1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
8 #include <sys/ptrace.h>
9 #include <sys/syscall.h>
10 #include <sys/types.h>
13 #include "base/logging.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "build/build_config.h"
16 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
17 #include "sandbox/linux/bpf_dsl/policy.h"
18 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
19 #include "sandbox/linux/services/syscall_wrappers.h"
20 #include "sandbox/linux/system_headers/linux_syscalls.h"
21 #include "sandbox/linux/tests/unit_tests.h"
22 #include "testing/gtest/include/gtest/gtest.h"
24 using sandbox::bpf_dsl::Allow
;
25 using sandbox::bpf_dsl::Error
;
26 using sandbox::bpf_dsl::ResultExpr
;
34 static const int kMagicValue
= 42;
35 FourtyTwo() : value_(kMagicValue
) {}
36 int value() { return value_
; }
40 DISALLOW_COPY_AND_ASSIGN(FourtyTwo
);
43 class EmptyClassTakingPolicy
: public bpf_dsl::Policy
{
45 explicit EmptyClassTakingPolicy(FourtyTwo
* fourty_two
) {
46 BPF_ASSERT(fourty_two
);
47 BPF_ASSERT(FourtyTwo::kMagicValue
== fourty_two
->value());
49 ~EmptyClassTakingPolicy() override
{}
51 ResultExpr
EvaluateSyscall(int sysno
) const override
{
52 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno
));
59 EmptyClassTakingPolicy
,
60 FourtyTwo
/* *BPF_AUX */) {
61 // BPF_AUX should point to an instance of FourtyTwo.
63 BPF_ASSERT(FourtyTwo::kMagicValue
== BPF_AUX
->value());
66 void DummyTestFunction(FourtyTwo
*fourty_two
) {
69 TEST(BPFTest
, BPFTesterCompatibilityDelegateLeakTest
) {
70 // Don't do anything, simply gives dynamic tools an opportunity to detect
73 BPFTesterCompatibilityDelegate
<EmptyClassTakingPolicy
, FourtyTwo
>
74 simple_delegate(DummyTestFunction
);
78 scoped_ptr
<BPFTesterDelegate
> simple_delegate(
79 new BPFTesterCompatibilityDelegate
<EmptyClassTakingPolicy
, FourtyTwo
>(
84 class EnosysPtracePolicy
: public bpf_dsl::Policy
{
86 EnosysPtracePolicy() { my_pid_
= sys_getpid(); }
87 ~EnosysPtracePolicy() override
{
88 // Policies should be able to bind with the process on which they are
89 // created. They should never be created in a parent process.
90 BPF_ASSERT_EQ(my_pid_
, sys_getpid());
93 ResultExpr
EvaluateSyscall(int system_call_number
) const override
{
94 CHECK(SandboxBPF::IsValidSyscallNumber(system_call_number
));
95 if (system_call_number
== __NR_ptrace
) {
96 // The EvaluateSyscall function should run in the process that created
97 // the current object.
98 BPF_ASSERT_EQ(my_pid_
, sys_getpid());
107 DISALLOW_COPY_AND_ASSIGN(EnosysPtracePolicy
);
110 class BasicBPFTesterDelegate
: public BPFTesterDelegate
{
112 BasicBPFTesterDelegate() {}
113 ~BasicBPFTesterDelegate() override
{}
115 scoped_ptr
<bpf_dsl::Policy
> GetSandboxBPFPolicy() override
{
116 return scoped_ptr
<bpf_dsl::Policy
>(new EnosysPtracePolicy());
118 void RunTestFunction() override
{
120 int ret
= ptrace(PTRACE_TRACEME
, -1, NULL
, NULL
);
121 BPF_ASSERT(-1 == ret
);
122 BPF_ASSERT(ENOSYS
== errno
);
126 DISALLOW_COPY_AND_ASSIGN(BasicBPFTesterDelegate
);
129 // This is the most powerful and complex way to create a BPF test, but it
130 // requires a full class definition (BasicBPFTesterDelegate).
131 BPF_TEST_D(BPFTest
, BPFTestWithDelegateClass
, BasicBPFTesterDelegate
);
133 // This is the simplest form of BPF tests.
134 BPF_TEST_C(BPFTest
, BPFTestWithInlineTest
, EnosysPtracePolicy
) {
136 int ret
= ptrace(PTRACE_TRACEME
, -1, NULL
, NULL
);
137 BPF_ASSERT(-1 == ret
);
138 BPF_ASSERT(ENOSYS
== errno
);
141 const char kHelloMessage
[] = "Hello";
143 BPF_DEATH_TEST_C(BPFTest
,
144 BPFDeathTestWithInlineTest
,
145 DEATH_MESSAGE(kHelloMessage
),
146 EnosysPtracePolicy
) {
147 LOG(ERROR
) << kHelloMessage
;
153 } // namespace sandbox
