1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <android/log.h> 18 #include <jni.h> 19 #include <string.h> 20 #include <time.h> 21 22 #if defined(ARCH_SUPPORTS_SECCOMP) 23 #include <libminijail.h> 24 #include <seccomp_bpf_tests.h> 25 #endif 26 27 static const char TAG[] = "SeccompBpfTest-Native"; 28 29 jboolean android_security_cts_SeccompBpfTest_runKernelUnitTest( 30 JNIEnv* env, jobject thiz __unused, jstring name) { 31 #if defined(ARCH_SUPPORTS_SECCOMP) 32 const char* nameStr = env->GetStringUTFChars(name, nullptr); 33 34 for (struct __test_metadata* t = get_seccomp_test_list(); t; t = t->next) { 35 if (strcmp(t->name, nameStr) == 0) { 36 __android_log_print(ANDROID_LOG_INFO, TAG, "Start: %s", t->name); 37 __run_test(t); 38 __android_log_print(ANDROID_LOG_INFO, TAG, "%s: %s", 39 t->passed ? "PASS" : "FAIL", t->name); 40 return t->passed; 41 } 42 } 43 #endif // ARCH_SUPPORTS_SECCOMP 44 45 return false; 46 } 47 48 jboolean android_security_cts_SeccompBpfTest_nativeInstallTestFilter( 49 JNIEnv*, jclass, jint policyFd) { 50 #if !defined(ARCH_SUPPORTS_SECCOMP) 51 return false; 52 #else 53 minijail* j = minijail_new(); 54 minijail_no_new_privs(j); 55 minijail_use_seccomp_filter(j); 56 minijail_set_seccomp_filter_tsync(j); 57 minijail_parse_seccomp_filters_from_fd(j, policyFd); 58 minijail_enter(j); 59 minijail_destroy(j); 60 61 close(policyFd); 62 return true; 63 #endif 64 } 65 66 jstring android_security_cts_SeccompBpfTest_getPolicyAbiString(JNIEnv* env, jclass) { 67 const char* string; 68 #if defined(__arm__) 69 string = "arm"; 70 #elif defined(__aarch64__) 71 string = "arm64"; 72 #elif defined(__i386__) 73 string = "i386"; 74 #elif defined(__x86_64__) 75 string = "x86-64"; 76 #else 77 return nullptr; 78 #endif 79 return env->NewStringUTF(string); 80 } 81 82 jint android_security_cts_SeccompBpfTest_getClockBootTime(JNIEnv*, jclass) { 83 struct timespec ts; 84 int rv = clock_gettime(CLOCK_BOOTTIME_ALARM, &ts); 85 return rv; 86 } 87 88 static JNINativeMethod methods[] = { 89 { "runKernelUnitTest", "(Ljava/lang/String;)Z", 90 (void*)android_security_cts_SeccompBpfTest_runKernelUnitTest }, 91 { "nativeInstallTestFilter", "(I)Z", 92 (void*)android_security_cts_SeccompBpfTest_nativeInstallTestFilter }, 93 { "getPolicyAbiString", "()Ljava/lang/String;", 94 (void*)android_security_cts_SeccompBpfTest_getPolicyAbiString }, 95 { "getClockBootTime", "()I", 96 (void*)android_security_cts_SeccompBpfTest_getClockBootTime }, 97 }; 98 99 int register_android_os_cts_SeccompTest(JNIEnv* env) { 100 jclass clazz = env->FindClass("android/os/cts/SeccompTest"); 101 return env->RegisterNatives(clazz, methods, sizeof(methods) / sizeof(JNINativeMethod)); 102 } 103