Linux sandbox: cleanup test framework further

Remove more void* in favor of strong typing. Create a new global
SandboxTestRunner interface that can be implemented by specific test runners.

Implement BPF_TEST via a SandboxBPFTestRunner class which takes a delegate
to implement allocating the BPF policy and actually running the function.

This allows us to confine templating to this new BPFTesterSimpleDelegate class.

BUG=368970
R=jorgelo@chromium.org, mdempsky@chromium.org

Review URL: https://codereview.chromium.org/265283003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@268608 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 70 insertions, 0 deletions

diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
new file mode 100644
index 0000000..ade1d49
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
@@ -0,0 +1,70 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h"
+
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include "base/basictypes.h"
+#include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/tests/unit_tests.h"
+
+namespace sandbox {
+
+SandboxBPFTestRunner::SandboxBPFTestRunner(
+    BPFTesterDelegate* bpf_tester_delegate)
+    : bpf_tester_delegate_(bpf_tester_delegate) {
+}
+
+SandboxBPFTestRunner::~SandboxBPFTestRunner() {
+}
+
+void SandboxBPFTestRunner::Run() {
+  DCHECK(bpf_tester_delegate_);
+  sandbox::Die::EnableSimpleExit();
+
+  scoped_ptr<SandboxBPFPolicy> policy =
+      bpf_tester_delegate_->GetSandboxBPFPolicy();
+
+  if (sandbox::SandboxBPF::SupportsSeccompSandbox(-1) ==
+      sandbox::SandboxBPF::STATUS_AVAILABLE) {
+    // Ensure the the sandbox is actually available at this time
+    int proc_fd;
+    SANDBOX_ASSERT((proc_fd = open("/proc", O_RDONLY | O_DIRECTORY)) >= 0);
+    SANDBOX_ASSERT(sandbox::SandboxBPF::SupportsSeccompSandbox(proc_fd) ==
+                   sandbox::SandboxBPF::STATUS_AVAILABLE);
+
+    // Initialize and then start the sandbox with our custom policy
+    sandbox::SandboxBPF sandbox;
+    sandbox.set_proc_fd(proc_fd);
+    sandbox.SetSandboxPolicy(policy.release());
+    SANDBOX_ASSERT(
+        sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_SINGLE_THREADED));
+
+    // Run the actual test.
+    bpf_tester_delegate_->RunTestFunction();
+  } else {
+    printf("This BPF test is not fully running in this configuration!\n");
+    // Android and Valgrind are the only configurations where we accept not
+    // having kernel BPF support.
+    if (!IsAndroid() && !IsRunningOnValgrind()) {
+      const bool seccomp_bpf_is_supported = false;
+      SANDBOX_ASSERT(seccomp_bpf_is_supported);
+    }
+    // Call the compiler and verify the policy. That's the least we can do,
+    // if we don't have kernel support.
+    sandbox::SandboxBPF sandbox;
+    sandbox.SetSandboxPolicy(policy.release());
+    sandbox::SandboxBPF::Program* program =
+        sandbox.AssembleFilter(true /* force_verification */);
+    delete program;
+    sandbox::UnitTests::IgnoreThisTest();
+  }
+}
+
+}  // namespace sandbox