Linux sandbox: implement new BPF testing macros

sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc

Index: sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
index 41c3dd3816bbe1ba2240c4d7153ebbba087c8270..d83b8eda3e09dae7557467fb5146e9885d75a0ef 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
@@ -5,6 +5,10 @@
 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
 
 #include <errno.h>
+#include <sys/ptrace.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
@@ -71,21 +75,82 @@ BPF_TEST(BPFTest,
 void DummyTestFunction(FourtyTwo *fourty_two) {
 }
 
-TEST(BPFTest, BPFTesterSimpleDelegateLeakTest) {
+TEST(BPFTest, BPFTesterCompatibilityDelegateLeakTest) {
   // Don't do anything, simply gives dynamic tools an opportunity to detect
   // leaks.
   {
-    BPFTesterSimpleDelegate<FourtyTwo> simple_delegate(DummyTestFunction,
-                                                       EmptyPolicyTakesClass);
+    BPFTesterCompatibilityDelegate<FourtyTwo> simple_delegate(
+        DummyTestFunction, EmptyPolicyTakesClass);
   }
   {
     // Test polymorphism.
     scoped_ptr<BPFTesterDelegate> simple_delegate(
-        new BPFTesterSimpleDelegate<FourtyTwo>(DummyTestFunction,
-                                               EmptyPolicyTakesClass));
+        new BPFTesterCompatibilityDelegate<FourtyTwo>(DummyTestFunction,
+                                                      EmptyPolicyTakesClass));
   }
 }
 
+class EnosysPtracePolicy : public SandboxBPFPolicy {
+ public:
+  EnosysPtracePolicy() {
+    my_pid_ = syscall(__NR_getpid);
+  }
+  virtual ~EnosysPtracePolicy() {
+    // Policies should be able to bind with the process on which they are
+    // created. They should never be created in a parent process.
+    BPF_ASSERT_EQ(my_pid_, syscall(__NR_getpid));

[jln (very slow on Chromium), 2014/05/07 01:42:05]

I added these checks in the last patch set.

+  }
+
+  virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
+                                    int system_call_number) const OVERRIDE {
+    if (!SandboxBPF::IsValidSyscallNumber(system_call_number)) {
+      return ErrorCode(ENOSYS);
+    } else if (system_call_number == __NR_ptrace) {
+      // The EvaluateSyscall function should run in the process that created
+      // the current object.
+      BPF_ASSERT_EQ(my_pid_, syscall(__NR_getpid));
+      return ErrorCode(ENOSYS);
+    } else {
+      return ErrorCode(ErrorCode::ERR_ALLOWED);
+    }
+  }
+
+ private:
+  pid_t my_pid_;
+  DISALLOW_COPY_AND_ASSIGN(EnosysPtracePolicy);
+};
+
+class BasicBPFTesterDelegate : public BPFTesterDelegate {
+ public:
+  BasicBPFTesterDelegate() {}
+  virtual ~BasicBPFTesterDelegate() {}
+
+  virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() OVERRIDE {
+    return scoped_ptr<SandboxBPFPolicy>(new EnosysPtracePolicy());
+  }
+  virtual void RunTestFunction() OVERRIDE {
+    errno = 0;
+    int ret = ptrace(PTRACE_TRACEME, -1, NULL, NULL);
+    BPF_ASSERT(-1 == ret);
+    BPF_ASSERT(ENOSYS == errno);
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(BasicBPFTesterDelegate);
+};
+
+// This is the most powerful and complex way to create a BPF test, but it
+// requires a full class definition (BasicBPFTesterDelegate).
+BPF_TEST_D(BPFTest, BPFTestWithDelegateClass, BasicBPFTesterDelegate);
+
+// This is the simplest form of BPF tests.
+BPF_TEST_C(BPFTest, BPFTestWithInlineTest, EnosysPtracePolicy) {
+  errno = 0;
+  int ret = ptrace(PTRACE_TRACEME, -1, NULL, NULL);
+  BPF_ASSERT(-1 == ret);
+  BPF_ASSERT(ENOSYS == errno);
+}
+
 }  // namespace
 
 }  // namespace sandbox