| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <errno.h> | 5 #include <errno.h> |
| 6 #include <pthread.h> | 6 #include <pthread.h> |
| 7 #include <sched.h> | 7 #include <sched.h> |
| 8 #include <signal.h> | 8 #include <signal.h> |
| 9 #include <sys/prctl.h> | 9 #include <sys/prctl.h> |
| 10 #include <sys/ptrace.h> | 10 #include <sys/ptrace.h> |
| 11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
| 12 #include <sys/time.h> | 12 #include <sys/time.h> |
| 13 #include <sys/types.h> | 13 #include <sys/types.h> |
| 14 #include <sys/utsname.h> | 14 #include <sys/utsname.h> |
| 15 #include <unistd.h> | 15 #include <unistd.h> |
| 16 #include <sys/socket.h> |
| 16 | 17 |
| 17 #if defined(ANDROID) | 18 #if defined(ANDROID) |
| 18 // Work-around for buggy headers in Android's NDK | 19 // Work-around for buggy headers in Android's NDK |
| 19 #define __user | 20 #define __user |
| 20 #endif | 21 #endif |
| 21 #include <linux/futex.h> | 22 #include <linux/futex.h> |
| 22 | 23 |
| 23 #include <ostream> | 24 #include <ostream> |
| 24 | 25 |
| 25 #include "base/bind.h" | 26 #include "base/bind.h" |
| (...skipping 629 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 655 | 656 |
| 656 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { | 657 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { |
| 657 // We use the SIGBUS bit in the signal mask as a thread-local boolean | 658 // We use the SIGBUS bit in the signal mask as a thread-local boolean |
| 658 // value in the implementation of UnsafeTrap(). This is obviously a bit | 659 // value in the implementation of UnsafeTrap(). This is obviously a bit |
| 659 // of a hack that could conceivably interfere with code that uses SIGBUS | 660 // of a hack that could conceivably interfere with code that uses SIGBUS |
| 660 // in more traditional ways. This test verifies that basic functionality | 661 // in more traditional ways. This test verifies that basic functionality |
| 661 // of SIGBUS is not impacted, but it is certainly possibly to construe | 662 // of SIGBUS is not impacted, but it is certainly possibly to construe |
| 662 // more complex uses of signals where our use of the SIGBUS mask is not | 663 // more complex uses of signals where our use of the SIGBUS mask is not |
| 663 // 100% transparent. This is expected behavior. | 664 // 100% transparent. This is expected behavior. |
| 664 int fds[2]; | 665 int fds[2]; |
| 665 BPF_ASSERT(pipe(fds) == 0); | 666 BPF_ASSERT(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0); |
| 666 bus_handler_fd_ = fds[1]; | 667 bus_handler_fd_ = fds[1]; |
| 667 struct sigaction sa = {}; | 668 struct sigaction sa = {}; |
| 668 sa.sa_sigaction = SigBusHandler; | 669 sa.sa_sigaction = SigBusHandler; |
| 669 sa.sa_flags = SA_SIGINFO; | 670 sa.sa_flags = SA_SIGINFO; |
| 670 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); | 671 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); |
| 671 raise(SIGBUS); | 672 raise(SIGBUS); |
| 672 char c = '\000'; | 673 char c = '\000'; |
| 673 BPF_ASSERT(read(fds[0], &c, 1) == 1); | 674 BPF_ASSERT(read(fds[0], &c, 1) == 1); |
| 674 BPF_ASSERT(close(fds[0]) == 0); | 675 BPF_ASSERT(close(fds[0]) == 0); |
| 675 BPF_ASSERT(close(fds[1]) == 0); | 676 BPF_ASSERT(close(fds[1]) == 0); |
| (...skipping 1307 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1983 if (SandboxBPF::SupportsSeccompSandbox(-1) != | 1984 if (SandboxBPF::SupportsSeccompSandbox(-1) != |
| 1984 sandbox::SandboxBPF::STATUS_AVAILABLE) { | 1985 sandbox::SandboxBPF::STATUS_AVAILABLE) { |
| 1985 return; | 1986 return; |
| 1986 } | 1987 } |
| 1987 | 1988 |
| 1988 #if defined(__arm__) | 1989 #if defined(__arm__) |
| 1989 printf("This test is currently disabled on ARM due to a kernel bug."); | 1990 printf("This test is currently disabled on ARM due to a kernel bug."); |
| 1990 return; | 1991 return; |
| 1991 #endif | 1992 #endif |
| 1992 | 1993 |
| 1994 #if defined(__mips__) |
| 1995 // TODO: Figure out how to support specificity of handling indirect syscalls |
| 1996 // in this test and enable it. |
| 1997 printf("This test is currently disabled on MIPS."); |
| 1998 return; |
| 1999 #endif |
| 2000 |
| 1993 pid_t pid = fork(); | 2001 pid_t pid = fork(); |
| 1994 BPF_ASSERT_NE(-1, pid); | 2002 BPF_ASSERT_NE(-1, pid); |
| 1995 if (pid == 0) { | 2003 if (pid == 0) { |
| 1996 pid_t my_pid = getpid(); | 2004 pid_t my_pid = getpid(); |
| 1997 BPF_ASSERT_NE(-1, ptrace(PTRACE_TRACEME, -1, NULL, NULL)); | 2005 BPF_ASSERT_NE(-1, ptrace(PTRACE_TRACEME, -1, NULL, NULL)); |
| 1998 BPF_ASSERT_EQ(0, raise(SIGSTOP)); | 2006 BPF_ASSERT_EQ(0, raise(SIGSTOP)); |
| 1999 SandboxBPF sandbox; | 2007 SandboxBPF sandbox; |
| 2000 sandbox.SetSandboxPolicy(new TraceAllPolicy); | 2008 sandbox.SetSandboxPolicy(new TraceAllPolicy); |
| 2001 BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); | 2009 BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); |
| 2002 | 2010 |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2146 kLargeOffset)); | 2154 kLargeOffset)); |
| 2147 BPF_ASSERT_EQ(0, memcmp(kTestString, read_test_string, sizeof(kTestString))); | 2155 BPF_ASSERT_EQ(0, memcmp(kTestString, read_test_string, sizeof(kTestString))); |
| 2148 BPF_ASSERT(pread_64_was_forwarded); | 2156 BPF_ASSERT(pread_64_was_forwarded); |
| 2149 } | 2157 } |
| 2150 | 2158 |
| 2151 #endif // !defined(OS_ANDROID) | 2159 #endif // !defined(OS_ANDROID) |
| 2152 | 2160 |
| 2153 } // namespace | 2161 } // namespace |
| 2154 | 2162 |
| 2155 } // namespace sandbox | 2163 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master