Chromium Code Reviews Chromium Code Reviews
Issue 276443003:
NaCl: Add sanity check for number of open FDs at startup (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 | 50 |
| 51 // Give dynamic tools a simple thing to test. | 51 // Give dynamic tools a simple thing to test. |
| 52 TEST(Credentials, CreateAndDestroy) { | 52 TEST(Credentials, CreateAndDestroy) { |
| 53 { | 53 { |
| 54 Credentials cred1; | 54 Credentials cred1; |
| 55 (void) cred1; | 55 (void) cred1; |
| 56 } | 56 } |
| 57 scoped_ptr<Credentials> cred2(new Credentials); | 57 scoped_ptr<Credentials> cred2(new Credentials); |
| 58 } | 58 } |
| 59 | 59 |
| 60 TEST(Credentials, CountOpenFds) { | |
| 61 base::ScopedFD proc_fd(open("/proc", O_RDONLY | O_DIRECTORY)); | |
|
jln (very slow on Chromium)
2014/05/19 21:47:24
Could you add "ASSERT_TRUE(proc_fd.is_valid());" ?
Mark Seaborn
2014/05/19 22:06:11
Done.
| |
| 62 Credentials creds; | |
| 63 int fd_count = creds.CountOpenFds(proc_fd.get()); | |
| 64 int fd = open("/dev/null", O_RDONLY); | |
| 65 ASSERT_LE(0, fd); | |
| 66 EXPECT_EQ(fd_count + 1, creds.CountOpenFds(proc_fd.get())); | |
| 67 ASSERT_EQ(0, close(fd)); | |
|
jln (very slow on Chromium)
2014/05/19 21:47:24
IGNORE_EINTR()
Mark Seaborn
2014/05/19 22:06:11
Done.
| |
| 68 EXPECT_EQ(fd_count, creds.CountOpenFds(proc_fd.get())); | |
| 69 } | |
| 70 | |
| 60 TEST(Credentials, HasOpenDirectory) { | 71 TEST(Credentials, HasOpenDirectory) { |
| 61 Credentials creds; | 72 Credentials creds; |
| 62 // No open directory should exist at startup. | 73 // No open directory should exist at startup. |
| 63 EXPECT_FALSE(creds.HasOpenDirectory(-1)); | 74 EXPECT_FALSE(creds.HasOpenDirectory(-1)); |
| 64 { | 75 { |
| 65 // Have a "/dev" file descriptor around. | 76 // Have a "/dev" file descriptor around. |
| 66 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); | 77 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); |
| 67 base::ScopedFD dev_fd_closer(dev_fd); | 78 base::ScopedFD dev_fd_closer(dev_fd); |
| 68 EXPECT_TRUE(creds.HasOpenDirectory(-1)); | 79 EXPECT_TRUE(creds.HasOpenDirectory(-1)); |
| 69 } | 80 } |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 215 | 226 |
| 216 // The kernel should now prevent us from regaining capabilities because we | 227 // The kernel should now prevent us from regaining capabilities because we |
| 217 // are in a chroot. | 228 // are in a chroot. |
| 218 CHECK(!Credentials::SupportsNewUserNS()); | 229 CHECK(!Credentials::SupportsNewUserNS()); |
| 219 CHECK(!creds.MoveToNewUserNS()); | 230 CHECK(!creds.MoveToNewUserNS()); |
| 220 } | 231 } |
| 221 | 232 |
| 222 } // namespace. | 233 } // namespace. |
| 223 | 234 |
| 224 } // namespace sandbox. | 235 } // namespace sandbox. |
| OLD | NEW |
