| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import <Cocoa/Cocoa.h> | 5 #import <Cocoa/Cocoa.h> |
| 6 #include <dirent.h> | 6 #include <dirent.h> |
| 7 | 7 |
| 8 extern "C" { | 8 extern "C" { |
| 9 #include <sandbox.h> | 9 #include <sandbox.h> |
| 10 } | 10 } |
| 11 | 11 |
| 12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
| 13 #include "base/file_path.h" | 13 #include "base/file_path.h" |
| 14 #include "base/multiprocess_test.h" | 14 #include "base/multiprocess_test.h" |
| 15 #include "base/sys_string_conversions.h" | 15 #include "base/sys_string_conversions.h" |
| 16 #include "base/utf_string_conversions.h" | 16 #include "base/utf_string_conversions.h" |
| 17 #include "chrome/common/sandbox_mac.h" | 17 #include "chrome/common/sandbox_mac.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 18 #include "testing/gtest/include/gtest/gtest.h" |
| 19 | 19 |
| 20 // Tests to exercise directory-access-related restrictions of Mac sandbox. |
| 21 |
| 20 namespace sandbox { | 22 namespace sandbox { |
| 21 | 23 |
| 22 bool QuotePlainString(const std::string& str_utf8, std::string* dst); | 24 bool QuotePlainString(const std::string& str_utf8, std::string* dst); |
| 23 bool QuoteStringForRegex(const std::string& str_utf8, std::string* dst); | 25 bool QuoteStringForRegex(const std::string& str_utf8, std::string* dst); |
| 24 | 26 |
| 25 } // namespace sandbox | 27 } // namespace sandbox |
| 26 | 28 |
| 29 namespace { |
| 30 |
| 27 static const char* kSandboxAccessPathKey = "sandbox_dir"; | 31 static const char* kSandboxAccessPathKey = "sandbox_dir"; |
| 28 | 32 |
| 29 class MacDirAccessSandboxTest : public MultiProcessTest { | 33 class MacDirAccessSandboxTest : public MultiProcessTest { |
| 30 public: | 34 public: |
| 31 bool CheckSandbox(std::string directory_to_try) { | 35 bool CheckSandbox(std::string directory_to_try) { |
| 32 setenv(kSandboxAccessPathKey, directory_to_try.c_str(), 1); | 36 setenv(kSandboxAccessPathKey, directory_to_try.c_str(), 1); |
| 33 base::ProcessHandle child_process = SpawnChild(L"mac_sandbox_path_access"); | 37 base::ProcessHandle child_process = SpawnChild(L"mac_sandbox_path_access"); |
| 34 int code = -1; | 38 int code = -1; |
| 35 if (!base::WaitForExitCode(child_process, &code)) { | 39 if (!base::WaitForExitCode(child_process, &code)) { |
| 36 LOG(WARNING) << "base::WaitForExitCode failed"; | 40 LOG(WARNING) << "base::WaitForExitCode failed"; |
| (...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 235 | 239 |
| 236 if (open(denied_file2.value().c_str(), O_WRONLY | O_CREAT) > 0) { | 240 if (open(denied_file2.value().c_str(), O_WRONLY | O_CREAT) > 0) { |
| 237 PLOG(ERROR) << "Sandbox breach: was able to write (" | 241 PLOG(ERROR) << "Sandbox breach: was able to write (" |
| 238 << denied_file2.value() | 242 << denied_file2.value() |
| 239 << ")"; | 243 << ")"; |
| 240 return -1; | 244 return -1; |
| 241 } | 245 } |
| 242 | 246 |
| 243 return 0; | 247 return 0; |
| 244 } | 248 } |
| 249 |
| 250 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2131005:
Mac: Infrastructure for serialization of OS fonts over IPC. (Closed)
