Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(301)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc

Issue 243833004: Non-SFI NaCl: Disallow futex call without FUTEX_PRIVATE_FLAG (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fix test Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" 5 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <linux/futex.h>
9 #include <pthread.h> 10 #include <pthread.h>
10 #include <sched.h> 11 #include <sched.h>
11 #include <signal.h> 12 #include <signal.h>
12 #include <stdlib.h> 13 #include <stdlib.h>
13 #include <string.h> 14 #include <string.h>
14 #include <sys/mman.h> 15 #include <sys/mman.h>
15 #include <sys/prctl.h> 16 #include <sys/prctl.h>
16 #include <sys/ptrace.h> 17 #include <sys/ptrace.h>
17 #include <sys/socket.h> 18 #include <sys/socket.h>
18 #include <sys/syscall.h> 19 #include <sys/syscall.h>
20 #include <sys/time.h>
19 #include <sys/types.h> 21 #include <sys/types.h>
20 #include <sys/wait.h> 22 #include <sys/wait.h>
21 #include <unistd.h> 23 #include <unistd.h>
22 24
23 #include "base/bind.h" 25 #include "base/bind.h"
24 #include "base/callback.h" 26 #include "base/callback.h"
25 #include "base/compiler_specific.h" 27 #include "base/compiler_specific.h"
26 #include "base/files/scoped_file.h" 28 #include "base/files/scoped_file.h"
27 #include "base/logging.h" 29 #include "base/logging.h"
28 #include "base/posix/eintr_wrapper.h" 30 #include "base/posix/eintr_wrapper.h"
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 ASSERT_EQ(0, WEXITSTATUS(status)); 110 ASSERT_EQ(0, WEXITSTATUS(status));
109 } 111 }
110 112
111 // Then, try this in the sandbox. 113 // Then, try this in the sandbox.
112 BPF_DEATH_TEST(NaClNonSfiSandboxTest, clone_for_fork, 114 BPF_DEATH_TEST(NaClNonSfiSandboxTest, clone_for_fork,
113 DEATH_MESSAGE(sandbox::GetCloneErrorMessageContentForTests()), 115 DEATH_MESSAGE(sandbox::GetCloneErrorMessageContentForTests()),
114 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { 116 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
115 DoFork(); 117 DoFork();
116 } 118 }
117 119
120 BPF_TEST(NaClNonSfiSandboxTest, futex_allowed,
121 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
122 errno = 0;
123 int v = 0;
124 struct timespec ts;
125 ts.tv_sec = 0;
126 ts.tv_nsec = 1; // 1 nanosecond.
127 BPF_ASSERT_EQ(-1, syscall(__NR_futex, &v,
128 FUTEX_WAIT_PRIVATE, 0, &ts, NULL, 0));
129 BPF_ASSERT_EQ(ETIMEDOUT, errno);
130 }
131
132 // TODO(hamaji): Disallow non-PRIVATE FUTEX_WAIT.
133 BPF_TEST(NaClNonSfiSandboxTest, futex_FUTEX_WAIT_allowed,
134 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
135 errno = 0;
136 int v = 0;
137 struct timespec ts;
138 ts.tv_sec = 0;
139 ts.tv_nsec = 1; // 1 nanosecond.
140 BPF_ASSERT_EQ(-1, syscall(__NR_futex, &v, FUTEX_WAIT, 0, &ts, NULL, 0));
141 BPF_ASSERT_EQ(ETIMEDOUT, errno);
142 }
143
144 BPF_DEATH_TEST(NaClNonSfiSandboxTest, futex_FUTEX_WAKE,
145 DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
146 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
147 syscall(__NR_futex, NULL, FUTEX_WAKE, 0, NULL, NULL, 0);
148 }
149
118 BPF_TEST(NaClNonSfiSandboxTest, prctl_SET_NAME, 150 BPF_TEST(NaClNonSfiSandboxTest, prctl_SET_NAME,
119 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { 151 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
120 errno = 0; 152 errno = 0;
121 BPF_ASSERT_EQ(-1, syscall(__NR_prctl, PR_SET_NAME, "foo")); 153 BPF_ASSERT_EQ(-1, syscall(__NR_prctl, PR_SET_NAME, "foo"));
122 BPF_ASSERT_EQ(EPERM, errno); 154 BPF_ASSERT_EQ(EPERM, errno);
123 } 155 }
124 156
125 BPF_DEATH_TEST(NaClNonSfiSandboxTest, prctl_SET_DUMPABLE, 157 BPF_DEATH_TEST(NaClNonSfiSandboxTest, prctl_SET_DUMPABLE,
126 DEATH_MESSAGE(sandbox::GetPrctlErrorMessageContentForTests()), 158 DEATH_MESSAGE(sandbox::GetPrctlErrorMessageContentForTests()),
127 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { 159 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
(...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after
482 #if defined(__i386__) || defined(__x86_64__) 514 #if defined(__i386__) || defined(__x86_64__)
483 BPF_TEST(NaClNonSfiSandboxTest, time_EPERM, 515 BPF_TEST(NaClNonSfiSandboxTest, time_EPERM,
484 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) { 516 nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
485 errno = 0; 517 errno = 0;
486 BPF_ASSERT_EQ(-1, syscall(__NR_time)); 518 BPF_ASSERT_EQ(-1, syscall(__NR_time));
487 BPF_ASSERT_EQ(EPERM, errno); 519 BPF_ASSERT_EQ(EPERM, errno);
488 } 520 }
489 #endif 521 #endif
490 522
491 } // namespace 523 } // namespace
OLDNEW
« no previous file with comments | « components/nacl/loader/nonsfi/nonsfi_sandbox.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698