Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(57)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc

Issue 759473002: Linux sandbox: change seccomp detection and initialization. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@refactor_startsandbox
Patch Set: Get rid of SeccompLevel::INVALID Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf.cc ('k') | sandbox/linux/services/syscall_wrappers.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h" 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <linux/filter.h> 8 #include <linux/filter.h>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 13 matching lines...) Expand all
24 SandboxBPFTestRunner::~SandboxBPFTestRunner() { 24 SandboxBPFTestRunner::~SandboxBPFTestRunner() {
25 } 25 }
26 26
27 void SandboxBPFTestRunner::Run() { 27 void SandboxBPFTestRunner::Run() {
28 DCHECK(bpf_tester_delegate_); 28 DCHECK(bpf_tester_delegate_);
29 sandbox::Die::EnableSimpleExit(); 29 sandbox::Die::EnableSimpleExit();
30 30
31 scoped_ptr<bpf_dsl::Policy> policy = 31 scoped_ptr<bpf_dsl::Policy> policy =
32 bpf_tester_delegate_->GetSandboxBPFPolicy(); 32 bpf_tester_delegate_->GetSandboxBPFPolicy();
33 33
34 if (sandbox::SandboxBPF::SupportsSeccompSandbox() == 34 if (sandbox::SandboxBPF::SupportsSeccompSandbox(
35 sandbox::SandboxBPF::STATUS_AVAILABLE) { 35 SandboxBPF::SeccompLevel::SINGLE_THREADED)) {
36 // Initialize and then start the sandbox with our custom policy 36 // Initialize and then start the sandbox with our custom policy
37 sandbox::SandboxBPF sandbox; 37 sandbox::SandboxBPF sandbox;
38 sandbox.SetSandboxPolicy(policy.release()); 38 sandbox.SetSandboxPolicy(policy.release());
39 SANDBOX_ASSERT( 39 SANDBOX_ASSERT(sandbox.StartSandbox(
40 sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_SINGLE_THREADED)); 40 sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED));
41 41
42 // Run the actual test. 42 // Run the actual test.
43 bpf_tester_delegate_->RunTestFunction(); 43 bpf_tester_delegate_->RunTestFunction();
44 } else { 44 } else {
45 printf("This BPF test is not fully running in this configuration!\n"); 45 printf("This BPF test is not fully running in this configuration!\n");
46 // Android and Valgrind are the only configurations where we accept not 46 // Android and Valgrind are the only configurations where we accept not
47 // having kernel BPF support. 47 // having kernel BPF support.
48 if (!IsAndroid() && !IsRunningOnValgrind()) { 48 if (!IsAndroid() && !IsRunningOnValgrind()) {
49 const bool seccomp_bpf_is_supported = false; 49 const bool seccomp_bpf_is_supported = false;
50 SANDBOX_ASSERT(seccomp_bpf_is_supported); 50 SANDBOX_ASSERT(seccomp_bpf_is_supported);
51 } 51 }
52 // Call the compiler and verify the policy. That's the least we can do, 52 // Call the compiler and verify the policy. That's the least we can do,
53 // if we don't have kernel support. 53 // if we don't have kernel support.
54 sandbox::SandboxBPF sandbox; 54 sandbox::SandboxBPF sandbox;
55 sandbox.SetSandboxPolicy(policy.release()); 55 sandbox.SetSandboxPolicy(policy.release());
56 sandbox.AssembleFilter(true /* force_verification */); 56 sandbox.AssembleFilter(true /* force_verification */);
57 sandbox::UnitTests::IgnoreThisTest(); 57 sandbox::UnitTests::IgnoreThisTest();
58 } 58 }
59 } 59 }
60 60
61 bool SandboxBPFTestRunner::ShouldCheckForLeaks() const { 61 bool SandboxBPFTestRunner::ShouldCheckForLeaks() const {
62 // LSAN requires being able to use ptrace() and other system calls that could 62 // LSAN requires being able to use ptrace() and other system calls that could
63 // be denied. 63 // be denied.
64 return false; 64 return false;
65 } 65 }
66 66
67 } // namespace sandbox 67 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf.cc ('k') | sandbox/linux/services/syscall_wrappers.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698