OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 /** | 5 /** |
6 * TestFixture for SUID Sandbox testing. | 6 * TestFixture for SUID Sandbox testing. |
7 * @extends {testing.Test} | 7 * @extends {testing.Test} |
8 * @constructor | 8 * @constructor |
9 */ | 9 */ |
10 function SandboxStatusUITest() {} | 10 function SandboxStatusUITest() {} |
11 | 11 |
12 SandboxStatusUITest.prototype = { | 12 SandboxStatusUITest.prototype = { |
13 __proto__: testing.Test.prototype, | 13 __proto__: testing.Test.prototype, |
14 /** | 14 /** |
15 * Browse to the options page & call our preLoad(). | 15 * Browse to the options page & call our preLoad(). |
16 */ | 16 */ |
17 browsePreload: 'chrome://sandbox', | 17 browsePreload: 'chrome://sandbox', |
18 | 18 |
19 }; | 19 }; |
20 | 20 |
21 // This test is for Linux only. | 21 // This test is for Linux only. |
22 // PLEASE READ: | 22 // PLEASE READ: |
23 // - If failures of this test are a problem on a bot under your care, | 23 // - If failures of this test are a problem on a bot under your care, |
24 // the proper way to address such failures is to install the SUID | 24 // the proper way to address such failures is to install the SUID |
25 // sandbox. See: | 25 // sandbox. See: |
26 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment | 26 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment |
27 // - PLEASE DO NOT DISABLE THIS TEST. If you can't figure out how to | 27 // - PLEASE DO NOT GLOBALLY DISABLE THIS TEST. |
28 // get the SUID sandbox installed, please mark the test FLAKY_ so we | |
29 // can get clear information on where the sandbox is and isn't installed. | |
30 // SUID sandbox is currently incompatible with AddressSanitizer, | 28 // SUID sandbox is currently incompatible with AddressSanitizer, |
31 // see http://crbug.com/137653. | 29 // see http://crbug.com/137653. |
32 GEN('#if defined(OS_LINUX) && !defined(ADDRESS_SANITIZER)'); | 30 GEN('#if defined(OS_LINUX) && !defined(ADDRESS_SANITIZER)'); |
33 GEN('# define MAYBE_testSUIDSandboxEnabled \\'); | 31 GEN('# define MAYBE_testSUIDSandboxEnabled \\'); |
34 GEN(' testSUIDSandboxEnabled'); | 32 GEN(' testSUIDSandboxEnabled'); |
35 GEN('#else'); | 33 GEN('#else'); |
36 GEN('# define MAYBE_testSUIDSandboxEnabled \\'); | 34 GEN('# define MAYBE_testSUIDSandboxEnabled \\'); |
37 GEN(' DISABLED_testSUIDSandboxEnabled'); | 35 GEN(' DISABLED_testSUIDSandboxEnabled'); |
38 GEN('#endif'); | 36 GEN('#endif'); |
39 | 37 |
40 /** | 38 /** |
41 * Test if the SUID sandbox is enabled. | 39 * Test if the SUID sandbox is enabled. |
42 * | 40 * |
43 * TODO(bradchen): Remove FLAKY_ and flip polarity of this test once | 41 * TODO(bradchen): Remove DISABLED_ and flip polarity of this test once |
44 * the SUID sandbox is enabled on the Chromium bots. In the mean time | 42 * the SUID sandbox is enabled on the Chromium bots. In the mean time |
45 * this test will make it clear that the enabling steps are effective. | 43 * this test will make it clear that the enabling steps are effective. |
46 */ | 44 */ |
47 TEST_F('SandboxStatusUITest', 'MAYBE_testSUIDSandboxEnabled', function() { | 45 TEST_F('SandboxStatusUITest', 'MAYBE_testSUIDSandboxEnabled', function() { |
48 var suidyesstring = 'SUID Sandbox\tYes'; | 46 var suidyesstring = 'SUID Sandbox\tYes'; |
49 var suidnostring = 'SUID Sandbox\tNo'; | 47 var suidnostring = 'SUID Sandbox\tNo'; |
50 var suidyes = document.body.innerText.match(suidyesstring); | 48 var suidyes = document.body.innerText.match(suidyesstring); |
51 var suidno = document.body.innerText.match(suidnostring); | 49 var suidno = document.body.innerText.match(suidnostring); |
52 | 50 |
53 expectEquals(null, suidno); | 51 expectEquals(null, suidno); |
54 assertFalse(suidyes === null); | 52 assertFalse(suidyes === null); |
55 expectEquals(suidyesstring, suidyes[0]); | 53 expectEquals(suidyesstring, suidyes[0]); |
56 }); | 54 }); |
57 | 55 |
58 // The seccomp-bpf sandbox is also not compatible with ASAN. | 56 // The seccomp-bpf sandbox is also not compatible with ASAN. |
59 GEN('#if defined(OS_LINUX) && !defined(ADDRESS_SANITIZER)'); | 57 GEN('#if defined(OS_LINUX) && !defined(ADDRESS_SANITIZER)'); |
60 GEN('# define MAYBE_testBPFSandboxEnabled \\'); | 58 GEN('# define MAYBE_testBPFSandboxEnabled \\'); |
61 GEN(' FLAKY_testBPFSandboxEnabled'); | 59 GEN(' DISABLED_testBPFSandboxEnabled'); |
62 GEN('#else'); | 60 GEN('#else'); |
63 GEN('# define MAYBE_testBPFSandboxEnabled \\'); | 61 GEN('# define MAYBE_testBPFSandboxEnabled \\'); |
64 GEN(' DISABLED_testBPFSandboxEnabled'); | 62 GEN(' DISABLED_testBPFSandboxEnabled'); |
65 GEN('#endif'); | 63 GEN('#endif'); |
66 | 64 |
67 /** | 65 /** |
68 * Test if the seccomp-bpf sandbox is enabled. | 66 * Test if the seccomp-bpf sandbox is enabled. |
69 * We know that some machines lack kernel support for this. So we mark | 67 * We know that some machines lack kernel support for this. So we mark |
70 * it as FLAKY_. | 68 * it as DISABLED_. |
71 * It's very convenient to quickly be able to check whether tests ran with | 69 * It's very convenient to quickly be able to check whether tests ran with |
72 * or without the Seccomp BPF sandbox through this mechanism. | 70 * or without the Seccomp BPF sandbox through this mechanism. |
73 */ | 71 */ |
74 TEST_F('SandboxStatusUITest', 'MAYBE_testBPFSandboxEnabled', function() { | 72 TEST_F('SandboxStatusUITest', 'MAYBE_testBPFSandboxEnabled', function() { |
75 var bpfyesstring = 'Seccomp-BPF sandbox\tYes'; | 73 var bpfyesstring = 'Seccomp-BPF sandbox\tYes'; |
76 var bpfnostring = 'Seccomp-BPF sandbox\tNo'; | 74 var bpfnostring = 'Seccomp-BPF sandbox\tNo'; |
77 var bpfyes = document.body.innerText.match(bpfyesstring); | 75 var bpfyes = document.body.innerText.match(bpfyesstring); |
78 var bpfno = document.body.innerText.match(bpfnostring); | 76 var bpfno = document.body.innerText.match(bpfnostring); |
79 | 77 |
80 expectEquals(null, bpfno); | 78 expectEquals(null, bpfno); |
81 assertFalse(bpfyes === null); | 79 assertFalse(bpfyes === null); |
82 expectEquals(bpfyesstring, bpfyes[0]); | 80 expectEquals(bpfyesstring, bpfyes[0]); |
83 }); | 81 }); |
OLD | NEW |