Permission message rules: Each rule must have >= 1 required permissions
[chromium-blink-merge.git] / sandbox / linux / bpf_dsl / errorcode_unittest.cc
blob7277ed6eac52c0ebc4022bb58d9e8c43133d3fe5
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/bpf_dsl/errorcode.h"
7 #include <errno.h>
9 #include "base/macros.h"
10 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
11 #include "sandbox/linux/bpf_dsl/policy.h"
12 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
13 #include "sandbox/linux/bpf_dsl/test_trap_registry.h"
14 #include "sandbox/linux/system_headers/linux_seccomp.h"
15 #include "testing/gtest/include/gtest/gtest.h"
17 namespace sandbox {
18 namespace bpf_dsl {
19 namespace {
21 class DummyPolicy : public Policy {
22 public:
23 DummyPolicy() {}
24 ~DummyPolicy() override {}
26 ResultExpr EvaluateSyscall(int sysno) const override { return Allow(); }
28 private:
29 DISALLOW_COPY_AND_ASSIGN(DummyPolicy);
32 class ErrorCodeTest : public ::testing::Test {
33 protected:
34 ErrorCodeTest()
35 : policy_(), trap_registry_(), compiler_(&policy_, &trap_registry_) {}
36 ~ErrorCodeTest() override {}
38 DummyPolicy policy_;
39 TestTrapRegistry trap_registry_;
40 PolicyCompiler compiler_;
42 DISALLOW_COPY_AND_ASSIGN(ErrorCodeTest);
45 TEST_F(ErrorCodeTest, ErrnoConstructor) {
46 ErrorCode e0;
47 EXPECT_EQ(SECCOMP_RET_INVALID, e0.err());
49 ErrorCode e1(ErrorCode::ERR_ALLOWED);
50 EXPECT_EQ(SECCOMP_RET_ALLOW, e1.err());
52 ErrorCode e2(EPERM);
53 EXPECT_EQ(SECCOMP_RET_ERRNO + EPERM, e2.err());
55 ErrorCode e3 = compiler_.Trap(NULL, NULL, true /* safe */);
56 EXPECT_EQ(SECCOMP_RET_TRAP, (e3.err() & SECCOMP_RET_ACTION));
58 uint16_t data = 0xdead;
59 ErrorCode e4(ErrorCode::ERR_TRACE + data);
60 EXPECT_EQ(SECCOMP_RET_TRACE + data, e4.err());
63 TEST_F(ErrorCodeTest, InvalidSeccompRetTrace) {
64 // Should die if the trace data does not fit in 16 bits.
65 ASSERT_DEATH(ErrorCode e(ErrorCode::ERR_TRACE + (1 << 16)),
66 "Invalid use of ErrorCode object");
69 TEST_F(ErrorCodeTest, Trap) {
70 ErrorCode e0 = compiler_.Trap(NULL, "a", true /* safe */);
71 ErrorCode e1 = compiler_.Trap(NULL, "b", true /* safe */);
72 EXPECT_EQ((e0.err() & SECCOMP_RET_DATA) + 1, e1.err() & SECCOMP_RET_DATA);
74 ErrorCode e2 = compiler_.Trap(NULL, "a", true /* safe */);
75 EXPECT_EQ(e0.err() & SECCOMP_RET_DATA, e2.err() & SECCOMP_RET_DATA);
78 TEST_F(ErrorCodeTest, Equals) {
79 ErrorCode e1(ErrorCode::ERR_ALLOWED);
80 ErrorCode e2(ErrorCode::ERR_ALLOWED);
81 EXPECT_TRUE(e1.Equals(e1));
82 EXPECT_TRUE(e1.Equals(e2));
83 EXPECT_TRUE(e2.Equals(e1));
85 ErrorCode e3(EPERM);
86 EXPECT_FALSE(e1.Equals(e3));
88 ErrorCode e4 = compiler_.Trap(NULL, "a", true /* safe */);
89 ErrorCode e5 = compiler_.Trap(NULL, "b", true /* safe */);
90 ErrorCode e6 = compiler_.Trap(NULL, "a", true /* safe */);
91 EXPECT_FALSE(e1.Equals(e4));
92 EXPECT_FALSE(e3.Equals(e4));
93 EXPECT_FALSE(e5.Equals(e4));
94 EXPECT_TRUE(e6.Equals(e4));
97 TEST_F(ErrorCodeTest, LessThan) {
98 ErrorCode e1(ErrorCode::ERR_ALLOWED);
99 ErrorCode e2(ErrorCode::ERR_ALLOWED);
100 EXPECT_FALSE(e1.LessThan(e1));
101 EXPECT_FALSE(e1.LessThan(e2));
102 EXPECT_FALSE(e2.LessThan(e1));
104 ErrorCode e3(EPERM);
105 EXPECT_FALSE(e1.LessThan(e3));
106 EXPECT_TRUE(e3.LessThan(e1));
108 ErrorCode e4 = compiler_.Trap(NULL, "a", true /* safe */);
109 ErrorCode e5 = compiler_.Trap(NULL, "b", true /* safe */);
110 ErrorCode e6 = compiler_.Trap(NULL, "a", true /* safe */);
111 EXPECT_TRUE(e1.LessThan(e4));
112 EXPECT_TRUE(e3.LessThan(e4));
113 EXPECT_TRUE(e4.LessThan(e5));
114 EXPECT_FALSE(e4.LessThan(e6));
115 EXPECT_FALSE(e6.LessThan(e4));
118 } // namespace
119 } // namespace bpf_dsl
120 } // namespace sandbox