| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #import <Foundation/Foundation.h> |
| 6 #import <IOSurface/IOSurface.h> |
| 7 |
| 8 #include <fcntl.h> |
| 9 #include <stdint.h> |
| 10 #include <sys/mman.h> |
| 11 #include <sys/types.h> |
| 12 #include <sys/stat.h> |
| 13 #include <sys/sysctl.h> |
| 14 #include <unistd.h> |
| 15 |
| 16 #include "base/files/file.h" |
| 17 #include "base/files/file_path.h" |
| 18 #include "base/mac/mac_util.h" |
| 19 #include "base/process/kill.h" |
| 20 #include "base/test/multiprocess_test.h" |
| 21 #include "base/test/test_timeouts.h" |
| 22 #include "sandbox/mac/sandbox_compiler.h" |
| 23 #include "testing/gtest/include/gtest/gtest.h" |
| 24 #include "testing/multiprocess_func_list.h" |
| 25 |
| 26 namespace sandbox { |
| 27 |
| 28 // These tests are designed to begin testing the V2 style sandbox rules on the |
| 29 // bots, rendering the earliest possible test results on how the rules perform |
| 30 // consistently across all test bots and supported OS versions. |
| 31 class SandboxMacCompilerV2Test : public base::MultiProcessTest {}; |
| 32 |
| 33 MULTIPROCESS_TEST_MAIN(V2ProfileProcess) { |
| 34 // Note: newlines are not necessary in the profile, but do make it easier to |
| 35 // print the profile out for debugging purposes. |
| 36 std::string profile = |
| 37 "(version 1)\n" |
| 38 "(deny default)\n" |
| 39 "(define allowed-dir \"ALLOWED_READ_DIR\")\n" |
| 40 "(define temp-file \"ALLOWED_TEMP_FILE\")\n" |
| 41 "(define is-pre-10_10 \"IS_PRE_10_10\")\n" |
| 42 "; Make it easier to drop (literal) once we stop supporting 10.9\n" |
| 43 "(define (path x) (literal x))\n" |
| 44 "(allow file-read-metadata (subpath \"/Applications\"))\n" |
| 45 "(allow file-read* (subpath (param allowed-dir)))\n" |
| 46 "(allow file-read-data (path \"/usr/share/zoneinfo/zone.tab\"))\n" |
| 47 "(allow file-write* (path (param temp-file)))\n" |
| 48 "(allow ipc-posix-shm-read-data (ipc-posix-name " |
| 49 "\"apple.shm.notification_center\"))\n" |
| 50 "(allow mach-lookup (global-name \"com.apple.logd\"))\n" |
| 51 "(if (string=? (param is-pre-10_10) \"TRUE\") (allow sysctl-read))\n" |
| 52 "(if (string=? (param is-pre-10_10) \"FALSE\") (allow sysctl-read " |
| 53 "(sysctl-name \"hw.activecpu\")))\n"; |
| 54 |
| 55 std::string temp_file_path = "/private/tmp/sf234234wfsfsdfdsf"; |
| 56 SandboxCompiler compiler(profile); |
| 57 CHECK(compiler.InsertStringParam("ALLOWED_READ_DIR", "/usr/lib")); |
| 58 CHECK(compiler.InsertStringParam("ALLOWED_TEMP_FILE", temp_file_path)); |
| 59 CHECK(compiler.InsertBooleanParam("IS_PRE_10_10", |
| 60 !base::mac::IsAtLeastOS10_10())); |
| 61 |
| 62 std::string error; |
| 63 bool result = compiler.CompileAndApplyProfile(&error); |
| 64 CHECK(result) << error; |
| 65 |
| 66 // Now attempt the appropriate resource access. |
| 67 base::FilePath path("/usr/lib/libsandbox.dylib"); |
| 68 base::File file(path, base::File::FLAG_OPEN | base::File::FLAG_READ); |
| 69 CHECK(file.IsValid()); |
| 70 |
| 71 char buf[4096]; |
| 72 EXPECT_EQ(static_cast<int>(sizeof(buf)), |
| 73 file.Read(/*offset=*/0, buf, sizeof(buf))); |
| 74 file.Close(); // Protect again other checks accidentally using this file. |
| 75 |
| 76 struct stat sb; |
| 77 EXPECT_EQ(0, stat("/Applications/TextEdit.app", &sb)); |
| 78 |
| 79 base::FilePath zone_path("/usr/share/zoneinfo/zone.tab"); |
| 80 base::File zone_file(zone_path, |
| 81 base::File::FLAG_OPEN | base::File::FLAG_READ); |
| 82 CHECK(zone_file.IsValid()); |
| 83 |
| 84 char zone_buf[2]; |
| 85 EXPECT_EQ(static_cast<int>(sizeof(zone_buf)), |
| 86 zone_file.Read(/*offset=*/0, zone_buf, sizeof(zone_buf))); |
| 87 zone_file.Close(); |
| 88 |
| 89 // Make sure we cannot read any files in zoneinfo. |
| 90 base::FilePath zone_dir_path("/usr/share/zoneinfo"); |
| 91 base::File zoneinfo(zone_dir_path, |
| 92 base::File::FLAG_OPEN | base::File::FLAG_READ); |
| 93 EXPECT_FALSE(zoneinfo.IsValid()); |
| 94 |
| 95 base::FilePath temp_path(temp_file_path); |
| 96 base::File temp_file(temp_path, |
| 97 base::File::FLAG_OPEN_ALWAYS | base::File::FLAG_WRITE); |
| 98 CHECK(temp_file.IsValid()); |
| 99 |
| 100 const char msg[] = "I can write this file."; |
| 101 EXPECT_EQ(static_cast<int>(sizeof(msg)), |
| 102 temp_file.WriteAtCurrentPos(msg, sizeof(msg))); |
| 103 temp_file.Close(); |
| 104 |
| 105 int shm_fd = shm_open("apple.shm.notification_center", O_RDONLY, 0644); |
| 106 EXPECT_GE(shm_fd, 0); |
| 107 |
| 108 NSPort* mach = [[NSMachBootstrapServer sharedInstance] |
| 109 servicePortWithName:@"com.apple.logd"]; |
| 110 EXPECT_NE(nil, mach); |
| 111 |
| 112 NSPort* forbidden_mach = [[NSMachBootstrapServer sharedInstance] |
| 113 servicePortWithName:@"com.apple.fonts."]; |
| 114 EXPECT_EQ(nil, forbidden_mach); |
| 115 |
| 116 size_t oldp_len; |
| 117 EXPECT_EQ(0, sysctlbyname("hw.activecpu", NULL, &oldp_len, NULL, 0)); |
| 118 |
| 119 char oldp[oldp_len]; |
| 120 EXPECT_EQ(0, sysctlbyname("hw.activecpu", oldp, &oldp_len, NULL, 0)); |
| 121 |
| 122 size_t ncpu_len; |
| 123 EXPECT_NE(0, sysctlbyname("hw.ncpu", NULL, &ncpu_len, NULL, 0)); |
| 124 |
| 125 return 0; |
| 126 } |
| 127 |
| 128 TEST_F(SandboxMacCompilerV2Test, V2ProfileTest) { |
| 129 base::Process process = SpawnChild("V2ProfileProcess"); |
| 130 ASSERT_TRUE(process.IsValid()); |
| 131 int exit_code = 42; |
| 132 EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), |
| 133 &exit_code)); |
| 134 EXPECT_EQ(exit_code, 0); |
| 135 } |
| 136 |
| 137 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2686433002:
Move SandboxCompiler class into the sandbox library. (Closed)
