659 | |
| 660 return scoped_ptr<sandbox::bpf_dsl::Policy>( | |
| 661 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy()); | |
| 662 } | |
| 663 | |
| 664 void RunTestFunction() override { | |
| 665 callback(pid_, tid_); | |
| 666 } | |
| 667 | |
| 668 int pid_; | |
| 669 int tid_; | |
| 670 | |
| 671 private: | |
| 672 DISALLOW_COPY_AND_ASSIGN(TgkillDelegate); | |
| 673 }; | |
| 674 | |
| 675 #define BPF_TGKILL_TEST(name) \ | |
| 676 void BPF_TEST_D_##name(int pid, int tid); \ | |
| 677 BPF_TEST_D(NaClNonSfiSandboxTest, \ | |
| 678 name, \ | |
| 679 TgkillDelegate<BPF_TEST_D_##name>); \ | |
| 680 void BPF_TEST_D_##name(int pid, int tid) \ | |
| 681 | |
| 682 #define BPF_TGKILL_DEATH_TEST(name) \ | |
| 683 void BPF_TEST_D_##name(int pid, int tid); \ | |
| 684 BPF_DEATH_TEST_D( \ | |
| 685 NaClNonSfiSandboxTest, \ | |
| 686 name, \ | |
| 687 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), \ | |
| 688 TgkillDelegate<BPF_TEST_D_##name>); \ | |
| 689 void BPF_TEST_D_##name(int pid, int tid) \ | |
| 690 | |
| 691 BPF_TGKILL_DEATH_TEST(tgkill_with_invalid_signum) { | |
|
jln (very slow on Chromium)
2015/08/17 21:21:11
The complexity of BPF test is already considerable
Luis Héctor Chávez
2015/08/17 22:13:07
Done.
| |
| 692 syscall(__NR_tgkill, pid, tid, SIGKILL); | |
| 693 } | |
| 694 | |
| 695 BPF_TGKILL_DEATH_TEST(tgkill_with_invalid_tgid) { | |
| 696 syscall(__NR_tgkill, 1, tid, LINUX_SIGUSR1); | |
| 697 } | |
| 698 | |
| 699 BPF_TGKILL_DEATH_TEST(tgkill_with_negative_tid) { | |
| 700 syscall(__NR_tgkill, pid, -1, LINUX_SIGUSR1); | |
| 701 } | |
| 702 | |
| 703 BPF_TGKILL_TEST(tgkill_with_invalid_tid) { | |
| 704 BPF_ASSERT_EQ(-1, syscall(__NR_tgkill, pid, 1, LINUX_SIGUSR1)); | |
| 705 BPF_ASSERT_EQ(ESRCH, errno); | |
| 706 } | |
| 707 | |
| 644 // The following test cases check if syscalls return EPERM regardless | 708 // The following test cases check if syscalls return EPERM regardless |
| 645 // of arguments. | 709 // of arguments. |
| 646 #define RESTRICT_SYSCALL_EPERM_TEST(name) \ | 710 #define RESTRICT_SYSCALL_EPERM_TEST(name) \ |
| 647 BPF_TEST_C(NaClNonSfiSandboxTest, \ | 711 BPF_TEST_C(NaClNonSfiSandboxTest, \ |
| 648 name##_EPERM, \ | 712 name##_EPERM, \ |
| 649 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { \ | 713 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { \ |
| 650 errno = 0; \ | 714 errno = 0; \ |
| 651 BPF_ASSERT_EQ(-1, syscall(__NR_##name, 0, 0, 0, 0, 0, 0)); \ | 715 BPF_ASSERT_EQ(-1, syscall(__NR_##name, 0, 0, 0, 0, 0, 0)); \ |
| 652 BPF_ASSERT_EQ(EPERM, errno); \ | 716 BPF_ASSERT_EQ(EPERM, errno); \ |
| 653 } | 717 } |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 669 RESTRICT_SYSCALL_EPERM_TEST(ptrace); | 733 RESTRICT_SYSCALL_EPERM_TEST(ptrace); |
| 670 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); | 734 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); |
| 671 #if defined(__i386__) || defined(__x86_64__) | 735 #if defined(__i386__) || defined(__x86_64__) |
| 672 RESTRICT_SYSCALL_EPERM_TEST(time); | 736 RESTRICT_SYSCALL_EPERM_TEST(time); |
| 673 #endif | 737 #endif |
| 674 | 738 |
| 675 } // namespace | 739 } // namespace |
| 676 | 740 |
| 677 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && | 741 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && |
| 678 // !MEMORY_SANITIZER && !LEAK_SANITIZER | 742 // !MEMORY_SANITIZER && !LEAK_SANITIZER |
| OLD | NEW |
