1 files changed, 155 insertions, 0 deletions
diff --git a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc b/security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
new file mode 100644
index 0000000000..d45bc87292
--- /dev/null
+++ b/security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
@@ -0,0 +1,155 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/seccomp-bpf/bpf_tests.h"
+
+#include <errno.h>
+#include <sys/ptrace.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <memory>
+
+#include "base/logging.h"
+#include "base/macros.h"
+#include "build/build_config.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/linux/bpf_dsl/policy.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/services/syscall_wrappers.h"
+#include "sandbox/linux/system_headers/linux_syscalls.h"
+#include "sandbox/linux/tests/unit_tests.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using sandbox::bpf_dsl::Allow;
+using sandbox::bpf_dsl::Error;
+using sandbox::bpf_dsl::ResultExpr;
+
+namespace sandbox {
+
+namespace {
+
+class FourtyTwo {
+ public:
+  static const int kMagicValue = 42;
+  FourtyTwo() : value_(kMagicValue) {}
+  int value() { return value_; }
+
+ private:
+  int value_;
+  DISALLOW_COPY_AND_ASSIGN(FourtyTwo);
+};
+
+class EmptyClassTakingPolicy : public bpf_dsl::Policy {
+ public:
+  explicit EmptyClassTakingPolicy(FourtyTwo* fourty_two) {
+    BPF_ASSERT(fourty_two);
+    BPF_ASSERT(FourtyTwo::kMagicValue == fourty_two->value());
+  }
+  ~EmptyClassTakingPolicy() override {}
+
+  ResultExpr EvaluateSyscall(int sysno) const override {
+    DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+    return Allow();
+  }
+};
+
+BPF_TEST(BPFTest,
+         BPFAUXPointsToClass,
+         EmptyClassTakingPolicy,
+         FourtyTwo /* *BPF_AUX */) {
+  // BPF_AUX should point to an instance of FourtyTwo.
+  BPF_ASSERT(BPF_AUX);
+  BPF_ASSERT(FourtyTwo::kMagicValue == BPF_AUX->value());
+}
+
+void DummyTestFunction(FourtyTwo *fourty_two) {
+}
+
+TEST(BPFTest, BPFTesterCompatibilityDelegateLeakTest) {
+  // Don't do anything, simply gives dynamic tools an opportunity to detect
+  // leaks.
+  {
+    BPFTesterCompatibilityDelegate<EmptyClassTakingPolicy, FourtyTwo>
+        simple_delegate(DummyTestFunction);
+  }
+  {
+    // Test polymorphism.
+    std::unique_ptr<BPFTesterDelegate> simple_delegate(
+        new BPFTesterCompatibilityDelegate<EmptyClassTakingPolicy, FourtyTwo>(
+            DummyTestFunction));
+  }
+}
+
+class EnosysPtracePolicy : public bpf_dsl::Policy {
+ public:
+  EnosysPtracePolicy() { my_pid_ = sys_getpid(); }
+  ~EnosysPtracePolicy() override {
+    // Policies should be able to bind with the process on which they are
+    // created. They should never be created in a parent process.
+    BPF_ASSERT_EQ(my_pid_, sys_getpid());
+  }
+
+  ResultExpr EvaluateSyscall(int system_call_number) const override {
+    CHECK(SandboxBPF::IsValidSyscallNumber(system_call_number));
+    if (system_call_number == __NR_ptrace) {
+      // The EvaluateSyscall function should run in the process that created
+      // the current object.
+      BPF_ASSERT_EQ(my_pid_, sys_getpid());
+      return Error(ENOSYS);
+    } else {
+      return Allow();
+    }
+  }
+
+ private:
+  pid_t my_pid_;
+  DISALLOW_COPY_AND_ASSIGN(EnosysPtracePolicy);
+};
+
+class BasicBPFTesterDelegate : public BPFTesterDelegate {
+ public:
+  BasicBPFTesterDelegate() {}
+  ~BasicBPFTesterDelegate() override {}
+
+  std::unique_ptr<bpf_dsl::Policy> GetSandboxBPFPolicy() override {
+    return std::unique_ptr<bpf_dsl::Policy>(new EnosysPtracePolicy());
+  }
+  void RunTestFunction() override {
+    errno = 0;
+    int ret = ptrace(PTRACE_TRACEME, -1, NULL, NULL);
+    BPF_ASSERT(-1 == ret);
+    BPF_ASSERT(ENOSYS == errno);
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(BasicBPFTesterDelegate);
+};
+
+// This is the most powerful and complex way to create a BPF test, but it
+// requires a full class definition (BasicBPFTesterDelegate).
+BPF_TEST_D(BPFTest, BPFTestWithDelegateClass, BasicBPFTesterDelegate)
+
+// This is the simplest form of BPF tests.
+BPF_TEST_C(BPFTest, BPFTestWithInlineTest, EnosysPtracePolicy) {
+  errno = 0;
+  int ret = ptrace(PTRACE_TRACEME, -1, NULL, NULL);
+  BPF_ASSERT(-1 == ret);
+  BPF_ASSERT(ENOSYS == errno);
+}
+
+const char kHelloMessage[] = "Hello";
+
+BPF_DEATH_TEST_C(BPFTest,
+                 BPFDeathTestWithInlineTest,
+                 DEATH_MESSAGE(kHelloMessage),
+                 EnosysPtracePolicy) {
+  LOG(ERROR) << kHelloMessage;
+  _exit(1);
+}
+
+}  // namespace
+
+}  // namespace sandbox