blob: 2f66b40bc0d9c900489fafa45935bb6d7bd21296 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include <fcntl.h>
#include <unistd.h>
#include <iostream>
#include <utility>
#include "base/files/scoped_file.h"
#include "base/posix/eintr_wrapper.h"
#include "sandbox/linux/tests/unit_tests.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace sandbox {
namespace {
// NOTE: most tests for the SandboxBPF class are currently in
// integration_tests/.
TEST(SandboxBPF, CreateDestroy) {
// Give an opportunity to dynamic tools to perform some simple testing.
SandboxBPF sandbox(nullptr);
SandboxBPF* sandbox_ptr = new SandboxBPF(nullptr);
delete sandbox_ptr;
// This test should execute no matter whether we have kernel support. So,
// we make it a TEST() instead of a BPF_TEST().
TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) {
// We check that we don't crash, but it's ok if the kernel doesn't
// support it.
bool seccomp_bpf_supported = SandboxBPF::SupportsSeccompSandbox(
bool seccomp_bpf_tsync_supported = SandboxBPF::SupportsSeccompSandbox(
// We want to log whether or not seccomp BPF is actually supported
// since actual test coverage depends on it.
std::cout << "Seccomp BPF supported (single thread): "
<< (seccomp_bpf_supported ? "true." : "false.") << "\n";
std::cout << "Seccomp BPF supported (multi thread): "
<< (seccomp_bpf_tsync_supported ? "true." : "false.") << "\n";
std::cout << "Pointer size: " << sizeof(void*) << "\n";
SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) {
bool single1 = SandboxBPF::SupportsSeccompSandbox(
bool single2 = SandboxBPF::SupportsSeccompSandbox(
ASSERT_EQ(single1, single2);
bool multi1 = SandboxBPF::SupportsSeccompSandbox(
bool multi2 = SandboxBPF::SupportsSeccompSandbox(
ASSERT_EQ(multi1, multi2);
// Multi threaded support implies single threaded support.
if (multi1) {
TEST(SandboxBPF, ProcTaskFdDescriptorGetsClosed) {
int pipe_fds[2];
ASSERT_EQ(0, pipe(pipe_fds));
base::ScopedFD read_end(pipe_fds[0]);
base::ScopedFD write_end(pipe_fds[1]);
SandboxBPF sandbox(nullptr);
ASSERT_EQ(0, fcntl(read_end.get(), F_SETFL, O_NONBLOCK));
char c;
// Check that the sandbox closed the write_end (read will EOF instead of
// returning EWOULDBLOCK).
ASSERT_EQ(0, read(read_end.get(), &c, 1));
} // namespace
} // sandbox