OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <errno.h> | 5 #include <errno.h> |
6 #include <pthread.h> | 6 #include <pthread.h> |
7 #include <sched.h> | 7 #include <sched.h> |
8 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
9 #include <sys/syscall.h> | 9 #include <sys/syscall.h> |
10 #include <sys/time.h> | 10 #include <sys/time.h> |
11 #include <sys/types.h> | 11 #include <sys/types.h> |
12 #include <sys/utsname.h> | 12 #include <sys/utsname.h> |
13 #include <unistd.h> | 13 #include <unistd.h> |
| 14 #include <sys/socket.h> |
14 | 15 |
15 #if defined(ANDROID) | 16 #if defined(ANDROID) |
16 // Work-around for buggy headers in Android's NDK | 17 // Work-around for buggy headers in Android's NDK |
17 #define __user | 18 #define __user |
18 #endif | 19 #endif |
19 #include <linux/futex.h> | 20 #include <linux/futex.h> |
20 | 21 |
21 #include <ostream> | 22 #include <ostream> |
22 | 23 |
23 #include "base/bind.h" | 24 #include "base/bind.h" |
24 #include "base/logging.h" | 25 #include "base/logging.h" |
25 #include "base/macros.h" | 26 #include "base/macros.h" |
26 #include "base/memory/scoped_ptr.h" | 27 #include "base/memory/scoped_ptr.h" |
27 #include "build/build_config.h" | 28 #include "build/build_config.h" |
28 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 29 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 30 #include "sandbox/linux/seccomp-bpf/kernel_return_value_helpers.h" |
29 #include "sandbox/linux/seccomp-bpf/syscall.h" | 31 #include "sandbox/linux/seccomp-bpf/syscall.h" |
30 #include "sandbox/linux/seccomp-bpf/trap.h" | 32 #include "sandbox/linux/seccomp-bpf/trap.h" |
31 #include "sandbox/linux/seccomp-bpf/verifier.h" | 33 #include "sandbox/linux/seccomp-bpf/verifier.h" |
32 #include "sandbox/linux/services/broker_process.h" | 34 #include "sandbox/linux/services/broker_process.h" |
33 #include "sandbox/linux/services/linux_syscalls.h" | 35 #include "sandbox/linux/services/linux_syscalls.h" |
34 #include "sandbox/linux/tests/unit_tests.h" | 36 #include "sandbox/linux/tests/unit_tests.h" |
35 #include "testing/gtest/include/gtest/gtest.h" | 37 #include "testing/gtest/include/gtest/gtest.h" |
36 | 38 |
37 // Workaround for Android's prctl.h file. | 39 // Workaround for Android's prctl.h file. |
38 #ifndef PR_GET_ENDIAN | 40 #ifndef PR_GET_ENDIAN |
(...skipping 604 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
643 | 645 |
644 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { | 646 BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { |
645 // We use the SIGBUS bit in the signal mask as a thread-local boolean | 647 // We use the SIGBUS bit in the signal mask as a thread-local boolean |
646 // value in the implementation of UnsafeTrap(). This is obviously a bit | 648 // value in the implementation of UnsafeTrap(). This is obviously a bit |
647 // of a hack that could conceivably interfere with code that uses SIGBUS | 649 // of a hack that could conceivably interfere with code that uses SIGBUS |
648 // in more traditional ways. This test verifies that basic functionality | 650 // in more traditional ways. This test verifies that basic functionality |
649 // of SIGBUS is not impacted, but it is certainly possibly to construe | 651 // of SIGBUS is not impacted, but it is certainly possibly to construe |
650 // more complex uses of signals where our use of the SIGBUS mask is not | 652 // more complex uses of signals where our use of the SIGBUS mask is not |
651 // 100% transparent. This is expected behavior. | 653 // 100% transparent. This is expected behavior. |
652 int fds[2]; | 654 int fds[2]; |
653 BPF_ASSERT(pipe(fds) == 0); | 655 BPF_ASSERT(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0); |
654 bus_handler_fd_ = fds[1]; | 656 bus_handler_fd_ = fds[1]; |
655 struct sigaction sa = {}; | 657 struct sigaction sa = {}; |
656 sa.sa_sigaction = SigBusHandler; | 658 sa.sa_sigaction = SigBusHandler; |
657 sa.sa_flags = SA_SIGINFO; | 659 sa.sa_flags = SA_SIGINFO; |
658 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); | 660 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); |
659 raise(SIGBUS); | 661 raise(SIGBUS); |
660 char c = '\000'; | 662 char c = '\000'; |
661 BPF_ASSERT(read(fds[0], &c, 1) == 1); | 663 BPF_ASSERT(read(fds[0], &c, 1) == 1); |
662 BPF_ASSERT(close(fds[0]) == 0); | 664 BPF_ASSERT(close(fds[0]) == 0); |
663 BPF_ASSERT(close(fds[1]) == 0); | 665 BPF_ASSERT(close(fds[1]) == 0); |
(...skipping 1086 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1750 "%s\n", | 1752 "%s\n", |
1751 args.nr, | 1753 args.nr, |
1752 (long long)args.args[0], | 1754 (long long)args.args[0], |
1753 (long long)args.args[1], | 1755 (long long)args.args[1], |
1754 (long long)args.args[2], | 1756 (long long)args.args[2], |
1755 (long long)args.args[3], | 1757 (long long)args.args[3], |
1756 (long long)args.args[4], | 1758 (long long)args.args[4], |
1757 (long long)args.args[5], | 1759 (long long)args.args[5], |
1758 msg); | 1760 msg); |
1759 } | 1761 } |
1760 return -EPERM; | 1762 return ErrnoToKernelRet(EPERM); |
1761 } | 1763 } |
1762 | 1764 |
1763 class PthreadPolicyEquality : public SandboxBPFPolicy { | 1765 class PthreadPolicyEquality : public SandboxBPFPolicy { |
1764 public: | 1766 public: |
1765 PthreadPolicyEquality() {} | 1767 PthreadPolicyEquality() {} |
1766 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox, | 1768 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox, |
1767 int sysno) const OVERRIDE; | 1769 int sysno) const OVERRIDE; |
1768 | 1770 |
1769 private: | 1771 private: |
1770 DISALLOW_COPY_AND_ASSIGN(PthreadPolicyEquality); | 1772 DISALLOW_COPY_AND_ASSIGN(PthreadPolicyEquality); |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1890 // Attempt to fork() a process using clone(). This should fail. We use the | 1892 // Attempt to fork() a process using clone(). This should fail. We use the |
1891 // same flags that glibc uses when calling fork(). But we don't actually | 1893 // same flags that glibc uses when calling fork(). But we don't actually |
1892 // try calling the fork() implementation in the C run-time library, as | 1894 // try calling the fork() implementation in the C run-time library, as |
1893 // run-time libraries other than glibc might call __NR_fork instead of | 1895 // run-time libraries other than glibc might call __NR_fork instead of |
1894 // __NR_clone, and that would introduce a bogus test failure. | 1896 // __NR_clone, and that would introduce a bogus test failure. |
1895 int pid; | 1897 int pid; |
1896 BPF_ASSERT(SandboxSyscall(__NR_clone, | 1898 BPF_ASSERT(SandboxSyscall(__NR_clone, |
1897 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, | 1899 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, |
1898 0, | 1900 0, |
1899 0, | 1901 0, |
1900 &pid) == -EPERM); | 1902 &pid) == ErrnoToKernelRet(EPERM)); |
1901 } | 1903 } |
1902 | 1904 |
1903 BPF_TEST_C(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { | 1905 BPF_TEST_C(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { |
1904 PthreadTest(); | 1906 PthreadTest(); |
1905 } | 1907 } |
1906 | 1908 |
1907 BPF_TEST_C(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { | 1909 BPF_TEST_C(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { |
1908 PthreadTest(); | 1910 PthreadTest(); |
1909 } | 1911 } |
1910 | 1912 |
1911 } // namespace | 1913 } // namespace |
1912 | 1914 |
1913 } // namespace sandbox | 1915 } // namespace sandbox |
OLD | NEW |