Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(231)

Side by Side Diff: sandbox/linux/services/credentials_unittest.cc

Issue 191673003: Implement ScopedFD in terms of ScopedGeneric. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/credentials.h" 5 #include "sandbox/linux/services/credentials.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <stdio.h> 9 #include <stdio.h>
10 #include <sys/stat.h> 10 #include <sys/stat.h>
11 #include <sys/types.h> 11 #include <sys/types.h>
12 #include <unistd.h> 12 #include <unistd.h>
13 13
14 #include "base/file_util.h" 14 #include "base/file_util.h"
15 #include "base/files/scoped_file.h"
15 #include "base/logging.h" 16 #include "base/logging.h"
16 #include "base/memory/scoped_ptr.h" 17 #include "base/memory/scoped_ptr.h"
17 #include "sandbox/linux/tests/unit_tests.h" 18 #include "sandbox/linux/tests/unit_tests.h"
18 #include "testing/gtest/include/gtest/gtest.h" 19 #include "testing/gtest/include/gtest/gtest.h"
19 20
20 using file_util::ScopedFD;
21
22 namespace sandbox { 21 namespace sandbox {
23 22
24 namespace { 23 namespace {
25 24
26 bool DirectoryExists(const char* path) { 25 bool DirectoryExists(const char* path) {
27 struct stat dir; 26 struct stat dir;
28 errno = 0; 27 errno = 0;
29 int ret = stat(path, &dir); 28 int ret = stat(path, &dir);
30 return -1 != ret || ENOENT != errno; 29 return -1 != ret || ENOENT != errno;
31 } 30 }
(...skipping 26 matching lines...) Expand all
58 scoped_ptr<Credentials> cred2(new Credentials); 57 scoped_ptr<Credentials> cred2(new Credentials);
59 } 58 }
60 59
61 TEST(Credentials, HasOpenDirectory) { 60 TEST(Credentials, HasOpenDirectory) {
62 Credentials creds; 61 Credentials creds;
63 // No open directory should exist at startup. 62 // No open directory should exist at startup.
64 EXPECT_FALSE(creds.HasOpenDirectory(-1)); 63 EXPECT_FALSE(creds.HasOpenDirectory(-1));
65 { 64 {
66 // Have a "/dev" file descriptor around. 65 // Have a "/dev" file descriptor around.
67 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); 66 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY);
68 ScopedFD dev_fd_closer(&dev_fd); 67 base::ScopedFD dev_fd_closer(dev_fd);
69 EXPECT_TRUE(creds.HasOpenDirectory(-1)); 68 EXPECT_TRUE(creds.HasOpenDirectory(-1));
70 } 69 }
71 EXPECT_FALSE(creds.HasOpenDirectory(-1)); 70 EXPECT_FALSE(creds.HasOpenDirectory(-1));
72 } 71 }
73 72
74 TEST(Credentials, HasOpenDirectoryWithFD) { 73 TEST(Credentials, HasOpenDirectoryWithFD) {
75 Credentials creds; 74 Credentials creds;
76 75
77 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY); 76 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY);
78 ScopedFD proc_fd_closer(&proc_fd); 77 base::ScopedFD proc_fd_closer(proc_fd);
79 ASSERT_LE(0, proc_fd); 78 ASSERT_LE(0, proc_fd);
80 79
81 // Don't pass |proc_fd|, an open directory (proc_fd) should 80 // Don't pass |proc_fd|, an open directory (proc_fd) should
82 // be detected. 81 // be detected.
83 EXPECT_TRUE(creds.HasOpenDirectory(-1)); 82 EXPECT_TRUE(creds.HasOpenDirectory(-1));
84 // Pass |proc_fd| and no open directory should be detected. 83 // Pass |proc_fd| and no open directory should be detected.
85 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); 84 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd));
86 85
87 { 86 {
88 // Have a "/dev" file descriptor around. 87 // Have a "/dev" file descriptor around.
89 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); 88 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY);
90 ScopedFD dev_fd_closer(&dev_fd); 89 base::ScopedFD dev_fd_closer(dev_fd);
91 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd)); 90 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd));
92 } 91 }
93 92
94 // The "/dev" file descriptor should now be closed, |proc_fd| is the only 93 // The "/dev" file descriptor should now be closed, |proc_fd| is the only
95 // directory file descriptor open. 94 // directory file descriptor open.
96 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); 95 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd));
97 } 96 }
98 97
99 SANDBOX_TEST(Credentials, DropAllCaps) { 98 SANDBOX_TEST(Credentials, DropAllCaps) {
100 Credentials creds; 99 Credentials creds;
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
216 215
217 // The kernel should now prevent us from regaining capabilities because we 216 // The kernel should now prevent us from regaining capabilities because we
218 // are in a chroot. 217 // are in a chroot.
219 CHECK(!Credentials::SupportsNewUserNS()); 218 CHECK(!Credentials::SupportsNewUserNS());
220 CHECK(!creds.MoveToNewUserNS()); 219 CHECK(!creds.MoveToNewUserNS());
221 } 220 }
222 221
223 } // namespace. 222 } // namespace.
224 223
225 } // namespace sandbox. 224 } // namespace sandbox.
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698