| Index: sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
|
| diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
|
| index 5d1809ef58fe84c0d867f5e8e39f0dcc9511cceb..087b9630404985ce73817f6a986dfcdc39194629 100644
|
| --- a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
|
| +++ b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
|
| @@ -80,15 +80,18 @@ void EnableUnsafeTraps() {
|
| TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) {
|
| // We check that we don't crash, but it's ok if the kernel doesn't
|
| // support it.
|
| + const int seccomp_support = SandboxBPF::SupportsSeccompSandbox();
|
| bool seccomp_bpf_supported =
|
| - SandboxBPF::SupportsSeccompSandbox() == SandboxBPF::STATUS_AVAILABLE;
|
| + seccomp_support & SandboxBPF::SECCOMP_SINGLE_THREADED;
|
| + bool seccomp_bpf_tsync_supported =
|
| + seccomp_support & SandboxBPF::SECCOMP_MULTI_THREADED;
|
| +
|
| // We want to log whether or not seccomp BPF is actually supported
|
| // since actual test coverage depends on it.
|
| - RecordProperty("SeccompBPFSupported",
|
| - seccomp_bpf_supported ? "true." : "false.");
|
| - std::cout << "Seccomp BPF supported: "
|
| + std::cout << "Seccomp BPF supported (single thread): "
|
| << (seccomp_bpf_supported ? "true." : "false.") << "\n";
|
| - RecordProperty("PointerSize", sizeof(void*));
|
| + std::cout << "Seccomp BPF supported (multi thread): "
|
| + << (seccomp_bpf_tsync_supported ? "true." : "false.") << "\n";
|
| std::cout << "Pointer size: " << sizeof(void*) << "\n";
|
| }
|
|
|
| @@ -131,13 +134,13 @@ class VerboseAPITestingPolicy : public Policy {
|
| };
|
|
|
| SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(VerboseAPITesting)) {
|
| - if (SandboxBPF::SupportsSeccompSandbox() ==
|
| - sandbox::SandboxBPF::STATUS_AVAILABLE) {
|
| + if (SandboxBPF::SupportsSeccompSandbox() &
|
| + SandboxBPF::SECCOMP_SINGLE_THREADED) {
|
| static int counter = 0;
|
|
|
| SandboxBPF sandbox;
|
| sandbox.SetSandboxPolicy(new VerboseAPITestingPolicy(&counter));
|
| - BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED));
|
| + BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::SECCOMP_SINGLE_THREADED));
|
|
|
| BPF_ASSERT_EQ(0, counter);
|
| BPF_ASSERT_EQ(0, syscall(__NR_uname, 0));
|
| @@ -179,6 +182,14 @@ BPF_TEST_C(SandboxBPF, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) {
|
| BlacklistNanosleepPolicy::AssertNanosleepFails();
|
| }
|
|
|
| +BPF_TEST_C(SandboxBPF, UseVsyscall, BlacklistNanosleepPolicy) {
|
| + time_t current_time;
|
| + // time() is implemented as a vsyscall. With an older glibc, with
|
| + // vsyscall=emulate and some versions of the seccomp BPF patch
|
| + // we may get SIGKILL-ed. Detect this!
|
| + BPF_ASSERT_NE(static_cast<time_t>(-1), time(¤t_time));
|
| +}
|
| +
|
| // Now do a simple whitelist test
|
|
|
| class WhitelistGetpidPolicy : public Policy {
|
| @@ -398,7 +409,7 @@ BPF_TEST_C(SandboxBPF, StackingPolicy, StackingPolicyPartOne) {
|
| // restrict filters, but we cannot relax existing filters.
|
| SandboxBPF sandbox;
|
| sandbox.SetSandboxPolicy(new StackingPolicyPartTwo());
|
| - BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED));
|
| + BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::SECCOMP_SINGLE_THREADED));
|
|
|
| errno = 0;
|
| BPF_ASSERT(syscall(__NR_getppid, 0) == -1);
|
| @@ -2069,8 +2080,7 @@ class TraceAllPolicy : public Policy {
|
| };
|
|
|
| SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) {
|
| - if (SandboxBPF::SupportsSeccompSandbox() !=
|
| - sandbox::SandboxBPF::STATUS_AVAILABLE) {
|
| + if (SandboxBPF::SupportsSeccompSandbox() == SandboxBPF::SECCOMP_NONE) {
|
| return;
|
| }
|
|
|
| @@ -2096,7 +2106,7 @@ SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(SeccompRetTrace)) {
|
| BPF_ASSERT_EQ(0, raise(SIGSTOP));
|
| SandboxBPF sandbox;
|
| sandbox.SetSandboxPolicy(new TraceAllPolicy);
|
| - BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED));
|
| + BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::SECCOMP_SINGLE_THREADED));
|
|
|
| // getpid is allowed.
|
| BPF_ASSERT_EQ(my_pid, sys_getpid());
|
| @@ -2267,8 +2277,8 @@ void* TsyncApplyToTwoThreadsFunc(void* cond_ptr) {
|
| }
|
|
|
| SANDBOX_TEST(SandboxBPF, Tsync) {
|
| - if (SandboxBPF::SupportsSeccompThreadFilterSynchronization() !=
|
| - SandboxBPF::STATUS_AVAILABLE) {
|
| + if ((SandboxBPF::SupportsSeccompSandbox() &
|
| + SandboxBPF::SECCOMP_MULTI_THREADED) == 0) {
|
| return;
|
| }
|
|
|
| @@ -2286,7 +2296,7 @@ SANDBOX_TEST(SandboxBPF, Tsync) {
|
| // Engage the sandbox.
|
| SandboxBPF sandbox;
|
| sandbox.SetSandboxPolicy(new BlacklistNanosleepPolicy());
|
| - BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED));
|
| + BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::SECCOMP_MULTI_THREADED));
|
|
|
| // This thread should have the filter applied as well.
|
| BlacklistNanosleepPolicy::AssertNanosleepFails();
|
| @@ -2318,7 +2328,7 @@ SANDBOX_DEATH_TEST(
|
|
|
| SandboxBPF sandbox;
|
| sandbox.SetSandboxPolicy(new AllowAllPolicy());
|
| - BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED));
|
| + BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::SECCOMP_SINGLE_THREADED));
|
| }
|
|
|
| // http://crbug.com/407357
|
| @@ -2331,7 +2341,7 @@ SANDBOX_DEATH_TEST(
|
| "reported as not")) {
|
| SandboxBPF sandbox;
|
| sandbox.SetSandboxPolicy(new AllowAllPolicy());
|
| - BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED));
|
| + BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::SECCOMP_MULTI_THREADED));
|
| }
|
| #endif // !defined(THREAD_SANITIZER)
|
|
|
|
|
Chromium Code Reviews
Issue 759473002:
Linux sandbox: change seccomp detection and initialization. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@refactor_startsandbox