Android seccomp-bpf: fix a few unittests

This CL fixes the following tests:
- SandboxBPF.UseOpenBroker
- SandboxBPF.ErrnoTest
- SandboxBPF.SimpleCondTest

The cause of failure was assuming that dup(), open() and access() are always
implemented with specific system calls (https://codereview.chromium.org/226923003).

This CL also introduces two trivial sanity checks tests of our testing framework.

BUG=398611

Review URL: https://codereview.chromium.org/424253002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@286444 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 26 insertions, 22 deletions

diff --git a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
index bd18412..eaa9ff3c 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
@@ -134,6 +134,16 @@ BPF_TEST_C(BPFTest, BPFTestWithInlineTest, EnosysPtracePolicy) {
   BPF_ASSERT(ENOSYS == errno);
 }
 
+const char kHelloMessage[] = "Hello";
+
+BPF_DEATH_TEST_C(BPFTest,
+                 BPFDeathTestWithInlineTest,
+                 DEATH_MESSAGE(kHelloMessage),
+                 EnosysPtracePolicy) {
+  LOG(ERROR) << kHelloMessage;
+  _exit(1);
+}
+
 }  // namespace
 
 }  // namespace sandbox
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
index a9470d7..c25d6cf 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
@@ -247,11 +247,8 @@ class ErrnoTestPolicy : public SandboxBPFPolicy {
 ErrorCode ErrnoTestPolicy::EvaluateSyscall(SandboxBPF*, int sysno) const {
   DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
   switch (sysno) {
-#if defined(ANDROID)
     case __NR_dup3:    // dup2 is a wrapper of dup3 in android
-#else
     case __NR_dup2:
-#endif
       // Pretend that dup2() worked, but don't actually do anything.
       return ErrorCode(0);
     case __NR_setuid:
@@ -761,15 +758,13 @@ intptr_t BrokerOpenTrapHandler(const struct arch_seccomp_data& args,
   BPF_ASSERT(aux);
   BrokerProcess* broker_process = static_cast<BrokerProcess*>(aux);
   switch (args.nr) {
-#if defined(ANDROID)
     case __NR_faccessat:    // access is a wrapper of faccessat in android
+      BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD);
       return broker_process->Access(reinterpret_cast<const char*>(args.args[1]),
                                     static_cast<int>(args.args[2]));
-#else
     case __NR_access:
       return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
                                     static_cast<int>(args.args[1]));
-#endif
     case __NR_open:
       return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
                                   static_cast<int>(args.args[1]));
@@ -793,11 +788,8 @@ ErrorCode DenyOpenPolicy(SandboxBPF* sandbox,
   }
 
   switch (sysno) {
-#if defined(ANDROID)
     case __NR_faccessat:
-#else
     case __NR_access:
-#endif
     case __NR_open:
     case __NR_openat:
       // We get a InitializedOpenBroker class, but our trap handler wants
@@ -875,28 +867,23 @@ ErrorCode SimpleCondTestPolicy::EvaluateSyscall(SandboxBPF* sandbox,
   // We deliberately return unusual errno values upon failure, so that we
   // can uniquely test for these values. In a "real" policy, you would want
   // to return more traditional values.
+  int flags_argument_position = -1;
   switch (sysno) {
-#if defined(ANDROID)
-    case __NR_openat:    // open is a wrapper of openat in android
-      // Allow opening files for reading, but don't allow writing.
-      COMPILE_ASSERT(O_RDONLY == 0, O_RDONLY_must_be_all_zero_bits);
-      return sandbox->Cond(2,
-                           ErrorCode::TP_32BIT,
-                           ErrorCode::OP_HAS_ANY_BITS,
-                           O_ACCMODE /* 0x3 */,
-                           ErrorCode(EROFS),
-                           ErrorCode(ErrorCode::ERR_ALLOWED));
-#else
     case __NR_open:
+    case __NR_openat:  // open can be a wrapper for openat(2).
+      if (sysno == __NR_open) {
+        flags_argument_position = 1;
+      } else if (sysno == __NR_openat) {
+        flags_argument_position = 2;
+      }
       // Allow opening files for reading, but don't allow writing.
       COMPILE_ASSERT(O_RDONLY == 0, O_RDONLY_must_be_all_zero_bits);
-      return sandbox->Cond(1,
+      return sandbox->Cond(flags_argument_position,
                            ErrorCode::TP_32BIT,
                            ErrorCode::OP_HAS_ANY_BITS,
                            O_ACCMODE /* 0x3 */,
                            ErrorCode(EROFS),
                            ErrorCode(ErrorCode::ERR_ALLOWED));
-#endif
     case __NR_prctl:
       // Allow prctl(PR_SET_DUMPABLE) and prctl(PR_GET_DUMPABLE), but
       // disallow everything else.
diff --git a/sandbox/linux/tests/unit_tests_unittest.cc b/sandbox/linux/tests/unit_tests_unittest.cc
index 8d8b28e..dafc166 100644
--- a/sandbox/linux/tests/unit_tests_unittest.cc
+++ b/sandbox/linux/tests/unit_tests_unittest.cc
@@ -34,6 +34,13 @@ SANDBOX_DEATH_TEST(UnitTests,
   raise(kExpectedSignalNumber);
 }
 
+SANDBOX_DEATH_TEST(UnitTests,
+                   DeathWithMessage,
+                   DEATH_MESSAGE("Hello")) {
+  LOG(ERROR) << "Hello";
+  _exit(1);
+}
+
 SANDBOX_TEST_ALLOW_NOISE(UnitTests, NoisyTest) {
   LOG(ERROR) << "The cow says moo!";
 }