bpf_tests.h revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
6#define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
7
8#include <fcntl.h>
9#include <sys/stat.h>
10#include <sys/types.h>
11
12#include "sandbox/linux/tests/unit_tests.h"
13#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
14
15
16namespace sandbox {
17
18// A BPF_DEATH_TEST is just the same as a BPF_TEST, but it assumes that the
19// test will fail with a particular known error condition. Use the DEATH_XXX()
20// macros from unit_tests.h to specify the expected error condition.
21#define BPF_DEATH_TEST(test_case_name, test_name, death, policy, aux...)      \
22  void BPF_TEST_##test_name(sandbox::BpfTests<aux>::AuxType& BPF_AUX);        \
23  TEST(test_case_name, test_name) {                                           \
24    sandbox::BpfTests<aux>::TestArgs arg(BPF_TEST_##test_name, policy);       \
25    sandbox::BpfTests<aux>::RunTestInProcess(                                 \
26                                   sandbox::BpfTests<aux>::TestWrapper, &arg, \
27                                   death);                                    \
28  }                                                                           \
29  void BPF_TEST_##test_name(sandbox::BpfTests<aux>::AuxType& BPF_AUX)
30
31// BPF_TEST() is a special version of SANDBOX_TEST(). It turns into a no-op,
32// if the host does not have kernel support for running BPF filters.
33// Also, it takes advantage of the Die class to avoid calling LOG(FATAL), from
34// inside our tests, as we don't need or even want all the error handling that
35// LOG(FATAL) would do.
36// BPF_TEST() takes a C++ data type as an optional fourth parameter. If
37// present, this sets up a variable that can be accessed as "BPF_AUX". This
38// variable will be passed as an argument to the "policy" function. Policies
39// would typically use it as an argument to Sandbox::Trap(), if they want to
40// communicate data between the BPF_TEST() and a Trap() function.
41#define BPF_TEST(test_case_name, test_name, policy, aux...)                   \
42  BPF_DEATH_TEST(test_case_name, test_name, DEATH_SUCCESS(), policy, aux)
43
44
45// Assertions are handled exactly the same as with a normal SANDBOX_TEST()
46#define BPF_ASSERT SANDBOX_ASSERT
47
48
49// The "Aux" type is optional. We use an "empty" type by default, so that if
50// the caller doesn't provide any type, all the BPF_AUX related data compiles
51// to nothing.
52template<class Aux = int[0]>
53class BpfTests : public UnitTests {
54 public:
55  typedef Aux AuxType;
56
57  class TestArgs {
58   public:
59    TestArgs(void (*t)(AuxType&), playground2::Sandbox::EvaluateSyscall p)
60        : test_(t),
61          policy_(p),
62          aux_() {
63    }
64
65    void (*test() const)(AuxType&) { return test_; }
66    playground2::Sandbox::EvaluateSyscall policy() const { return policy_; }
67
68   private:
69    friend class BpfTests;
70
71    void (*test_)(AuxType&);
72    playground2::Sandbox::EvaluateSyscall policy_;
73    AuxType aux_;
74  };
75
76  static void TestWrapper(void *void_arg) {
77    TestArgs *arg = reinterpret_cast<TestArgs *>(void_arg);
78    playground2::Die::EnableSimpleExit();
79    if (playground2::Sandbox::SupportsSeccompSandbox(-1) ==
80        playground2::Sandbox::STATUS_AVAILABLE) {
81      // Ensure the the sandbox is actually available at this time
82      int proc_fd;
83      BPF_ASSERT((proc_fd = open("/proc", O_RDONLY|O_DIRECTORY)) >= 0);
84      BPF_ASSERT(playground2::Sandbox::SupportsSeccompSandbox(proc_fd) ==
85                 playground2::Sandbox::STATUS_AVAILABLE);
86
87      // Initialize and then start the sandbox with our custom policy
88      playground2::Sandbox sandbox;
89      sandbox.set_proc_fd(proc_fd);
90      sandbox.SetSandboxPolicy(arg->policy(), &arg->aux_);
91      sandbox.Sandbox::StartSandbox();
92
93      arg->test()(arg->aux_);
94    } else {
95      // Call the compiler and verify the policy. That's the least we can do,
96      // if we don't have kernel support.
97      playground2::Sandbox sandbox;
98      sandbox.SetSandboxPolicy(arg->policy(), &arg->aux_);
99      playground2::Sandbox::Program *program =
100          sandbox.AssembleFilter(true /* force_verification */);
101      delete program;
102      sandbox::UnitTests::IgnoreThisTest();
103    }
104  }
105
106 private:
107  DISALLOW_IMPLICIT_CONSTRUCTORS(BpfTests);
108};
109
110}  // namespace
111
112#endif  // SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
113