Chromium Code Reviews Chromium Code Reviews
Issue 1186233004:
Refactor OS X sandbox processing and audit sandbox files (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "content/common/sandbox_mac.h" | |
| 6 | |
| 7 #include <fcntl.h> | |
| 8 #include <unistd.h> | |
| 9 #include <sys/stat.h> | |
| 10 | |
| 11 #include "base/process/kill.h" | |
| 12 #include "base/test/multiprocess_test.h" | |
| 13 #include "base/test/test_timeouts.h" | |
| 14 #include "testing/gtest/include/gtest/gtest.h" | |
| 15 #include "testing/multiprocess_func_list.h" | |
| 16 | |
| 17 namespace content { | |
| 18 | |
| 19 class SandboxMacCompilerTest : public base::MultiProcessTest {}; | |
| 20 | |
| 21 MULTIPROCESS_TEST_MAIN(BasicProfileProcess) { | |
| 22 std::string profile = | |
| 23 "(version 1)" | |
| 24 "(allow file-read* file-write* (literal \"/\"))"; | |
| 25 | |
| 26 SandboxCompiler compiler(profile); | |
| 27 | |
| 28 std::string error; | |
| 29 CHECK(compiler.CompileAndApplyProfile(&error)); | |
| 30 | |
| 31 return 0; | |
| 32 } | |
| 33 | |
| 34 TEST_F(SandboxMacCompilerTest, BasicProfileTest) { | |
| 35 base::Process process = SpawnChild("BasicProfileProcess"); | |
| 36 ASSERT_TRUE(process.IsValid()); | |
| 37 int exit_code = 42; | |
| 38 EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), | |
| 39 &exit_code)); | |
| 40 EXPECT_EQ(exit_code, 0); | |
| 41 } | |
| 42 | |
| 43 MULTIPROCESS_TEST_MAIN(BasicProfileWithParamProcess) { | |
| 44 std::string profile = | |
| 45 "(version 1)" | |
| 46 "(allow file-read* file-write* (literal (param \"DIR\")))"; | |
| 47 | |
| 48 SandboxCompiler compiler(profile); | |
| 49 compiler.InsertStringParam("DIR", "/"); | |
| 50 | |
| 51 std::string error; | |
| 52 CHECK(compiler.CompileAndApplyProfile(&error)); | |
| 53 | |
| 54 return 0; | |
| 55 } | |
| 56 | |
| 57 TEST_F(SandboxMacCompilerTest, BasicProfileTestWithParam) { | |
| 58 base::Process process = SpawnChild("BasicProfileWithParamProcess"); | |
| 59 ASSERT_TRUE(process.IsValid()); | |
| 60 int exit_code = 42; | |
| 61 EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), | |
| 62 &exit_code)); | |
| 63 EXPECT_EQ(exit_code, 0); | |
| 64 } | |
| 65 | |
| 66 MULTIPROCESS_TEST_MAIN(ProfileFunctionalProcess) { | |
| 67 std::string profile = | |
| 68 "(version 1)" | |
| 69 "(debug deny)" | |
| 70 "(allow file-read-data file-read-metadata (literal \"/dev/urandom\"))"; | |
| 71 | |
| 72 SandboxCompiler compiler(profile); | |
| 73 | |
| 74 std::string error; | |
| 75 CHECK(compiler.CompileAndApplyProfile(&error)); | |
| 76 | |
| 77 // The profile compiled and applied successfully, now try and read 1 byte from | |
| 78 // /dev/urandom | |
| 79 uint8_t byte; | |
| 80 int fd = open("/dev/urandom", O_RDONLY); | |
| 81 CHECK_NE(fd, -1); | |
| 82 | |
| 83 EXPECT_TRUE(read(fd, &byte, sizeof(byte)) == sizeof(byte)); | |
| 84 | |
| 85 return 0; | |
| 86 } | |
| 87 | |
| 88 TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTest) { | |
| 89 base::Process process = SpawnChild("ProfileFunctionalProcess"); | |
| 90 ASSERT_TRUE(process.IsValid()); | |
| 91 int exit_code = 42; | |
| 92 EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), | |
| 93 &exit_code)); | |
| 94 EXPECT_EQ(exit_code, 0); | |
| 95 } | |
| 96 | |
| 97 MULTIPROCESS_TEST_MAIN(ProfileFunctionalTestWithParamsProcess) { | |
| 98 std::string profile = | |
| 99 "(version 1)" | |
| 100 "(debug deny)" | |
| 101 "(if (string=? (param \"ALLOW_FILE\") \"TRUE\")" | |
| 102 " (allow file-read-data file-read-metadata (literal (param " | |
| 103 "\"URANDOM\"))))"; | |
| 104 | |
| 105 SandboxCompiler compiler(profile); | |
| 106 | |
| 107 compiler.InsertBooleanParam("ALLOW_FILE", true); | |
| 108 compiler.InsertStringParam("URANDOM", "/dev/urandom"); | |
| 109 | |
| 110 std::string error; | |
| 111 CHECK(compiler.CompileAndApplyProfile(&error)); | |
| 112 | |
| 113 // The profile compiled and applied successfully, now try and read 1 byte from | |
| 114 // /dev/urandom | |
| 115 uint8_t byte; | |
| 116 int fd = open("/dev/urandom", O_RDONLY); | |
| 117 CHECK_NE(fd, -1); | |
| 118 | |
| 119 EXPECT_TRUE(read(fd, &byte, sizeof(byte)) == sizeof(byte)); | |
| 120 | |
| 121 // Make sure the sandbox isn't overly permissive | |
| 122 struct stat st; | |
| 123 EXPECT_EQ(stat("/", &st), -1); | |
| 124 | |
| 125 return 0; | |
| 126 } | |
| 127 | |
| 128 TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTestWithParams) { | |
| 129 base::Process process = SpawnChild("ProfileFunctionalTestWithParamsProcess"); | |
| 130 ASSERT_TRUE(process.IsValid()); | |
| 131 int exit_code = 42; | |
| 132 EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), | |
| 133 &exit_code)); | |
| 134 EXPECT_EQ(exit_code, 0); | |
| 135 } | |
| 136 | |
| 137 MULTIPROCESS_TEST_MAIN(ProfileFunctionalityTestErrorProcess) { | |
| 138 std::string profile = "(+ 5 a)"; | |
| 139 | |
| 140 SandboxCompiler compiler(profile); | |
| 141 | |
| 142 // Make sure that this invalid profile results in an error returned | |
|
Robert Sesek
2015/06/22 20:40:23
nit: punctuation
Greg K
2015/06/23 19:05:15
Done, I also fixed other instances in this file th
| |
| 143 std::string error; | |
| 144 CHECK_EQ(error, ""); | |
| 145 CHECK(!compiler.CompileAndApplyProfile(&error)); | |
| 146 CHECK_NE(error, ""); | |
| 147 | |
| 148 return 0; | |
| 149 } | |
| 150 | |
| 151 TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTestError) { | |
| 152 base::Process process = SpawnChild("ProfileFunctionalityTestErrorProcess"); | |
| 153 ASSERT_TRUE(process.IsValid()); | |
| 154 int exit_code = 42; | |
| 155 EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), | |
| 156 &exit_code)); | |
| 157 EXPECT_EQ(exit_code, 0); | |
| 158 } | |
| 159 | |
| 160 } // namespace content | |
| OLD | NEW |
