| Index: sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
|
| diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
|
| index d975d64ab0ef57f99ffb92e3f0a217d03579bd74..46c8be13580b4f5830355739df656501b991f278 100644
|
| --- a/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
|
| +++ b/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
|
| @@ -32,6 +32,9 @@ class Stubs {
|
| static int getpgid(pid_t pid) { return Syscall::Call(__NR_getpgid, pid); }
|
| static int setuid(uid_t uid) { return Syscall::Call(__NR_setuid, uid); }
|
| static int setgid(gid_t gid) { return Syscall::Call(__NR_setgid, gid); }
|
| + static int setpgid(pid_t pid, pid_t pgid) {
|
| + return Syscall::Call(__NR_setpgid, pid, pgid);
|
| + }
|
|
|
| static int uname(struct utsname* buf) {
|
| return Syscall::Call(__NR_uname, buf);
|
| @@ -212,6 +215,10 @@ class MaskingPolicy : public SandboxBPFDSLPolicy {
|
| const Arg<gid_t> gid(0);
|
| return If((gid & 0xf0) == 0xf0, Error(EINVAL)).Else(Error(EACCES));
|
| }
|
| + if (sysno == __NR_setpgid) {
|
| + const Arg<pid_t> pid(0);
|
| + return If((pid & 0xa5) == 0xa0, Error(EINVAL)).Else(Error(EACCES));
|
| + }
|
| return Allow();
|
| }
|
|
|
| @@ -229,6 +236,11 @@ BPF_TEST_C(BPFDSL, MaskTest, MaskingPolicy) {
|
| const int expect_errno = (gid & 0xf0) == 0xf0 ? EINVAL : EACCES;
|
| ASSERT_SYSCALL_RESULT(-expect_errno, setgid, gid);
|
| }
|
| +
|
| + for (pid_t pid = 0; pid < 0x100; ++pid) {
|
| + const int expect_errno = (pid & 0xa5) == 0xa0 ? EINVAL : EACCES;
|
| + ASSERT_SYSCALL_RESULT(-expect_errno, setpgid, pid, 0);
|
| + }
|
| }
|
|
|
| class ElseIfPolicy : public SandboxBPFDSLPolicy {
|
|
|
Chromium Code Reviews
Issue 530133003:
bpf_dsl: support arbitrary (arg & mask) == val expressions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master