Make BootstrapSandboxPolicy a struct, containing the existing rule map and a new default rule.

sandbox/mac/bootstrap_sandbox_unittest.mm

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/mac/bootstrap_sandbox.h"
 
 #include <CoreFoundation/CoreFoundation.h>
 #import <Foundation/Foundation.h>
 #include <mach/mach.h>
 #include <servers/bootstrap.h>
@@ skipping 70 matching lines @@
   virtual void SetUp() OVERRIDE {
     base::MultiProcessTest::SetUp();
 
     sandbox_ = BootstrapSandbox::Create();
     ASSERT_TRUE(sandbox_.get());
   }
 
   BootstrapSandboxPolicy BaselinePolicy() {
     BootstrapSandboxPolicy policy;
     if (base::mac::IsOSSnowLeopard())
-      policy["com.apple.SecurityServer"] = Rule(POLICY_ALLOW);
+      policy.rules["com.apple.SecurityServer"] = Rule(POLICY_ALLOW);
     return policy;
   }
 
   void RunChildWithPolicy(int policy_id,
                           const char* child_name,
                           base::ProcessHandle* out_pid) {
     sandbox_->PrepareToForkWithPolicy(policy_id);
     base::ProcessHandle pid = SpawnChild(child_name);
     ASSERT_GT(pid, 0);
     sandbox_->FinishedFork(pid);
@@ skipping 40 matching lines @@
   EXPECT_EQ(nil, [observer object]);
 }
 
 // Run the test with notifications permitted.
 TEST_F(BootstrapSandboxTest, DistributedNotifications_SandboxAllow) {
   base::scoped_nsobject<DistributedNotificationObserver> observer(
       [[DistributedNotificationObserver alloc] init]);
 
   BootstrapSandboxPolicy policy(BaselinePolicy());
   // 10.9:
-  policy["com.apple.distributed_notifications@Uv3"] = Rule(POLICY_ALLOW);
-  policy["com.apple.distributed_notifications@1v3"] = Rule(POLICY_ALLOW);
+  policy.rules["com.apple.distributed_notifications@Uv3"] = Rule(POLICY_ALLOW);
+  policy.rules["com.apple.distributed_notifications@1v3"] = Rule(POLICY_ALLOW);
   // 10.6:
-  policy["com.apple.system.notification_center"] = Rule(POLICY_ALLOW);
-  policy["com.apple.distributed_notifications.2"] = Rule(POLICY_ALLOW);
+  policy.rules["com.apple.system.notification_center"] = Rule(POLICY_ALLOW);
+  policy.rules["com.apple.distributed_notifications.2"] = Rule(POLICY_ALLOW);
   sandbox_->RegisterSandboxPolicy(2, policy);
 
   base::ProcessHandle pid;
   RunChildWithPolicy(2, kNotificationTestMain, &pid);
 
   [observer waitForNotification];
   EXPECT_EQ(1, [observer receivedCount]);
   EXPECT_EQ(pid, [[observer object] intValue]);
 }
 
 MULTIPROCESS_TEST_MAIN(PostNotification) {
   [[NSDistributedNotificationCenter defaultCenter]
       postNotificationName:kTestNotification
                     object:[NSString stringWithFormat:@"%d", getpid()]];
   return 0;
 }
 
 const char kTestServer[] = "org.chromium.test_bootstrap_server";
 
 TEST_F(BootstrapSandboxTest, PolicyDenyError) {
   BootstrapSandboxPolicy policy(BaselinePolicy());
-  policy[kTestServer] = Rule(POLICY_DENY_ERROR);
+  policy.rules[kTestServer] = Rule(POLICY_DENY_ERROR);
   sandbox_->RegisterSandboxPolicy(1, policy);
 
   RunChildWithPolicy(1, "PolicyDenyError", NULL);
 }
 
 MULTIPROCESS_TEST_MAIN(PolicyDenyError) {
   mach_port_t port = MACH_PORT_NULL;
   kern_return_t kr = bootstrap_look_up(bootstrap_port, kTestServer,
       &port);
   CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, kr);
   CHECK(port == MACH_PORT_NULL);
 
   kr = bootstrap_look_up(bootstrap_port, "org.chromium.some_other_server",
       &port);
   CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, kr);
   CHECK(port == MACH_PORT_NULL);
 
   return 0;
 }
 
 TEST_F(BootstrapSandboxTest, PolicyDenyDummyPort) {
   BootstrapSandboxPolicy policy(BaselinePolicy());
-  policy[kTestServer] = Rule(POLICY_DENY_DUMMY_PORT);
+  policy.rules[kTestServer] = Rule(POLICY_DENY_DUMMY_PORT);
   sandbox_->RegisterSandboxPolicy(1, policy);
 
   RunChildWithPolicy(1, "PolicyDenyDummyPort", NULL);
 }
 
 MULTIPROCESS_TEST_MAIN(PolicyDenyDummyPort) {
   mach_port_t port = MACH_PORT_NULL;
   kern_return_t kr = bootstrap_look_up(bootstrap_port, kTestServer,
       &port);
   CHECK_EQ(KERN_SUCCESS, kr);
@@ skipping 28 matching lines @@
   ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port,
       MACH_MSG_TYPE_MAKE_SEND));
   base::mac::ScopedMachSendRight scoped_port_send(port);
 
   send_rights = 0;
   ASSERT_EQ(KERN_SUCCESS, mach_port_get_refs(task, port, MACH_PORT_RIGHT_SEND,
       &send_rights));
   EXPECT_EQ(1u, send_rights);
 
   BootstrapSandboxPolicy policy(BaselinePolicy());
-  policy[kTestServer] = Rule(port);
+  policy.rules[kTestServer] = Rule(port);
   sandbox_->RegisterSandboxPolicy(1, policy);
 
   RunChildWithPolicy(1, "PolicySubstitutePort", NULL);
 
   struct SubstitutePortAckRecv msg;
   bzero(&msg, sizeof(msg));
   msg.header.msgh_size = sizeof(msg);
   msg.header.msgh_local_port = port;
   kern_return_t kr = mach_msg(&msg.header, MACH_RCV_MSG, 0,
       msg.header.msgh_size, port,
@@ skipping 72 matching lines @@
   ASSERT_EQ(KERN_SUCCESS, mach_port_get_refs(task, port, MACH_PORT_RIGHT_SEND,
       &send_rights));
   // On 10.6, bootstrap_lookup2 may add an extra right to place it in a per-
   // process cache.
   if (base::mac::IsOSSnowLeopard())
     EXPECT_TRUE(send_rights == 3u || send_rights == 2u) << send_rights;
   else
     EXPECT_EQ(2u, send_rights);
 }
 
+const char kDefaultRuleTestAllow[] =
+    "org.chromium.sandbox.test.DefaultRuleAllow";
+const char kDefaultRuleTestDeny[] =
+    "org.chromium.sandbox.test.DefaultRuleAllow.Deny";
+
+TEST_F(BootstrapSandboxTest, DefaultRuleAllow) {
+  mach_port_t task = mach_task_self();
+
+  mach_port_t port;
+  ASSERT_EQ(KERN_SUCCESS, mach_port_allocate(task, MACH_PORT_RIGHT_RECEIVE,
+      &port));
+  base::mac::ScopedMachReceiveRight scoped_port_recv(port);
+
+  ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port,
+      MACH_MSG_TYPE_MAKE_SEND));
+  base::mac::ScopedMachSendRight scoped_port_send(port);
+
+  BootstrapSandboxPolicy policy;
+  policy.default_rule = Rule(POLICY_ALLOW);
+  policy.rules[kDefaultRuleTestAllow] = Rule(port);
+  policy.rules[kDefaultRuleTestDeny] = Rule(POLICY_DENY_ERROR);
+  sandbox_->RegisterSandboxPolicy(3, policy);
+
+  base::scoped_nsobject<DistributedNotificationObserver> observer(
+      [[DistributedNotificationObserver alloc] init]);
+
+  int pid = 0;
+  RunChildWithPolicy(3, "DefaultRuleAllow", &pid);
+  EXPECT_GT(pid, 0);
+
+  [observer waitForNotification];
+  EXPECT_EQ(1, [observer receivedCount]);
+  EXPECT_EQ(pid, [[observer object] intValue]);
+
+  struct SubstitutePortAckRecv msg;
+  bzero(&msg, sizeof(msg));
+  msg.header.msgh_size = sizeof(msg);
+  msg.header.msgh_local_port = port;
+  kern_return_t kr = mach_msg(&msg.header, MACH_RCV_MSG, 0,
+      msg.header.msgh_size, port,
+      TestTimeouts::tiny_timeout().InMilliseconds(), MACH_PORT_NULL);
+  EXPECT_EQ(KERN_SUCCESS, kr);
+
+  EXPECT_EQ(0, strncmp(kSubstituteAck, msg.buf, sizeof(msg.buf)));
+}
+
+MULTIPROCESS_TEST_MAIN(DefaultRuleAllow) {
+  [[NSDistributedNotificationCenter defaultCenter]
+      postNotificationName:kTestNotification
+                    object:[NSString stringWithFormat:@"%d", getpid()]];
+
+  mach_port_t port = MACH_PORT_NULL;
+  CHECK_EQ(BOOTSTRAP_UNKNOWN_SERVICE, bootstrap_look_up(bootstrap_port,
+      const_cast<char*>(kDefaultRuleTestDeny), &port));
+  CHECK(port == MACH_PORT_NULL);
+
+  CHECK_EQ(KERN_SUCCESS, bootstrap_look_up(bootstrap_port,
+      const_cast<char*>(kDefaultRuleTestAllow), &port));
+  CHECK(port != MACH_PORT_NULL);
+
+  struct SubstitutePortAckSend msg;
+  bzero(&msg, sizeof(msg));
+  msg.header.msgh_size = sizeof(msg);
+  msg.header.msgh_remote_port = port;
+  msg.header.msgh_bits = MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND);
+  strncpy(msg.buf, kSubstituteAck, sizeof(msg.buf));
+
+  CHECK_EQ(KERN_SUCCESS, mach_msg_send(&msg.header));
+
+  return 0;
+}
+
 }  // namespace sandbox