| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import <Cocoa/Cocoa.h> | 5 #import <Cocoa/Cocoa.h> |
| 6 #include <dirent.h> | 6 #include <dirent.h> |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 extern "C" { | 9 extern "C" { |
| 10 #include <sandbox.h> | 10 #include <sandbox.h> |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 46 } | 46 } |
| 47 int code = -1; | 47 int code = -1; |
| 48 if (!spawn_child.process.WaitForExit(&code)) { | 48 if (!spawn_child.process.WaitForExit(&code)) { |
| 49 LOG(WARNING) << "Process::WaitForExit failed"; | 49 LOG(WARNING) << "Process::WaitForExit failed"; |
| 50 return false; | 50 return false; |
| 51 } | 51 } |
| 52 return code == 0; | 52 return code == 0; |
| 53 } | 53 } |
| 54 }; | 54 }; |
| 55 | 55 |
| 56 TEST_F(MacDirAccessSandboxTest, StringEscape) { | |
| 57 const struct string_escape_test_data { | |
| 58 const char* to_escape; | |
| 59 const char* escaped; | |
| 60 } string_escape_cases[] = { | |
| 61 {"", ""}, | |
| 62 {"\b\f\n\r\t\\\"", "\\b\\f\\n\\r\\t\\\\\\\""}, | |
| 63 {"/'", "/'"}, | |
| 64 {"sandwich", "sandwich"}, | |
| 65 {"(sandwich)", "(sandwich)"}, | |
| 66 {"^\u2135.\u2136$", "^\\u2135.\\u2136$"}, | |
| 67 }; | |
| 68 | |
| 69 for (size_t i = 0; i < arraysize(string_escape_cases); ++i) { | |
| 70 std::string out; | |
| 71 std::string in(string_escape_cases[i].to_escape); | |
| 72 EXPECT_TRUE(Sandbox::QuotePlainString(in, &out)); | |
| 73 EXPECT_EQ(string_escape_cases[i].escaped, out); | |
| 74 } | |
| 75 } | |
| 76 | |
| 77 TEST_F(MacDirAccessSandboxTest, RegexEscape) { | |
| 78 const std::string kSandboxEscapeSuffix("(/|$)"); | |
| 79 const struct regex_test_data { | |
| 80 const wchar_t *to_escape; | |
| 81 const char* escaped; | |
| 82 } regex_cases[] = { | |
| 83 {L"", ""}, | |
| 84 {L"/'", "/'"}, // / & ' characters don't need escaping. | |
| 85 {L"sandwich", "sandwich"}, | |
| 86 {L"(sandwich)", "\\(sandwich\\)"}, | |
| 87 }; | |
| 88 | |
| 89 // Check that all characters whose values are smaller than 32 [1F] are | |
| 90 // rejected by the regex escaping code. | |
| 91 { | |
| 92 std::string out; | |
| 93 char fail_string[] = {31, 0}; | |
| 94 char ok_string[] = {32, 0}; | |
| 95 EXPECT_FALSE(Sandbox::QuoteStringForRegex(fail_string, &out)); | |
| 96 EXPECT_TRUE(Sandbox::QuoteStringForRegex(ok_string, &out)); | |
| 97 } | |
| 98 | |
| 99 // Check that all characters whose values are larger than 126 [7E] are | |
| 100 // rejected by the regex escaping code. | |
| 101 { | |
| 102 std::string out; | |
| 103 EXPECT_TRUE(Sandbox::QuoteStringForRegex("}", &out)); // } == 0x7D == 125 | |
| 104 EXPECT_FALSE(Sandbox::QuoteStringForRegex("~", &out)); // ~ == 0x7E == 126 | |
| 105 EXPECT_FALSE( | |
| 106 Sandbox::QuoteStringForRegex(base::WideToUTF8(L"^\u2135.\u2136$"), | |
| 107 &out)); | |
| 108 } | |
| 109 | |
| 110 { | |
| 111 for (size_t i = 0; i < arraysize(regex_cases); ++i) { | |
| 112 std::string out; | |
| 113 std::string in = base::WideToUTF8(regex_cases[i].to_escape); | |
| 114 EXPECT_TRUE(Sandbox::QuoteStringForRegex(in, &out)); | |
| 115 std::string expected("^"); | |
| 116 expected.append(regex_cases[i].escaped); | |
| 117 expected.append(kSandboxEscapeSuffix); | |
| 118 EXPECT_EQ(expected, out); | |
| 119 } | |
| 120 } | |
| 121 | |
| 122 { | |
| 123 std::string in_utf8("\\^.$|()[]*+?{}"); | |
| 124 std::string expected; | |
| 125 expected.push_back('^'); | |
| 126 for (size_t i = 0; i < in_utf8.length(); ++i) { | |
| 127 expected.push_back('\\'); | |
| 128 expected.push_back(in_utf8[i]); | |
| 129 } | |
| 130 expected.append(kSandboxEscapeSuffix); | |
| 131 | |
| 132 std::string out; | |
| 133 EXPECT_TRUE(Sandbox::QuoteStringForRegex(in_utf8, &out)); | |
| 134 EXPECT_EQ(expected, out); | |
| 135 | |
| 136 } | |
| 137 } | |
| 138 | |
| 139 // A class to handle auto-deleting a directory. | 56 // A class to handle auto-deleting a directory. |
| 140 struct ScopedDirectoryDelete { | 57 struct ScopedDirectoryDelete { |
| 141 inline void operator()(base::FilePath* x) const { | 58 inline void operator()(base::FilePath* x) const { |
| 142 if (x) | 59 if (x) |
| 143 base::DeleteFile(*x, true); | 60 base::DeleteFile(*x, true); |
| 144 } | 61 } |
| 145 }; | 62 }; |
| 146 | 63 |
| 147 typedef std::unique_ptr<base::FilePath, ScopedDirectoryDelete> ScopedDirectory; | 64 typedef std::unique_ptr<base::FilePath, ScopedDirectoryDelete> ScopedDirectory; |
| 148 | 65 |
| 149 TEST_F(MacDirAccessSandboxTest, SandboxAccess) { | 66 TEST_F(MacDirAccessSandboxTest, SandboxAccess) { |
| 150 using base::CreateDirectory; | 67 using base::CreateDirectory; |
| 151 | 68 |
| 152 base::FilePath tmp_dir; | 69 base::FilePath tmp_dir; |
| 153 ASSERT_TRUE(base::CreateNewTempDirectory(base::FilePath::StringType(), | 70 ASSERT_TRUE(base::CreateNewTempDirectory(base::FilePath::StringType(), |
| 154 &tmp_dir)); | 71 &tmp_dir)); |
| 155 // This step is important on OS X since the sandbox only understands "real" | 72 // This step is important on OS X since the sandbox only understands "real" |
| 156 // paths and the paths CreateNewTempDirectory() returns are empirically in | 73 // paths and the paths CreateNewTempDirectory() returns are empirically in |
| 157 // /var which is a symlink to /private/var . | 74 // /var which is a symlink to /private/var . |
| 158 tmp_dir = Sandbox::GetCanonicalSandboxPath(tmp_dir); | 75 tmp_dir = Sandbox::GetCanonicalSandboxPath(tmp_dir); |
| 159 ScopedDirectory cleanup(&tmp_dir); | 76 ScopedDirectory cleanup(&tmp_dir); |
| 160 | 77 |
| 161 const char* sandbox_dir_cases[] = { | 78 const char* sandbox_dir_cases[] = { |
| 162 "simple_dir_name", | 79 "simple_dir_name", |
| 163 "^hello++ $", // Regex. | 80 "^hello++ $", // Regex. |
| 164 "\\^.$|()[]*+?{}", // All regex characters. | 81 "\\^.$|()[]*+?{}", // All regex characters. |
| 82 "\n", |
| 83 "\tfile\b", |
| 84 "ÖÖÖÖÖ", |
| 85 "ȓȓȓȓȓ", |
| 165 }; | 86 }; |
| 166 | 87 |
| 167 for (size_t i = 0; i < arraysize(sandbox_dir_cases); ++i) { | 88 for (size_t i = 0; i < arraysize(sandbox_dir_cases); ++i) { |
| 168 const char* sandbox_dir_name = sandbox_dir_cases[i]; | 89 const char* sandbox_dir_name = sandbox_dir_cases[i]; |
| 169 base::FilePath sandbox_dir = tmp_dir.Append(sandbox_dir_name); | 90 base::FilePath sandbox_dir = tmp_dir.Append(sandbox_dir_name); |
| 170 ASSERT_TRUE(CreateDirectory(sandbox_dir)); | 91 ASSERT_TRUE(CreateDirectory(sandbox_dir)); |
| 171 ScopedDirectory cleanup_sandbox(&sandbox_dir); | 92 ScopedDirectory cleanup_sandbox(&sandbox_dir); |
| 172 | 93 |
| 173 // Create a sibling directory of the sandbox dir, whose name has sandbox dir | 94 // Create a sibling directory of the sandbox dir, whose name has sandbox dir |
| 174 // as a substring but to which access is denied. | 95 // as a substring but to which access is denied. |
| 175 std::string sibling_sandbox_dir_name_denied = | 96 std::string sibling_sandbox_dir_name_denied = |
| 176 std::string(sandbox_dir_cases[i]) + kDeniedSuffix; | 97 std::string(sandbox_dir_cases[i]) + kDeniedSuffix; |
| 177 base::FilePath sibling_sandbox_dir = tmp_dir.Append( | 98 base::FilePath sibling_sandbox_dir = tmp_dir.Append( |
| 178 sibling_sandbox_dir_name_denied.c_str()); | 99 sibling_sandbox_dir_name_denied.c_str()); |
| 179 ASSERT_TRUE(CreateDirectory(sibling_sandbox_dir)); | 100 ASSERT_TRUE(CreateDirectory(sibling_sandbox_dir)); |
| 180 ScopedDirectory cleanup_sandbox_sibling(&sibling_sandbox_dir); | 101 ScopedDirectory cleanup_sandbox_sibling(&sibling_sandbox_dir); |
| 181 | 102 |
| 182 EXPECT_TRUE(CheckSandbox(sandbox_dir.value())); | 103 EXPECT_TRUE(CheckSandbox(sandbox_dir.value())); |
| 183 } | 104 } |
| 184 } | 105 } |
| 185 | 106 |
| 186 MULTIPROCESS_TEST_MAIN(mac_sandbox_path_access) { | 107 MULTIPROCESS_TEST_MAIN(mac_sandbox_path_access) { |
| 187 char *sandbox_allowed_dir = getenv(kSandboxAccessPathKey); | 108 char *sandbox_allowed_dir = getenv(kSandboxAccessPathKey); |
| 188 if (!sandbox_allowed_dir) | 109 if (!sandbox_allowed_dir) |
| 189 return -1; | 110 return -1; |
| 190 | 111 |
| 191 std::string final_allowed_dir; | |
| 192 EXPECT_TRUE( | |
| 193 Sandbox::QuoteStringForRegex(sandbox_allowed_dir, &final_allowed_dir)); | |
| 194 | |
| 195 // Build up a sandbox profile that only allows access to a single directory. | 112 // Build up a sandbox profile that only allows access to a single directory. |
| 196 std::string sandbox_profile = | 113 std::string sandbox_profile = |
| 197 "(version 1)" | 114 "(version 1)" |
| 198 "(define perm_dir (param \"PERMITTED_DIR\"))" | 115 "(define perm_dir (param \"PERMITTED_DIR\"))" |
| 199 "(deny default)" | 116 "(deny default)" |
| 200 "(allow signal (target self))" | 117 "(allow signal (target self))" |
| 201 "(allow sysctl-read)" | 118 "(allow sysctl-read)" |
| 202 "(if (string? perm_dir)" | 119 "(if (string? perm_dir)" |
| 203 " (begin" | 120 " (begin" |
| 204 " (allow file-read-metadata )" | 121 " (allow file-read-metadata )" |
| 205 " (allow file-read* file-write* (regex (string-append #\"\" " | 122 " (allow file-read* file-write* (subpath perm_dir))))"; |
| 206 "perm_dir)))))"; | |
| 207 | 123 |
| 208 // Setup the parameters to pass to the sandbox. | 124 // Setup the parameters to pass to the sandbox. |
| 209 sandbox::SandboxCompiler compiler(sandbox_profile); | 125 sandbox::SandboxCompiler compiler(sandbox_profile); |
| 210 CHECK(compiler.InsertStringParam("PERMITTED_DIR", final_allowed_dir)); | 126 CHECK(compiler.InsertStringParam("PERMITTED_DIR", sandbox_allowed_dir)); |
| 211 | 127 |
| 212 // Enable Sandbox. | 128 // Enable Sandbox. |
| 213 std::string error_str; | 129 std::string error_str; |
| 214 if (!compiler.CompileAndApplyProfile(&error_str)) { | 130 if (!compiler.CompileAndApplyProfile(&error_str)) { |
| 215 LOG(ERROR) << "Failed to Initialize Sandbox: " << error_str; | 131 LOG(ERROR) << "Failed to Initialize Sandbox: " << error_str; |
| 216 return -1; | 132 return -1; |
| 217 } | 133 } |
| 218 | 134 |
| 219 // Test Sandbox. | 135 // Test Sandbox. |
| 220 | 136 |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 297 PLOG(ERROR) << "Sandbox breach: was able to write (" | 213 PLOG(ERROR) << "Sandbox breach: was able to write (" |
| 298 << denied_file2.value() | 214 << denied_file2.value() |
| 299 << ")"; | 215 << ")"; |
| 300 return -1; | 216 return -1; |
| 301 } | 217 } |
| 302 | 218 |
| 303 return 0; | 219 return 0; |
| 304 } | 220 } |
| 305 | 221 |
| 306 } // namespace content | 222 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2919963003:
Update sandbox profiles and remove regular expressions. (Closed)
