[MIPS] Add seccomp bpf support

sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <errno.h>
 #include <pthread.h>
 #include <sched.h>
 #include <sys/prctl.h>
 #include <sys/syscall.h>
 #include <sys/time.h>
@@ skipping 560 matching lines @@
   // use of UnsafeTrap()
   if (sysno == __NR_rt_sigprocmask || sysno == __NR_rt_sigreturn
 #if defined(__NR_sigprocmask)
       ||
       sysno == __NR_sigprocmask
 #endif
 #if defined(__NR_sigreturn)
       ||
       sysno == __NR_sigreturn
 #endif
+#if defined(__mips)
+      // MIPS call to pipe() returns values of file descriptors in registers
+      // and then they are written to fd array by glibc.
+      // Since we are bypassing glibc call in traps, pipe() can't be trapped
+      // in order for test to work
+      ||
+      sysno == __NR_pipe

[jln (very slow on Chromium), 2014/05/02 20:42:04]

Let's change pipe() below to socketpair instead. This would bypass the test.

[nedeljko, 2014/05/07 15:40:05]

Done.

+#endif
       ) {
     return ErrorCode(ErrorCode::ERR_ALLOWED);
   } else if (SandboxBPF::IsValidSyscallNumber(sysno)) {
     return sandbox->UnsafeTrap(AllowRedirectedSyscall, aux);
   } else {
     return ErrorCode(ENOSYS);
   }
 }
 
 int bus_handler_fd_ = -1;
@@ skipping 1072 matching lines @@
         "%s\n",
         args.nr,
         (long long)args.args[0],
         (long long)args.args[1],
         (long long)args.args[2],
         (long long)args.args[3],
         (long long)args.args[4],
         (long long)args.args[5],
         msg);
   }
+#if defined(__mips__)

[jln (very slow on Chromium), 2014/05/02 20:42:04]

Let's use a wrapper in services/ (see earlier comment).

[nedeljko, 2014/05/07 15:40:05]

Done.

+  // On MIPS architecture, kernel returns errno instead of -errno
+  // and glibc wrapper does not negate this value
+  return EPERM;
+#else
   return -EPERM;
+#endif
 }
 ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) {
   // This policy allows creating threads with pthread_create(). But it
   // doesn't allow any other uses of clone(). Most notably, it does not
   // allow callers to implement fork() or vfork() by passing suitable flags
   // to the clone() system call.
   if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
     // FIXME: we should really not have to do that in a trivial policy
     return ErrorCode(ENOSYS);
   } else if (sysno == __NR_clone) {
@@ skipping 98 matching lines @@
          -EINTR) {
   }
   BPF_ASSERT(thread_ran);
 
   // Attempt to fork() a process using clone(). This should fail. We use the
   // same flags that glibc uses when calling fork(). But we don't actually
   // try calling the fork() implementation in the C run-time library, as
   // run-time libraries other than glibc might call __NR_fork instead of
   // __NR_clone, and that would introduce a bogus test failure.
   int pid;
+#if defined(__mips__)
+  BPF_ASSERT(SandboxSyscall(__NR_clone,
+                            CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD,
+                            0,
+                            0,
+                            &pid) == EPERM);

[jln (very slow on Chromium), 2014/05/02 20:42:04]

Same remark.

[nedeljko, 2014/05/07 15:40:05]

Done.

+#else
   BPF_ASSERT(SandboxSyscall(__NR_clone,
                             CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD,
                             0,
                             0,
                             &pid) == -EPERM);
+#endif
 }
 
 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); }
 
 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); }
 
 }  // namespace
 
 }  // namespace sandbox