1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
6 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
7 #include "sandbox/linux/tests/unit_tests.h"
13 SANDBOX_TEST(SyscallIterator
, Monotonous
) {
14 for (int i
= 0; i
< 2; ++i
) {
15 bool invalid_only
= !i
; // Testing both |invalid_only| cases.
16 SyscallIterator
iter(invalid_only
);
17 uint32_t next
= iter
.Next();
20 // The iterator should start at 0.
21 SANDBOX_ASSERT(next
== 0);
23 for (uint32_t last
= next
; !iter
.Done(); last
= next
) {
25 SANDBOX_ASSERT(last
< next
);
27 // The iterator should always return 0xFFFFFFFFu as the last value.
28 SANDBOX_ASSERT(next
== 0xFFFFFFFFu
);
33 SANDBOX_TEST(SyscallIterator
, PublicSyscallRangeMIPS
) {
34 SyscallIterator
iter(false);
35 uint32_t next
= iter
.Next();
36 SANDBOX_ASSERT(next
== 0);
38 // Since on MIPS MIN_SYSCALL != 0 we need to move iterator to valid range.
40 SANDBOX_ASSERT(next
== MIN_SYSCALL
- 1);
42 // The iterator should cover the public syscall range
43 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls.
44 for (uint32_t last
= next
; next
< MAX_PUBLIC_SYSCALL
+ 1; last
= next
) {
45 SANDBOX_ASSERT((next
= iter
.Next()) == last
+ 1);
47 SANDBOX_ASSERT(next
== MAX_PUBLIC_SYSCALL
+ 1);
50 SANDBOX_TEST(SyscallIterator
, PublicSyscallRangeIntelArm
) {
51 SyscallIterator
iter(false);
52 uint32_t next
= iter
.Next();
54 // The iterator should cover the public syscall range
55 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls.
56 // We're assuming MIN_SYSCALL == 0 for all architectures,
57 // this is currently valid for Intel and ARM EABI.
58 SANDBOX_ASSERT(MIN_SYSCALL
== 0);
59 SANDBOX_ASSERT(next
== MIN_SYSCALL
);
60 for (uint32_t last
= next
; next
< MAX_PUBLIC_SYSCALL
+ 1; last
= next
) {
61 SANDBOX_ASSERT((next
= iter
.Next()) == last
+ 1);
63 SANDBOX_ASSERT(next
== MAX_PUBLIC_SYSCALL
+ 1);
65 #endif // defined(__mips__)
68 SANDBOX_TEST(SyscallIterator
, ARMPrivateSyscallRange
) {
69 SyscallIterator
iter(false);
70 uint32_t next
= iter
.Next();
71 while (next
< MIN_PRIVATE_SYSCALL
- 1) {
74 // The iterator should cover the ARM private syscall range
75 // without skipping syscalls.
76 SANDBOX_ASSERT(next
== MIN_PRIVATE_SYSCALL
- 1);
77 for (uint32_t last
= next
; next
< MAX_PRIVATE_SYSCALL
+ 1; last
= next
) {
78 SANDBOX_ASSERT((next
= iter
.Next()) == last
+ 1);
80 SANDBOX_ASSERT(next
== MAX_PRIVATE_SYSCALL
+ 1);
83 SANDBOX_TEST(SyscallIterator
, ARMHiddenSyscallRange
) {
84 SyscallIterator
iter(false);
85 uint32_t next
= iter
.Next();
86 while (next
< MIN_GHOST_SYSCALL
- 1) {
89 // The iterator should cover the ARM hidden syscall range
90 // without skipping syscalls.
91 SANDBOX_ASSERT(next
== MIN_GHOST_SYSCALL
- 1);
92 for (uint32_t last
= next
; next
< MAX_SYSCALL
+ 1; last
= next
) {
93 SANDBOX_ASSERT((next
= iter
.Next()) == last
+ 1);
95 SANDBOX_ASSERT(next
== MAX_SYSCALL
+ 1);
99 SANDBOX_TEST(SyscallIterator
, Invalid
) {
100 for (int i
= 0; i
< 2; ++i
) {
101 bool invalid_only
= !i
; // Testing both |invalid_only| cases.
102 SyscallIterator
iter(invalid_only
);
103 uint32_t next
= iter
.Next();
105 while (next
< MAX_SYSCALL
+ 1) {
109 SANDBOX_ASSERT(next
== MAX_SYSCALL
+ 1);
110 while (next
< 0x7FFFFFFFu
) {
114 // The iterator should return the signed/unsigned corner cases.
115 SANDBOX_ASSERT(next
== 0x7FFFFFFFu
);
117 SANDBOX_ASSERT(next
== 0x80000000u
);
118 SANDBOX_ASSERT(!iter
.Done());
120 SANDBOX_ASSERT(iter
.Done());
121 SANDBOX_ASSERT(next
== 0xFFFFFFFFu
);
125 #if defined(__mips__)
126 SANDBOX_TEST(SyscallIterator
, InvalidOnlyMIPS
) {
127 bool invalid_only
= true;
128 SyscallIterator
iter(invalid_only
);
129 uint32_t next
= iter
.Next();
130 SANDBOX_ASSERT(next
== 0);
131 // For Mips O32 ABI we're assuming MIN_SYSCALL == 4000.
132 SANDBOX_ASSERT(MIN_SYSCALL
== 4000);
134 // Since on MIPS MIN_SYSCALL != 0, we need to move iterator to valid range
135 // The iterator should skip until the last invalid syscall in this range.
137 SANDBOX_ASSERT(next
== MIN_SYSCALL
- 1);
139 // First next invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|.
140 SANDBOX_ASSERT(next
== MAX_PUBLIC_SYSCALL
+ 1);
145 SANDBOX_TEST(SyscallIterator
, InvalidOnlyIntelArm
) {
146 bool invalid_only
= true;
147 SyscallIterator
iter(invalid_only
);
148 uint32_t next
= iter
.Next();
149 // We're assuming MIN_SYSCALL == 0 for all architectures,
150 // this is currently valid for Intel and ARM EABI.
151 // First invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|.
152 SANDBOX_ASSERT(MIN_SYSCALL
== 0);
153 SANDBOX_ASSERT(next
== MAX_PUBLIC_SYSCALL
+ 1);
157 // The iterator should skip until the last invalid syscall in this range.
158 SANDBOX_ASSERT(next
== MIN_PRIVATE_SYSCALL
- 1);
159 while (next
<= MAX_PRIVATE_SYSCALL
) {
164 // The iterator should skip until the last invalid syscall in this range.
165 SANDBOX_ASSERT(next
== MIN_GHOST_SYSCALL
- 1);
166 while (next
<= MAX_SYSCALL
) {
169 SANDBOX_ASSERT(next
== MAX_SYSCALL
+ 1);
170 #endif // defined(__arm__)
172 #endif // defined(__mips__)
176 } // namespace sandbox