10529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// Copyright 2014 The Chromium Authors. All rights reserved. 20529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// Use of this source code is governed by a BSD-style license that can be 30529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// found in the LICENSE file. 40529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 55f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Sanitizers internally use some syscalls which non-SFI NaCl disallows. 65f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ 75f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) 80529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 90529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" 100529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 110529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <errno.h> 120529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <fcntl.h> 131320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include <linux/futex.h> 140529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <pthread.h> 150529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <sched.h> 160529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <signal.h> 170529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <stdlib.h> 180529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <string.h> 190529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <sys/mman.h> 200529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <sys/prctl.h> 210529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <sys/ptrace.h> 220529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <sys/socket.h> 230529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <sys/syscall.h> 240529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <sys/types.h> 250529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <sys/wait.h> 26cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include <time.h> 270529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <unistd.h> 280529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 290529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/bind.h" 300529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/callback.h" 310529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/compiler_specific.h" 320529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/files/scoped_file.h" 330529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/logging.h" 340529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/posix/eintr_wrapper.h" 3546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)#include "base/sys_info.h" 361320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "base/threading/thread.h" 3746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)#include "base/time/time.h" 380529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 390529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "sandbox/linux/seccomp-bpf/bpf_tests.h" 401320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "sandbox/linux/seccomp-bpf/syscall.h" 4246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)#include "sandbox/linux/services/linux_syscalls.h" 43cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK 440529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 450529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochnamespace { 460529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 470529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochvoid DoPipe(base::ScopedFD* fds) { 480529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch int tmp_fds[2]; 490529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, pipe(tmp_fds)); 500529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch fds[0].reset(tmp_fds[0]); 510529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch fds[1].reset(tmp_fds[1]); 520529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 530529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 540529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochvoid DoSocketpair(base::ScopedFD* fds) { 550529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch int tmp_fds[2]; 560529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, socketpair(AF_UNIX, SOCK_STREAM, 0, tmp_fds)); 570529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch fds[0].reset(tmp_fds[0]); 580529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch fds[1].reset(tmp_fds[1]); 590529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 600529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 610529e5d033099cbfc42635f6f6183833b09dff6eBen MurdochTEST(NaClNonSfiSandboxTest, BPFIsSupported) { 620529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch bool seccomp_bpf_supported = ( 630529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch sandbox::SandboxBPF::SupportsSeccompSandbox(-1) == 640529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch sandbox::SandboxBPF::STATUS_AVAILABLE); 650529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch if (!seccomp_bpf_supported) { 660529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch LOG(ERROR) << "Seccomp BPF is not supported, these tests " 670529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch << "will pass without running"; 680529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch } 690529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 700529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 71010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 72010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) invalid_sysno, 73010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 74010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 750529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch syscall(999); 760529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 770529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 780529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochconst int kExpectedValue = 123; 790529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 800529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochvoid* SetValueInThread(void* test_val_ptr) { 810529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch *reinterpret_cast<int*>(test_val_ptr) = kExpectedValue; 820529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch return NULL; 830529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 840529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 850529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// To make this test pass, we need to allow sched_getaffinity and 860529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// mmap. We just disable this test not to complicate the sandbox. 87010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 88010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) clone_by_pthread_create, 89010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 900529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch // clone call for thread creation is allowed. 910529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch pthread_t th; 920529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch int test_val = 42; 930529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, pthread_create(&th, NULL, &SetValueInThread, &test_val)); 940529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, pthread_join(th, NULL)); 950529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(kExpectedValue, test_val); 960529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 970529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 980529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochint DoFork() { 990529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch // Call clone() to do a fork(). 1000529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch const int pid = syscall(__NR_clone, SIGCHLD, NULL); 1010529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch if (pid == 0) 1020529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch _exit(0); 1030529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch return pid; 1040529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1050529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 1060529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// The sanity check for DoFork without the sandbox. 1070529e5d033099cbfc42635f6f6183833b09dff6eBen MurdochTEST(NaClNonSfiSandboxTest, DoFork) { 1080529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch const int pid = DoFork(); 1090529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch ASSERT_LT(0, pid); 1100529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch int status; 1110529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch ASSERT_EQ(pid, HANDLE_EINTR(waitpid(pid, &status, 0))); 1120529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch ASSERT_TRUE(WIFEXITED(status)); 1130529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch ASSERT_EQ(0, WEXITSTATUS(status)); 1140529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1150529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 1160529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// Then, try this in the sandbox. 117010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 118010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) clone_for_fork, 119010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetCloneErrorMessageContentForTests()), 120010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1210529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch DoFork(); 1220529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1230529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 124010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 125010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) prctl_SET_NAME, 126010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1270529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch errno = 0; 1280529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(-1, syscall(__NR_prctl, PR_SET_NAME, "foo")); 1290529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(EPERM, errno); 1300529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1310529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 132010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 133010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) prctl_SET_DUMPABLE, 134010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetPrctlErrorMessageContentForTests()), 135010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1360529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch syscall(__NR_prctl, PR_SET_DUMPABLE, 1UL); 1370529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1380529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 139010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 140010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) socketcall_allowed, 141010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1420529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch base::ScopedFD fds[2]; 1430529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch struct msghdr msg = {}; 1440529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch struct iovec iov; 1450529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch std::string payload("foo"); 1460529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch iov.iov_base = &payload[0]; 1470529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch iov.iov_len = payload.size(); 1480529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch msg.msg_iov = &iov; 1490529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch msg.msg_iovlen = 1; 1500529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch DoSocketpair(fds); 1510529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(static_cast<int>(payload.size()), 1520529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch HANDLE_EINTR(sendmsg(fds[1].get(), &msg, 0))); 1530529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(static_cast<int>(payload.size()), 1540529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch HANDLE_EINTR(recvmsg(fds[0].get(), &msg, 0))); 1550529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, shutdown(fds[0].get(), SHUT_RDWR)); 1560529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1570529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 158010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 159010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) accept, 160010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 161010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1620529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch accept(0, NULL, NULL); 1630529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1640529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 165010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 166010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) bind, 167010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 168010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1690529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch bind(0, NULL, 0); 1700529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1710529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 172010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 173010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) connect, 174010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 175010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1760529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch connect(0, NULL, 0); 1770529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1780529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 179010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 180010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) getpeername, 181010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 182010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1830529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch getpeername(0, NULL, NULL); 1840529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1850529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 186010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 187010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) getsockname, 188010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 189010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1900529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch struct sockaddr addr; 1910529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch socklen_t addrlen = 0; 1920529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch getsockname(0, &addr, &addrlen); 1930529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 1940529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 195010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 196010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) getsockopt, 197010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 198010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 1990529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch getsockopt(0, 0, 0, NULL, NULL); 2000529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2010529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 202010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 203010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) listen, 204010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 205010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2060529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch listen(0, 0); 2070529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2080529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 209010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 210010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) recv, 211010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 212010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2130529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch recv(0, NULL, 0, 0); 2140529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2150529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 216010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 217010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) recvfrom, 218010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 219010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2200529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch recvfrom(0, NULL, 0, 0, NULL, NULL); 2210529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2220529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 223010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 224010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) send, 225010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 226010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2270529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch send(0, NULL, 0, 0); 2280529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2290529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 230010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 231010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sendto, 232010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 233010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2340529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch sendto(0, NULL, 0, 0, NULL, 0); 2350529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2360529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 237010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 238010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) setsockopt, 239010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 240010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2410529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch setsockopt(0, 0, 0, NULL, 0); 2420529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2430529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 244010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 245010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) socket, 246010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 247010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2480529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch socket(0, 0, 0); 2490529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2500529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 2510529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#if defined(__x86_64__) || defined(__arm__) 252010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 253010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) socketpair, 254010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 255010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2560529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch int fds[2]; 2570529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch socketpair(AF_INET, SOCK_STREAM, 0, fds); 2580529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2590529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#endif 2600529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 261010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 262010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) fcntl_SETFD_allowed, 263010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2640529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch base::ScopedFD fds[2]; 2650529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch DoSocketpair(fds); 2660529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, fcntl(fds[0].get(), F_SETFD, FD_CLOEXEC)); 2670529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2680529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 269010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 270010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) fcntl_SETFD, 271010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 272010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2730529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch base::ScopedFD fds[2]; 2740529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch DoSocketpair(fds); 2750529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch fcntl(fds[0].get(), F_SETFD, 99); 2760529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2770529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 278010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 279010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) fcntl_GETFL_SETFL_allowed, 280010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2810529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch base::ScopedFD fds[2]; 2820529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch DoPipe(fds); 2830529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch const int fd = fds[0].get(); 2840529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, fcntl(fd, F_GETFL)); 2850529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, fcntl(fd, F_SETFL, O_RDWR | O_NONBLOCK)); 2860529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(O_NONBLOCK, fcntl(fd, F_GETFL)); 2870529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2880529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 289010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 290010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) fcntl_GETFL_SETFL, 291010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 292010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 2930529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch base::ScopedFD fds[2]; 2940529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch DoSocketpair(fds); 2950529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch fcntl(fds[0].get(), F_SETFL, O_APPEND); 2960529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 2970529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 298010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 299010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) fcntl_DUPFD, 300010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 301010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3020529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch fcntl(0, F_DUPFD); 3030529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 3040529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 305010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 306010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) fcntl_DUPFD_CLOEXEC, 307010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 308010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3090529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch fcntl(0, F_DUPFD_CLOEXEC); 3100529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 3110529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 3121320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciBPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 3131320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci FutexWithRequeuePriorityInheritence, 3141320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci DEATH_MESSAGE(sandbox::GetFutexErrorMessageContentForTests()), 3151320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3161320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0); 3171320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci _exit(1); 3181320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci} 3191320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 3201320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciBPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 3211320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci FutexWithRequeuePriorityInheritencePrivate, 3221320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci DEATH_MESSAGE(sandbox::GetFutexErrorMessageContentForTests()), 3231320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3241320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI_PRIVATE, 0, NULL, NULL, 0); 3251320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci _exit(1); 3261320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci} 3271320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 3281320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciBPF_TEST_C(NaClNonSfiSandboxTest, 3291320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci StartingAndJoiningThreadWorks, 3301320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3311320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci base::Thread thread("sandbox_tests"); 3321320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci BPF_ASSERT(thread.Start()); 3331320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // |thread|'s destructor will join the thread. 3341320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci} 3351320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 3361320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciBPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 3371320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci FutexWithUnlockPIPrivate, 3381320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci DEATH_MESSAGE(sandbox::GetFutexErrorMessageContentForTests()), 3391320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3401320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci syscall(__NR_futex, NULL, FUTEX_UNLOCK_PI_PRIVATE, 0, NULL, NULL, 0); 3411320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci _exit(1); 3421320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci} 3431320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 3440529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochvoid* DoAllowedAnonymousMmap() { 3450529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch return mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, 3460529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch MAP_ANONYMOUS | MAP_SHARED, -1, 0); 3470529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 3480529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 349010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 350010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mmap_allowed, 351010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3520529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch void* ptr = DoAllowedAnonymousMmap(); 3530529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_NE(MAP_FAILED, ptr); 3540529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, munmap(ptr, getpagesize())); 3550529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 3560529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 357010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 358010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mmap_unallowed_flag, 359010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 360010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3610529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, 3620529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch MAP_ANONYMOUS | MAP_POPULATE, -1, 0); 3630529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 3640529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 365010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 366010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mmap_unallowed_prot, 367010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 368010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3690529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch mmap(NULL, getpagesize(), PROT_READ | PROT_GROWSDOWN, 3700529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch MAP_ANONYMOUS, -1, 0); 3710529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 3720529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 373010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 374010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mmap_exec, 375010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 376010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3775c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu mmap(NULL, getpagesize(), PROT_EXEC, MAP_ANONYMOUS, -1, 0); 3785c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu} 3795c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu 380010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 381010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mmap_read_exec, 382010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 383010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3845c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu mmap(NULL, getpagesize(), PROT_READ | PROT_EXEC, MAP_ANONYMOUS, -1, 0); 3855c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu} 3865c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu 387010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 388010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mmap_write_exec, 389010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 390010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3915c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu mmap(NULL, getpagesize(), PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS, -1, 0); 3925c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu} 3935c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu 394010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 395010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mmap_read_write_exec, 396010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 397010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 3980529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC, 3990529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch MAP_ANONYMOUS, -1, 0); 4000529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 4010529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 402010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 403010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mprotect_allowed, 404010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 4050529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch void* ptr = DoAllowedAnonymousMmap(); 4060529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_NE(MAP_FAILED, ptr); 4070529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, mprotect(ptr, getpagesize(), PROT_READ)); 4080529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, munmap(ptr, getpagesize())); 4090529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 4100529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 411010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 412010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) mprotect_unallowed_prot, 413010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 414010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 4150529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch // We have tested DoAllowedAnonymousMmap is allowed in 4160529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch // mmap_allowed, so we can make sure the following mprotect call 4170529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch // kills the process. 4180529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch void* ptr = DoAllowedAnonymousMmap(); 4190529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_NE(MAP_FAILED, ptr); 4200529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch mprotect(ptr, getpagesize(), PROT_READ | PROT_GROWSDOWN); 4210529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 4220529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 423010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 424010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) brk, 425010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 4260529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch char* next_brk = static_cast<char*>(sbrk(0)) + getpagesize(); 4270529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch // The kernel interface must return zero for brk. 4280529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(0, syscall(__NR_brk, next_brk)); 4290529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch // The libc wrapper translates it to ENOMEM. 4300529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch errno = 0; 4310529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(-1, brk(next_brk)); 4320529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch BPF_ASSERT_EQ(ENOMEM, errno); 4330529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} 4340529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 4351320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// clockid restrictions are mostly tested in sandbox/ with the 4361320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// RestrictClockID() unittests. Some basic tests are duplicated here as 4371320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// a precaution. 4381320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 439cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)void CheckClock(clockid_t clockid) { 440cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct timespec ts; 441cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) ts.tv_sec = ts.tv_nsec = -1; 442cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); 443cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) BPF_ASSERT_LE(0, ts.tv_sec); 444cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) BPF_ASSERT_LE(0, ts.tv_nsec); 445cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 446cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 447cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)BPF_TEST_C(NaClNonSfiSandboxTest, 448cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) clock_gettime_allowed, 449cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 450cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) CheckClock(CLOCK_MONOTONIC); 451cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) CheckClock(CLOCK_PROCESS_CPUTIME_ID); 452cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) CheckClock(CLOCK_REALTIME); 453cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) CheckClock(CLOCK_THREAD_CPUTIME_ID); 454cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 455cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 456cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 457cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) clock_gettime_crash_monotonic_raw, 458cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) DEATH_MESSAGE(sandbox::GetErrorMessageContentForTests()), 459cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 460cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct timespec ts; 461cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) clock_gettime(CLOCK_MONOTONIC_RAW, &ts); 462cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 463cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 4645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)BPF_DEATH_TEST_C(NaClNonSfiSandboxTest, 4655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) invalid_syscall_crash, 4665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), 4675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { 4685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) sandbox::Syscall::InvalidCall(); 4695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 4705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4715c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu// The following test cases check if syscalls return EPERM regardless 4725c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu// of arguments. 473010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#define RESTRICT_SYSCALL_EPERM_TEST(name) \ 474010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) BPF_TEST_C(NaClNonSfiSandboxTest, \ 475010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) name##_EPERM, \ 476010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) nacl::nonsfi::NaClNonSfiBPFSandboxPolicy) { \ 477010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) errno = 0; \ 478010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) BPF_ASSERT_EQ(-1, syscall(__NR_##name, 0, 0, 0, 0, 0, 0)); \ 479010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) BPF_ASSERT_EQ(EPERM, errno); \ 4805c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu } 4810529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 4825c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(epoll_create); 4835c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu#if defined(__i386__) || defined(__arm__) 4845c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(getegid32); 4855c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(geteuid32); 4865c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(getgid32); 4875c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(getuid32); 4880529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#endif 4895c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(getegid); 4905c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(geteuid); 4915c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(getgid); 4925c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(getuid); 4935c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(madvise); 4945c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(open); 4951320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciRESTRICT_SYSCALL_EPERM_TEST(openat); 4965c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(ptrace); 4975c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(set_robust_list); 4980529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#if defined(__i386__) || defined(__x86_64__) 4995c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo LiuRESTRICT_SYSCALL_EPERM_TEST(time); 5000529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#endif 5010529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 5020529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch} // namespace 5030529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 5045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && 5055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // !MEMORY_SANITIZER && !LEAK_SANITIZER 506