Lines Matching full:yama
19 #include "sandbox/linux/services/yama.h"
29 // On 3.2 kernels, yama doesn't work for 32-bit binaries on 64-bit kernels.
79 TEST(Yama, GetStatus) {
80 int status1 = Yama::GetStatus();
84 ASSERT_GE(Yama::STATUS_KNOWN | Yama::STATUS_PRESENT | Yama::STATUS_ENFORCING |
85 Yama::STATUS_STRICT_ENFORCING,
89 int status2 = Yama::GetStatus();
94 EXPECT_NE(0, Yama::STATUS_KNOWN & status1);
96 if (status1 & Yama::STATUS_STRICT_ENFORCING) {
97 // If Yama is strictly enforcing, it is also enforcing.
98 EXPECT_TRUE(status1 & Yama::STATUS_ENFORCING);
101 if (status1 & Yama::STATUS_ENFORCING) {
102 // If Yama is enforcing, Yama is present.
103 EXPECT_NE(0, status1 & Yama::STATUS_PRESENT);
107 EXPECT_EQ(static_cast<bool>(status1 & Yama::STATUS_ENFORCING),
108 Yama::IsEnforcing());
109 EXPECT_EQ(static_cast<bool>(status1 & Yama::STATUS_PRESENT),
110 Yama::IsPresent());
113 "Yama present: %s - enforcing: %s\n",
114 Yama::IsPresent() ? "Y" : "N",
115 Yama::IsEnforcing() ? "Y" : "N");
118 SANDBOX_TEST(Yama, RestrictPtraceSucceedsWhenYamaPresent) {
119 // This call will succeed iff Yama is present.
120 bool restricted = Yama::RestrictPtracersToAncestors();
121 CHECK_EQ(restricted, Yama::IsPresent());
124 // Attempts to enable or disable Yama restrictions.
127 Yama::RestrictPtracersToAncestors();
129 Yama::DisableYamaRestrictions();
133 TEST(Yama, RestrictPtraceWorks) {
140 if (Yama::IsEnforcing()) {
145 if (!(Yama::GetStatus() & Yama::STATUS_STRICT_ENFORCING)) {
149 // A sibling can ptrace process2 which disables any Yama protection.
156 SANDBOX_TEST(Yama, RestrictPtraceIsDefault) {
157 if (!Yama::IsPresent() || HasLinux32Bug())
160 CHECK(Yama::DisableYamaRestrictions());
163 if (Yama::IsEnforcing()) {
164 // Check that process1 is protected by Yama, even though it has
165 // been created from a process that disabled Yama.
