sandbox: Add support for the new seccomp() system call in kernel 3.17.

sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <errno.h>
 #include <pthread.h>
 #include <sched.h>
 #include <signal.h>
 #include <sys/prctl.h>
 #include <sys/ptrace.h>
@@ skipping 10 matching lines @@
 #endif
 #include <linux/futex.h>
 
 #include <ostream>
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/posix/eintr_wrapper.h"
+#include "base/synchronization/waitable_event.h"
+#include "base/threading/thread.h"
 #include "build/build_config.h"
 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
 #include "sandbox/linux/seccomp-bpf/syscall.h"
 #include "sandbox/linux/seccomp-bpf/trap.h"
 #include "sandbox/linux/seccomp-bpf/verifier.h"
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 #include "sandbox/linux/tests/scoped_temporary_file.h"
 #include "sandbox/linux/tests/unit_tests.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ skipping 103 matching lines @@
   virtual ErrorCode EvaluateSyscall(SandboxBPF*, int sysno) const OVERRIDE {
     DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
     switch (sysno) {
       case __NR_nanosleep:
         return ErrorCode(EACCES);
       default:
         return ErrorCode(ErrorCode::ERR_ALLOWED);
     }
   }
 
+  static void AssertNanosleepFails() {
+    const struct timespec ts = {0, 0};
+    errno = 0;
+    BPF_ASSERT_EQ(-1, HANDLE_EINTR(syscall(__NR_nanosleep, &ts, NULL)));
+    BPF_ASSERT_EQ(EACCES, errno);
+  }
+
  private:
   DISALLOW_COPY_AND_ASSIGN(BlacklistNanosleepPolicy);
 };
 
 BPF_TEST_C(SandboxBPF, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) {
-  // nanosleep() should be denied
-  const struct timespec ts = {0, 0};
-  errno = 0;
-  BPF_ASSERT(syscall(__NR_nanosleep, &ts, NULL) == -1);
-  BPF_ASSERT(errno == EACCES);
+  BlacklistNanosleepPolicy::AssertNanosleepFails();
 }
 
 // Now do a simple whitelist test
 
 class WhitelistGetpidPolicy : public SandboxBPFPolicy {
  public:
   WhitelistGetpidPolicy() {}
   virtual ErrorCode EvaluateSyscall(SandboxBPF*, int sysno) const OVERRIDE {
     DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
     switch (sysno) {
@@ skipping 1993 matching lines @@
   BPF_ASSERT(FullPread64(temp_file.fd(),
                          read_test_string,
                          sizeof(read_test_string),
                          kLargeOffset));
   BPF_ASSERT_EQ(0, memcmp(kTestString, read_test_string, sizeof(kTestString)));
   BPF_ASSERT(pread_64_was_forwarded);
 }
 
 #endif  // !defined(OS_ANDROID)
 
+void* TsyncApplyToTwoThreadsFunc(void* cond_ptr) {
+  base::WaitableEvent* event = static_cast<base::WaitableEvent*>(cond_ptr);
+
+  // Wait for the main thread to signal that the filter has been applied.
+  if (!event->IsSignaled()) {
+    event->Wait();
+  }
+
+  BPF_ASSERT(event->IsSignaled());
+
+  BlacklistNanosleepPolicy::AssertNanosleepFails();
+
+  return NULL;
+}
+
+SANDBOX_TEST(SandboxBPF, Tsync) {
+  if (SandboxBPF::SupportsSeccompThreadFilterSynchronization() !=
+          SandboxBPF::STATUS_AVAILABLE) {
+    return;
+  }
+
+  base::WaitableEvent event(true, false);
+
+  // Create a thread on which to invoke the blocked syscall.
+  pthread_t thread;
+  BPF_ASSERT_EQ(0,
+      pthread_create(&thread, NULL, &TsyncApplyToTwoThreadsFunc, &event));
+
+  // Test that nanoseelp success.
+  const struct timespec ts = {0, 0};
+  BPF_ASSERT_EQ(0, HANDLE_EINTR(syscall(__NR_nanosleep, &ts, NULL)));
+
+  // Engage the sandbox.
+  SandboxBPF sandbox;
+  sandbox.SetSandboxPolicy(new BlacklistNanosleepPolicy());
+  BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED));
+
+  // This thread should have the filter applied as well.
+  BlacklistNanosleepPolicy::AssertNanosleepFails();
+
+  // Signal the condition to invoke the system call.
+  event.Signal();
+
+  // Wait for the thread to finish.
+  BPF_ASSERT_EQ(0, pthread_join(thread, NULL));
+}
+
+class AllowAllPolicy : public SandboxBPFPolicy {
+ public:
+  AllowAllPolicy() : SandboxBPFPolicy() {}
+  virtual ~AllowAllPolicy() {}
+
+  virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
+                                    int sysno) const OVERRIDE {
+    return ErrorCode(ErrorCode::ERR_ALLOWED);
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy);
+};
+
+SANDBOX_DEATH_TEST(SandboxBPF, StartMultiThreadedAsSingleThreaded,
+    DEATH_MESSAGE("Cannot start sandbox; process is already multi-threaded")) {
+  base::Thread thread("sandbox.linux.StartMultiThreadedAsSingleThreaded");
+  BPF_ASSERT(thread.Start());
+
+  SandboxBPF sandbox;
+  sandbox.SetSandboxPolicy(new AllowAllPolicy());
+  BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED));
+}
+
+SANDBOX_DEATH_TEST(SandboxBPF, StartSingleThreadedAsMultiThreaded,
+    DEATH_MESSAGE("Cannot start sandbox; process may be single-threaded when "
+                  "reported as not")) {
+  SandboxBPF sandbox;
+  sandbox.SetSandboxPolicy(new AllowAllPolicy());
+  BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED));
+}
+
 }  // namespace
 
 }  // namespace sandbox