Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(22)

Side by Side Diff: sandbox/mac/bootstrap_sandbox_unittest.mm

Issue 1346923006: Refactor the bootstrap sandbox process launching integration. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: RevokeToken Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/mac/bootstrap_sandbox.cc ('k') | sandbox/mac/pre_exec_delegate.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/mac/bootstrap_sandbox.h" 5 #include "sandbox/mac/bootstrap_sandbox.h"
6 6
7 #include <CoreFoundation/CoreFoundation.h> 7 #include <CoreFoundation/CoreFoundation.h>
8 #import <Foundation/Foundation.h> 8 #import <Foundation/Foundation.h>
9 #include <mach/mach.h> 9 #include <mach/mach.h>
10 #include <servers/bootstrap.h> 10 #include <servers/bootstrap.h>
11 11
12 #include "base/logging.h" 12 #include "base/logging.h"
13 #include "base/mac/mac_util.h" 13 #include "base/mac/mac_util.h"
14 #include "base/mac/mach_logging.h" 14 #include "base/mac/mach_logging.h"
15 #include "base/mac/scoped_mach_port.h" 15 #include "base/mac/scoped_mach_port.h"
16 #include "base/mac/scoped_nsobject.h" 16 #include "base/mac/scoped_nsobject.h"
17 #include "base/process/kill.h" 17 #include "base/process/kill.h"
18 #include "base/strings/stringprintf.h" 18 #include "base/strings/stringprintf.h"
19 #include "base/test/multiprocess_test.h" 19 #include "base/test/multiprocess_test.h"
20 #include "base/test/test_timeouts.h" 20 #include "base/test/test_timeouts.h"
21 #include "sandbox/mac/pre_exec_delegate.h"
21 #include "sandbox/mac/xpc.h" 22 #include "sandbox/mac/xpc.h"
22 #import "testing/gtest_mac.h" 23 #import "testing/gtest_mac.h"
23 #include "testing/multiprocess_func_list.h" 24 #include "testing/multiprocess_func_list.h"
24 25
25 NSString* const kTestNotification = @"org.chromium.bootstrap_sandbox_test"; 26 NSString* const kTestNotification = @"org.chromium.bootstrap_sandbox_test";
26 27
27 @interface DistributedNotificationObserver : NSObject { 28 @interface DistributedNotificationObserver : NSObject {
28 @private 29 @private
29 int receivedCount_; 30 int receivedCount_;
30 base::scoped_nsobject<NSString> object_; 31 base::scoped_nsobject<NSString> object_;
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
97 BootstrapSandboxPolicy policy; 98 BootstrapSandboxPolicy policy;
98 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); 99 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW);
99 if (base::mac::IsOSSnowLeopard()) 100 if (base::mac::IsOSSnowLeopard())
100 policy.rules["com.apple.SecurityServer"] = Rule(POLICY_ALLOW); 101 policy.rules["com.apple.SecurityServer"] = Rule(POLICY_ALLOW);
101 return policy; 102 return policy;
102 } 103 }
103 104
104 void RunChildWithPolicy(int policy_id, 105 void RunChildWithPolicy(int policy_id,
105 const char* child_name, 106 const char* child_name,
106 base::ProcessHandle* out_pid) { 107 base::ProcessHandle* out_pid) {
107 sandbox_->PrepareToForkWithPolicy(policy_id); 108 scoped_ptr<PreExecDelegate> pre_exec_delegate(
109 sandbox_->NewClient(policy_id));
110
108 base::LaunchOptions options; 111 base::LaunchOptions options;
109 options.replacement_bootstrap_name = sandbox_->server_bootstrap_name(); 112 options.pre_exec_delegate = pre_exec_delegate.get();
113
110 base::Process process = SpawnChildWithOptions(child_name, options); 114 base::Process process = SpawnChildWithOptions(child_name, options);
111 ASSERT_TRUE(process.IsValid()); 115 ASSERT_TRUE(process.IsValid());
112 sandbox_->FinishedFork(process.Handle());
113 int code = 0; 116 int code = 0;
114 EXPECT_TRUE(process.WaitForExit(&code)); 117 EXPECT_TRUE(process.WaitForExit(&code));
115 EXPECT_EQ(0, code); 118 EXPECT_EQ(0, code);
116 if (out_pid) 119 if (out_pid)
117 *out_pid = process.Pid(); 120 *out_pid = process.Pid();
118 } 121 }
119 122
120 protected: 123 protected:
121 scoped_ptr<BootstrapSandbox> sandbox_; 124 scoped_ptr<BootstrapSandbox> sandbox_;
122 }; 125 };
(...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after
446 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port, 449 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port,
447 MACH_MSG_TYPE_MAKE_SEND)); 450 MACH_MSG_TYPE_MAKE_SEND));
448 base::mac::ScopedMachSendRight scoped_port_send(port); 451 base::mac::ScopedMachSendRight scoped_port_send(port);
449 452
450 // Set up the policy and register the port. 453 // Set up the policy and register the port.
451 BootstrapSandboxPolicy policy(BaselinePolicy()); 454 BootstrapSandboxPolicy policy(BaselinePolicy());
452 policy.rules["sync"] = Rule(port); 455 policy.rules["sync"] = Rule(port);
453 sandbox_->RegisterSandboxPolicy(kTestPolicyId, policy); 456 sandbox_->RegisterSandboxPolicy(kTestPolicyId, policy);
454 457
455 // Launch the child. 458 // Launch the child.
456 sandbox_->PrepareToForkWithPolicy(kTestPolicyId); 459 scoped_ptr<PreExecDelegate> pre_exec_delegate(
460 sandbox_->NewClient(kTestPolicyId));
457 base::LaunchOptions options; 461 base::LaunchOptions options;
458 options.replacement_bootstrap_name = sandbox_->server_bootstrap_name(); 462 options.pre_exec_delegate = pre_exec_delegate.get();
459 base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options); 463 base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options);
460 ASSERT_TRUE(process.IsValid()); 464 ASSERT_TRUE(process.IsValid());
461 sandbox_->FinishedFork(process.Handle());
462 465
463 // Synchronize with the child. 466 // Synchronize with the child.
464 mach_msg_empty_rcv_t rcv_msg; 467 mach_msg_empty_rcv_t rcv_msg;
465 bzero(&rcv_msg, sizeof(rcv_msg)); 468 bzero(&rcv_msg, sizeof(rcv_msg));
466 kern_return_t kr = mach_msg(&rcv_msg.header, MACH_RCV_MSG, 0, 469 kern_return_t kr = mach_msg(&rcv_msg.header, MACH_RCV_MSG, 0,
467 sizeof(rcv_msg), port, 470 sizeof(rcv_msg), port,
468 TestTimeouts::tiny_timeout().InMilliseconds(), MACH_PORT_NULL); 471 TestTimeouts::tiny_timeout().InMilliseconds(), MACH_PORT_NULL);
469 ASSERT_EQ(KERN_SUCCESS, kr) << mach_error_string(kr); 472 ASSERT_EQ(KERN_SUCCESS, kr) << mach_error_string(kr);
470 473
471 // Destroy the sandbox. 474 // Destroy the sandbox.
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
528 kr = mach_msg_receive(&rcv_msg.header); 531 kr = mach_msg_receive(&rcv_msg.header);
529 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; 532 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive";
530 533
531 // Try to message the sandbox. 534 // Try to message the sandbox.
532 bootstrap_look_up(bootstrap_port, "test", &port); 535 bootstrap_look_up(bootstrap_port, "test", &port);
533 536
534 return 0; 537 return 0;
535 } 538 }
536 539
537 } // namespace sandbox 540 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/mac/bootstrap_sandbox.cc ('k') | sandbox/mac/pre_exec_delegate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698