| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import <Cocoa/Cocoa.h> | 5 #import <Cocoa/Cocoa.h> |
| 6 | 6 |
| 7 #include "base/file_util.h" | 7 #include "base/file_util.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/sys_string_conversions.h" | 9 #include "base/sys_string_conversions.h" |
| 10 #include "content/common/sandbox_mac.h" | 10 #include "content/common/sandbox_mac.h" |
| 11 #include "content/common/sandbox_mac_unittest_helper.h" | 11 #include "content/common/sandbox_mac_unittest_helper.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" | 12 #include "testing/gtest/include/gtest/gtest.h" |
| 13 | 13 |
| 14 namespace { | 14 namespace content { |
| 15 | |
| 16 using sandboxtest::MacSandboxTest; | |
| 17 | 15 |
| 18 //--------------------- Clipboard Sandboxing ---------------------- | 16 //--------------------- Clipboard Sandboxing ---------------------- |
| 19 // Test case for checking sandboxing of clipboard access. | 17 // Test case for checking sandboxing of clipboard access. |
| 20 class MacSandboxedClipboardTestCase : public sandboxtest::MacSandboxTestCase { | 18 class MacSandboxedClipboardTestCase : public MacSandboxTestCase { |
| 21 public: | 19 public: |
| 22 MacSandboxedClipboardTestCase(); | 20 MacSandboxedClipboardTestCase(); |
| 23 virtual ~MacSandboxedClipboardTestCase(); | 21 virtual ~MacSandboxedClipboardTestCase(); |
| 24 | 22 |
| 25 virtual bool SandboxedTest(); | 23 virtual bool SandboxedTest(); |
| 26 | 24 |
| 27 virtual void SetTestData(const char* test_data); | 25 virtual void SetTestData(const char* test_data); |
| 28 private: | 26 private: |
| 29 NSString* clipboard_name_; | 27 NSString* clipboard_name_; |
| 30 }; | 28 }; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 72 std::string pasteboard_name = base::SysNSStringToUTF8([pb name]); | 70 std::string pasteboard_name = base::SysNSStringToUTF8([pb name]); |
| 73 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedClipboardTestCase", | 71 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedClipboardTestCase", |
| 74 pasteboard_name.c_str())); | 72 pasteboard_name.c_str())); |
| 75 | 73 |
| 76 // After executing the test, the clipboard should still be empty. | 74 // After executing the test, the clipboard should still be empty. |
| 77 EXPECT_EQ([[pb types] count], 0U); | 75 EXPECT_EQ([[pb types] count], 0U); |
| 78 } | 76 } |
| 79 | 77 |
| 80 //--------------------- File Access Sandboxing ---------------------- | 78 //--------------------- File Access Sandboxing ---------------------- |
| 81 // Test case for checking sandboxing of filesystem apis. | 79 // Test case for checking sandboxing of filesystem apis. |
| 82 class MacSandboxedFileAccessTestCase : public sandboxtest::MacSandboxTestCase { | 80 class MacSandboxedFileAccessTestCase : public MacSandboxTestCase { |
| 83 public: | 81 public: |
| 84 virtual bool SandboxedTest(); | 82 virtual bool SandboxedTest(); |
| 85 }; | 83 }; |
| 86 | 84 |
| 87 REGISTER_SANDBOX_TEST_CASE(MacSandboxedFileAccessTestCase); | 85 REGISTER_SANDBOX_TEST_CASE(MacSandboxedFileAccessTestCase); |
| 88 | 86 |
| 89 bool MacSandboxedFileAccessTestCase::SandboxedTest() { | 87 bool MacSandboxedFileAccessTestCase::SandboxedTest() { |
| 90 int fdes = open("/etc/passwd", O_RDONLY); | 88 int fdes = open("/etc/passwd", O_RDONLY); |
| 91 file_util::ScopedFD file_closer(&fdes); | 89 file_util::ScopedFD file_closer(&fdes); |
| 92 return fdes == -1; | 90 return fdes == -1; |
| 93 } | 91 } |
| 94 | 92 |
| 95 TEST_F(MacSandboxTest, FileAccess) { | 93 TEST_F(MacSandboxTest, FileAccess) { |
| 96 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedFileAccessTestCase", NULL)); | 94 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedFileAccessTestCase", NULL)); |
| 97 } | 95 } |
| 98 | 96 |
| 99 //--------------------- /dev/urandom Sandboxing ---------------------- | 97 //--------------------- /dev/urandom Sandboxing ---------------------- |
| 100 // /dev/urandom is available to ppapi sandbox only. | 98 // /dev/urandom is available to ppapi sandbox only. |
| 101 class MacSandboxedUrandomTestCase : public sandboxtest::MacSandboxTestCase { | 99 class MacSandboxedUrandomTestCase : public MacSandboxTestCase { |
| 102 public: | 100 public: |
| 103 virtual bool SandboxedTest(); | 101 virtual bool SandboxedTest(); |
| 104 }; | 102 }; |
| 105 | 103 |
| 106 REGISTER_SANDBOX_TEST_CASE(MacSandboxedUrandomTestCase); | 104 REGISTER_SANDBOX_TEST_CASE(MacSandboxedUrandomTestCase); |
| 107 | 105 |
| 108 bool MacSandboxedUrandomTestCase::SandboxedTest() { | 106 bool MacSandboxedUrandomTestCase::SandboxedTest() { |
| 109 int fdes = open("/dev/urandom", O_RDONLY); | 107 int fdes = open("/dev/urandom", O_RDONLY); |
| 110 file_util::ScopedFD file_closer(&fdes); | 108 file_util::ScopedFD file_closer(&fdes); |
| 111 | 109 |
| 112 // Open succeeds under ppapi sandbox, else it is not permitted. | 110 // Open succeeds under ppapi sandbox, else it is not permitted. |
| 113 if (test_data_ == "ppapi") { | 111 if (test_data_ == "ppapi") { |
| 114 if (fdes == -1) | 112 if (fdes == -1) |
| 115 return false; | 113 return false; |
| 116 | 114 |
| 117 char buf[16]; | 115 char buf[16]; |
| 118 int rc = read(fdes, buf, sizeof(buf)); | 116 int rc = read(fdes, buf, sizeof(buf)); |
| 119 return rc == sizeof(buf); | 117 return rc == sizeof(buf); |
| 120 } else { | 118 } else { |
| 121 return fdes == -1 && errno == EPERM; | 119 return fdes == -1 && errno == EPERM; |
| 122 } | 120 } |
| 123 } | 121 } |
| 124 | 122 |
| 125 TEST_F(MacSandboxTest, UrandomAccess) { | 123 TEST_F(MacSandboxTest, UrandomAccess) { |
| 126 // Similar to RunTestInAllSandboxTypes(), except changing | 124 // Similar to RunTestInAllSandboxTypes(), except changing |
| 127 // |test_data| for the ppapi case. Passing "" in the non-ppapi case | 125 // |test_data| for the ppapi case. Passing "" in the non-ppapi case |
| 128 // to overwrite the test data (NULL means not to change it). | 126 // to overwrite the test data (NULL means not to change it). |
| 129 for (content::SandboxType i = content::SANDBOX_TYPE_FIRST_TYPE; | 127 for (SandboxType i = SANDBOX_TYPE_FIRST_TYPE; |
| 130 i < content::SANDBOX_TYPE_AFTER_LAST_TYPE; ++i) { | 128 i < SANDBOX_TYPE_AFTER_LAST_TYPE; ++i) { |
| 131 if (i == content::SANDBOX_TYPE_PPAPI) { | 129 if (i == SANDBOX_TYPE_PPAPI) { |
| 132 EXPECT_TRUE(RunTestInSandbox(i, "MacSandboxedUrandomTestCase", "ppapi")); | 130 EXPECT_TRUE(RunTestInSandbox(i, "MacSandboxedUrandomTestCase", "ppapi")); |
| 133 } else { | 131 } else { |
| 134 EXPECT_TRUE(RunTestInSandbox(i, "MacSandboxedUrandomTestCase", "")) | 132 EXPECT_TRUE(RunTestInSandbox(i, "MacSandboxedUrandomTestCase", "")) |
| 135 << "for sandbox type " << i; | 133 << "for sandbox type " << i; |
| 136 } | 134 } |
| 137 } | 135 } |
| 138 } | 136 } |
| 139 | 137 |
| 140 } // namespace | 138 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11228040:
Move sandbox code in content to content namespace. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/