OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <linux/futex.h> |
9 #include <pthread.h> | 10 #include <pthread.h> |
10 #include <sched.h> | 11 #include <sched.h> |
11 #include <signal.h> | 12 #include <signal.h> |
12 #include <stdlib.h> | 13 #include <stdlib.h> |
13 #include <string.h> | 14 #include <string.h> |
14 #include <sys/mman.h> | 15 #include <sys/mman.h> |
15 #include <sys/prctl.h> | 16 #include <sys/prctl.h> |
16 #include <sys/ptrace.h> | 17 #include <sys/ptrace.h> |
17 #include <sys/socket.h> | 18 #include <sys/socket.h> |
18 #include <sys/syscall.h> | 19 #include <sys/syscall.h> |
| 20 #include <sys/time.h> |
19 #include <sys/types.h> | 21 #include <sys/types.h> |
20 #include <sys/wait.h> | 22 #include <sys/wait.h> |
21 #include <unistd.h> | 23 #include <unistd.h> |
22 | 24 |
23 #include "base/bind.h" | 25 #include "base/bind.h" |
24 #include "base/callback.h" | 26 #include "base/callback.h" |
25 #include "base/compiler_specific.h" | 27 #include "base/compiler_specific.h" |
26 #include "base/files/scoped_file.h" | 28 #include "base/files/scoped_file.h" |
27 #include "base/logging.h" | 29 #include "base/logging.h" |
28 #include "base/posix/eintr_wrapper.h" | 30 #include "base/posix/eintr_wrapper.h" |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 ASSERT_EQ(0, WEXITSTATUS(status)); | 110 ASSERT_EQ(0, WEXITSTATUS(status)); |
109 } | 111 } |
110 | 112 |
111 // Then, try this in the sandbox. | 113 // Then, try this in the sandbox. |
112 BPF_DEATH_TEST(NaClNonSfiSandboxTest, clone_for_fork, | 114 BPF_DEATH_TEST(NaClNonSfiSandboxTest, clone_for_fork, |
113 DEATH_MESSAGE(sandbox::GetCloneErrorMessageContentForTests()), | 115 DEATH_MESSAGE(sandbox::GetCloneErrorMessageContentForTests()), |
114 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { | 116 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
115 DoFork(); | 117 DoFork(); |
116 } | 118 } |
117 | 119 |
| 120 BPF_TEST(NaClNonSfiSandboxTest, futex_allowed, |
| 121 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 122 errno = 0; |
| 123 int v = 0; |
| 124 struct timespec ts; |
| 125 ts.tv_sec = 0; |
| 126 ts.tv_nsec = 1; // 1 nanosecond. |
| 127 BPF_ASSERT_EQ(-1, syscall(__NR_futex, &v, |
| 128 FUTEX_WAIT_PRIVATE, 0, &ts, NULL, 0)); |
| 129 BPF_ASSERT_EQ(ETIMEDOUT, errno); |
| 130 } |
| 131 |
| 132 // TODO(hamaji): Disallow non-PRIVATE FUTEX_WAIT. |
| 133 BPF_TEST(NaClNonSfiSandboxTest, futex_FUTEX_WAIT_allowed, |
| 134 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 135 errno = 0; |
| 136 int v = 0; |
| 137 struct timespec ts; |
| 138 ts.tv_sec = 0; |
| 139 ts.tv_nsec = 1; // 1 nanosecond. |
| 140 BPF_ASSERT_EQ(-1, syscall(__NR_futex, &v, FUTEX_WAIT, 0, &ts, NULL, 0)); |
| 141 BPF_ASSERT_EQ(ETIMEDOUT, errno); |
| 142 } |
| 143 |
| 144 BPF_DEATH_TEST(NaClNonSfiSandboxTest, futex_FUTEX_WAKE, |
| 145 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), |
| 146 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
| 147 syscall(__NR_futex, NULL, FUTEX_WAKE, 0, NULL, NULL, 0); |
| 148 } |
| 149 |
118 BPF_TEST(NaClNonSfiSandboxTest, prctl_SET_NAME, | 150 BPF_TEST(NaClNonSfiSandboxTest, prctl_SET_NAME, |
119 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { | 151 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
120 errno = 0; | 152 errno = 0; |
121 BPF_ASSERT_EQ(-1, syscall(__NR_prctl, PR_SET_NAME, "foo")); | 153 BPF_ASSERT_EQ(-1, syscall(__NR_prctl, PR_SET_NAME, "foo")); |
122 BPF_ASSERT_EQ(EPERM, errno); | 154 BPF_ASSERT_EQ(EPERM, errno); |
123 } | 155 } |
124 | 156 |
125 BPF_DEATH_TEST(NaClNonSfiSandboxTest, prctl_SET_DUMPABLE, | 157 BPF_DEATH_TEST(NaClNonSfiSandboxTest, prctl_SET_DUMPABLE, |
126 DEATH_MESSAGE(sandbox::GetPrctlErrorMessageContentForTests()), | 158 DEATH_MESSAGE(sandbox::GetPrctlErrorMessageContentForTests()), |
127 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { | 159 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
(...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
482 #if defined(__i386__) || defined(__x86_64__) | 514 #if defined(__i386__) || defined(__x86_64__) |
483 BPF_TEST(NaClNonSfiSandboxTest, time_EPERM, | 515 BPF_TEST(NaClNonSfiSandboxTest, time_EPERM, |
484 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { | 516 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { |
485 errno = 0; | 517 errno = 0; |
486 BPF_ASSERT_EQ(-1, syscall(__NR_time)); | 518 BPF_ASSERT_EQ(-1, syscall(__NR_time)); |
487 BPF_ASSERT_EQ(EPERM, errno); | 519 BPF_ASSERT_EQ(EPERM, errno); |
488 } | 520 } |
489 #endif | 521 #endif |
490 | 522 |
491 } // namespace | 523 } // namespace |
OLD | NEW |