Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(245)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/credentials_unittest.cc

Issue 1522653002: Use std=c++11 instead of std=gnu++11 everywhere except nacl (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « build/config/compiler/BUILD.gn ('k') | skia/BUILD.gn » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/credentials.h" 5 #include "sandbox/linux/services/credentials.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <pthread.h> 9 #include <pthread.h>
10 #include <signal.h> 10 #include <signal.h>
(...skipping 13 matching lines...) Expand all
24 #include "sandbox/linux/services/proc_util.h" 24 #include "sandbox/linux/services/proc_util.h"
25 #include "sandbox/linux/services/syscall_wrappers.h" 25 #include "sandbox/linux/services/syscall_wrappers.h"
26 #include "sandbox/linux/system_headers/capability.h" 26 #include "sandbox/linux/system_headers/capability.h"
27 #include "sandbox/linux/tests/unit_tests.h" 27 #include "sandbox/linux/tests/unit_tests.h"
28 #include "testing/gtest/include/gtest/gtest.h" 28 #include "testing/gtest/include/gtest/gtest.h"
29 29
30 namespace sandbox { 30 namespace sandbox {
31 31
32 namespace { 32 namespace {
33 33
34 struct CapFreeDeleter {
35 inline void operator()(cap_t cap) const {
36 int ret = cap_free(cap);
37 CHECK_EQ(0, ret);
38 }
39 };
40
41 // Wrapper to manage libcap2's cap_t type.
42 typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap;
43
44 bool WorkingDirectoryIsRoot() { 34 bool WorkingDirectoryIsRoot() {
45 char current_dir[PATH_MAX]; 35 char current_dir[PATH_MAX];
46 char* cwd = getcwd(current_dir, sizeof(current_dir)); 36 char* cwd = getcwd(current_dir, sizeof(current_dir));
47 PCHECK(cwd); 37 PCHECK(cwd);
48 if (strcmp("/", cwd)) return false; 38 if (strcmp("/", cwd)) return false;
49 39
50 // The current directory is the root. Add a few paranoid checks. 40 // The current directory is the root. Add a few paranoid checks.
51 struct stat current; 41 struct stat current;
52 CHECK_EQ(0, stat(".", &current)); 42 CHECK_EQ(0, stat(".", &current));
53 struct stat parrent; 43 struct stat parrent;
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
217 // Probably missing kernel support. 207 // Probably missing kernel support.
218 if (!Credentials::MoveToNewUserNS()) 208 if (!Credentials::MoveToNewUserNS())
219 return; 209 return;
220 210
221 base::ScopedFD proc_fd(ProcUtil::OpenProc()); 211 base::ScopedFD proc_fd(ProcUtil::OpenProc());
222 212
223 std::vector<Credentials::Capability> caps; 213 std::vector<Credentials::Capability> caps;
224 caps.push_back(Credentials::Capability::SYS_CHROOT); 214 caps.push_back(Credentials::Capability::SYS_CHROOT);
225 CHECK(Credentials::SetCapabilities(proc_fd.get(), caps)); 215 CHECK(Credentials::SetCapabilities(proc_fd.get(), caps));
226 216
227 ScopedCap actual_cap(cap_get_proc()); 217 cap_t actual_cap(cap_get_proc());
228 PCHECK(actual_cap != nullptr); 218 PCHECK(actual_cap != nullptr);
229 219
230 ScopedCap expected_cap(cap_init()); 220 cap_t expected_cap(cap_init());
231 PCHECK(expected_cap != nullptr); 221 PCHECK(expected_cap != nullptr);
232 222
233 const cap_value_t allowed_cap = CAP_SYS_CHROOT; 223 const cap_value_t allowed_cap = CAP_SYS_CHROOT;
234 for (const cap_flag_t flag : {CAP_EFFECTIVE, CAP_PERMITTED}) { 224 for (const cap_flag_t flag : {CAP_EFFECTIVE, CAP_PERMITTED}) {
235 PCHECK(cap_set_flag(expected_cap.get(), flag, 1, &allowed_cap, CAP_SET) == 225 PCHECK(cap_set_flag(expected_cap, flag, 1, &allowed_cap, CAP_SET) ==
236 0); 226 0);
237 } 227 }
238 228
239 CHECK_EQ(0, cap_compare(expected_cap.get(), actual_cap.get())); 229 CHECK_EQ(0, cap_compare(expected_cap, actual_cap));
230
231 CHECK_EQ(0, cap_free(expected_cap));
232 CHECK_EQ(0, cap_free(actual_cap));
240 } 233 }
241 234
242 volatile sig_atomic_t signal_handler_called; 235 volatile sig_atomic_t signal_handler_called;
243 void SignalHandler(int sig) { 236 void SignalHandler(int sig) {
244 signal_handler_called = 1; 237 signal_handler_called = 1;
245 } 238 }
246 239
247 // Disabled on ASAN because of crbug.com/451603. 240 // Disabled on ASAN because of crbug.com/451603.
248 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessPreservesTLS)) { 241 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessPreservesTLS)) {
249 // Probably missing kernel support. 242 // Probably missing kernel support.
(...skipping 10 matching lines...) Expand all
260 action.sa_handler = &SignalHandler; 253 action.sa_handler = &SignalHandler;
261 PCHECK(sigaction(SIGUSR1, &action, nullptr) == 0); 254 PCHECK(sigaction(SIGUSR1, &action, nullptr) == 0);
262 255
263 PCHECK(raise(SIGUSR1) == 0); 256 PCHECK(raise(SIGUSR1) == 0);
264 CHECK_EQ(1, signal_handler_called); 257 CHECK_EQ(1, signal_handler_called);
265 } 258 }
266 259
267 } // namespace. 260 } // namespace.
268 261
269 } // namespace sandbox. 262 } // namespace sandbox.
OLDNEW
« no previous file with comments | « build/config/compiler/BUILD.gn ('k') | skia/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698