OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/mac/bootstrap_sandbox.h" | 5 #include "sandbox/mac/bootstrap_sandbox.h" |
6 | 6 |
7 #include <CoreFoundation/CoreFoundation.h> | 7 #include <CoreFoundation/CoreFoundation.h> |
8 #import <Foundation/Foundation.h> | 8 #import <Foundation/Foundation.h> |
9 #include <mach/mach.h> | 9 #include <mach/mach.h> |
10 #include <servers/bootstrap.h> | 10 #include <servers/bootstrap.h> |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
90 void SetUp() override { | 90 void SetUp() override { |
91 base::MultiProcessTest::SetUp(); | 91 base::MultiProcessTest::SetUp(); |
92 | 92 |
93 sandbox_ = BootstrapSandbox::Create(); | 93 sandbox_ = BootstrapSandbox::Create(); |
94 ASSERT_TRUE(sandbox_.get()); | 94 ASSERT_TRUE(sandbox_.get()); |
95 } | 95 } |
96 | 96 |
97 BootstrapSandboxPolicy BaselinePolicy() { | 97 BootstrapSandboxPolicy BaselinePolicy() { |
98 BootstrapSandboxPolicy policy; | 98 BootstrapSandboxPolicy policy; |
99 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); | 99 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); |
100 if (base::mac::IsOSSnowLeopard()) | |
101 policy.rules["com.apple.SecurityServer"] = Rule(POLICY_ALLOW); | |
102 return policy; | 100 return policy; |
103 } | 101 } |
104 | 102 |
105 void RunChildWithPolicy(int policy_id, | 103 void RunChildWithPolicy(int policy_id, |
106 const char* child_name, | 104 const char* child_name, |
107 base::ProcessHandle* out_pid) { | 105 base::ProcessHandle* out_pid) { |
108 scoped_ptr<PreExecDelegate> pre_exec_delegate( | 106 scoped_ptr<PreExecDelegate> pre_exec_delegate( |
109 sandbox_->NewClient(policy_id)); | 107 sandbox_->NewClient(policy_id)); |
110 | 108 |
111 base::LaunchOptions options; | 109 base::LaunchOptions options; |
(...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
347 &send_rights)); | 345 &send_rights)); |
348 EXPECT_EQ(1u, send_rights); | 346 EXPECT_EQ(1u, send_rights); |
349 | 347 |
350 mach_port_t service_port; | 348 mach_port_t service_port; |
351 EXPECT_EQ(KERN_SUCCESS, bootstrap_look_up(bp, service_name, &service_port)); | 349 EXPECT_EQ(KERN_SUCCESS, bootstrap_look_up(bp, service_name, &service_port)); |
352 base::mac::ScopedMachSendRight scoped_service_port(service_port); | 350 base::mac::ScopedMachSendRight scoped_service_port(service_port); |
353 | 351 |
354 send_rights = 0; | 352 send_rights = 0; |
355 ASSERT_EQ(KERN_SUCCESS, mach_port_get_refs(task, port, MACH_PORT_RIGHT_SEND, | 353 ASSERT_EQ(KERN_SUCCESS, mach_port_get_refs(task, port, MACH_PORT_RIGHT_SEND, |
356 &send_rights)); | 354 &send_rights)); |
357 // On 10.6, bootstrap_lookup2 may add an extra right to place it in a per- | 355 EXPECT_EQ(2u, send_rights); |
358 // process cache. | |
359 if (base::mac::IsOSSnowLeopard()) | |
360 EXPECT_TRUE(send_rights == 3u || send_rights == 2u) << send_rights; | |
361 else | |
362 EXPECT_EQ(2u, send_rights); | |
363 } | 356 } |
364 | 357 |
365 const char kDefaultRuleTestAllow[] = | 358 const char kDefaultRuleTestAllow[] = |
366 "org.chromium.sandbox.test.DefaultRuleAllow"; | 359 "org.chromium.sandbox.test.DefaultRuleAllow"; |
367 const char kDefaultRuleTestDeny[] = | 360 const char kDefaultRuleTestDeny[] = |
368 "org.chromium.sandbox.test.DefaultRuleAllow.Deny"; | 361 "org.chromium.sandbox.test.DefaultRuleAllow.Deny"; |
369 | 362 |
370 TEST_F(BootstrapSandboxTest, DefaultRuleAllow) { | 363 TEST_F(BootstrapSandboxTest, DefaultRuleAllow) { |
371 mach_port_t task = mach_task_self(); | 364 mach_port_t task = mach_task_self(); |
372 | 365 |
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
531 kr = mach_msg_receive(&rcv_msg.header); | 524 kr = mach_msg_receive(&rcv_msg.header); |
532 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; | 525 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; |
533 | 526 |
534 // Try to message the sandbox. | 527 // Try to message the sandbox. |
535 bootstrap_look_up(bootstrap_port, "test", &port); | 528 bootstrap_look_up(bootstrap_port, "test", &port); |
536 | 529 |
537 return 0; | 530 return 0; |
538 } | 531 } |
539 | 532 |
540 } // namespace sandbox | 533 } // namespace sandbox |
OLD | NEW |