1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ 6#define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ 7 8#include "base/logging.h" 9#include "base/macros.h" 10#include "build/build_config.h" 11#include "sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h" 12#include "sandbox/linux/tests/unit_tests.h" 13 14namespace sandbox { 15 16// BPF_TEST_C() is a special version of SANDBOX_TEST(). It runs a test function 17// in a sub-process, under a seccomp-bpf policy specified in 18// |bpf_policy_class_name| without failing on configurations that are allowed 19// to not support seccomp-bpf in their kernels. 20// This is the preferred format for new BPF tests. |bpf_policy_class_name| is a 21// class name (which will be default-constructed) that implements the 22// SandboxBPFPolicy interface. 23// The test function's body can simply follow. Test functions should use 24// the BPF_ASSERT macros defined below, not GTEST's macros. The use of 25// CHECK* macros is supported but less robust. 26#define BPF_TEST_C(test_case_name, test_name, bpf_policy_class_name) \ 27 BPF_DEATH_TEST_C( \ 28 test_case_name, test_name, DEATH_SUCCESS(), bpf_policy_class_name) 29 30// Identical to BPF_TEST_C but allows to specify the nature of death. 31#define BPF_DEATH_TEST_C( \ 32 test_case_name, test_name, death, bpf_policy_class_name) \ 33 void BPF_TEST_C_##test_name(); \ 34 TEST(test_case_name, DISABLE_ON_TSAN(test_name)) { \ 35 sandbox::SandboxBPFTestRunner bpf_test_runner( \ 36 new sandbox::BPFTesterSimpleDelegate<bpf_policy_class_name>( \ 37 BPF_TEST_C_##test_name)); \ 38 sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \ 39 } \ 40 void BPF_TEST_C_##test_name() 41 42// This form of BPF_TEST is a little verbose and should be reserved for complex 43// tests where a lot of control is required. 44// |bpf_tester_delegate_class| must be a classname implementing the 45// BPFTesterDelegate interface. 46#define BPF_TEST_D(test_case_name, test_name, bpf_tester_delegate_class) \ 47 BPF_DEATH_TEST_D( \ 48 test_case_name, test_name, DEATH_SUCCESS(), bpf_tester_delegate_class) 49 50// Identical to BPF_TEST_D but allows to specify the nature of death. 51#define BPF_DEATH_TEST_D( \ 52 test_case_name, test_name, death, bpf_tester_delegate_class) \ 53 TEST(test_case_name, DISABLE_ON_TSAN(test_name)) { \ 54 sandbox::SandboxBPFTestRunner bpf_test_runner( \ 55 new bpf_tester_delegate_class()); \ 56 sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \ 57 } 58 59// Assertions are handled exactly the same as with a normal SANDBOX_TEST() 60#define BPF_ASSERT SANDBOX_ASSERT 61#define BPF_ASSERT_EQ(x, y) BPF_ASSERT((x) == (y)) 62#define BPF_ASSERT_NE(x, y) BPF_ASSERT((x) != (y)) 63#define BPF_ASSERT_LT(x, y) BPF_ASSERT((x) < (y)) 64#define BPF_ASSERT_GT(x, y) BPF_ASSERT((x) > (y)) 65#define BPF_ASSERT_LE(x, y) BPF_ASSERT((x) <= (y)) 66#define BPF_ASSERT_GE(x, y) BPF_ASSERT((x) >= (y)) 67 68// This form of BPF_TEST is now discouraged (but still allowed) in favor of 69// BPF_TEST_D and BPF_TEST_C. 70// The |policy| parameter should be a SandboxBPFPolicy subclass. 71// BPF_TEST() takes a C++ data type as an fourth parameter. A variable 72// of this type will be allocated and a pointer to it will be 73// available within the test function as "BPF_AUX". The pointer will 74// also be passed as an argument to the policy's constructor. Policies 75// would typically use it as an argument to SandboxBPF::Trap(), if 76// they want to communicate data between the BPF_TEST() and a Trap() 77// function. The life-time of this object is the same as the life-time 78// of the process running under the seccomp-bpf policy. 79// |aux| must not be void. 80#define BPF_TEST(test_case_name, test_name, policy, aux) \ 81 BPF_DEATH_TEST(test_case_name, test_name, DEATH_SUCCESS(), policy, aux) 82 83// A BPF_DEATH_TEST is just the same as a BPF_TEST, but it assumes that the 84// test will fail with a particular known error condition. Use the DEATH_XXX() 85// macros from unit_tests.h to specify the expected error condition. 86#define BPF_DEATH_TEST(test_case_name, test_name, death, policy, aux) \ 87 void BPF_TEST_##test_name(aux* BPF_AUX); \ 88 TEST(test_case_name, DISABLE_ON_TSAN(test_name)) { \ 89 sandbox::SandboxBPFTestRunner bpf_test_runner( \ 90 new sandbox::BPFTesterCompatibilityDelegate<policy, aux>( \ 91 BPF_TEST_##test_name)); \ 92 sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \ 93 } \ 94 void BPF_TEST_##test_name(aux* BPF_AUX) 95 96// This class takes a simple function pointer as a constructor parameter and a 97// class name as a template parameter to implement the BPFTesterDelegate 98// interface which can be used to build BPF unittests with 99// the SandboxBPFTestRunner class. 100template <class PolicyClass> 101class BPFTesterSimpleDelegate : public BPFTesterDelegate { 102 public: 103 explicit BPFTesterSimpleDelegate(void (*test_function)(void)) 104 : test_function_(test_function) {} 105 virtual ~BPFTesterSimpleDelegate() {} 106 107 virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() OVERRIDE { 108 return scoped_ptr<SandboxBPFPolicy>(new PolicyClass()); 109 } 110 virtual void RunTestFunction() OVERRIDE { 111 DCHECK(test_function_); 112 test_function_(); 113 } 114 115 private: 116 void (*test_function_)(void); 117 DISALLOW_COPY_AND_ASSIGN(BPFTesterSimpleDelegate); 118}; 119 120} // namespace sandbox 121 122#endif // SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ 123