Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(81)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/mac/bootstrap_sandbox_unittest.mm

Issue 1853713004: mac: Remove some 10.6-SDK-only sandbox code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: comment Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/mac/BUILD.gn ('k') | sandbox/mac/os_compatibility.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/mac/bootstrap_sandbox.h" 5 #include "sandbox/mac/bootstrap_sandbox.h"
6 6
7 #include <CoreFoundation/CoreFoundation.h> 7 #include <CoreFoundation/CoreFoundation.h>
8 #import <Foundation/Foundation.h> 8 #import <Foundation/Foundation.h>
9 #include <mach/mach.h> 9 #include <mach/mach.h>
10 #include <servers/bootstrap.h> 10 #include <servers/bootstrap.h>
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
73 ++receivedCount_; 73 ++receivedCount_;
74 object_.reset([[notification object] copy]); 74 object_.reset([[notification object] copy]);
75 CFRunLoopStop(CFRunLoopGetCurrent()); 75 CFRunLoopStop(CFRunLoopGetCurrent());
76 } 76 }
77 @end 77 @end
78 78
79 //////////////////////////////////////////////////////////////////////////////// 79 ////////////////////////////////////////////////////////////////////////////////
80 80
81 namespace sandbox { 81 namespace sandbox {
82 82
83 void InitializeXPCIfRequired() {
84 if (base::mac::IsOSYosemiteOrLater())
85 CHECK(InitializeXPC());
86 }
87
88 class BootstrapSandboxTest : public base::MultiProcessTest { 83 class BootstrapSandboxTest : public base::MultiProcessTest {
89 public: 84 public:
90 void SetUp() override { 85 void SetUp() override {
91 base::MultiProcessTest::SetUp(); 86 base::MultiProcessTest::SetUp();
92 87
93 sandbox_ = BootstrapSandbox::Create(); 88 sandbox_ = BootstrapSandbox::Create();
94 ASSERT_TRUE(sandbox_.get()); 89 ASSERT_TRUE(sandbox_.get());
95 } 90 }
96 91
97 BootstrapSandboxPolicy BaselinePolicy() { 92 BootstrapSandboxPolicy BaselinePolicy() {
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
172 167
173 base::ProcessHandle pid; 168 base::ProcessHandle pid;
174 RunChildWithPolicy(2, kNotificationTestMain, &pid); 169 RunChildWithPolicy(2, kNotificationTestMain, &pid);
175 170
176 [observer waitForNotification]; 171 [observer waitForNotification];
177 EXPECT_EQ(1, [observer receivedCount]); 172 EXPECT_EQ(1, [observer receivedCount]);
178 EXPECT_EQ(pid, [[observer object] intValue]); 173 EXPECT_EQ(pid, [[observer object] intValue]);
179 } 174 }
180 175
181 MULTIPROCESS_TEST_MAIN(PostNotification) { 176 MULTIPROCESS_TEST_MAIN(PostNotification) {
182 InitializeXPCIfRequired();
183
184 [[NSDistributedNotificationCenter defaultCenter] 177 [[NSDistributedNotificationCenter defaultCenter]
185 postNotificationName:kTestNotification 178 postNotificationName:kTestNotification
186 object:[NSString stringWithFormat:@"%d", getpid()]]; 179 object:[NSString stringWithFormat:@"%d", getpid()]];
187 return 0; 180 return 0;
188 } 181 }
189 182
190 const char kTestServer[] = "org.chromium.test_bootstrap_server"; 183 const char kTestServer[] = "org.chromium.test_bootstrap_server";
191 184
192 TEST_F(BootstrapSandboxTest, PolicyDenyError) { 185 TEST_F(BootstrapSandboxTest, PolicyDenyError) {
193 BootstrapSandboxPolicy policy(BaselinePolicy()); 186 BootstrapSandboxPolicy policy(BaselinePolicy());
194 policy.rules[kTestServer] = Rule(POLICY_DENY_ERROR); 187 policy.rules[kTestServer] = Rule(POLICY_DENY_ERROR);
195 sandbox_->RegisterSandboxPolicy(1, policy); 188 sandbox_->RegisterSandboxPolicy(1, policy);
196 189
197 RunChildWithPolicy(1, "PolicyDenyError", NULL); 190 RunChildWithPolicy(1, "PolicyDenyError", NULL);
198 } 191 }
199 192
200 MULTIPROCESS_TEST_MAIN(PolicyDenyError) { 193 MULTIPROCESS_TEST_MAIN(PolicyDenyError) {
201 InitializeXPCIfRequired();
202
203 mach_port_t port = MACH_PORT_NULL; 194 mach_port_t port = MACH_PORT_NULL;
204 kern_return_t kr = bootstrap_look_up(bootstrap_port, kTestServer, 195 kern_return_t kr = bootstrap_look_up(bootstrap_port, kTestServer,
205 &port); 196 &port);
206 CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, kr); 197 CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, kr);
207 CHECK(port == MACH_PORT_NULL); 198 CHECK(port == MACH_PORT_NULL);
208 199
209 kr = bootstrap_look_up(bootstrap_port, "org.chromium.some_other_server", 200 kr = bootstrap_look_up(bootstrap_port, "org.chromium.some_other_server",
210 &port); 201 &port);
211 CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, kr); 202 CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, kr);
212 CHECK(port == MACH_PORT_NULL); 203 CHECK(port == MACH_PORT_NULL);
213 204
214 return 0; 205 return 0;
215 } 206 }
216 207
217 TEST_F(BootstrapSandboxTest, PolicyDenyDummyPort) { 208 TEST_F(BootstrapSandboxTest, PolicyDenyDummyPort) {
218 BootstrapSandboxPolicy policy(BaselinePolicy()); 209 BootstrapSandboxPolicy policy(BaselinePolicy());
219 policy.rules[kTestServer] = Rule(POLICY_DENY_DUMMY_PORT); 210 policy.rules[kTestServer] = Rule(POLICY_DENY_DUMMY_PORT);
220 sandbox_->RegisterSandboxPolicy(1, policy); 211 sandbox_->RegisterSandboxPolicy(1, policy);
221 212
222 RunChildWithPolicy(1, "PolicyDenyDummyPort", NULL); 213 RunChildWithPolicy(1, "PolicyDenyDummyPort", NULL);
223 } 214 }
224 215
225 MULTIPROCESS_TEST_MAIN(PolicyDenyDummyPort) { 216 MULTIPROCESS_TEST_MAIN(PolicyDenyDummyPort) {
226 InitializeXPCIfRequired();
227
228 mach_port_t port = MACH_PORT_NULL; 217 mach_port_t port = MACH_PORT_NULL;
229 kern_return_t kr = bootstrap_look_up(bootstrap_port, kTestServer, 218 kern_return_t kr = bootstrap_look_up(bootstrap_port, kTestServer,
230 &port); 219 &port);
231 CHECK_EQ(KERN_SUCCESS, kr); 220 CHECK_EQ(KERN_SUCCESS, kr);
232 CHECK(port != MACH_PORT_NULL); 221 CHECK(port != MACH_PORT_NULL);
233 return 0; 222 return 0;
234 } 223 }
235 224
236 struct SubstitutePortAckSend { 225 struct SubstitutePortAckSend {
237 mach_msg_header_t header; 226 mach_msg_header_t header;
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
283 272
284 send_rights = 0; 273 send_rights = 0;
285 ASSERT_EQ(KERN_SUCCESS, mach_port_get_refs(task, port, MACH_PORT_RIGHT_SEND, 274 ASSERT_EQ(KERN_SUCCESS, mach_port_get_refs(task, port, MACH_PORT_RIGHT_SEND,
286 &send_rights)); 275 &send_rights));
287 EXPECT_EQ(1u, send_rights); 276 EXPECT_EQ(1u, send_rights);
288 277
289 EXPECT_EQ(0, strncmp(kSubstituteAck, msg.buf, sizeof(msg.buf))); 278 EXPECT_EQ(0, strncmp(kSubstituteAck, msg.buf, sizeof(msg.buf)));
290 } 279 }
291 280
292 MULTIPROCESS_TEST_MAIN(PolicySubstitutePort) { 281 MULTIPROCESS_TEST_MAIN(PolicySubstitutePort) {
293 InitializeXPCIfRequired();
294
295 mach_port_t port = MACH_PORT_NULL; 282 mach_port_t port = MACH_PORT_NULL;
296 kern_return_t kr = bootstrap_look_up(bootstrap_port, kTestServer, &port); 283 kern_return_t kr = bootstrap_look_up(bootstrap_port, kTestServer, &port);
297 CHECK_EQ(KERN_SUCCESS, kr); 284 CHECK_EQ(KERN_SUCCESS, kr);
298 CHECK(port != MACH_PORT_NULL); 285 CHECK(port != MACH_PORT_NULL);
299 286
300 struct SubstitutePortAckSend msg; 287 struct SubstitutePortAckSend msg;
301 bzero(&msg, sizeof(msg)); 288 bzero(&msg, sizeof(msg));
302 msg.header.msgh_size = sizeof(msg); 289 msg.header.msgh_size = sizeof(msg);
303 msg.header.msgh_remote_port = port; 290 msg.header.msgh_remote_port = port;
304 msg.header.msgh_bits = MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND); 291 msg.header.msgh_bits = MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND);
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
402 msg.header.msgh_local_port = port; 389 msg.header.msgh_local_port = port;
403 kern_return_t kr = mach_msg(&msg.header, MACH_RCV_MSG, 0, 390 kern_return_t kr = mach_msg(&msg.header, MACH_RCV_MSG, 0,
404 msg.header.msgh_size, port, 391 msg.header.msgh_size, port,
405 TestTimeouts::tiny_timeout().InMilliseconds(), MACH_PORT_NULL); 392 TestTimeouts::tiny_timeout().InMilliseconds(), MACH_PORT_NULL);
406 EXPECT_EQ(KERN_SUCCESS, kr); 393 EXPECT_EQ(KERN_SUCCESS, kr);
407 394
408 EXPECT_EQ(0, strncmp(kSubstituteAck, msg.buf, sizeof(msg.buf))); 395 EXPECT_EQ(0, strncmp(kSubstituteAck, msg.buf, sizeof(msg.buf)));
409 } 396 }
410 397
411 MULTIPROCESS_TEST_MAIN(DefaultRuleAllow) { 398 MULTIPROCESS_TEST_MAIN(DefaultRuleAllow) {
412 InitializeXPCIfRequired();
413
414 [[NSDistributedNotificationCenter defaultCenter] 399 [[NSDistributedNotificationCenter defaultCenter]
415 postNotificationName:kTestNotification 400 postNotificationName:kTestNotification
416 object:[NSString stringWithFormat:@"%d", getpid()]]; 401 object:[NSString stringWithFormat:@"%d", getpid()]];
417 402
418 mach_port_t port = MACH_PORT_NULL; 403 mach_port_t port = MACH_PORT_NULL;
419 CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, bootstrap_look_up(bootstrap_port, 404 CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, bootstrap_look_up(bootstrap_port,
420 const_cast<char*>(kDefaultRuleTestDeny), &port)); 405 const_cast<char*>(kDefaultRuleTestDeny), &port));
421 CHECK(port == MACH_PORT_NULL); 406 CHECK(port == MACH_PORT_NULL);
422 407
423 CHECK_EQ(KERN_SUCCESS, bootstrap_look_up(bootstrap_port, 408 CHECK_EQ(KERN_SUCCESS, bootstrap_look_up(bootstrap_port,
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
485 MACH_PORT_NULL, TestTimeouts::tiny_timeout().InMilliseconds(), 470 MACH_PORT_NULL, TestTimeouts::tiny_timeout().InMilliseconds(),
486 MACH_PORT_NULL); 471 MACH_PORT_NULL);
487 EXPECT_EQ(KERN_SUCCESS, kr) << mach_error_string(kr); 472 EXPECT_EQ(KERN_SUCCESS, kr) << mach_error_string(kr);
488 473
489 int code = 0; 474 int code = 0;
490 EXPECT_TRUE(process.WaitForExit(&code)); 475 EXPECT_TRUE(process.WaitForExit(&code));
491 EXPECT_EQ(0, code); 476 EXPECT_EQ(0, code);
492 } 477 }
493 478
494 MULTIPROCESS_TEST_MAIN(ChildOutliveSandbox) { 479 MULTIPROCESS_TEST_MAIN(ChildOutliveSandbox) {
495 InitializeXPCIfRequired();
496
497 // Get the synchronization channel. 480 // Get the synchronization channel.
498 mach_port_t port = MACH_PORT_NULL; 481 mach_port_t port = MACH_PORT_NULL;
499 CHECK_EQ(KERN_SUCCESS, bootstrap_look_up(bootstrap_port, "sync", &port)); 482 CHECK_EQ(KERN_SUCCESS, bootstrap_look_up(bootstrap_port, "sync", &port));
500 483
501 // Create a reply port. 484 // Create a reply port.
502 mach_port_t reply_port; 485 mach_port_t reply_port;
503 CHECK_EQ(KERN_SUCCESS, mach_port_allocate(mach_task_self(), 486 CHECK_EQ(KERN_SUCCESS, mach_port_allocate(mach_task_self(),
504 MACH_PORT_RIGHT_RECEIVE, &reply_port)); 487 MACH_PORT_RIGHT_RECEIVE, &reply_port));
505 base::mac::ScopedMachReceiveRight scoped_reply_port(reply_port); 488 base::mac::ScopedMachReceiveRight scoped_reply_port(reply_port);
506 489
(...skipping 24 matching lines...) Expand all
531 kr = mach_msg_receive(&rcv_msg.header); 514 kr = mach_msg_receive(&rcv_msg.header);
532 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; 515 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive";
533 516
534 // Try to message the sandbox. 517 // Try to message the sandbox.
535 bootstrap_look_up(bootstrap_port, "test", &port); 518 bootstrap_look_up(bootstrap_port, "test", &port);
536 519
537 return 0; 520 return 0;
538 } 521 }
539 522
540 } // namespace sandbox 523 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/mac/BUILD.gn ('k') | sandbox/mac/os_compatibility.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698