1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
6 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
7 #include "sandbox/linux/tests/unit_tests.h"
13 SANDBOX_TEST(SyscallIterator
, Monotonous
) {
14 for (int i
= 0; i
< 2; ++i
) {
15 bool invalid_only
= !i
; // Testing both |invalid_only| cases.
16 SyscallIterator
iter(invalid_only
);
17 uint32_t next
= iter
.Next();
20 // The iterator should start at 0.
21 SANDBOX_ASSERT(next
== 0);
23 for (uint32_t last
= next
; !iter
.Done(); last
= next
) {
25 SANDBOX_ASSERT(last
< next
);
27 // The iterator should always return 0xFFFFFFFFu as the last value.
28 SANDBOX_ASSERT(next
== 0xFFFFFFFFu
);
32 SANDBOX_TEST(SyscallIterator
, PublicSyscallRange
) {
33 SyscallIterator
iter(false);
34 uint32_t next
= iter
.Next();
36 // The iterator should cover the public syscall range
37 // MIN_SYSCALL..MAX_PUBLIC_SYSCALL, without skipping syscalls.
38 // We're assuming MIN_SYSCALL == 0 for all architectures,
39 // this is currently valid for Intel and ARM EABI.
40 SANDBOX_ASSERT(MIN_SYSCALL
== 0);
41 SANDBOX_ASSERT(next
== MIN_SYSCALL
);
42 for (uint32_t last
= next
; next
< MAX_PUBLIC_SYSCALL
+ 1; last
= next
) {
43 SANDBOX_ASSERT((next
= iter
.Next()) == last
+ 1);
45 SANDBOX_ASSERT(next
== MAX_PUBLIC_SYSCALL
+ 1);
49 SANDBOX_TEST(SyscallIterator
, ARMPrivateSyscallRange
) {
50 SyscallIterator
iter(false);
51 uint32_t next
= iter
.Next();
52 while (next
< MIN_PRIVATE_SYSCALL
- 1) {
55 // The iterator should cover the ARM private syscall range
56 // without skipping syscalls.
57 SANDBOX_ASSERT(next
== MIN_PRIVATE_SYSCALL
- 1);
58 for (uint32_t last
= next
; next
< MAX_PRIVATE_SYSCALL
+ 1; last
= next
) {
59 SANDBOX_ASSERT((next
= iter
.Next()) == last
+ 1);
61 SANDBOX_ASSERT(next
== MAX_PRIVATE_SYSCALL
+ 1);
64 SANDBOX_TEST(SyscallIterator
, ARMHiddenSyscallRange
) {
65 SyscallIterator
iter(false);
66 uint32_t next
= iter
.Next();
67 while (next
< MIN_GHOST_SYSCALL
- 1) {
70 // The iterator should cover the ARM hidden syscall range
71 // without skipping syscalls.
72 SANDBOX_ASSERT(next
== MIN_GHOST_SYSCALL
- 1);
73 for (uint32_t last
= next
; next
< MAX_SYSCALL
+ 1; last
= next
) {
74 SANDBOX_ASSERT((next
= iter
.Next()) == last
+ 1);
76 SANDBOX_ASSERT(next
== MAX_SYSCALL
+ 1);
80 SANDBOX_TEST(SyscallIterator
, Invalid
) {
81 for (int i
= 0; i
< 2; ++i
) {
82 bool invalid_only
= !i
; // Testing both |invalid_only| cases.
83 SyscallIterator
iter(invalid_only
);
84 uint32_t next
= iter
.Next();
86 while (next
< MAX_SYSCALL
+ 1) {
90 SANDBOX_ASSERT(next
== MAX_SYSCALL
+ 1);
91 while (next
< 0x7FFFFFFFu
) {
95 // The iterator should return the signed/unsigned corner cases.
96 SANDBOX_ASSERT(next
== 0x7FFFFFFFu
);
98 SANDBOX_ASSERT(next
== 0x80000000u
);
99 SANDBOX_ASSERT(!iter
.Done());
101 SANDBOX_ASSERT(iter
.Done());
102 SANDBOX_ASSERT(next
== 0xFFFFFFFFu
);
106 SANDBOX_TEST(SyscallIterator
, InvalidOnly
) {
107 bool invalid_only
= true;
108 SyscallIterator
iter(invalid_only
);
109 uint32_t next
= iter
.Next();
110 // We're assuming MIN_SYSCALL == 0 for all architectures,
111 // this is currently valid for Intel and ARM EABI.
112 // First invalid syscall should then be |MAX_PUBLIC_SYSCALL + 1|.
113 SANDBOX_ASSERT(MIN_SYSCALL
== 0);
114 SANDBOX_ASSERT(next
== MAX_PUBLIC_SYSCALL
+ 1);
118 // The iterator should skip until the last invalid syscall in this range.
119 SANDBOX_ASSERT(next
== MIN_PRIVATE_SYSCALL
- 1);
120 while (next
<= MAX_PRIVATE_SYSCALL
) {
125 // The iterator should skip until the last invalid syscall in this range.
126 SANDBOX_ASSERT(next
== MIN_GHOST_SYSCALL
- 1);
127 while (next
<= MAX_SYSCALL
) {
130 SANDBOX_ASSERT(next
== MAX_SYSCALL
+ 1);
136 } // namespace sandbox
