Non-SFI NaCl: Disallow mmap with PROT_EXEC

components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc

Index: components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
index 10eca197d3ce3c4c10e720b3724b1a76b9e2b433..265fb2c10ba76c8fd7e0e605963f6aa493ae84df 100644
--- a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc
@@ -305,15 +305,18 @@ BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_unallowed_prot,
        MAP_ANONYMOUS, -1, 0);
 }
 
-// TODO(hamaji): Disallow RWX mmap.
-#if 0
+BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_exec,
+               DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+               nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
+  mmap(NULL, getpagesize(), PROT_EXEC, MAP_ANONYMOUS, -1, 0);
+}

[jln (very slow on Chromium), 2014/04/24 16:46:38]

Do you mind adding another test with PROT_EXEC | PROT_WRITE for instance?

Generating BPF filters with bitmasks is notoriously difficult, so I wouldn't
mind a bit more testing or the protections / flags.

[hamaji, 2014/04/25 01:44:47]

Added cases for RX and WX.

+
 BPF_DEATH_TEST(NaClNonSfiSandboxTest, mmap_rwx,
                DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()),
                nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {
   mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC,
        MAP_ANONYMOUS, -1, 0);
 }
-#endif
 
 BPF_TEST(NaClNonSfiSandboxTest, mprotect_allowed,
          nacl::nonsfi::NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl) {