Chromium Code Reviews Chromium Code Reviews
Issue 278583005:
Linux Sandbox: Add support for SECCOMP_RET_TRACE. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <errno.h> | 5 #include <errno.h> |
| 6 | 6 |
| 7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 7 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 8 #include "sandbox/linux/tests/unit_tests.h" | 8 #include "sandbox/linux/tests/unit_tests.h" |
| 9 | 9 |
| 10 namespace sandbox { | 10 namespace sandbox { |
| 11 | 11 |
| 12 namespace { | 12 namespace { |
| 13 | 13 |
| 14 SANDBOX_TEST(ErrorCode, ErrnoConstructor) { | 14 SANDBOX_TEST(ErrorCode, ErrnoConstructor) { |
| 15 ErrorCode e0; | 15 ErrorCode e0; |
| 16 SANDBOX_ASSERT(e0.err() == SECCOMP_RET_INVALID); | 16 SANDBOX_ASSERT(e0.err() == SECCOMP_RET_INVALID); |
| 17 | 17 |
| 18 ErrorCode e1(ErrorCode::ERR_ALLOWED); | 18 ErrorCode e1(ErrorCode::ERR_ALLOWED); |
| 19 SANDBOX_ASSERT(e1.err() == SECCOMP_RET_ALLOW); | 19 SANDBOX_ASSERT(e1.err() == SECCOMP_RET_ALLOW); |
| 20 | 20 |
| 21 ErrorCode e2(EPERM); | 21 ErrorCode e2(EPERM); |
| 22 SANDBOX_ASSERT(e2.err() == SECCOMP_RET_ERRNO + EPERM); | 22 SANDBOX_ASSERT(e2.err() == SECCOMP_RET_ERRNO + EPERM); |
| 23 | 23 |
| 24 SandboxBPF sandbox; | 24 SandboxBPF sandbox; |
| 25 ErrorCode e3 = sandbox.Trap(NULL, NULL); | 25 ErrorCode e3 = sandbox.Trap(NULL, NULL); |
| 26 SANDBOX_ASSERT((e3.err() & SECCOMP_RET_ACTION) == SECCOMP_RET_TRAP); | 26 SANDBOX_ASSERT((e3.err() & SECCOMP_RET_ACTION) == SECCOMP_RET_TRAP); |
| 27 | |
| 28 uint16_t data = 0xdead; | |
| 29 ErrorCode e4(ErrorCode::ERR_TRACE + data); | |
| 30 SANDBOX_ASSERT(e4.err() == SECCOMP_RET_TRACE + data); | |
| 27 } | 31 } |
| 28 | 32 |
|
jln (very slow on Chromium)
2014/05/20 03:02:10
Could you add a death test if trying to use SECCOM
rickyz (Google)
2014/05/20 22:34:01
Done.
| |
| 29 SANDBOX_TEST(ErrorCode, Trap) { | 33 SANDBOX_TEST(ErrorCode, Trap) { |
| 30 SandboxBPF sandbox; | 34 SandboxBPF sandbox; |
| 31 ErrorCode e0 = sandbox.Trap(NULL, "a"); | 35 ErrorCode e0 = sandbox.Trap(NULL, "a"); |
| 32 ErrorCode e1 = sandbox.Trap(NULL, "b"); | 36 ErrorCode e1 = sandbox.Trap(NULL, "b"); |
| 33 SANDBOX_ASSERT((e0.err() & SECCOMP_RET_DATA) + 1 == | 37 SANDBOX_ASSERT((e0.err() & SECCOMP_RET_DATA) + 1 == |
| 34 (e1.err() & SECCOMP_RET_DATA)); | 38 (e1.err() & SECCOMP_RET_DATA)); |
| 35 | 39 |
| 36 ErrorCode e2 = sandbox.Trap(NULL, "a"); | 40 ErrorCode e2 = sandbox.Trap(NULL, "a"); |
| 37 SANDBOX_ASSERT((e0.err() & SECCOMP_RET_DATA) == | 41 SANDBOX_ASSERT((e0.err() & SECCOMP_RET_DATA) == |
| 38 (e2.err() & SECCOMP_RET_DATA)); | 42 (e2.err() & SECCOMP_RET_DATA)); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 76 SANDBOX_ASSERT(e1.LessThan(e4)); | 80 SANDBOX_ASSERT(e1.LessThan(e4)); |
| 77 SANDBOX_ASSERT(e3.LessThan(e4)); | 81 SANDBOX_ASSERT(e3.LessThan(e4)); |
| 78 SANDBOX_ASSERT(e4.LessThan(e5)); | 82 SANDBOX_ASSERT(e4.LessThan(e5)); |
| 79 SANDBOX_ASSERT(!e4.LessThan(e6)); | 83 SANDBOX_ASSERT(!e4.LessThan(e6)); |
| 80 SANDBOX_ASSERT(!e6.LessThan(e4)); | 84 SANDBOX_ASSERT(!e6.LessThan(e4)); |
| 81 } | 85 } |
| 82 | 86 |
| 83 } // namespace | 87 } // namespace |
| 84 | 88 |
| 85 } // namespace sandbox | 89 } // namespace sandbox |
| OLD | NEW |
