1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ 6 #define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ 7 8 #include "base/basictypes.h" 9 #include "build/build_config.h" 10 #include "sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h" 11 #include "sandbox/linux/tests/unit_tests.h" 12 13 namespace sandbox { 14 15 // BPF_TEST_C() is a special version of SANDBOX_TEST(). It runs a test function 16 // in a sub-process, under a seccomp-bpf policy specified in 17 // |bpf_policy_class_name| without failing on configurations that are allowed 18 // to not support seccomp-bpf in their kernels. 19 // This is the preferred format for new BPF tests. |bpf_policy_class_name| is a 20 // class name (which will be default-constructed) that implements the 21 // SandboxBPFPolicy interface. 22 // The test function's body can simply follow. Test functions should use 23 // the BPF_ASSERT macros defined below, not GTEST's macros. The use of 24 // CHECK* macros is supported but less robust. 25 #define BPF_TEST_C(test_case_name, test_name, bpf_policy_class_name) \ 26 BPF_DEATH_TEST_C( \ 27 test_case_name, test_name, DEATH_SUCCESS(), bpf_policy_class_name) 28 29 // Identical to BPF_TEST_C but allows to specify the nature of death. 30 #define BPF_DEATH_TEST_C( \ 31 test_case_name, test_name, death, bpf_policy_class_name) \ 32 void BPF_TEST_C_##test_name(); \ 33 TEST(test_case_name, DISABLE_ON_TSAN(test_name)) { \ 34 sandbox::SandboxBPFTestRunner bpf_test_runner( \ 35 new sandbox::BPFTesterSimpleDelegate<bpf_policy_class_name>( \ 36 BPF_TEST_C_##test_name)); \ 37 sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \ 38 } \ 39 void BPF_TEST_C_##test_name() 40 41 // This form of BPF_TEST is a little verbose and should be reserved for complex 42 // tests where a lot of control is required. 43 // |bpf_tester_delegate_class| must be a classname implementing the 44 // BPFTesterDelegate interface. 45 #define BPF_TEST_D(test_case_name, test_name, bpf_tester_delegate_class) \ 46 BPF_DEATH_TEST_D( \ 47 test_case_name, test_name, DEATH_SUCCESS(), bpf_tester_delegate_class) 48 49 // Identical to BPF_TEST_D but allows to specify the nature of death. 50 #define BPF_DEATH_TEST_D( \ 51 test_case_name, test_name, death, bpf_tester_delegate_class) \ 52 TEST(test_case_name, DISABLE_ON_TSAN(test_name)) { \ 53 sandbox::SandboxBPFTestRunner bpf_test_runner( \ 54 new bpf_tester_delegate_class()); \ 55 sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \ 56 } 57 58 // Assertions are handled exactly the same as with a normal SANDBOX_TEST() 59 #define BPF_ASSERT SANDBOX_ASSERT 60 #define BPF_ASSERT_EQ(x, y) BPF_ASSERT((x) == (y)) 61 #define BPF_ASSERT_NE(x, y) BPF_ASSERT((x) != (y)) 62 #define BPF_ASSERT_LT(x, y) BPF_ASSERT((x) < (y)) 63 #define BPF_ASSERT_GT(x, y) BPF_ASSERT((x) > (y)) 64 #define BPF_ASSERT_LE(x, y) BPF_ASSERT((x) <= (y)) 65 #define BPF_ASSERT_GE(x, y) BPF_ASSERT((x) >= (y)) 66 67 // This form of BPF_TEST is now discouraged (but still allowed) in favor of 68 // BPF_TEST_D and BPF_TEST_C. 69 // The |policy| parameter should be a SyscallEvaluator function pointer 70 // (which is now a deprecated way of expressing policies). 71 // BPF_TEST() takes a C++ data type as an optional fourth parameter. If 72 // present, this sets up a variable that can be accessed as "BPF_AUX". This 73 // variable will be passed as an argument to the "policy" function. Policies 74 // would typically use it as an argument to SandboxBPF::Trap(), if they want to 75 // communicate data between the BPF_TEST() and a Trap() function. The life-time 76 // of this object is the same as the life-time of the process running under the 77 // seccomp-bpf policy. 78 // The type specified in |aux| and the last parameter of the policy function 79 // must be compatible. |aux| must not be void. 80 #define BPF_TEST(test_case_name, test_name, policy, aux) \ 81 BPF_DEATH_TEST(test_case_name, test_name, DEATH_SUCCESS(), policy, aux) 82 83 // A BPF_DEATH_TEST is just the same as a BPF_TEST, but it assumes that the 84 // test will fail with a particular known error condition. Use the DEATH_XXX() 85 // macros from unit_tests.h to specify the expected error condition. 86 #define BPF_DEATH_TEST(test_case_name, test_name, death, policy, aux) \ 87 void BPF_TEST_##test_name( \ 88 sandbox::BPFTesterCompatibilityDelegate<aux>::AuxType* BPF_AUX); \ 89 TEST(test_case_name, DISABLE_ON_TSAN(test_name)) { \ 90 sandbox::SandboxBPFTestRunner bpf_test_runner( \ 91 new sandbox::BPFTesterCompatibilityDelegate<aux>(BPF_TEST_##test_name, \ 92 policy)); \ 93 sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \ 94 } \ 95 void BPF_TEST_##test_name( \ 96 sandbox::BPFTesterCompatibilityDelegate<aux>::AuxType* BPF_AUX) 97 98 // This class takes a simple function pointer as a constructor parameter and a 99 // class name as a template parameter to implement the BPFTesterDelegate 100 // interface which can be used to build BPF unittests with 101 // the SandboxBPFTestRunner class. 102 template <class PolicyClass> 103 class BPFTesterSimpleDelegate : public BPFTesterDelegate { 104 public: 105 explicit BPFTesterSimpleDelegate(void (*test_function)(void)) 106 : test_function_(test_function) {} 107 virtual ~BPFTesterSimpleDelegate() {} 108 109 virtual scoped_ptr<SandboxBPFPolicy> GetSandboxBPFPolicy() OVERRIDE { 110 return scoped_ptr<SandboxBPFPolicy>(new PolicyClass()); 111 } 112 virtual void RunTestFunction() OVERRIDE { 113 DCHECK(test_function_); 114 test_function_(); 115 } 116 117 private: 118 void (*test_function_)(void); 119 DISALLOW_COPY_AND_ASSIGN(BPFTesterSimpleDelegate); 120 }; 121 122 } // namespace sandbox 123 124 #endif // SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__ 125