| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
| 11 #include <sys/types.h> | 11 #include <sys/types.h> |
| 12 #include <unistd.h> | 12 #include <unistd.h> |
| 13 | 13 |
| 14 #include "base/file_util.h" | 14 #include "base/file_util.h" |
| 15 #include "base/files/scoped_file.h" | |
| 16 #include "base/logging.h" | 15 #include "base/logging.h" |
| 17 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
| 18 #include "sandbox/linux/tests/unit_tests.h" | 17 #include "sandbox/linux/tests/unit_tests.h" |
| 19 #include "testing/gtest/include/gtest/gtest.h" | 18 #include "testing/gtest/include/gtest/gtest.h" |
| 20 | 19 |
| 20 using file_util::ScopedFD; |
| 21 |
| 21 namespace sandbox { | 22 namespace sandbox { |
| 22 | 23 |
| 23 namespace { | 24 namespace { |
| 24 | 25 |
| 25 bool DirectoryExists(const char* path) { | 26 bool DirectoryExists(const char* path) { |
| 26 struct stat dir; | 27 struct stat dir; |
| 27 errno = 0; | 28 errno = 0; |
| 28 int ret = stat(path, &dir); | 29 int ret = stat(path, &dir); |
| 29 return -1 != ret || ENOENT != errno; | 30 return -1 != ret || ENOENT != errno; |
| 30 } | 31 } |
| (...skipping 26 matching lines...) Expand all Loading... |
| 57 scoped_ptr<Credentials> cred2(new Credentials); | 58 scoped_ptr<Credentials> cred2(new Credentials); |
| 58 } | 59 } |
| 59 | 60 |
| 60 TEST(Credentials, HasOpenDirectory) { | 61 TEST(Credentials, HasOpenDirectory) { |
| 61 Credentials creds; | 62 Credentials creds; |
| 62 // No open directory should exist at startup. | 63 // No open directory should exist at startup. |
| 63 EXPECT_FALSE(creds.HasOpenDirectory(-1)); | 64 EXPECT_FALSE(creds.HasOpenDirectory(-1)); |
| 64 { | 65 { |
| 65 // Have a "/dev" file descriptor around. | 66 // Have a "/dev" file descriptor around. |
| 66 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); | 67 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); |
| 67 base::ScopedFD dev_fd_closer(dev_fd); | 68 ScopedFD dev_fd_closer(&dev_fd); |
| 68 EXPECT_TRUE(creds.HasOpenDirectory(-1)); | 69 EXPECT_TRUE(creds.HasOpenDirectory(-1)); |
| 69 } | 70 } |
| 70 EXPECT_FALSE(creds.HasOpenDirectory(-1)); | 71 EXPECT_FALSE(creds.HasOpenDirectory(-1)); |
| 71 } | 72 } |
| 72 | 73 |
| 73 TEST(Credentials, HasOpenDirectoryWithFD) { | 74 TEST(Credentials, HasOpenDirectoryWithFD) { |
| 74 Credentials creds; | 75 Credentials creds; |
| 75 | 76 |
| 76 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY); | 77 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY); |
| 77 base::ScopedFD proc_fd_closer(proc_fd); | 78 ScopedFD proc_fd_closer(&proc_fd); |
| 78 ASSERT_LE(0, proc_fd); | 79 ASSERT_LE(0, proc_fd); |
| 79 | 80 |
| 80 // Don't pass |proc_fd|, an open directory (proc_fd) should | 81 // Don't pass |proc_fd|, an open directory (proc_fd) should |
| 81 // be detected. | 82 // be detected. |
| 82 EXPECT_TRUE(creds.HasOpenDirectory(-1)); | 83 EXPECT_TRUE(creds.HasOpenDirectory(-1)); |
| 83 // Pass |proc_fd| and no open directory should be detected. | 84 // Pass |proc_fd| and no open directory should be detected. |
| 84 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); | 85 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); |
| 85 | 86 |
| 86 { | 87 { |
| 87 // Have a "/dev" file descriptor around. | 88 // Have a "/dev" file descriptor around. |
| 88 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); | 89 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); |
| 89 base::ScopedFD dev_fd_closer(dev_fd); | 90 ScopedFD dev_fd_closer(&dev_fd); |
| 90 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd)); | 91 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd)); |
| 91 } | 92 } |
| 92 | 93 |
| 93 // The "/dev" file descriptor should now be closed, |proc_fd| is the only | 94 // The "/dev" file descriptor should now be closed, |proc_fd| is the only |
| 94 // directory file descriptor open. | 95 // directory file descriptor open. |
| 95 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); | 96 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); |
| 96 } | 97 } |
| 97 | 98 |
| 98 SANDBOX_TEST(Credentials, DropAllCaps) { | 99 SANDBOX_TEST(Credentials, DropAllCaps) { |
| 99 Credentials creds; | 100 Credentials creds; |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 | 216 |
| 216 // The kernel should now prevent us from regaining capabilities because we | 217 // The kernel should now prevent us from regaining capabilities because we |
| 217 // are in a chroot. | 218 // are in a chroot. |
| 218 CHECK(!Credentials::SupportsNewUserNS()); | 219 CHECK(!Credentials::SupportsNewUserNS()); |
| 219 CHECK(!creds.MoveToNewUserNS()); | 220 CHECK(!creds.MoveToNewUserNS()); |
| 220 } | 221 } |
| 221 | 222 |
| 222 } // namespace. | 223 } // namespace. |
| 223 | 224 |
| 224 } // namespace sandbox. | 225 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 197873014:
Revert of Implement ScopedFD in terms of ScopedGeneric. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src