Home | History | Annotate | Download | only in jni 
      1 /*
      2  * Copyright (C) 2013 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  *
     16  */
     17 
     18 #include "jni.h"
     19 
     20 #include <errno.h>
     21 #include <stdio.h>
     22 #include <stdlib.h>
     23 #include <string.h>
     24 #include <unistd.h>
     25 
     26 #include <linux/filter.h>
     27 #include <linux/seccomp.h>
     28 
     29 #include <sys/prctl.h>
     30 #include <sys/types.h>
     31 #include <sys/utsname.h>
     32 #include <sys/wait.h>
     33 
     34 jint android_os_cts_OSFeatures_prctlCapBsetRead(JNIEnv* env, jobject thiz, jint i)
     35 {
     36     return prctl(PR_CAPBSET_READ, i, 0, 0, 0);
     37 }
     38 
     39 #define DENY BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
     40 
     41 static void test_seccomp() {
     42     if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
     43         _exit(0);
     44     }
     45 
     46     struct sock_filter filter[] = { DENY };
     47     struct sock_fprog prog;
     48     memset(&prog, 0, sizeof(prog));
     49     prog.len = sizeof(filter) / sizeof(filter[0]);
     50     prog.filter = filter;
     51 
     52     if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0) {
     53         _exit(0);
     54     }
     55 
     56     while(1) {
     57         _exit(0);  // should crash with SIGSYS
     58     }
     59 }
     60 
     61 jboolean android_os_cts_OSFeatures_hasSeccompSupport(JNIEnv* env, jobject)
     62 {
     63     pid_t pid = fork();
     64     if (pid == -1) {
     65         jclass cls = env->FindClass("java/lang/RuntimeException");
     66         env->ThrowNew(cls, "fork failed");
     67         return false;
     68     }
     69     if (pid == 0) {
     70         // child
     71         test_seccomp();
     72         _exit(0);
     73     }
     74 
     75     int status;
     76     TEMP_FAILURE_RETRY(waitpid(pid, &status, 0));
     77     return WIFSIGNALED(status) && (WTERMSIG(status) == SIGSYS);
     78 }
     79 
     80 jboolean android_os_cts_OSFeatures_needsSeccompSupport(JNIEnv*, jobject)
     81 {
     82 #if !defined(ARCH_SUPPORTS_SECCOMP)
     83     // Seccomp support is only available for ARM, x86, x86_64.
     84     // This define is controlled by the Android.mk.
     85     return false;
     86 #endif
     87     return true;
     88 }
     89 
     90 static JNINativeMethod gMethods[] = {
     91     {  "prctlCapBsetRead", "(I)I",
     92             (void *) android_os_cts_OSFeatures_prctlCapBsetRead },
     93     {  "hasSeccompSupport", "()Z",
     94             (void *) android_os_cts_OSFeatures_hasSeccompSupport  },
     95     {  "needsSeccompSupport", "()Z",
     96             (void *) android_os_cts_OSFeatures_needsSeccompSupport  }
     97 };
     98 
     99 int register_android_os_cts_OSFeatures(JNIEnv* env)
    100 {
    101     jclass clazz = env->FindClass("android/os/cts/OSFeatures");
    102 
    103     return env->RegisterNatives(clazz, gMethods,
    104             sizeof(gMethods) / sizeof(JNINativeMethod));
    105 }
    106