sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_
   6 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_
   7
   8 #include "base/macros.h"
   9 #include "base/memory/scoped_ptr.h"
  10 #include "sandbox/linux/tests/sandbox_test_runner.h"
  11
  12 namespace sandbox {
  13 namespace bpf_dsl {
  14 class Policy;
  15 }
  16
  17 // To create a SandboxBPFTestRunner object, one needs to implement this
  18 // interface and pass an instance to the SandboxBPFTestRunner constructor.
  19 // In the child process running the test, the BPFTesterDelegate object is
  20 // guaranteed to not be destroyed until the child process terminates.
  21 class BPFTesterDelegate {
  22  public:
  23   BPFTesterDelegate() {}
  24   virtual ~BPFTesterDelegate() {}
  25
  26   // This will instanciate a policy suitable for the test we want to run. It is
  27   // guaranteed to only be called from the child process that will run the
  28   // test.
  29   virtual scoped_ptr<bpf_dsl::Policy> GetSandboxBPFPolicy() = 0;
  30   // This will be called from a child process with the BPF sandbox turned on.
  31   virtual void RunTestFunction() = 0;
  32
  33  private:
  34   DISALLOW_COPY_AND_ASSIGN(BPFTesterDelegate);
  35 };
  36
  37 // This class implements the SandboxTestRunner interface and Run() will
  38 // initialize a seccomp-bpf sandbox (specified by |bpf_tester_delegate|) and
  39 // run a test function (via |bpf_tester_delegate|) if the current kernel
  40 // configuration allows it. If it can not run the test under seccomp-bpf,
  41 // Run() will still compile the policy which should allow to get some coverage
  42 // under tools such as Valgrind.
  43 class SandboxBPFTestRunner : public SandboxTestRunner {
  44  public:
  45   // This constructor takes ownership of the |bpf_tester_delegate| object.
  46   // (It doesn't take a scoped_ptr since they make polymorphism verbose).
  47   explicit SandboxBPFTestRunner(BPFTesterDelegate* bpf_tester_delegate);
  48   ~SandboxBPFTestRunner() override;
  49
  50   void Run() override;
  51
  52   bool ShouldCheckForLeaks() const override;
  53
  54  private:
  55   scoped_ptr<BPFTesterDelegate> bpf_tester_delegate_;
  56   DISALLOW_COPY_AND_ASSIGN(SandboxBPFTestRunner);
  57 };
  58
  59 }  // namespace sandbox
  60
  61 #endif  // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_