1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
8 #include <sys/ptrace.h>
9 #include <sys/syscall.h>
10 #include <sys/types.h>
13 #include "base/logging.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "build/build_config.h"
16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
17 #include "sandbox/linux/services/linux_syscalls.h"
18 #include "sandbox/linux/tests/unit_tests.h"
19 #include "testing/gtest/include/gtest/gtest.h"
27 static const int kMagicValue = 42;
28 FourtyTwo() : value_(kMagicValue) {}
29 int value() { return value_; }
33 DISALLOW_COPY_AND_ASSIGN(FourtyTwo);
36 class EmptyClassTakingPolicy : public SandboxBPFPolicy {
38 explicit EmptyClassTakingPolicy(FourtyTwo* fourty_two) {
39 BPF_ASSERT(fourty_two);
40 BPF_ASSERT(FourtyTwo::kMagicValue == fourty_two->value());
42 virtual ~EmptyClassTakingPolicy() {}
44 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
45 int sysno) const OVERRIDE {
46 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
47 return ErrorCode(ErrorCode::ERR_ALLOWED);
53 EmptyClassTakingPolicy,
54 FourtyTwo /* *BPF_AUX */) {
55 // BPF_AUX should point to an instance of FourtyTwo.
57 BPF_ASSERT(FourtyTwo::kMagicValue == BPF_AUX->value());
60 void DummyTestFunction(FourtyTwo *fourty_two) {
63 TEST(BPFTest, BPFTesterCompatibilityDelegateLeakTest) {
64 // Don't do anything, simply gives dynamic tools an opportunity to detect
67 BPFTesterCompatibilityDelegate<EmptyClassTakingPolicy, FourtyTwo>
68 simple_delegate(DummyTestFunction);
72 scoped_ptr<BPFTesterDelegate> simple_delegate(
73 new BPFTesterCompatibilityDelegate<EmptyClassTakingPolicy, FourtyTwo>(
78 class EnosysPtracePolicy : public SandboxBPFPolicy {
80 EnosysPtracePolicy() {
81 my_pid_ = syscall(__NR_getpid);
83 virtual ~EnosysPtracePolicy() {
84 // Policies should be able to bind with the process on which they are
85 // created. They should never be created in a parent process.
86 BPF_ASSERT_EQ(my_pid_, syscall(__NR_getpid));
89 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
90 int system_call_number) const OVERRIDE {
91 if (!SandboxBPF::IsValidSyscallNumber(system_call_number)) {
92 return ErrorCode(ENOSYS);
93 } else if (system_call_number == __NR_ptrace) {
94 // The EvaluateSyscall function should run in the process that created
95 // the current object.
96 BPF_ASSERT_EQ(my_pid_, syscall(__NR_getpid));
97 return ErrorCode(ENOSYS);
99 return ErrorCode(ErrorCode::ERR_ALLOWED);
105 DISALLOW_COPY_AND_ASSIGN(EnosysPtracePolicy);
108 class BasicBPFTesterDelegate : public BPFTesterDelegate {
110 BasicBPFTesterDelegate() {}
111 virtual ~BasicBPFTesterDelegate() {}
113 virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() OVERRIDE {
114 return scoped_ptr<SandboxBPFPolicy>(new EnosysPtracePolicy());
116 virtual void RunTestFunction() OVERRIDE {
118 int ret = ptrace(PTRACE_TRACEME, -1, NULL, NULL);
119 BPF_ASSERT(-1 == ret);
120 BPF_ASSERT(ENOSYS == errno);
124 DISALLOW_COPY_AND_ASSIGN(BasicBPFTesterDelegate);
127 // This is the most powerful and complex way to create a BPF test, but it
128 // requires a full class definition (BasicBPFTesterDelegate).
129 BPF_TEST_D(BPFTest, BPFTestWithDelegateClass, BasicBPFTesterDelegate);
131 // This is the simplest form of BPF tests.
132 BPF_TEST_C(BPFTest, BPFTestWithInlineTest, EnosysPtracePolicy) {
134 int ret = ptrace(PTRACE_TRACEME, -1, NULL, NULL);
135 BPF_ASSERT(-1 == ret);
136 BPF_ASSERT(ENOSYS == errno);
139 const char kHelloMessage[] = "Hello";
141 BPF_DEATH_TEST_C(BPFTest,
142 BPFDeathTestWithInlineTest,
143 DEATH_MESSAGE(kHelloMessage),
144 EnosysPtracePolicy) {
145 LOG(ERROR) << kHelloMessage;
151 } // namespace sandbox