1 files changed, 31 insertions, 0 deletions

diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
index fdd954cc0fd..f002d45f813 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
@@ -59,6 +59,7 @@ class RestrictClockIdPolicy : public bpf_dsl::Policy {
     switch (sysno) {
       case __NR_clock_gettime:
       case __NR_clock_getres:
+      case __NR_clock_nanosleep:
         return RestrictClockID();
       default:
         return Allow();
@@ -99,6 +100,25 @@ BPF_TEST_C(ParameterRestrictions,
 #endif
 }
 
+void CheckClockNanosleep(clockid_t clockid) {
+  struct timespec ts;
+  struct timespec out_ts;
+  ts.tv_sec = 0;
+  ts.tv_nsec = 0;
+  clock_nanosleep(clockid, 0, &ts, &out_ts);
+}
+
+BPF_TEST_C(ParameterRestrictions,
+           clock_nanosleep_allowed,
+           RestrictClockIdPolicy) {
+  CheckClockNanosleep(CLOCK_MONOTONIC);
+  CheckClockNanosleep(CLOCK_MONOTONIC_COARSE);
+  CheckClockNanosleep(CLOCK_MONOTONIC_RAW);
+  CheckClockNanosleep(CLOCK_BOOTTIME);
+  CheckClockNanosleep(CLOCK_REALTIME);
+  CheckClockNanosleep(CLOCK_REALTIME_COARSE);
+}
+
 BPF_DEATH_TEST_C(ParameterRestrictions,
                  clock_gettime_crash_monotonic_raw,
                  DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
@@ -107,6 +127,17 @@ BPF_DEATH_TEST_C(ParameterRestrictions,
   syscall(SYS_clock_gettime, CLOCK_MONOTONIC_RAW, &ts);
 }
 
+BPF_DEATH_TEST_C(ParameterRestrictions,
+                 clock_nanosleep_crash_clock_fd,
+                 DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+                 RestrictClockIdPolicy) {
+  struct timespec ts;
+  struct timespec out_ts;
+  ts.tv_sec = 0;
+  ts.tv_nsec = 0;
+  syscall(SYS_clock_nanosleep, (~0) | CLOCKFD, 0, &ts, &out_ts);
+}
+
 #if !defined(OS_ANDROID)
 BPF_DEATH_TEST_C(ParameterRestrictions,
                  clock_gettime_crash_cpu_clock,