1 files changed, 26 insertions, 0 deletions

diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
index f0392b1a002..ca812d8a1ed 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
@@ -168,6 +168,21 @@ BPF_TEST_C(BaselinePolicy, Socketpair, BaselinePolicy) {
   TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1]));
 }
 
+#if !defined(GRND_NONBLOCK)
+#define GRND_NONBLOCK 1
+#endif
+
+BPF_TEST_C(BaselinePolicy, GetRandom, BaselinePolicy) {
+  char buf[1];
+
+  // Many systems do not yet support getrandom(2) so ENOSYS is a valid result
+  // here.
+  int ret = HANDLE_EINTR(syscall(__NR_getrandom, buf, sizeof(buf), 0));
+  BPF_ASSERT((ret == -1 && errno == ENOSYS) || ret == 1);
+  ret = HANDLE_EINTR(syscall(__NR_getrandom, buf, sizeof(buf), GRND_NONBLOCK));
+  BPF_ASSERT((ret == -1 && (errno == ENOSYS || errno == EAGAIN)) || ret == 1);
+}
+
 // Not all architectures can restrict the domain for socketpair().
 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
 BPF_DEATH_TEST_C(BaselinePolicy,
@@ -349,6 +364,17 @@ BPF_DEATH_TEST_C(BaselinePolicy,
   clock_gettime(CLOCK_MONOTONIC_RAW, &ts);
 }
 
+#if !defined(GRND_RANDOM)
+#define GRND_RANDOM 2
+#endif
+
+BPF_DEATH_TEST_C(BaselinePolicy,
+                 GetRandomOfDevRandomCrashes,
+                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+                 BaselinePolicy) {
+  syscall(__NR_getrandom, NULL, 0, GRND_RANDOM);
+}
+
 #if !defined(__i386__)
 BPF_DEATH_TEST_C(BaselinePolicy,
                  GetSockOptWrongLevelSigsys,