| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
| 11 #include <sys/types.h> | 11 #include <sys/types.h> |
| 12 #include <unistd.h> | 12 #include <unistd.h> |
| 13 | 13 |
| 14 #include "base/file_util.h" | 14 #include "base/file_util.h" |
| 15 #include "base/files/scoped_file.h" |
| 15 #include "base/logging.h" | 16 #include "base/logging.h" |
| 16 #include "base/memory/scoped_ptr.h" | 17 #include "base/memory/scoped_ptr.h" |
| 17 #include "sandbox/linux/tests/unit_tests.h" | 18 #include "sandbox/linux/tests/unit_tests.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| 19 | 20 |
| 20 using file_util::ScopedFD; | |
| 21 | |
| 22 namespace sandbox { | 21 namespace sandbox { |
| 23 | 22 |
| 24 namespace { | 23 namespace { |
| 25 | 24 |
| 26 bool DirectoryExists(const char* path) { | 25 bool DirectoryExists(const char* path) { |
| 27 struct stat dir; | 26 struct stat dir; |
| 28 errno = 0; | 27 errno = 0; |
| 29 int ret = stat(path, &dir); | 28 int ret = stat(path, &dir); |
| 30 return -1 != ret || ENOENT != errno; | 29 return -1 != ret || ENOENT != errno; |
| 31 } | 30 } |
| (...skipping 26 matching lines...) Expand all Loading... |
| 58 scoped_ptr<Credentials> cred2(new Credentials); | 57 scoped_ptr<Credentials> cred2(new Credentials); |
| 59 } | 58 } |
| 60 | 59 |
| 61 TEST(Credentials, HasOpenDirectory) { | 60 TEST(Credentials, HasOpenDirectory) { |
| 62 Credentials creds; | 61 Credentials creds; |
| 63 // No open directory should exist at startup. | 62 // No open directory should exist at startup. |
| 64 EXPECT_FALSE(creds.HasOpenDirectory(-1)); | 63 EXPECT_FALSE(creds.HasOpenDirectory(-1)); |
| 65 { | 64 { |
| 66 // Have a "/dev" file descriptor around. | 65 // Have a "/dev" file descriptor around. |
| 67 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); | 66 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); |
| 68 ScopedFD dev_fd_closer(&dev_fd); | 67 base::ScopedFD dev_fd_closer(dev_fd); |
| 69 EXPECT_TRUE(creds.HasOpenDirectory(-1)); | 68 EXPECT_TRUE(creds.HasOpenDirectory(-1)); |
| 70 } | 69 } |
| 71 EXPECT_FALSE(creds.HasOpenDirectory(-1)); | 70 EXPECT_FALSE(creds.HasOpenDirectory(-1)); |
| 72 } | 71 } |
| 73 | 72 |
| 74 TEST(Credentials, HasOpenDirectoryWithFD) { | 73 TEST(Credentials, HasOpenDirectoryWithFD) { |
| 75 Credentials creds; | 74 Credentials creds; |
| 76 | 75 |
| 77 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY); | 76 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY); |
| 78 ScopedFD proc_fd_closer(&proc_fd); | 77 base::ScopedFD proc_fd_closer(proc_fd); |
| 79 ASSERT_LE(0, proc_fd); | 78 ASSERT_LE(0, proc_fd); |
| 80 | 79 |
| 81 // Don't pass |proc_fd|, an open directory (proc_fd) should | 80 // Don't pass |proc_fd|, an open directory (proc_fd) should |
| 82 // be detected. | 81 // be detected. |
| 83 EXPECT_TRUE(creds.HasOpenDirectory(-1)); | 82 EXPECT_TRUE(creds.HasOpenDirectory(-1)); |
| 84 // Pass |proc_fd| and no open directory should be detected. | 83 // Pass |proc_fd| and no open directory should be detected. |
| 85 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); | 84 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); |
| 86 | 85 |
| 87 { | 86 { |
| 88 // Have a "/dev" file descriptor around. | 87 // Have a "/dev" file descriptor around. |
| 89 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); | 88 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); |
| 90 ScopedFD dev_fd_closer(&dev_fd); | 89 base::ScopedFD dev_fd_closer(dev_fd); |
| 91 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd)); | 90 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd)); |
| 92 } | 91 } |
| 93 | 92 |
| 94 // The "/dev" file descriptor should now be closed, |proc_fd| is the only | 93 // The "/dev" file descriptor should now be closed, |proc_fd| is the only |
| 95 // directory file descriptor open. | 94 // directory file descriptor open. |
| 96 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); | 95 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); |
| 97 } | 96 } |
| 98 | 97 |
| 99 SANDBOX_TEST(Credentials, DropAllCaps) { | 98 SANDBOX_TEST(Credentials, DropAllCaps) { |
| 100 Credentials creds; | 99 Credentials creds; |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 216 | 215 |
| 217 // The kernel should now prevent us from regaining capabilities because we | 216 // The kernel should now prevent us from regaining capabilities because we |
| 218 // are in a chroot. | 217 // are in a chroot. |
| 219 CHECK(!Credentials::SupportsNewUserNS()); | 218 CHECK(!Credentials::SupportsNewUserNS()); |
| 220 CHECK(!creds.MoveToNewUserNS()); | 219 CHECK(!creds.MoveToNewUserNS()); |
| 221 } | 220 } |
| 222 | 221 |
| 223 } // namespace. | 222 } // namespace. |
| 224 | 223 |
| 225 } // namespace sandbox. | 224 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 191673003:
Implement ScopedFD in terms of ScopedGeneric. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src