diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-26 18:11:05 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-26 18:11:05 +0000 |
| commit | 1f69ba353cc45d78797d610dc409dd388879d935 (patch) | |
| tree | 8f7aa2b2070fe543708784d94576f50e2deb536b /sandbox/linux | |
| parent | c5b93afb254f8e758572cfb20c5bc87d43c1efa0 (diff) | |
| download | chromium_src-1f69ba353cc45d78797d610dc409dd388879d935.zip chromium_src-1f69ba353cc45d78797d610dc409dd388879d935.tar.gz chromium_src-1f69ba353cc45d78797d610dc409dd388879d935.tar.bz2 | |
Seccomp BPF: add a unittest for a SIGSYS handler
BUG=None
TEST=None
Review URL: https://chromiumcodereview.appspot.com/10666032
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144210 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux')
| -rw-r--r-- | sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc index aa2c114..a661c8d 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc @@ -146,4 +146,56 @@ TEST(SandboxBpf, ApplyBasicWhitelistPolicy) { TryPolicyInProcess(WhitelistGetpidPolicy, GetpidProcess); } +// A simple blacklist policy, with a SIGSYS handler + +// TODO: provide an API to provide the auxiliary data pointer +// to the evaluator + +static int BlacklistNanosleepPolicySigsysAuxData; + +intptr_t EnomemHandler(const struct arch_seccomp_data& args, void *aux) { + // We also check that the auxiliary data is correct + if (!aux) + ExitGroup(1); + *(static_cast<int*>(aux)) = kExpectedReturnValue; + return -ENOMEM; +} + +Sandbox::ErrorCode BlacklistNanosleepPolicySigsys(int sysno) { + if (sysno < static_cast<int>(MIN_SYSCALL) || + sysno > static_cast<int>(MAX_SYSCALL)) { + // FIXME: we should really not have to do that in a trivial policy + return ENOSYS; + } + switch (sysno) { + case __NR_nanosleep: + return Sandbox::ErrorCode(EnomemHandler, + static_cast<void *>(&BlacklistNanosleepPolicySigsysAuxData)); + default: + return Sandbox::SB_ALLOWED; + } +} + +void NanosleepProcessSigsys(void) { + const struct timespec ts = {0, 0}; + errno = 0; + // getpid() should work properly + if (syscall(__NR_getpid) < 0) + ExitGroup(1); + // Our Auxiliary Data, should be reset by the signal handler + BlacklistNanosleepPolicySigsysAuxData = -1; + errno = 0; + if (syscall(__NR_nanosleep, &ts, NULL) != -1 || errno != ENOMEM) + ExitGroup(1); + // We expect the signal handler to modify AuxData + if (BlacklistNanosleepPolicySigsysAuxData != kExpectedReturnValue) + ExitGroup(1); + else + ExitGroup(kExpectedReturnValue); +} + +TEST(SandboxBpf, BasicBlacklistWithSigsys) { + TryPolicyInProcess(BlacklistNanosleepPolicySigsys, NanosleepProcessSigsys); +} + } // namespace |