OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/mac/bootstrap_sandbox.h" | 5 #include "sandbox/mac/bootstrap_sandbox.h" |
6 | 6 |
7 #include <CoreFoundation/CoreFoundation.h> | 7 #include <CoreFoundation/CoreFoundation.h> |
8 #import <Foundation/Foundation.h> | 8 #import <Foundation/Foundation.h> |
9 #include <mach/mach.h> | 9 #include <mach/mach.h> |
10 #include <servers/bootstrap.h> | 10 #include <servers/bootstrap.h> |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
91 | 91 |
92 BootstrapSandboxPolicy BaselinePolicy() { | 92 BootstrapSandboxPolicy BaselinePolicy() { |
93 BootstrapSandboxPolicy policy; | 93 BootstrapSandboxPolicy policy; |
94 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); | 94 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); |
95 return policy; | 95 return policy; |
96 } | 96 } |
97 | 97 |
98 void RunChildWithPolicy(int policy_id, | 98 void RunChildWithPolicy(int policy_id, |
99 const char* child_name, | 99 const char* child_name, |
100 base::ProcessHandle* out_pid) { | 100 base::ProcessHandle* out_pid) { |
101 scoped_ptr<PreExecDelegate> pre_exec_delegate( | 101 std::unique_ptr<PreExecDelegate> pre_exec_delegate( |
102 sandbox_->NewClient(policy_id)); | 102 sandbox_->NewClient(policy_id)); |
103 | 103 |
104 base::LaunchOptions options; | 104 base::LaunchOptions options; |
105 options.pre_exec_delegate = pre_exec_delegate.get(); | 105 options.pre_exec_delegate = pre_exec_delegate.get(); |
106 | 106 |
107 base::Process process = SpawnChildWithOptions(child_name, options); | 107 base::Process process = SpawnChildWithOptions(child_name, options); |
108 ASSERT_TRUE(process.IsValid()); | 108 ASSERT_TRUE(process.IsValid()); |
109 int code = 0; | 109 int code = 0; |
110 EXPECT_TRUE(process.WaitForExit(&code)); | 110 EXPECT_TRUE(process.WaitForExit(&code)); |
111 EXPECT_EQ(0, code); | 111 EXPECT_EQ(0, code); |
112 if (out_pid) | 112 if (out_pid) |
113 *out_pid = process.Pid(); | 113 *out_pid = process.Pid(); |
114 } | 114 } |
115 | 115 |
116 protected: | 116 protected: |
117 scoped_ptr<BootstrapSandbox> sandbox_; | 117 std::unique_ptr<BootstrapSandbox> sandbox_; |
118 }; | 118 }; |
119 | 119 |
120 const char kNotificationTestMain[] = "PostNotification"; | 120 const char kNotificationTestMain[] = "PostNotification"; |
121 | 121 |
122 // Run the test without the sandbox. | 122 // Run the test without the sandbox. |
123 TEST_F(BootstrapSandboxTest, DistributedNotifications_Unsandboxed) { | 123 TEST_F(BootstrapSandboxTest, DistributedNotifications_Unsandboxed) { |
124 base::scoped_nsobject<DistributedNotificationObserver> observer( | 124 base::scoped_nsobject<DistributedNotificationObserver> observer( |
125 [[DistributedNotificationObserver alloc] init]); | 125 [[DistributedNotificationObserver alloc] init]); |
126 | 126 |
127 base::Process process = SpawnChild(kNotificationTestMain); | 127 base::Process process = SpawnChild(kNotificationTestMain); |
(...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
427 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port, | 427 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port, |
428 MACH_MSG_TYPE_MAKE_SEND)); | 428 MACH_MSG_TYPE_MAKE_SEND)); |
429 base::mac::ScopedMachSendRight scoped_port_send(port); | 429 base::mac::ScopedMachSendRight scoped_port_send(port); |
430 | 430 |
431 // Set up the policy and register the port. | 431 // Set up the policy and register the port. |
432 BootstrapSandboxPolicy policy(BaselinePolicy()); | 432 BootstrapSandboxPolicy policy(BaselinePolicy()); |
433 policy.rules["sync"] = Rule(port); | 433 policy.rules["sync"] = Rule(port); |
434 sandbox_->RegisterSandboxPolicy(kTestPolicyId, policy); | 434 sandbox_->RegisterSandboxPolicy(kTestPolicyId, policy); |
435 | 435 |
436 // Launch the child. | 436 // Launch the child. |
437 scoped_ptr<PreExecDelegate> pre_exec_delegate( | 437 std::unique_ptr<PreExecDelegate> pre_exec_delegate( |
438 sandbox_->NewClient(kTestPolicyId)); | 438 sandbox_->NewClient(kTestPolicyId)); |
439 base::LaunchOptions options; | 439 base::LaunchOptions options; |
440 options.pre_exec_delegate = pre_exec_delegate.get(); | 440 options.pre_exec_delegate = pre_exec_delegate.get(); |
441 base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options); | 441 base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options); |
442 ASSERT_TRUE(process.IsValid()); | 442 ASSERT_TRUE(process.IsValid()); |
443 | 443 |
444 // Synchronize with the child. | 444 // Synchronize with the child. |
445 mach_msg_empty_rcv_t rcv_msg; | 445 mach_msg_empty_rcv_t rcv_msg; |
446 bzero(&rcv_msg, sizeof(rcv_msg)); | 446 bzero(&rcv_msg, sizeof(rcv_msg)); |
447 kern_return_t kr = mach_msg(&rcv_msg.header, MACH_RCV_MSG, 0, | 447 kern_return_t kr = mach_msg(&rcv_msg.header, MACH_RCV_MSG, 0, |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
507 kr = mach_msg_receive(&rcv_msg.header); | 507 kr = mach_msg_receive(&rcv_msg.header); |
508 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; | 508 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; |
509 | 509 |
510 // Try to message the sandbox. | 510 // Try to message the sandbox. |
511 bootstrap_look_up(bootstrap_port, "test", &port); | 511 bootstrap_look_up(bootstrap_port, "test", &port); |
512 | 512 |
513 return 0; | 513 return 0; |
514 } | 514 } |
515 | 515 |
516 } // namespace sandbox | 516 } // namespace sandbox |
OLD | NEW |