blob: 1cf1c2f856fa497845b861206415fb45288acc59 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include "base/macros.h"
#include "sandbox/linux/tests/sandbox_test_runner.h"
namespace sandbox {
namespace bpf_dsl {
class Policy;
// To create a SandboxBPFTestRunner object, one needs to implement this
// interface and pass an instance to the SandboxBPFTestRunner constructor.
// In the child process running the test, the BPFTesterDelegate object is
// guaranteed to not be destroyed until the child process terminates.
class BPFTesterDelegate {
BPFTesterDelegate() {}
virtual ~BPFTesterDelegate() {}
// This will instanciate a policy suitable for the test we want to run. It is
// guaranteed to only be called from the child process that will run the
// test.
virtual std::unique_ptr<bpf_dsl::Policy> GetSandboxBPFPolicy() = 0;
// This will be called from a child process with the BPF sandbox turned on.
virtual void RunTestFunction() = 0;
// This class implements the SandboxTestRunner interface and Run() will
// initialize a seccomp-bpf sandbox (specified by |bpf_tester_delegate|) and
// run a test function (via |bpf_tester_delegate|) if the current kernel
// configuration allows it. If it can not run the test under seccomp-bpf,
// Run() will still compile the policy which should allow to get some coverage
// under tools such as Valgrind.
class SandboxBPFTestRunner : public SandboxTestRunner {
// This constructor takes ownership of the |bpf_tester_delegate| object.
// (It doesn't take a std::unique_ptr since they make polymorphism verbose).
explicit SandboxBPFTestRunner(BPFTesterDelegate* bpf_tester_delegate);
~SandboxBPFTestRunner() override;
void Run() override;
bool ShouldCheckForLeaks() const override;
std::unique_ptr<BPFTesterDelegate> bpf_tester_delegate_;
} // namespace sandbox