Chromium Code Reviews Chromium Code Reviews
Issue 276443003:
NaCl: Add sanity check for number of open FDs at startup (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 | 50 |
| 51 // Give dynamic tools a simple thing to test. | 51 // Give dynamic tools a simple thing to test. |
| 52 TEST(Credentials, CreateAndDestroy) { | 52 TEST(Credentials, CreateAndDestroy) { |
| 53 { | 53 { |
| 54 Credentials cred1; | 54 Credentials cred1; |
| 55 (void) cred1; | 55 (void) cred1; |
| 56 } | 56 } |
| 57 scoped_ptr<Credentials> cred2(new Credentials); | 57 scoped_ptr<Credentials> cred2(new Credentials); |
| 58 } | 58 } |
| 59 | 59 |
| 60 TEST(Credentials, CountOpenFds) { | |
| 61 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY); | |
| 62 ASSERT_LE(0, proc_fd); | |
| 63 base::ScopedFD proc_fd_closer(proc_fd); | |
|
jln (very slow on Chromium)
2014/05/09 23:55:24
Now that ScopedFD have been rewritten, they're not
Mark Seaborn
2014/05/19 21:38:21
Done.
| |
| 64 | |
| 65 Credentials creds; | |
| 66 int fd_count = creds.CountOpenFds(proc_fd); | |
| 67 int fd = open("/dev/null", O_RDONLY); | |
| 68 ASSERT_LE(0, fd); | |
| 69 EXPECT_EQ(fd_count + 1, creds.CountOpenFds(proc_fd)); | |
| 70 ASSERT_EQ(0, close(fd)); | |
| 71 EXPECT_EQ(fd_count, creds.CountOpenFds(proc_fd)); | |
| 72 } | |
| 73 | |
| 60 TEST(Credentials, HasOpenDirectory) { | 74 TEST(Credentials, HasOpenDirectory) { |
| 61 Credentials creds; | 75 Credentials creds; |
| 62 // No open directory should exist at startup. | 76 // No open directory should exist at startup. |
| 63 EXPECT_FALSE(creds.HasOpenDirectory(-1)); | 77 EXPECT_FALSE(creds.HasOpenDirectory(-1)); |
| 64 { | 78 { |
| 65 // Have a "/dev" file descriptor around. | 79 // Have a "/dev" file descriptor around. |
| 66 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); | 80 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); |
| 67 base::ScopedFD dev_fd_closer(dev_fd); | 81 base::ScopedFD dev_fd_closer(dev_fd); |
| 68 EXPECT_TRUE(creds.HasOpenDirectory(-1)); | 82 EXPECT_TRUE(creds.HasOpenDirectory(-1)); |
| 69 } | 83 } |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 215 | 229 |
| 216 // The kernel should now prevent us from regaining capabilities because we | 230 // The kernel should now prevent us from regaining capabilities because we |
| 217 // are in a chroot. | 231 // are in a chroot. |
| 218 CHECK(!Credentials::SupportsNewUserNS()); | 232 CHECK(!Credentials::SupportsNewUserNS()); |
| 219 CHECK(!creds.MoveToNewUserNS()); | 233 CHECK(!creds.MoveToNewUserNS()); |
| 220 } | 234 } |
| 221 | 235 |
| 222 } // namespace. | 236 } // namespace. |
| 223 | 237 |
| 224 } // namespace sandbox. | 238 } // namespace sandbox. |
| OLD | NEW |
