#include <errno.h>
+#include "base/macros.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/linux/bpf_dsl/policy.h"
+#include "sandbox/linux/bpf_dsl/policy_compiler.h"
#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/seccomp-bpf/trap.h"
#include "sandbox/linux/tests/unit_tests.h"
namespace sandbox {
namespace {
+class DummyPolicy : public bpf_dsl::Policy {
+ public:
+ DummyPolicy() {}
+ virtual ~DummyPolicy() {}
+
+ virtual bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override {
+ return bpf_dsl::Allow();
+ }
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(DummyPolicy);
+};
+
SANDBOX_TEST(ErrorCode, ErrnoConstructor) {
ErrorCode e0;
SANDBOX_ASSERT(e0.err() == SECCOMP_RET_INVALID);
ErrorCode e2(EPERM);
SANDBOX_ASSERT(e2.err() == SECCOMP_RET_ERRNO + EPERM);
- SandboxBPF sandbox;
- ErrorCode e3 = sandbox.Trap(NULL, NULL);
+ DummyPolicy dummy_policy;
+ bpf_dsl::PolicyCompiler compiler(&dummy_policy, Trap::Registry());
+ ErrorCode e3 = compiler.Trap(NULL, NULL);
SANDBOX_ASSERT((e3.err() & SECCOMP_RET_ACTION) == SECCOMP_RET_TRAP);
uint16_t data = 0xdead;
}
SANDBOX_TEST(ErrorCode, Trap) {
- SandboxBPF sandbox;
- ErrorCode e0 = sandbox.Trap(NULL, "a");
- ErrorCode e1 = sandbox.Trap(NULL, "b");
+ DummyPolicy dummy_policy;
+ bpf_dsl::PolicyCompiler compiler(&dummy_policy, Trap::Registry());
+ ErrorCode e0 = compiler.Trap(NULL, "a");
+ ErrorCode e1 = compiler.Trap(NULL, "b");
SANDBOX_ASSERT((e0.err() & SECCOMP_RET_DATA) + 1 ==
(e1.err() & SECCOMP_RET_DATA));
- ErrorCode e2 = sandbox.Trap(NULL, "a");
+ ErrorCode e2 = compiler.Trap(NULL, "a");
SANDBOX_ASSERT((e0.err() & SECCOMP_RET_DATA) ==
(e2.err() & SECCOMP_RET_DATA));
}
ErrorCode e3(EPERM);
SANDBOX_ASSERT(!e1.Equals(e3));
- SandboxBPF sandbox;
- ErrorCode e4 = sandbox.Trap(NULL, "a");
- ErrorCode e5 = sandbox.Trap(NULL, "b");
- ErrorCode e6 = sandbox.Trap(NULL, "a");
+ DummyPolicy dummy_policy;
+ bpf_dsl::PolicyCompiler compiler(&dummy_policy, Trap::Registry());
+ ErrorCode e4 = compiler.Trap(NULL, "a");
+ ErrorCode e5 = compiler.Trap(NULL, "b");
+ ErrorCode e6 = compiler.Trap(NULL, "a");
SANDBOX_ASSERT(!e1.Equals(e4));
SANDBOX_ASSERT(!e3.Equals(e4));
SANDBOX_ASSERT(!e5.Equals(e4));
SANDBOX_ASSERT(!e1.LessThan(e3));
SANDBOX_ASSERT( e3.LessThan(e1));
- SandboxBPF sandbox;
- ErrorCode e4 = sandbox.Trap(NULL, "a");
- ErrorCode e5 = sandbox.Trap(NULL, "b");
- ErrorCode e6 = sandbox.Trap(NULL, "a");
+ DummyPolicy dummy_policy;
+ bpf_dsl::PolicyCompiler compiler(&dummy_policy, Trap::Registry());
+ ErrorCode e4 = compiler.Trap(NULL, "a");
+ ErrorCode e5 = compiler.Trap(NULL, "b");
+ ErrorCode e6 = compiler.Trap(NULL, "a");
SANDBOX_ASSERT(e1.LessThan(e4));
SANDBOX_ASSERT(e3.LessThan(e4));
SANDBOX_ASSERT(e4.LessThan(e5));