Supervised users: Re-check ManagementPolicy when ProfileIsSupervised changes.
[chromium-blink-merge.git] / sandbox / linux / seccomp-bpf / errorcode_unittest.cc
blob6b5491ee4a3c3c01f068638d6a848650479baeed
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/errorcode.h"
7 #include <errno.h>
9 #include "base/macros.h"
10 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
11 #include "sandbox/linux/bpf_dsl/policy.h"
12 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
13 #include "sandbox/linux/seccomp-bpf/trap.h"
14 #include "sandbox/linux/system_headers/linux_seccomp.h"
15 #include "sandbox/linux/tests/unit_tests.h"
17 namespace sandbox {
19 namespace {
21 class DummyPolicy : public bpf_dsl::Policy {
22 public:
23 DummyPolicy() {}
24 ~DummyPolicy() override {}
26 bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override {
27 return bpf_dsl::Allow();
30 private:
31 DISALLOW_COPY_AND_ASSIGN(DummyPolicy);
34 SANDBOX_TEST(ErrorCode, ErrnoConstructor) {
35 ErrorCode e0;
36 SANDBOX_ASSERT(e0.err() == SECCOMP_RET_INVALID);
38 ErrorCode e1(ErrorCode::ERR_ALLOWED);
39 SANDBOX_ASSERT(e1.err() == SECCOMP_RET_ALLOW);
41 ErrorCode e2(EPERM);
42 SANDBOX_ASSERT(e2.err() == SECCOMP_RET_ERRNO + EPERM);
44 DummyPolicy dummy_policy;
45 bpf_dsl::PolicyCompiler compiler(&dummy_policy, Trap::Registry());
46 ErrorCode e3 = compiler.Trap(NULL, NULL, true /* safe */);
47 SANDBOX_ASSERT((e3.err() & SECCOMP_RET_ACTION) == SECCOMP_RET_TRAP);
49 uint16_t data = 0xdead;
50 ErrorCode e4(ErrorCode::ERR_TRACE + data);
51 SANDBOX_ASSERT(e4.err() == SECCOMP_RET_TRACE + data);
54 SANDBOX_DEATH_TEST(ErrorCode,
55 InvalidSeccompRetTrace,
56 DEATH_MESSAGE("Invalid use of ErrorCode object")) {
57 // Should die if the trace data does not fit in 16 bits.
58 ErrorCode e(ErrorCode::ERR_TRACE + (1 << 16));
61 SANDBOX_TEST(ErrorCode, Trap) {
62 DummyPolicy dummy_policy;
63 bpf_dsl::PolicyCompiler compiler(&dummy_policy, Trap::Registry());
64 ErrorCode e0 = compiler.Trap(NULL, "a", true /* safe */);
65 ErrorCode e1 = compiler.Trap(NULL, "b", true /* safe */);
66 SANDBOX_ASSERT((e0.err() & SECCOMP_RET_DATA) + 1 ==
67 (e1.err() & SECCOMP_RET_DATA));
69 ErrorCode e2 = compiler.Trap(NULL, "a", true /* safe */);
70 SANDBOX_ASSERT((e0.err() & SECCOMP_RET_DATA) ==
71 (e2.err() & SECCOMP_RET_DATA));
74 SANDBOX_TEST(ErrorCode, Equals) {
75 ErrorCode e1(ErrorCode::ERR_ALLOWED);
76 ErrorCode e2(ErrorCode::ERR_ALLOWED);
77 SANDBOX_ASSERT(e1.Equals(e1));
78 SANDBOX_ASSERT(e1.Equals(e2));
79 SANDBOX_ASSERT(e2.Equals(e1));
81 ErrorCode e3(EPERM);
82 SANDBOX_ASSERT(!e1.Equals(e3));
84 DummyPolicy dummy_policy;
85 bpf_dsl::PolicyCompiler compiler(&dummy_policy, Trap::Registry());
86 ErrorCode e4 = compiler.Trap(NULL, "a", true /* safe */);
87 ErrorCode e5 = compiler.Trap(NULL, "b", true /* safe */);
88 ErrorCode e6 = compiler.Trap(NULL, "a", true /* safe */);
89 SANDBOX_ASSERT(!e1.Equals(e4));
90 SANDBOX_ASSERT(!e3.Equals(e4));
91 SANDBOX_ASSERT(!e5.Equals(e4));
92 SANDBOX_ASSERT( e6.Equals(e4));
95 SANDBOX_TEST(ErrorCode, LessThan) {
96 ErrorCode e1(ErrorCode::ERR_ALLOWED);
97 ErrorCode e2(ErrorCode::ERR_ALLOWED);
98 SANDBOX_ASSERT(!e1.LessThan(e1));
99 SANDBOX_ASSERT(!e1.LessThan(e2));
100 SANDBOX_ASSERT(!e2.LessThan(e1));
102 ErrorCode e3(EPERM);
103 SANDBOX_ASSERT(!e1.LessThan(e3));
104 SANDBOX_ASSERT( e3.LessThan(e1));
106 DummyPolicy dummy_policy;
107 bpf_dsl::PolicyCompiler compiler(&dummy_policy, Trap::Registry());
108 ErrorCode e4 = compiler.Trap(NULL, "a", true /* safe */);
109 ErrorCode e5 = compiler.Trap(NULL, "b", true /* safe */);
110 ErrorCode e6 = compiler.Trap(NULL, "a", true /* safe */);
111 SANDBOX_ASSERT(e1.LessThan(e4));
112 SANDBOX_ASSERT(e3.LessThan(e4));
113 SANDBOX_ASSERT(e4.LessThan(e5));
114 SANDBOX_ASSERT(!e4.LessThan(e6));
115 SANDBOX_ASSERT(!e6.LessThan(e4));
118 } // namespace
120 } // namespace sandbox