Test that seccomp blocks access to swapon/swapoff
Bug: 32524214
Test: Ran test before and after call blocked (failed and passed)
Change-Id: I7f05f30764a5c478d852271480965b3f48fc52a0
diff --git a/tests/tests/security/src/android/security/cts/SeccompTest.java b/tests/tests/security/src/android/security/cts/SeccompTest.java
index 44185bd..745aa87 100644
--- a/tests/tests/security/src/android/security/cts/SeccompTest.java
+++ b/tests/tests/security/src/android/security/cts/SeccompTest.java
@@ -67,6 +67,30 @@
}
}
+ public void testCTSSwapOnOffBlocked() {
+ if (CpuFeatures.isArm64Cpu()) {
+ testBlocked(224); // __NR_swapon
+ testBlocked(225); // __NR_swapoff
+ } else if (CpuFeatures.isArmCpu()) {
+ testBlocked(87); // __NR_swapon
+ testBlocked(115); // __NR_swapoff
+ } else if (CpuFeatures.isX86_64Cpu()) {
+ testBlocked(167); // __NR_swapon
+ testBlocked(168); // __NR_swapoff
+ } else if (CpuFeatures.isX86Cpu()) {
+ testBlocked(87); // __NR_swapon
+ testBlocked(115); // __NR_swapoff
+ } else if (CpuFeatures.isMips64Cpu()) {
+ testBlocked(5162); // __NR_swapon
+ testBlocked(5163); // __NR_swapoff
+ } else if (CpuFeatures.isMipsCpu()) {
+ testBlocked(4087); // __NR_swapon
+ testBlocked(4115); // __NR_swapoff
+ } else {
+ fail("Unsupported OS");
+ }
+ }
+
private void testBlocked(int nr) {
assertTrue("Syscall " + nr + " allowed", testSyscallBlocked(nr));
}