| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 6 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" | 6 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
| 7 #include "sandbox/linux/tests/unit_tests.h" | 7 #include "sandbox/linux/tests/unit_tests.h" |
| 8 | 8 |
| 9 namespace sandbox { | 9 namespace sandbox { |
| 10 | 10 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 } | 22 } |
| 23 for (uint32_t last = next; !iter.Done(); last = next) { | 23 for (uint32_t last = next; !iter.Done(); last = next) { |
| 24 next = iter.Next(); | 24 next = iter.Next(); |
| 25 SANDBOX_ASSERT(last < next); | 25 SANDBOX_ASSERT(last < next); |
| 26 } | 26 } |
| 27 // The iterator should always return 0xFFFFFFFFu as the last value. | 27 // The iterator should always return 0xFFFFFFFFu as the last value. |
| 28 SANDBOX_ASSERT(next == 0xFFFFFFFFu); | 28 SANDBOX_ASSERT(next == 0xFFFFFFFFu); |
| 29 } | 29 } |
| 30 } | 30 } |
| 31 | 31 |
| 32 SANDBOX_TEST(SyscallIterator, PublicSyscallRange) { | 32 #if defined(__mips__) |
| 33 SANDBOX_TEST(SyscallIterator, PublicSyscallRangeMIPS) { |
| 34 SyscallIterator iter(false); |
| 35 uint32_t next = iter.Next(); |
| 36 SANDBOX_ASSERT(next == 0); |
| 37 |
| 38 // Since on MIPS MIN_SYSCALL != 0 we need to move iterator to valid range. |
| 39 next = iter.Next(); |
| 40 SANDBOX_ASSERT(next == MIN_SYSCALL - 1); |
| 41 |
| 42 // The iterator should cover the public syscall range |
| 43 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls. |
| 44 for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) { |
| 45 SANDBOX_ASSERT((next = iter.Next()) == last + 1); |
| 46 } |
| 47 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); |
| 48 } |
| 49 #else |
| 50 SANDBOX_TEST(SyscallIterator, PublicSyscallRangeIntelArm) { |
| 33 SyscallIterator iter(false); | 51 SyscallIterator iter(false); |
| 34 uint32_t next = iter.Next(); | 52 uint32_t next = iter.Next(); |
| 35 | 53 |
| 36 // The iterator should cover the public syscall range | 54 // The iterator should cover the public syscall range |
| 37 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls. | 55 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls. |
| 38 // We're assuming MIN_SYSCALL == 0 for all architectures, | 56 // We're assuming MIN_SYSCALL == 0 for all architectures, |
| 39 // this is currently valid for Intel and ARM EABI. | 57 // this is currently valid for Intel and ARM EABI. |
| 40 SANDBOX_ASSERT(MIN_SYSCALL == 0); | 58 SANDBOX_ASSERT(MIN_SYSCALL == 0); |
| 41 SANDBOX_ASSERT(next == MIN_SYSCALL); | 59 SANDBOX_ASSERT(next == MIN_SYSCALL); |
| 42 for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) { | 60 for (uint32_t last = next; next < MAX_PUBLIC_SYSCALL + 1; last = next) { |
| 43 SANDBOX_ASSERT((next = iter.Next()) == last + 1); | 61 SANDBOX_ASSERT((next = iter.Next()) == last + 1); |
| 44 } | 62 } |
| 45 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); | 63 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); |
| 46 } | 64 } |
| 65 #endif // defined(__mips__) |
| 47 | 66 |
| 48 #if defined(__arm__) | 67 #if defined(__arm__) |
| 49 SANDBOX_TEST(SyscallIterator, ARMPrivateSyscallRange) { | 68 SANDBOX_TEST(SyscallIterator, ARMPrivateSyscallRange) { |
| 50 SyscallIterator iter(false); | 69 SyscallIterator iter(false); |
| 51 uint32_t next = iter.Next(); | 70 uint32_t next = iter.Next(); |
| 52 while (next < MIN_PRIVATE_SYSCALL - 1) { | 71 while (next < MIN_PRIVATE_SYSCALL - 1) { |
| 53 next = iter.Next(); | 72 next = iter.Next(); |
| 54 } | 73 } |
| 55 // The iterator should cover the ARM private syscall range | 74 // The iterator should cover the ARM private syscall range |
| 56 // without skipping syscalls. | 75 // without skipping syscalls. |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 SANDBOX_ASSERT(next == 0x7FFFFFFFu); | 115 SANDBOX_ASSERT(next == 0x7FFFFFFFu); |
| 97 next = iter.Next(); | 116 next = iter.Next(); |
| 98 SANDBOX_ASSERT(next == 0x80000000u); | 117 SANDBOX_ASSERT(next == 0x80000000u); |
| 99 SANDBOX_ASSERT(!iter.Done()); | 118 SANDBOX_ASSERT(!iter.Done()); |
| 100 next = iter.Next(); | 119 next = iter.Next(); |
| 101 SANDBOX_ASSERT(iter.Done()); | 120 SANDBOX_ASSERT(iter.Done()); |
| 102 SANDBOX_ASSERT(next == 0xFFFFFFFFu); | 121 SANDBOX_ASSERT(next == 0xFFFFFFFFu); |
| 103 } | 122 } |
| 104 } | 123 } |
| 105 | 124 |
| 106 SANDBOX_TEST(SyscallIterator, InvalidOnly) { | 125 #if defined(__mips__) |
| 126 SANDBOX_TEST(SyscallIterator, InvalidOnlyMIPS) { |
| 107 bool invalid_only = true; | 127 bool invalid_only = true; |
| 108 SyscallIterator iter(invalid_only); | 128 SyscallIterator iter(invalid_only); |
| 109 uint32_t next = iter.Next(); | 129 uint32_t next = iter.Next(); |
| 130 SANDBOX_ASSERT(next == 0); |
| 131 // For Mips O32 ABI we're assuming MIN_SYSCALL == 4000. |
| 132 SANDBOX_ASSERT(MIN_SYSCALL == 4000); |
| 133 |
| 134 // Since on MIPS MIN_SYSCALL != 0, we need to move iterator to valid range |
| 135 // The iterator should skip until the last invalid syscall in this range. |
| 136 next = iter.Next(); |
| 137 SANDBOX_ASSERT(next == MIN_SYSCALL - 1); |
| 138 next = iter.Next(); |
| 139 // First next invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|. |
| 140 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); |
| 141 } |
| 142 |
| 143 #else |
| 144 |
| 145 SANDBOX_TEST(SyscallIterator, InvalidOnlyIntelArm) { |
| 146 bool invalid_only = true; |
| 147 SyscallIterator iter(invalid_only); |
| 148 uint32_t next = iter.Next(); |
| 110 // We're assuming MIN_SYSCALL == 0 for all architectures, | 149 // We're assuming MIN_SYSCALL == 0 for all architectures, |
| 111 // this is currently valid for Intel and ARM EABI. | 150 // this is currently valid for Intel and ARM EABI. |
| 112 // First invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|. | 151 // First invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|. |
| 113 SANDBOX_ASSERT(MIN_SYSCALL == 0); | 152 SANDBOX_ASSERT(MIN_SYSCALL == 0); |
| 114 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); | 153 SANDBOX_ASSERT(next == MAX_PUBLIC_SYSCALL + 1); |
| 115 | 154 |
| 116 #if defined(__arm__) | 155 #if defined(__arm__) |
| 117 next = iter.Next(); | 156 next = iter.Next(); |
| 118 // The iterator should skip until the last invalid syscall in this range. | 157 // The iterator should skip until the last invalid syscall in this range. |
| 119 SANDBOX_ASSERT(next == MIN_PRIVATE_SYSCALL - 1); | 158 SANDBOX_ASSERT(next == MIN_PRIVATE_SYSCALL - 1); |
| 120 while (next <= MAX_PRIVATE_SYSCALL) { | 159 while (next <= MAX_PRIVATE_SYSCALL) { |
| 121 next = iter.Next(); | 160 next = iter.Next(); |
| 122 } | 161 } |
| 123 | 162 |
| 124 next = iter.Next(); | 163 next = iter.Next(); |
| 125 // The iterator should skip until the last invalid syscall in this range. | 164 // The iterator should skip until the last invalid syscall in this range. |
| 126 SANDBOX_ASSERT(next == MIN_GHOST_SYSCALL - 1); | 165 SANDBOX_ASSERT(next == MIN_GHOST_SYSCALL - 1); |
| 127 while (next <= MAX_SYSCALL) { | 166 while (next <= MAX_SYSCALL) { |
| 128 next = iter.Next(); | 167 next = iter.Next(); |
| 129 } | 168 } |
| 130 SANDBOX_ASSERT(next == MAX_SYSCALL + 1); | 169 SANDBOX_ASSERT(next == MAX_SYSCALL + 1); |
| 131 #endif | 170 #endif // defined(__arm__) |
| 132 } | 171 } |
| 172 #endif // defined(__mips__) |
| 133 | 173 |
| 134 } // namespace | 174 } // namespace |
| 135 | 175 |
| 136 } // namespace sandbox | 176 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master