1010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 2010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)// found in the LICENSE file. 4010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 5010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h" 6010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 7010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include <fcntl.h> 81320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include <linux/filter.h> 9010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 10010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "base/logging.h" 11010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 121320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "sandbox/linux/seccomp-bpf/die.h" 13010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 14010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "sandbox/linux/tests/unit_tests.h" 15010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 16010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)namespace sandbox { 17010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 18010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)SandboxBPFTestRunner::SandboxBPFTestRunner( 19010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) BPFTesterDelegate* bpf_tester_delegate) 20010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) : bpf_tester_delegate_(bpf_tester_delegate) { 21010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} 22010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 23010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)SandboxBPFTestRunner::~SandboxBPFTestRunner() { 24010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} 25010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 26010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)void SandboxBPFTestRunner::Run() { 27010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) DCHECK(bpf_tester_delegate_); 28010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox::Die::EnableSimpleExit(); 29010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 30010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) scoped_ptr<SandboxBPFPolicy> policy = 31010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) bpf_tester_delegate_->GetSandboxBPFPolicy(); 32010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 33010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) if (sandbox::SandboxBPF::SupportsSeccompSandbox(-1) == 34010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox::SandboxBPF::STATUS_AVAILABLE) { 35010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // Ensure the the sandbox is actually available at this time 36010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) int proc_fd; 37010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) SANDBOX_ASSERT((proc_fd = open("/proc", O_RDONLY | O_DIRECTORY)) >= 0); 38010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) SANDBOX_ASSERT(sandbox::SandboxBPF::SupportsSeccompSandbox(proc_fd) == 39010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox::SandboxBPF::STATUS_AVAILABLE); 40010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 41010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // Initialize and then start the sandbox with our custom policy 42010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox::SandboxBPF sandbox; 43010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox.set_proc_fd(proc_fd); 44010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox.SetSandboxPolicy(policy.release()); 45010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) SANDBOX_ASSERT( 46010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_SINGLE_THREADED)); 47010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 48010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // Run the actual test. 49010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) bpf_tester_delegate_->RunTestFunction(); 50010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) } else { 51010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) printf("This BPF test is not fully running in this configuration!\n"); 52010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // Android and Valgrind are the only configurations where we accept not 53010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // having kernel BPF support. 54010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) if (!IsAndroid() && !IsRunningOnValgrind()) { 55010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const bool seccomp_bpf_is_supported = false; 56010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) SANDBOX_ASSERT(seccomp_bpf_is_supported); 57010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) } 58010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // Call the compiler and verify the policy. That's the least we can do, 59010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // if we don't have kernel support. 60010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox::SandboxBPF sandbox; 61010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox.SetSandboxPolicy(policy.release()); 62010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox::SandboxBPF::Program* program = 63010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox.AssembleFilter(true /* force_verification */); 64010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) delete program; 65010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) sandbox::UnitTests::IgnoreThisTest(); 66010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) } 67010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} 68010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 69cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)bool SandboxBPFTestRunner::ShouldCheckForLeaks() const { 70cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // LSAN requires being able to use ptrace() and other system calls that could 71cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // be denied. 72cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return false; 73cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 74cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 75010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} // namespace sandbox 76