diff options
| author | hidehiko <hidehiko@chromium.org> | 2015-05-15 02:29:58 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-05-15 09:30:14 +0000 |
| commit | 72c418b09bbf90505f54df2b76285650acd97960 (patch) | |
| tree | 71e234775c8e84bd8634141b296279d96284c522 /components | |
| parent | 7bd179d625b0d7422291c852c6f64b5580f2067d (diff) | |
| download | chromium_src-72c418b09bbf90505f54df2b76285650acd97960.zip chromium_src-72c418b09bbf90505f54df2b76285650acd97960.tar.gz chromium_src-72c418b09bbf90505f54df2b76285650acd97960.tar.bz2 | |
Non-SFI mode: Build nacl_helper_nonsfi_unittests
This CL starts to build nacl_helper_nonsfi_unittests.
The binary is not yet enabled to run on bots. It will be done in a following CL.
TEST=Ran locally. Ran build bots. Ran build bots with editing configuration to include nacl_helper_nonsfi_unittests.
BUG=358465
Review URL: https://codereview.chromium.org/1137553003
Cr-Commit-Position: refs/heads/master@{#330069}
Diffstat (limited to 'components')
| -rw-r--r-- | components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc | 118 | ||||
| -rw-r--r-- | components/nacl_helper_nonsfi_unittests.isolate | 18 | ||||
| -rw-r--r-- | components/nacl_nonsfi.gyp | 130 |
3 files changed, 250 insertions, 16 deletions
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc index 98e95c2..bd4ab95 100644 --- a/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc +++ b/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc @@ -25,6 +25,7 @@ #include <time.h> #include <unistd.h> +#include "base/at_exit.h" #include "base/bind.h" #include "base/callback.h" #include "base/compiler_specific.h" @@ -42,6 +43,67 @@ #include "sandbox/linux/system_headers/linux_signal.h" #include "sandbox/linux/system_headers/linux_syscalls.h" +// These defines are for PNaCl toolchain build. +#if !defined(F_DUPFD_CLOEXEC) +#define F_DUPFD_CLOEXEC 1030 +#endif + +#if !defined(MAP_POPULATE) +#define MAP_POPULATE 0x8000 +#endif + +#if !defined(PROT_GROWSDOWN) +#define PROT_GROWSDOWN 0x01000000 +#endif + +#if !defined(CLOCK_MONOTONIC_RAW) +#define CLOCK_MONOTONIC_RAW 4 +#endif + +#if !defined(AF_INET) +#define AF_INET 2 +#endif + +#if defined(__i386__) + +#if !defined(SYS_SOCKET) +#define SYS_SOCKET 1 +#endif + +#if !defined(SYS_BIND) +#define SYS_BIND 2 +#endif + +#if !defined(SYS_CONNECT) +#define SYS_CONNECT 3 +#endif + +#if !defined(SYS_LISTEN) +#define SYS_LISTEN 4 +#endif + +#if !defined(SYS_ACCEPT) +#define SYS_ACCEPT 5 +#endif + +#if !defined(SYS_GETSOCKNAME) +#define SYS_GETSOCKNAME 6 +#endif + +#if !defined(SYS_GETPEERNAME) +#define SYS_GETPEERNAME 7 +#endif + +#if !defined(SYS_SETSOCKOPT) +#define SYS_SETSOCKOPT 14 +#endif + +#if !defined(SYS_GETSOCKOPT) +#define SYS_GETSOCKOPT 15 +#endif + +#endif // defined(__i386__) + namespace { void DoPipe(base::ScopedFD* fds) { @@ -368,18 +430,28 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, fcntl(fds[0].get(), F_SETFL, O_APPEND); } +void DoFcntl(int fd, int cmd) { + // fcntl in PNaCl toolchain returns an error without calling actual system + // call for unknown |cmd|. So, instead, here we use syscall(). +#if defined(OS_NACL_NONSFI) + syscall(__NR_fcntl64, fd, cmd); +#else + fcntl(fd, cmd); +#endif +} + BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, fcntl_DUPFD, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - fcntl(0, F_DUPFD); + DoFcntl(0, F_DUPFD); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, fcntl_DUPFD_CLOEXEC, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - fcntl(0, F_DUPFD_CLOEXEC); + DoFcntl(0, F_DUPFD_CLOEXEC); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, @@ -403,6 +475,14 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, BPF_TEST_C(NaClNonSfiSandboxTest, StartingAndJoiningThreadWorks, nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { +#if defined(OS_NACL_NONSFI) + // base::Thread internally uses LazyInstance, which registers a callback to + // AtExitManager. However, in PNaCl toolchain build, it is not instantiated + // by the test runner, unlike host toolchain build (nacl_loader_unittests). + // Hence, declare it here so that the LazyInstance will work properly. + base::AtExitManager at_exit; +#endif + base::Thread thread("sandbox_tests"); BPF_ASSERT(thread.Start()); // |thread|'s destructor will join the thread. @@ -417,9 +497,20 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, _exit(1); } +void* DoMmap(int prot, int flags) { +#if defined(OS_NACL_NONSFI) + // When PROT_EXEC is set, PNaCl toolchain's mmap() system call wrapper uses + // two system calls mmap2(2) and mprotect(2), so that we cannot test + // sandbox with the wrapper. Instead, here we use syscall(). + return reinterpret_cast<void*>( + syscall(__NR_mmap2, NULL, getpagesize(), prot, flags, -1, 0)); +#else + return mmap(NULL, getpagesize(), prot, flags, -1, 0); +#endif +} + void* DoAllowedAnonymousMmap() { - return mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, - MAP_ANONYMOUS | MAP_SHARED, -1, 0); + return DoMmap(PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED); } BPF_TEST_C(NaClNonSfiSandboxTest, @@ -434,45 +525,42 @@ BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_unallowed_flag, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, - MAP_ANONYMOUS | MAP_POPULATE, -1, 0); + DoMmap(PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_POPULATE); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_unallowed_prot, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - mmap(NULL, getpagesize(), PROT_READ | PROT_GROWSDOWN, - MAP_ANONYMOUS, -1, 0); + DoMmap(PROT_READ | PROT_GROWSDOWN, MAP_ANONYMOUS); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_exec, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - mmap(NULL, getpagesize(), PROT_EXEC, MAP_ANONYMOUS, -1, 0); + DoMmap(PROT_EXEC, MAP_ANONYMOUS); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_read_exec, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - mmap(NULL, getpagesize(), PROT_READ | PROT_EXEC, MAP_ANONYMOUS, -1, 0); + DoMmap(PROT_READ | PROT_EXEC, MAP_ANONYMOUS); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_write_exec, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - mmap(NULL, getpagesize(), PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS, -1, 0); + DoMmap(PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS); } BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, mmap_read_write_exec, DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { - mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC, - MAP_ANONYMOUS, -1, 0); + DoMmap(PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS); } BPF_TEST_C(NaClNonSfiSandboxTest, @@ -503,9 +591,13 @@ BPF_TEST_C(NaClNonSfiSandboxTest, // The kernel interface must return zero for brk. BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk)); // The libc wrapper translates it to ENOMEM. + + // Note: PNaCl toolchain does not provide brk() system call wrapper. +#if !defined(OS_NACL_NONSFI) errno = 0; BPF_ASSERT_EQ(-1, brk(next_brk)); BPF_ASSERT_EQ(ENOMEM, errno); +#endif } // clockid restrictions are mostly tested in sandbox/ with the diff --git a/components/nacl_helper_nonsfi_unittests.isolate b/components/nacl_helper_nonsfi_unittests.isolate new file mode 100644 index 0000000..8de0893 --- /dev/null +++ b/components/nacl_helper_nonsfi_unittests.isolate @@ -0,0 +1,18 @@ +# Copyright 2014 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +{ + 'conditions': [ + ['OS=="linux"', { + 'variables': { + 'command': [ + '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests', + ], + 'files': [ + '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests', + ], + 'read_only': 1, + }, + }], + ], +} diff --git a/components/nacl_nonsfi.gyp b/components/nacl_nonsfi.gyp index 53ff394..2a1aa58 100644 --- a/components/nacl_nonsfi.gyp +++ b/components/nacl_nonsfi.gyp @@ -56,8 +56,6 @@ 'nacl/loader/nacl_trusted_listener.cc', 'nacl/loader/nonsfi/nonsfi_listener.cc', 'nacl/loader/nonsfi/nonsfi_main.cc', - 'nacl/loader/nonsfi/nonsfi_sandbox.cc', - 'nacl/loader/sandbox_linux/nacl_sandbox_linux.cc', ], 'link_flags': [ @@ -74,6 +72,7 @@ '-lgpu_ipc_nacl', '-lipc_nacl_nonsfi', '-llatency_info_nacl', + '-lnacl_helper_nonsfi_sandbox', '-lplatform', '-lppapi_ipc_nacl', '-lppapi_proxy_nacl', @@ -99,6 +98,7 @@ '>(tc_lib_dir_nonsfi_helper32)/libgpu_ipc_nacl.a', '>(tc_lib_dir_nonsfi_helper32)/libipc_nacl_nonsfi.a', '>(tc_lib_dir_nonsfi_helper32)/liblatency_info_nacl.a', + '>(tc_lib_dir_nonsfi_helper32)/libnacl_helper_nonsfi_sandbox.a', '>(tc_lib_dir_nonsfi_helper32)/libplatform.a', '>(tc_lib_dir_nonsfi_helper32)/libppapi_ipc_nacl.a', '>(tc_lib_dir_nonsfi_helper32)/libppapi_proxy_nacl.a', @@ -123,6 +123,7 @@ '>(tc_lib_dir_nonsfi_helper_arm)/libgpu_ipc_nacl.a', '>(tc_lib_dir_nonsfi_helper_arm)/libipc_nacl_nonsfi.a', '>(tc_lib_dir_nonsfi_helper_arm)/liblatency_info_nacl.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libnacl_helper_nonsfi_sandbox.a', '>(tc_lib_dir_nonsfi_helper_arm)/libplatform.a', '>(tc_lib_dir_nonsfi_helper_arm)/libppapi_ipc_nacl.a', '>(tc_lib_dir_nonsfi_helper_arm)/libppapi_proxy_nacl.a', @@ -143,9 +144,132 @@ '../native_client/src/untrusted/nacl/nacl.gyp:nacl_lib_newlib', '../ppapi/ppapi_proxy_nacl.gyp:ppapi_proxy_nacl', '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi', + 'nacl_helper_nonsfi_sandbox', + ], + }, + + { + 'target_name': 'nacl_helper_nonsfi_sandbox', + 'type': 'none', + 'variables': { + 'nacl_untrusted_build': 1, + 'nlib_target': 'libnacl_helper_nonsfi_sandbox.a', + + 'build_glibc': 0, + 'build_newlib': 0, + 'build_irt': 0, + 'build_pnacl_newlib': 0, + 'build_nonsfi_helper': 1, + + 'sources': [ + 'nacl/loader/nonsfi/nonsfi_sandbox.cc', + 'nacl/loader/sandbox_linux/nacl_sandbox_linux.cc', + ], + }, + 'dependencies': [ + '../base/base_nacl.gyp:base_nacl_nonsfi', + '../content/content_nacl_nonsfi.gyp:content_common_nacl_nonsfi', + '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi', + ], + }, + + { + 'target_name': 'nacl_helper_nonsfi_unittests', + 'type': 'none', + 'variables': { + 'nacl_untrusted_build': 1, + 'nexe_target': 'nacl_helper_nonsfi_unittests', + # Rename the output binary file to nacl_helper_nonsfi_unittests + # and put it directly under out/{Debug,Release}/, so that this is + # in the standard location, for running on the buildbots. + 'out_newlib32_nonsfi': '<(PRODUCT_DIR)/nacl_helper_nonsfi_unittests', + 'out_newlib_arm_nonsfi': '<(PRODUCT_DIR)/nacl_helper_nonsfi_unitttests', + + 'build_glibc': 0, + 'build_newlib': 0, + 'build_irt': 0, + 'build_pnacl_newlib': 0, + 'build_nonsfi_helper': 1, + + 'sources': [ + 'nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc', + 'nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc', + ], + + 'link_flags': [ + '-lbase_nacl_nonsfi', + '-lcontent_common_nacl_nonsfi', + '-levent_nacl_nonsfi', + '-lgio', + '-lgtest_main_nacl', + '-lgtest_nacl', + '-lnacl_helper_nonsfi_sandbox', + '-lplatform', + '-lsandbox_nacl_nonsfi', + '-lsandbox_linux_test_utils_nacl_nonsfi', + ], + + 'conditions': [ + ['target_arch=="ia32" or target_arch=="x64"', { + 'extra_deps_newlib32_nonsfi': [ + '>(tc_lib_dir_nonsfi_helper32)/libbase_nacl_nonsfi.a', + '>(tc_lib_dir_nonsfi_helper32)/libcontent_common_nacl_nonsfi.a', + '>(tc_lib_dir_nonsfi_helper32)/libevent_nacl_nonsfi.a', + '>(tc_lib_dir_nonsfi_helper32)/libgio.a', + '>(tc_lib_dir_nonsfi_helper32)/libgtest_main_nacl.a', + '>(tc_lib_dir_nonsfi_helper32)/libgtest_nacl.a', + '>(tc_lib_dir_nonsfi_helper32)/libnacl_helper_nonsfi_sandbox.a', + '>(tc_lib_dir_nonsfi_helper32)/libplatform.a', + '>(tc_lib_dir_nonsfi_helper32)/libsandbox_nacl_nonsfi.a', + '>(tc_lib_dir_nonsfi_helper32)/libsandbox_linux_test_utils_nacl_nonsfi.a', + ], + }], + ['target_arch=="arm"', { + 'extra_deps_newlib_arm_nonsfi': [ + '>(tc_lib_dir_nonsfi_helper_arm)/libbase_nacl_nonsfi.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libcontent_common_nacl_nonsfi.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libevent_nacl_nonsfi.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libgio.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libgtest_main_nacl.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libgtest_nacl.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libnacl_helper_nonsfi_sandbox.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libplatform.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libsandbox_nacl_nonsfi.a', + '>(tc_lib_dir_nonsfi_helper_arm)/libsandbox_linux_test_utils_nacl_nonsfi.a', + ], + }], + ], + }, + + 'dependencies': [ + '../base/base_nacl.gyp:base_nacl_nonsfi', + '../content/content_nacl_nonsfi.gyp:content_common_nacl_nonsfi', + '../native_client/src/nonsfi/irt/irt.gyp:nacl_sys_private', + '../native_client/src/untrusted/nacl/nacl.gyp:nacl_lib_newlib', + '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_nacl_nonsfi', + '../sandbox/sandbox_nacl_nonsfi.gyp:sandbox_linux_test_utils_nacl_nonsfi', + '../testing/gtest_nacl.gyp:gtest_main_nacl', + '../testing/gtest_nacl.gyp:gtest_nacl', + 'nacl_helper_nonsfi_sandbox', + ], + }, + ], + }], + ['disable_nacl==0 and disable_nacl_untrusted==0 and test_isolation_mode!="noop"', { + 'targets': [ + { + 'target_name': 'nacl_helper_nonsfi_unittests_run', + 'type': 'none', + 'dependencies': [ + 'nacl_helper_nonsfi_unittests', + ], + 'includes': [ + '../build/isolate.gypi', + ], + 'sources': [ + 'nacl_helper_nonsfi_unittests.isolate', ], }, - # TODO(hidehiko): Add Non-SFI version of nacl_loader_unittests. ], }], ], |