1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
6 #define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
7 
8 #include <memory>
9 
10 #include "base/logging.h"
11 #include "base/macros.h"
12 #include "build/build_config.h"
13 #include "sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h"
14 #include "sandbox/linux/tests/unit_tests.h"
15 
16 namespace sandbox {
17 
18 // BPF_TEST_C() is a special version of SANDBOX_TEST(). It runs a test function
19 // in a sub-process, under a seccomp-bpf policy specified in
20 // |bpf_policy_class_name| without failing on configurations that are allowed
21 // to not support seccomp-bpf in their kernels.
22 // This is the preferred format for new BPF tests. |bpf_policy_class_name| is a
23 // class name  (which will be default-constructed) that implements the
24 // Policy interface.
25 // The test function's body can simply follow. Test functions should use
26 // the BPF_ASSERT macros defined below, not GTEST's macros. The use of
27 // CHECK* macros is supported but less robust.
28 #define BPF_TEST_C(test_case_name, test_name, bpf_policy_class_name)     \
29   BPF_DEATH_TEST_C(                                                      \
30       test_case_name, test_name, DEATH_SUCCESS(), bpf_policy_class_name)
31 
32 // Identical to BPF_TEST_C but allows to specify the nature of death.
33 #define BPF_DEATH_TEST_C(                                            \
34     test_case_name, test_name, death, bpf_policy_class_name)         \
35   void BPF_TEST_C_##test_name();                                     \
36   TEST(test_case_name, DISABLE_ON_TSAN(test_name)) {                 \
37     sandbox::SandboxBPFTestRunner bpf_test_runner(                   \
38         new sandbox::BPFTesterSimpleDelegate<bpf_policy_class_name>( \
39             BPF_TEST_C_##test_name));                                \
40     sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death);   \
41   }                                                                  \
42   void BPF_TEST_C_##test_name()
43 
44 // This form of BPF_TEST is a little verbose and should be reserved for complex
45 // tests where a lot of control is required.
46 // |bpf_tester_delegate_class| must be a classname implementing the
47 // BPFTesterDelegate interface.
48 #define BPF_TEST_D(test_case_name, test_name, bpf_tester_delegate_class)     \
49   BPF_DEATH_TEST_D(                                                          \
50       test_case_name, test_name, DEATH_SUCCESS(), bpf_tester_delegate_class)
51 
52 // Identical to BPF_TEST_D but allows to specify the nature of death.
53 #define BPF_DEATH_TEST_D(                                          \
54     test_case_name, test_name, death, bpf_tester_delegate_class)   \
55   TEST(test_case_name, DISABLE_ON_TSAN(test_name)) {               \
56     sandbox::SandboxBPFTestRunner bpf_test_runner(                 \
57         new bpf_tester_delegate_class());                          \
58     sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \
59   }
60 
61 // Assertions are handled exactly the same as with a normal SANDBOX_TEST()
62 #define BPF_ASSERT SANDBOX_ASSERT
63 #define BPF_ASSERT_EQ(x, y) BPF_ASSERT((x) == (y))
64 #define BPF_ASSERT_NE(x, y) BPF_ASSERT((x) != (y))
65 #define BPF_ASSERT_LT(x, y) BPF_ASSERT((x) < (y))
66 #define BPF_ASSERT_GT(x, y) BPF_ASSERT((x) > (y))
67 #define BPF_ASSERT_LE(x, y) BPF_ASSERT((x) <= (y))
68 #define BPF_ASSERT_GE(x, y) BPF_ASSERT((x) >= (y))
69 
70 // This form of BPF_TEST is now discouraged (but still allowed) in favor of
71 // BPF_TEST_D and BPF_TEST_C.
72 // The |policy| parameter should be a Policy subclass.
73 // BPF_TEST() takes a C++ data type as an fourth parameter. A variable
74 // of this type will be allocated and a pointer to it will be
75 // available within the test function as "BPF_AUX". The pointer will
76 // also be passed as an argument to the policy's constructor. Policies
77 // would typically use it as an argument to SandboxBPF::Trap(), if
78 // they want to communicate data between the BPF_TEST() and a Trap()
79 // function. The life-time of this object is the same as the life-time
80 // of the process running under the seccomp-bpf policy.
81 // |aux| must not be void.
82 #define BPF_TEST(test_case_name, test_name, policy, aux) \
83   BPF_DEATH_TEST(test_case_name, test_name, DEATH_SUCCESS(), policy, aux)
84 
85 // A BPF_DEATH_TEST is just the same as a BPF_TEST, but it assumes that the
86 // test will fail with a particular known error condition. Use the DEATH_XXX()
87 // macros from unit_tests.h to specify the expected error condition.
88 #define BPF_DEATH_TEST(test_case_name, test_name, death, policy, aux) \
89   void BPF_TEST_##test_name(aux* BPF_AUX);                            \
90   TEST(test_case_name, DISABLE_ON_TSAN(test_name)) {                  \
91     sandbox::SandboxBPFTestRunner bpf_test_runner(                    \
92         new sandbox::BPFTesterCompatibilityDelegate<policy, aux>(     \
93             BPF_TEST_##test_name));                                   \
94     sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death);    \
95   }                                                                   \
96   void BPF_TEST_##test_name(aux* BPF_AUX)
97 
98 // This class takes a simple function pointer as a constructor parameter and a
99 // class name as a template parameter to implement the BPFTesterDelegate
100 // interface which can be used to build BPF unittests with
101 // the SandboxBPFTestRunner class.
102 template <class PolicyClass>
103 class BPFTesterSimpleDelegate : public BPFTesterDelegate {
104  public:
BPFTesterSimpleDelegate(void (* test_function)(void))105   explicit BPFTesterSimpleDelegate(void (*test_function)(void))
106       : test_function_(test_function) {}
~BPFTesterSimpleDelegate()107   ~BPFTesterSimpleDelegate() override {}
108 
GetSandboxBPFPolicy()109   std::unique_ptr<bpf_dsl::Policy> GetSandboxBPFPolicy() override {
110     return std::unique_ptr<bpf_dsl::Policy>(new PolicyClass());
111   }
RunTestFunction()112   void RunTestFunction() override {
113     DCHECK(test_function_);
114     test_function_();
115   }
116 
117  private:
118   void (*test_function_)(void);
119   DISALLOW_COPY_AND_ASSIGN(BPFTesterSimpleDelegate);
120 };
121 
122 }  // namespace sandbox
123 
124 #endif  // SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
125