| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <sched.h> | 10 #include <sched.h> |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 setenv(kSandboxDebuggingEnv, "t", 0); | 74 setenv(kSandboxDebuggingEnv, "t", 0); |
| 75 Die::SuppressInfoMessages(true); | 75 Die::SuppressInfoMessages(true); |
| 76 } | 76 } |
| 77 | 77 |
| 78 // This test should execute no matter whether we have kernel support. So, | 78 // This test should execute no matter whether we have kernel support. So, |
| 79 // we make it a TEST() instead of a BPF_TEST(). | 79 // we make it a TEST() instead of a BPF_TEST(). |
| 80 TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) { | 80 TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) { |
| 81 // We check that we don't crash, but it's ok if the kernel doesn't | 81 // We check that we don't crash, but it's ok if the kernel doesn't |
| 82 // support it. | 82 // support it. |
| 83 bool seccomp_bpf_supported = | 83 bool seccomp_bpf_supported = |
| 84 SandboxBPF::SupportsSeccompSandbox(-1) == SandboxBPF::STATUS_AVAILABLE; | 84 SandboxBPF::SupportsSeccompSandbox() == SandboxBPF::STATUS_AVAILABLE; |
| 85 // We want to log whether or not seccomp BPF is actually supported | 85 // We want to log whether or not seccomp BPF is actually supported |
| 86 // since actual test coverage depends on it. | 86 // since actual test coverage depends on it. |
| 87 RecordProperty("SeccompBPFSupported", | 87 RecordProperty("SeccompBPFSupported", |
| 88 seccomp_bpf_supported ? "true." : "false."); | 88 seccomp_bpf_supported ? "true." : "false."); |
| 89 std::cout << "Seccomp BPF supported: " | 89 std::cout << "Seccomp BPF supported: " |
| 90 << (seccomp_bpf_supported ? "true." : "false.") << "\n"; | 90 << (seccomp_bpf_supported ? "true." : "false.") << "\n"; |
| 91 RecordProperty("PointerSize", sizeof(void*)); | 91 RecordProperty("PointerSize", sizeof(void*)); |
| 92 std::cout << "Pointer size: " << sizeof(void*) << "\n"; | 92 std::cout << "Pointer size: " << sizeof(void*) << "\n"; |
| 93 } | 93 } |
| 94 | 94 |
| 95 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) { | 95 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) { |
| 96 SandboxBPF::SupportsSeccompSandbox(-1); | 96 SandboxBPF::SupportsSeccompSandbox(); |
| 97 SandboxBPF::SupportsSeccompSandbox(-1); | 97 SandboxBPF::SupportsSeccompSandbox(); |
| 98 } | 98 } |
| 99 | 99 |
| 100 // BPF_TEST does a lot of the boiler-plate code around setting up a | 100 // BPF_TEST does a lot of the boiler-plate code around setting up a |
| 101 // policy and optional passing data between the caller, the policy and | 101 // policy and optional passing data between the caller, the policy and |
| 102 // any Trap() handlers. This is great for writing short and concise tests, | 102 // any Trap() handlers. This is great for writing short and concise tests, |
| 103 // and it helps us accidentally forgetting any of the crucial steps in | 103 // and it helps us accidentally forgetting any of the crucial steps in |
| 104 // setting up the sandbox. But it wouldn't hurt to have at least one test | 104 // setting up the sandbox. But it wouldn't hurt to have at least one test |
| 105 // that explicitly walks through all these steps. | 105 // that explicitly walks through all these steps. |
| 106 | 106 |
| 107 intptr_t IncreaseCounter(const struct arch_seccomp_data& args, void* aux) { | 107 intptr_t IncreaseCounter(const struct arch_seccomp_data& args, void* aux) { |
| (...skipping 16 matching lines...) Expand all Loading... |
| 124 return Allow(); | 124 return Allow(); |
| 125 } | 125 } |
| 126 | 126 |
| 127 private: | 127 private: |
| 128 int* counter_ptr_; | 128 int* counter_ptr_; |
| 129 | 129 |
| 130 DISALLOW_COPY_AND_ASSIGN(VerboseAPITestingPolicy); | 130 DISALLOW_COPY_AND_ASSIGN(VerboseAPITestingPolicy); |
| 131 }; | 131 }; |
| 132 | 132 |
| 133 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(VerboseAPITesting)) { | 133 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(VerboseAPITesting)) { |
| 134 if (SandboxBPF::SupportsSeccompSandbox(-1) == | 134 if (SandboxBPF::SupportsSeccompSandbox() == |
| 135 sandbox::SandboxBPF::STATUS_AVAILABLE) { | 135 sandbox::SandboxBPF::STATUS_AVAILABLE) { |
| 136 static int counter = 0; | 136 static int counter = 0; |
| 137 | 137 |
| 138 SandboxBPF sandbox; | 138 SandboxBPF sandbox; |
| 139 sandbox.SetSandboxPolicy(new VerboseAPITestingPolicy(&counter)); | 139 sandbox.SetSandboxPolicy(new VerboseAPITestingPolicy(&counter)); |
| 140 BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); | 140 BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)); |
| 141 | 141 |
| 142 BPF_ASSERT_EQ(0, counter); | 142 BPF_ASSERT_EQ(0, counter); |
| 143 BPF_ASSERT_EQ(0, syscall(__NR_uname, 0)); | 143 BPF_ASSERT_EQ(0, syscall(__NR_uname, 0)); |
| 144 BPF_ASSERT_EQ(1, counter); | 144 BPF_ASSERT_EQ(1, counter); |
| (...skipping 1917 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2062 | 2062 |
| 2063 ResultExpr EvaluateSyscall(int system_call_number) const override { | 2063 ResultExpr EvaluateSyscall(int system_call_number) const override { |
| 2064 return Trace(kTraceData); | 2064 return Trace(kTraceData); |
| 2065 } | 2065 } |
| 2066 | 2066 |
| 2067 private: | 2067 private: |
| 2068 DISALLOW_COPY_AND_ASSIGN(TraceAllPolicy); | 2068 DISALLOW_COPY_AND_ASSIGN(TraceAllPolicy); |
| 2069 }; | 2069 }; |
| 2070 | 2070 |
| 2071 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) { | 2071 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) { |
| 2072 if (SandboxBPF::SupportsSeccompSandbox(-1) != | 2072 if (SandboxBPF::SupportsSeccompSandbox() != |
| 2073 sandbox::SandboxBPF::STATUS_AVAILABLE) { | 2073 sandbox::SandboxBPF::STATUS_AVAILABLE) { |
| 2074 return; | 2074 return; |
| 2075 } | 2075 } |
| 2076 | 2076 |
| 2077 // This test is disabled on arm due to a kernel bug. | 2077 // This test is disabled on arm due to a kernel bug. |
| 2078 // See https://code.google.com/p/chromium/issues/detail?id=383977 | 2078 // See https://code.google.com/p/chromium/issues/detail?id=383977 |
| 2079 #if defined(__arm__) || defined(__aarch64__) | 2079 #if defined(__arm__) || defined(__aarch64__) |
| 2080 printf("This test is currently disabled on ARM32/64 due to a kernel bug."); | 2080 printf("This test is currently disabled on ARM32/64 due to a kernel bug."); |
| 2081 return; | 2081 return; |
| 2082 #endif | 2082 #endif |
| (...skipping 311 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2394 BPF_ASSERT_EQ(ENOSYS, errno); | 2394 BPF_ASSERT_EQ(ENOSYS, errno); |
| 2395 | 2395 |
| 2396 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); | 2396 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); |
| 2397 BPF_ASSERT_EQ(EPERM, errno); | 2397 BPF_ASSERT_EQ(EPERM, errno); |
| 2398 } | 2398 } |
| 2399 | 2399 |
| 2400 } // namespace | 2400 } // namespace |
| 2401 | 2401 |
| 2402 } // namespace bpf_dsl | 2402 } // namespace bpf_dsl |
| 2403 } // namespace sandbox | 2403 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 733303004:
Linux sandbox: change API to start the sandbox (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master