OLD | NEW |
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import <Cocoa/Cocoa.h> | 5 #import <Cocoa/Cocoa.h> |
6 #include <dirent.h> | 6 #include <dirent.h> |
7 | 7 |
8 extern "C" { | 8 extern "C" { |
9 #include <sandbox.h> | 9 #include <sandbox.h> |
10 } | 10 } |
11 | 11 |
12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
13 #include "base/file_path.h" | 13 #include "base/file_path.h" |
14 #include "base/multiprocess_test.h" | 14 #include "base/multiprocess_test.h" |
15 #include "base/sys_string_conversions.h" | 15 #include "base/sys_string_conversions.h" |
16 #include "base/utf_string_conversions.h" | 16 #include "base/utf_string_conversions.h" |
17 #include "chrome/common/sandbox_mac.h" | 17 #include "chrome/common/sandbox_mac.h" |
18 #include "testing/gtest/include/gtest/gtest.h" | 18 #include "testing/gtest/include/gtest/gtest.h" |
19 | 19 |
| 20 // Tests to exercise directory-access-related restrictions of Mac sandbox. |
| 21 |
20 namespace sandbox { | 22 namespace sandbox { |
21 | 23 |
22 bool QuotePlainString(const std::string& str_utf8, std::string* dst); | 24 bool QuotePlainString(const std::string& str_utf8, std::string* dst); |
23 bool QuoteStringForRegex(const std::string& str_utf8, std::string* dst); | 25 bool QuoteStringForRegex(const std::string& str_utf8, std::string* dst); |
24 | 26 |
25 } // namespace sandbox | 27 } // namespace sandbox |
26 | 28 |
| 29 namespace { |
| 30 |
27 static const char* kSandboxAccessPathKey = "sandbox_dir"; | 31 static const char* kSandboxAccessPathKey = "sandbox_dir"; |
28 | 32 |
29 class MacDirAccessSandboxTest : public MultiProcessTest { | 33 class MacDirAccessSandboxTest : public MultiProcessTest { |
30 public: | 34 public: |
31 bool CheckSandbox(std::string directory_to_try) { | 35 bool CheckSandbox(std::string directory_to_try) { |
32 setenv(kSandboxAccessPathKey, directory_to_try.c_str(), 1); | 36 setenv(kSandboxAccessPathKey, directory_to_try.c_str(), 1); |
33 base::ProcessHandle child_process = SpawnChild(L"mac_sandbox_path_access"); | 37 base::ProcessHandle child_process = SpawnChild(L"mac_sandbox_path_access"); |
34 int code = -1; | 38 int code = -1; |
35 if (!base::WaitForExitCode(child_process, &code)) { | 39 if (!base::WaitForExitCode(child_process, &code)) { |
36 LOG(WARNING) << "base::WaitForExitCode failed"; | 40 LOG(WARNING) << "base::WaitForExitCode failed"; |
(...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
235 | 239 |
236 if (open(denied_file2.value().c_str(), O_WRONLY | O_CREAT) > 0) { | 240 if (open(denied_file2.value().c_str(), O_WRONLY | O_CREAT) > 0) { |
237 PLOG(ERROR) << "Sandbox breach: was able to write (" | 241 PLOG(ERROR) << "Sandbox breach: was able to write (" |
238 << denied_file2.value() | 242 << denied_file2.value() |
239 << ")"; | 243 << ")"; |
240 return -1; | 244 return -1; |
241 } | 245 } |
242 | 246 |
243 return 0; | 247 return 0; |
244 } | 248 } |
| 249 |
| 250 } // namespace |
OLD | NEW |