Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_mac_system_access_unittest.mm

Issue 191673003: Implement ScopedFD in terms of ScopedGeneric. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/test/chromedriver/chrome_launcher.cc ('K') | « content/common/sandbox_mac.mm ('k') | ipc/ipc_channel_factory.cc » ('j') | sandbox/linux/services/yama.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import <Cocoa/Cocoa.h> 5 #import <Cocoa/Cocoa.h>
6 6
7 #include "base/file_util.h" 7 #include "base/file_util.h"
8 #include "base/files/scoped_file.h"
8 #include "base/logging.h" 9 #include "base/logging.h"
9 #include "base/strings/sys_string_conversions.h" 10 #include "base/strings/sys_string_conversions.h"
10 #include "content/common/sandbox_mac.h" 11 #include "content/common/sandbox_mac.h"
11 #include "content/common/sandbox_mac_unittest_helper.h" 12 #include "content/common/sandbox_mac_unittest_helper.h"
12 #include "crypto/nss_util.h" 13 #include "crypto/nss_util.h"
13 #include "testing/gtest/include/gtest/gtest.h" 14 #include "testing/gtest/include/gtest/gtest.h"
14 15
15 namespace content { 16 namespace content {
16 17
17 //--------------------- Clipboard Sandboxing ---------------------- 18 //--------------------- Clipboard Sandboxing ----------------------
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
79 //--------------------- File Access Sandboxing ---------------------- 80 //--------------------- File Access Sandboxing ----------------------
80 // Test case for checking sandboxing of filesystem apis. 81 // Test case for checking sandboxing of filesystem apis.
81 class MacSandboxedFileAccessTestCase : public MacSandboxTestCase { 82 class MacSandboxedFileAccessTestCase : public MacSandboxTestCase {
82 public: 83 public:
83 virtual bool SandboxedTest() OVERRIDE; 84 virtual bool SandboxedTest() OVERRIDE;
84 }; 85 };
85 86
86 REGISTER_SANDBOX_TEST_CASE(MacSandboxedFileAccessTestCase); 87 REGISTER_SANDBOX_TEST_CASE(MacSandboxedFileAccessTestCase);
87 88
88 bool MacSandboxedFileAccessTestCase::SandboxedTest() { 89 bool MacSandboxedFileAccessTestCase::SandboxedTest() {
89 int fdes = open("/etc/passwd", O_RDONLY); 90 base::ScopedFD fdes(open("/etc/passwd", O_RDONLY));
agl 2014/03/18 06:52:05 This, line 115 and line 108 should also have HANDL
90 file_util::ScopedFD file_closer(&fdes); 91 return !fdes.is_valid();
91 return fdes == -1;
92 } 92 }
93 93
94 TEST_F(MacSandboxTest, FileAccess) { 94 TEST_F(MacSandboxTest, FileAccess) {
95 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedFileAccessTestCase", NULL)); 95 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedFileAccessTestCase", NULL));
96 } 96 }
97 97
98 //--------------------- /dev/urandom Sandboxing ---------------------- 98 //--------------------- /dev/urandom Sandboxing ----------------------
99 // /dev/urandom is available to any sandboxed process. 99 // /dev/urandom is available to any sandboxed process.
100 class MacSandboxedUrandomTestCase : public MacSandboxTestCase { 100 class MacSandboxedUrandomTestCase : public MacSandboxTestCase {
101 public: 101 public:
102 virtual bool SandboxedTest() OVERRIDE; 102 virtual bool SandboxedTest() OVERRIDE;
103 }; 103 };
104 104
105 REGISTER_SANDBOX_TEST_CASE(MacSandboxedUrandomTestCase); 105 REGISTER_SANDBOX_TEST_CASE(MacSandboxedUrandomTestCase);
106 106
107 bool MacSandboxedUrandomTestCase::SandboxedTest() { 107 bool MacSandboxedUrandomTestCase::SandboxedTest() {
108 int fdes = open("/dev/urandom", O_RDONLY); 108 base::ScopedFD fdes(open("/dev/urandom", O_RDONLY));
109 file_util::ScopedFD file_closer(&fdes);
110 109
111 // Opening /dev/urandom succeeds under the sandbox. 110 // Opening /dev/urandom succeeds under the sandbox.
112 if (fdes == -1) 111 if (!fdes.is_valid())
113 return false; 112 return false;
114 113
115 char buf[16]; 114 char buf[16];
116 int rc = read(fdes, buf, sizeof(buf)); 115 int rc = read(fdes.get(), buf, sizeof(buf));
117 return rc == sizeof(buf); 116 return rc == sizeof(buf);
118 } 117 }
119 118
120 TEST_F(MacSandboxTest, UrandomAccess) { 119 TEST_F(MacSandboxTest, UrandomAccess) {
121 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedUrandomTestCase", NULL)); 120 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedUrandomTestCase", NULL));
122 } 121 }
123 122
124 //--------------------- NSS Sandboxing ---------------------- 123 //--------------------- NSS Sandboxing ----------------------
125 // Test case for checking sandboxing of NSS initialization. 124 // Test case for checking sandboxing of NSS initialization.
126 class MacSandboxedNSSTestCase : public MacSandboxTestCase { 125 class MacSandboxedNSSTestCase : public MacSandboxTestCase {
127 public: 126 public:
128 virtual bool SandboxedTest() OVERRIDE; 127 virtual bool SandboxedTest() OVERRIDE;
129 }; 128 };
130 129
131 REGISTER_SANDBOX_TEST_CASE(MacSandboxedNSSTestCase); 130 REGISTER_SANDBOX_TEST_CASE(MacSandboxedNSSTestCase);
132 131
133 bool MacSandboxedNSSTestCase::SandboxedTest() { 132 bool MacSandboxedNSSTestCase::SandboxedTest() {
134 // If NSS cannot read from /dev/urandom, NSS initialization will call abort(), 133 // If NSS cannot read from /dev/urandom, NSS initialization will call abort(),
135 // which will cause this test case to fail. 134 // which will cause this test case to fail.
136 crypto::ForceNSSNoDBInit(); 135 crypto::ForceNSSNoDBInit();
137 crypto::EnsureNSSInit(); 136 crypto::EnsureNSSInit();
138 return true; 137 return true;
139 } 138 }
140 139
141 TEST_F(MacSandboxTest, NSSAccess) { 140 TEST_F(MacSandboxTest, NSSAccess) {
142 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedNSSTestCase", NULL)); 141 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedNSSTestCase", NULL));
143 } 142 }
144 143
145 } // namespace content 144 } // namespace content
OLDNEW
« chrome/test/chromedriver/chrome_launcher.cc ('K') | « content/common/sandbox_mac.mm ('k') | ipc/ipc_channel_factory.cc » ('j') | sandbox/linux/services/yama.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698