1f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// Copyright 2014 The Chromium Authors. All rights reserved. 2f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// Use of this source code is governed by a BSD-style license that can be 3f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// found in the LICENSE file. 4f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 5f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 6f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 7f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include <errno.h> 8f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include <sched.h> 9f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include <sys/resource.h> 10f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include <sys/syscall.h> 11f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include <sys/types.h> 12f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include <time.h> 13f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include <unistd.h> 14f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 15f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "base/bind.h" 16f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "base/synchronization/waitable_event.h" 17f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "base/sys_info.h" 18f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "base/threading/thread.h" 19f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "base/time/time.h" 20f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "build/build_config.h" 21f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/bpf_dsl/bpf_dsl.h" 22f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/bpf_dsl/policy.h" 23f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 24f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/seccomp-bpf/bpf_tests.h" 25f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 26f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/seccomp-bpf/syscall.h" 27f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/services/syscall_wrappers.h" 28f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/system_headers/linux_syscalls.h" 29f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/system_headers/linux_time.h" 30f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/linux/tests/unit_tests.h" 31f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 32f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if !defined(OS_ANDROID) 33f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK 34f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif 35f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 36f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkonamespace sandbox { 37f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 38f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkonamespace { 39f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 40f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// NOTE: most of the parameter restrictions are tested in 41f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// baseline_policy_unittest.cc as a more end-to-end test. 42f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 43f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkousing sandbox::bpf_dsl::Allow; 44f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkousing sandbox::bpf_dsl::ResultExpr; 45f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 46f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkoclass RestrictClockIdPolicy : public bpf_dsl::Policy { 47f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko public: 48f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictClockIdPolicy() {} 49f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ~RestrictClockIdPolicy() override {} 50f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 51f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ResultExpr EvaluateSyscall(int sysno) const override { 52f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko switch (sysno) { 53f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko case __NR_clock_gettime: 54f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko case __NR_clock_getres: 55f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko return RestrictClockID(); 56f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko default: 57f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko return Allow(); 58f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko } 59f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko } 60f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko}; 61f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 62f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkovoid CheckClock(clockid_t clockid) { 63f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct timespec ts; 64f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ts.tv_sec = -1; 65f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ts.tv_nsec = -1; 66f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(0, clock_getres(clockid, &ts)); 67f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(0, ts.tv_sec); 68f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_LE(0, ts.tv_nsec); 69f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ts.tv_sec = -1; 70f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ts.tv_nsec = -1; 71f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts)); 72f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_LE(0, ts.tv_sec); 73f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_LE(0, ts.tv_nsec); 74f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 75f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 76f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_TEST_C(ParameterRestrictions, 77f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko clock_gettime_allowed, 78f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictClockIdPolicy) { 79f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckClock(CLOCK_MONOTONIC); 80f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckClock(CLOCK_MONOTONIC_COARSE); 81f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckClock(CLOCK_PROCESS_CPUTIME_ID); 8294ffa55491333f3dcc701befd0d2652922916d99Luis Hector Chavez#if defined(OS_ANDROID) 8394ffa55491333f3dcc701befd0d2652922916d99Luis Hector Chavez CheckClock(CLOCK_BOOTTIME); 8494ffa55491333f3dcc701befd0d2652922916d99Luis Hector Chavez#endif 85f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckClock(CLOCK_REALTIME); 86f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckClock(CLOCK_REALTIME_COARSE); 87f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckClock(CLOCK_THREAD_CPUTIME_ID); 88f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 89f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 90f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_DEATH_TEST_C(ParameterRestrictions, 91f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko clock_gettime_crash_monotonic_raw, 92f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), 93f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictClockIdPolicy) { 94f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct timespec ts; 95f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko clock_gettime(CLOCK_MONOTONIC_RAW, &ts); 96f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 97f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 98f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if !defined(OS_ANDROID) 99f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_DEATH_TEST_C(ParameterRestrictions, 100f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko clock_gettime_crash_cpu_clock, 101f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), 102f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictClockIdPolicy) { 103f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // We can't use clock_getcpuclockid() because it's not implemented in newlib, 104f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // and it might not work inside the sandbox anyway. 105f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko const pid_t kInitPID = 1; 106f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko const clockid_t kInitCPUClockID = 107f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED); 108f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 109f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct timespec ts; 110f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko clock_gettime(kInitCPUClockID, &ts); 111f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 112f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif // !defined(OS_ANDROID) 113f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 114f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkoclass RestrictSchedPolicy : public bpf_dsl::Policy { 115f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko public: 116f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictSchedPolicy() {} 117f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ~RestrictSchedPolicy() override {} 118f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 119f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ResultExpr EvaluateSyscall(int sysno) const override { 120f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko switch (sysno) { 121f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko case __NR_sched_getparam: 122f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko return RestrictSchedTarget(getpid(), sysno); 123f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko default: 124f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko return Allow(); 125f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko } 126f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko } 127f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko}; 128f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 129f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkovoid CheckSchedGetParam(pid_t pid, struct sched_param* param) { 130f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(0, sched_getparam(pid, param)); 131f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 132f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 133f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkovoid SchedGetParamThread(base::WaitableEvent* thread_run) { 134f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko const pid_t pid = getpid(); 135f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko const pid_t tid = sys_gettid(); 136f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_NE(pid, tid); 137f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 138f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct sched_param current_pid_param; 139f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckSchedGetParam(pid, ¤t_pid_param); 140f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 141f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct sched_param zero_param; 142f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckSchedGetParam(0, &zero_param); 143f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 144f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct sched_param tid_param; 145f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko CheckSchedGetParam(tid, &tid_param); 146f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 147f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(zero_param.sched_priority, tid_param.sched_priority); 148f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 149f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // Verify that the SIGSYS handler sets errno properly. 150f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko errno = 0; 151f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(-1, sched_getparam(tid, NULL)); 152f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(EINVAL, errno); 153f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 154f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko thread_run->Signal(); 155f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 156f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 157f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_TEST_C(ParameterRestrictions, 158f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko sched_getparam_allowed, 159f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictSchedPolicy) { 1600c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez base::WaitableEvent thread_run( 1610c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez base::WaitableEvent::ResetPolicy::MANUAL, 1620c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez base::WaitableEvent::InitialState::NOT_SIGNALED); 163f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // Run the actual test in a new thread so that the current pid and tid are 164f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // different. 165f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko base::Thread getparam_thread("sched_getparam_thread"); 166f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT(getparam_thread.Start()); 167f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko getparam_thread.message_loop()->PostTask( 168f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko FROM_HERE, base::Bind(&SchedGetParamThread, &thread_run)); 169f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT(thread_run.TimedWait(base::TimeDelta::FromMilliseconds(5000))); 170f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko getparam_thread.Stop(); 171f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 172f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 173f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_DEATH_TEST_C(ParameterRestrictions, 174f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko sched_getparam_crash_non_zero, 175f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), 176f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictSchedPolicy) { 177f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko const pid_t kInitPID = 1; 178f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct sched_param param; 179f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko sched_getparam(kInitPID, ¶m); 180f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 181f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 182f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkoclass RestrictPrlimit64Policy : public bpf_dsl::Policy { 183f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko public: 184f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictPrlimit64Policy() {} 185f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ~RestrictPrlimit64Policy() override {} 186f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 187f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ResultExpr EvaluateSyscall(int sysno) const override { 188f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko switch (sysno) { 189f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko case __NR_prlimit64: 190f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko return RestrictPrlimit64(getpid()); 191f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko default: 192f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko return Allow(); 193f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko } 194f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko } 195f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko}; 196f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 197f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_TEST_C(ParameterRestrictions, prlimit64_allowed, RestrictPrlimit64Policy) { 198f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(0, sys_prlimit64(0, RLIMIT_AS, NULL, NULL)); 199f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(0, sys_prlimit64(getpid(), RLIMIT_AS, NULL, NULL)); 200f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 201f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 202f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_DEATH_TEST_C(ParameterRestrictions, 203f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko prlimit64_crash_not_self, 204f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), 205f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictPrlimit64Policy) { 206f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko const pid_t kInitPID = 1; 207f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_NE(kInitPID, getpid()); 208f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko sys_prlimit64(kInitPID, RLIMIT_AS, NULL, NULL); 209f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 210f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 211f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkoclass RestrictGetrusagePolicy : public bpf_dsl::Policy { 212f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko public: 213f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictGetrusagePolicy() {} 214f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ~RestrictGetrusagePolicy() override {} 215f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 216f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko ResultExpr EvaluateSyscall(int sysno) const override { 217f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko switch (sysno) { 218f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko case __NR_getrusage: 219f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko return RestrictGetrusage(); 220f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko default: 221f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko return Allow(); 222f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko } 223f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko } 224f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko}; 225f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 226f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_TEST_C(ParameterRestrictions, getrusage_allowed, RestrictGetrusagePolicy) { 227f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct rusage usage; 228f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko BPF_ASSERT_EQ(0, getrusage(RUSAGE_SELF, &usage)); 229f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 230f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 231f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex VakulenkoBPF_DEATH_TEST_C(ParameterRestrictions, 232f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko getrusage_crash_not_self, 233f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), 234f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko RestrictGetrusagePolicy) { 235f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko struct rusage usage; 236f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko getrusage(RUSAGE_CHILDREN, &usage); 237f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} 238f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 239f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} // namespace 240f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 241f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} // namespace sandbox 242