Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_mac_diraccess_unittest.mm

Issue 2686433002: Move SandboxCompiler class into the sandbox library. (Closed)
Patch Set: Try getting rid of sysctl-read Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/sandbox_mac_compiler_unittest.mm ('k') | content/test/BUILD.gn » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import <Cocoa/Cocoa.h> 5 #import <Cocoa/Cocoa.h>
6 #include <dirent.h> 6 #include <dirent.h>
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 extern "C" { 9 extern "C" {
10 #include <sandbox.h> 10 #include <sandbox.h>
11 } 11 }
12 12
13 #include <memory> 13 #include <memory>
14 14
15 #include "base/files/file_path.h" 15 #include "base/files/file_path.h"
16 #include "base/files/file_util.h" 16 #include "base/files/file_util.h"
17 #include "base/macros.h" 17 #include "base/macros.h"
18 #include "base/process/kill.h" 18 #include "base/process/kill.h"
19 #include "base/strings/sys_string_conversions.h" 19 #include "base/strings/sys_string_conversions.h"
20 #include "base/strings/utf_string_conversions.h" 20 #include "base/strings/utf_string_conversions.h"
21 #include "base/test/multiprocess_test.h" 21 #include "base/test/multiprocess_test.h"
22 #include "content/common/sandbox_mac.h" 22 #include "content/common/sandbox_mac.h"
23 #include "sandbox/mac/sandbox_compiler.h"
23 #include "testing/gtest/include/gtest/gtest.h" 24 #include "testing/gtest/include/gtest/gtest.h"
24 #include "testing/multiprocess_func_list.h" 25 #include "testing/multiprocess_func_list.h"
25 26
26 namespace { 27 namespace {
27 28
28 static const char* kSandboxAccessPathKey = "sandbox_dir"; 29 static const char* kSandboxAccessPathKey = "sandbox_dir";
29 static const char* kDeniedSuffix = "_denied"; 30 static const char* kDeniedSuffix = "_denied";
30 31
31 } // namespace 32 } // namespace
32 33
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after
198 "(deny default)" 199 "(deny default)"
199 "(allow signal (target self))" 200 "(allow signal (target self))"
200 "(allow sysctl-read)" 201 "(allow sysctl-read)"
201 "(if (string? perm_dir)" 202 "(if (string? perm_dir)"
202 " (begin" 203 " (begin"
203 " (allow file-read-metadata )" 204 " (allow file-read-metadata )"
204 " (allow file-read* file-write* (regex (string-append #\"\" " 205 " (allow file-read* file-write* (regex (string-append #\"\" "
205 "perm_dir)))))"; 206 "perm_dir)))))";
206 207
207 // Setup the parameters to pass to the sandbox. 208 // Setup the parameters to pass to the sandbox.
208 SandboxCompiler compiler(sandbox_profile); 209 sandbox::SandboxCompiler compiler(sandbox_profile);
209 CHECK(compiler.InsertStringParam("PERMITTED_DIR", final_allowed_dir)); 210 CHECK(compiler.InsertStringParam("PERMITTED_DIR", final_allowed_dir));
210 211
211 // Enable Sandbox. 212 // Enable Sandbox.
212 std::string error_str; 213 std::string error_str;
213 if (!compiler.CompileAndApplyProfile(&error_str)) { 214 if (!compiler.CompileAndApplyProfile(&error_str)) {
214 LOG(ERROR) << "Failed to Initialize Sandbox: " << error_str; 215 LOG(ERROR) << "Failed to Initialize Sandbox: " << error_str;
215 return -1; 216 return -1;
216 } 217 }
217 218
218 // Test Sandbox. 219 // Test Sandbox.
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after
296 PLOG(ERROR) << "Sandbox breach: was able to write (" 297 PLOG(ERROR) << "Sandbox breach: was able to write ("
297 << denied_file2.value() 298 << denied_file2.value()
298 << ")"; 299 << ")";
299 return -1; 300 return -1;
300 } 301 }
301 302
302 return 0; 303 return 0;
303 } 304 }
304 305
305 } // namespace content 306 } // namespace content
OLDNEW
« no previous file with comments | « content/common/sandbox_mac_compiler_unittest.mm ('k') | content/test/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698