bpf_dsl_unittest.cc | Explore in Territory

// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "sandbox/linux/bpf_dsl/bpf_dsl.h"

#include <errno.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <stdint.h>
#include <sys/socket.h>
#include <sys/syscall.h>
#include <sys/utsname.h>
#include <unistd.h>

#include <map>
#include <utility>

#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "build/build_config.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
#include "sandbox/linux/bpf_dsl/codegen.h"
#include "sandbox/linux/bpf_dsl/dump_bpf.h"
#include "sandbox/linux/bpf_dsl/golden/golden_files.h"
#include "sandbox/linux/bpf_dsl/policy.h"
#include "sandbox/linux/bpf_dsl/policy_compiler.h"
#include "sandbox/linux/bpf_dsl/seccomp_macros.h"
#include "sandbox/linux/bpf_dsl/test_trap_registry.h"
#include "sandbox/linux/bpf_dsl/verifier.h"
#include "sandbox/linux/system_headers/linux_filter.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace sandbox {
namespace bpf_dsl {
namespace {

// Helper function to construct fake arch_seccomp_data objects.
struct arch_seccomp_data FakeSyscall(int nr,
                                     uintptr_t p0 = 0,
                                     uintptr_t p1 = 0,
                                     uintptr_t p2 = 0,
                                     uintptr_t p3 = 0,
                                     uintptr_t p4 = 0,
                                     uintptr_t p5 = 0) { … }

class PolicyEmulator { … };

class BasicPolicy : public Policy { … };

TEST(BPFDSL, Basic) { … }

/* On IA-32, socketpair() is implemented via socketcall(). :-( */
#if !defined(ARCH_CPU_X86)
class BooleanLogicPolicy : public Policy { … };

TEST(BPFDSL, BooleanLogic) { … }
#endif  // !ARCH_CPU_X86

class MoreBooleanLogicPolicy : public Policy { … };

TEST(BPFDSL, MoreBooleanLogic) { … }

static const uintptr_t kDeadBeefAddr = …;

class ArgSizePolicy : public Policy { … };

TEST(BPFDSL, ArgSizeTest) { … }

class NegativeConstantsPolicy : public Policy { … };

TEST(BPFDSL, NegativeConstantsTest) { … }

#if 0
// TODO(mdempsky): This is really an integration test.

class TrappingPolicy : public Policy {
 public:
  TrappingPolicy() {}

TrappingPolicy(const TrappingPolicy&) = delete;
TrappingPolicy& operator=(const TrappingPolicy&) = delete;

  ~TrappingPolicy() override {}
  ResultExpr EvaluateSyscall(int sysno) const override {
    if (sysno == __NR_uname) {
      return Trap(UnameTrap, &count_);
    }
    return Allow();
  }

 private:
  static intptr_t count_;

  static intptr_t UnameTrap(const struct arch_seccomp_data& data, void* aux) {
    BPF_ASSERT_EQ(&count_, aux);
    return ++count_;
  }
};

intptr_t TrappingPolicy::count_;

BPF_TEST_C(BPFDSL, TrapTest, TrappingPolicy) {
  ASSERT_SYSCALL_RESULT(1, uname, NULL);
  ASSERT_SYSCALL_RESULT(2, uname, NULL);
  ASSERT_SYSCALL_RESULT(3, uname, NULL);
}
#endif

class MaskingPolicy : public Policy { … };

TEST(BPFDSL, MaskTest) { … }

class ElseIfPolicy : public Policy { … };

TEST(BPFDSL, ElseIfTest) { … }

class SwitchPolicy : public Policy { … };

TEST(BPFDSL, SwitchTest) { … }

static intptr_t DummyTrap(const struct arch_seccomp_data& data, void* aux) { … }

TEST(BPFDSL, IsAllowDeny) { … }

TEST(BPFDSL, HasUnsafeTraps) { … }

}  // namespace
}  // namespace bpf_dsl
}  // namespace sandbox
chromium/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
