| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // Some portions Copyright (c) 2009 The Chromium Authors. | 4 // Some portions Copyright (c) 2009 The Chromium Authors. |
| 5 // | 5 // |
| 6 // Tests for MiniJail | 6 // Tests for MiniJail |
| 7 #include "env.h" | 7 #include "mock_env.h" |
| 8 #include "mock_options.h" |
| 8 #include "minijail.h" | 9 #include "minijail.h" |
| 10 #include <gmock/gmock.h> |
| 9 #include <gtest/gtest.h> | 11 #include <gtest/gtest.h> |
| 10 | 12 |
| 11 namespace chromeos { | 13 namespace chromeos { |
| 12 | 14 |
| 13 // TODO: pull in gmock to make this non-crazy for testing. | 15 using ::testing::_; // wildcard mock matcher |
| 14 class TrueEnv : public minijail::Env { | 16 using ::testing::AtLeast; // Times modifier |
| 17 using ::testing::DefaultValue; // allow for easy default return value change |
| 18 using ::testing::Return; // mock Return action |
| 19 |
| 20 class MiniJailTest : public ::testing::Test { |
| 15 public: | 21 public: |
| 16 TrueEnv() { } | 22 static const char kDummyPath[]; |
| 17 ~TrueEnv() { } | 23 void SetUp() { |
| 18 bool DisableTracing() const { return true; } | 24 env_.reset(new minijail::MockEnv); |
| 19 bool KeepRootCapabilities() const { return true; } | 25 options_.reset(new minijail::MockOptions); |
| 20 bool DisableDefaultRootPrivileges() const { return true; } | 26 // Setup options to return the mock env |
| 21 bool ChangeUser(uid_t uid, gid_t gid) const { return true; } | 27 EXPECT_CALL(*options_, env()) |
| 22 bool SanitizeBoundingSet(uint64 capmask) const { return true; } | 28 .Times(AtLeast(1)) |
| 23 bool EnterNamespace(int namespaces) const { return true; } | 29 .WillRepeatedly(Return(env_.get())); |
| 24 bool FilterSyscallsBySource() const { return true; } | 30 } |
| 25 bool Mount() const { return true; } | 31 void TearDown() { |
| 26 bool SanitizeCapabilities(uint64 eff_capmask) const { return true; } | 32 } |
| 27 bool Run(const char *path, | 33 protected: |
| 28 char * const *argv, | 34 scoped_ptr<minijail::MockEnv> env_; |
| 29 char * const *envp) const { return true; } | 35 scoped_ptr<minijail::MockOptions> options_; |
| 30 }; | 36 }; |
| 31 | 37 |
| 32 class MiniJailTest : public ::testing::Test { }; | 38 const char MiniJailTest::kDummyPath[] = "/path/to/target/binary"; |
| 33 | 39 |
| 34 TEST(MiniJailTest, TrueJail) { | 40 TEST_F(MiniJailTest, RunGetsPath) { |
| 35 TrueEnv *env = new TrueEnv; | |
| 36 MiniJailOptions options; | |
| 37 options.set_env(env); // takes ownership | |
| 38 options.set_executable_path("/no/where"); | |
| 39 MiniJail jail; | 41 MiniJail jail; |
| 40 jail.Initialize(&options); | 42 jail.Initialize(options_.get()); |
| 41 // This does basically nothing since the options default to false. | 43 |
| 42 // Only ChangeUser is actually called. | 44 // This will be a relative no-op since all the options are defaulting |
| 45 // to false. |
| 43 EXPECT_TRUE(jail.Jail()); | 46 EXPECT_TRUE(jail.Jail()); |
| 47 // Ensure the pre-configured dummy path is propagated via Run(). |
| 48 EXPECT_CALL(*env_, Run(kDummyPath, NULL, NULL)) |
| 49 .Times(1) |
| 50 .WillOnce(Return(true)); |
| 51 // Setup executable_path to return a dummy |
| 52 EXPECT_CALL(*options_, executable_path()) |
| 53 .Times(2) |
| 54 .WillRepeatedly(Return(kDummyPath)); |
| 44 EXPECT_TRUE(jail.Run()); | 55 EXPECT_TRUE(jail.Run()); |
| 45 } | 56 } |
| 46 | 57 |
| 58 TEST_F(MiniJailTest, DefaultTrueEnvAndOptions) { |
| 59 // Make all default mock calls return true |
| 60 DefaultValue<bool>::Set(true); |
| 61 MiniJail jail; |
| 62 jail.Initialize(options_.get()); |
| 63 EXPECT_TRUE(jail.Jail()); |
| 64 // Setup executable_path to return a dummy |
| 65 EXPECT_CALL(*options_, executable_path()) |
| 66 .Times(2) |
| 67 .WillRepeatedly(Return(kDummyPath)); |
| 68 EXPECT_TRUE(jail.Run()); |
| 69 DefaultValue<bool>::Clear(); |
| 70 } |
| 71 |
| 72 TEST_F(MiniJailTest, NamespaceFlagsPidOnly) { |
| 73 MiniJail jail; |
| 74 jail.Initialize(options_.get()); |
| 75 |
| 76 EXPECT_CALL(*options_, namespace_pid()) |
| 77 .Times(1) |
| 78 .WillOnce(Return(true)); |
| 79 EXPECT_CALL(*options_, namespace_vfs()) |
| 80 .Times(2) |
| 81 .WillOnce(Return(false)) |
| 82 .WillOnce(Return(false)); |
| 83 EXPECT_CALL(*env_, EnterNamespace(CLONE_NEWPID)) |
| 84 .Times(1) |
| 85 .WillOnce(Return(true)); |
| 86 EXPECT_TRUE(jail.Jail()); |
| 87 } |
| 88 |
| 89 TEST_F(MiniJailTest, NamespaceFlagsVfsOnly) { |
| 90 MiniJail jail; |
| 91 jail.Initialize(options_.get()); |
| 92 |
| 93 EXPECT_CALL(*options_, namespace_pid()) |
| 94 .Times(1) |
| 95 .WillOnce(Return(false)); |
| 96 EXPECT_CALL(*options_, namespace_vfs()) |
| 97 .Times(2) |
| 98 .WillOnce(Return(true)) |
| 99 .WillOnce(Return(true)); |
| 100 EXPECT_CALL(*env_, EnterNamespace(CLONE_NEWNS)) |
| 101 .Times(1) |
| 102 .WillOnce(Return(true)); |
| 103 EXPECT_TRUE(jail.Jail()); |
| 104 } |
| 105 |
| 106 TEST_F(MiniJailTest, NamespaceFlagsAll) { |
| 107 MiniJail jail; |
| 108 jail.Initialize(options_.get()); |
| 109 |
| 110 EXPECT_CALL(*options_, namespace_pid()) |
| 111 .Times(1) |
| 112 .WillOnce(Return(true)); |
| 113 EXPECT_CALL(*options_, namespace_vfs()) |
| 114 .Times(2) |
| 115 .WillOnce(Return(true)) |
| 116 .WillOnce(Return(true)); |
| 117 EXPECT_CALL(*env_, EnterNamespace(CLONE_NEWNS|CLONE_NEWPID)) |
| 118 .Times(1) |
| 119 .WillOnce(Return(true)); |
| 120 EXPECT_TRUE(jail.Jail()); // all works on first call |
| 121 } |
| 122 |
| 123 // TODO(wad) finish up test cases for each conditional |
| 124 |
| 125 |
| 47 } // namespace chromeos | 126 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 542124:
Update minijail tests with real mocks and packaging testing deps (Closed)
