| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/mac/policy.h" | 5 #include "sandbox/mac/policy.h" |
| 6 | 6 |
| 7 #include "testing/gtest/include/gtest/gtest.h" | 7 #include "testing/gtest/include/gtest/gtest.h" |
| 8 | 8 |
| 9 namespace sandbox { | 9 namespace sandbox { |
| 10 | 10 |
| 11 TEST(PolicyTest, ValidEmptyPolicy) { | 11 TEST(PolicyTest, ValidEmptyPolicy) { |
| 12 EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy())); | 12 EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy())); |
| 13 } | 13 } |
| 14 | 14 |
| 15 TEST(PolicyTest, ValidPolicy) { | 15 TEST(PolicyTest, ValidPolicy) { |
| 16 BootstrapSandboxPolicy policy; | 16 BootstrapSandboxPolicy policy; |
| 17 policy["allow"] = Rule(POLICY_ALLOW); | 17 policy.rules["allow"] = Rule(POLICY_ALLOW); |
| 18 policy["deny_error"] = Rule(POLICY_DENY_ERROR); | 18 policy.rules["deny_error"] = Rule(POLICY_DENY_ERROR); |
| 19 policy["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT); | 19 policy.rules["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT); |
| 20 policy["substitue"] = Rule(mach_task_self()); | 20 policy.rules["substitue"] = Rule(mach_task_self()); |
| 21 EXPECT_TRUE(IsPolicyValid(policy)); | 21 EXPECT_TRUE(IsPolicyValid(policy)); |
| 22 } | 22 } |
| 23 | 23 |
| 24 TEST(PolicyTest, InvalidPolicyEmptyRule) { | 24 TEST(PolicyTest, InvalidPolicyEmptyRule) { |
| 25 Rule rule; | 25 Rule rule; |
| 26 BootstrapSandboxPolicy policy; | 26 BootstrapSandboxPolicy policy; |
| 27 policy["test"] = rule; | 27 policy.rules["test"] = rule; |
| 28 EXPECT_FALSE(IsPolicyValid(policy)); | 28 EXPECT_FALSE(IsPolicyValid(policy)); |
| 29 } | 29 } |
| 30 | 30 |
| 31 TEST(PolicyTest, InvalidPolicySubstitue) { | 31 TEST(PolicyTest, InvalidPolicySubstitue) { |
| 32 Rule rule(POLICY_SUBSTITUTE_PORT); | 32 Rule rule(POLICY_SUBSTITUTE_PORT); |
| 33 BootstrapSandboxPolicy policy; | 33 BootstrapSandboxPolicy policy; |
| 34 policy["test"] = rule; | 34 policy.rules["test"] = rule; |
| 35 EXPECT_FALSE(IsPolicyValid(policy)); | 35 EXPECT_FALSE(IsPolicyValid(policy)); |
| 36 } | 36 } |
| 37 | 37 |
| 38 TEST(PolicyTest, InvalidPolicyWithPortAllow) { | 38 TEST(PolicyTest, InvalidPolicyWithPortAllow) { |
| 39 Rule rule(POLICY_ALLOW); | 39 Rule rule(POLICY_ALLOW); |
| 40 rule.substitute_port = mach_task_self(); | 40 rule.substitute_port = mach_task_self(); |
| 41 BootstrapSandboxPolicy policy; | 41 BootstrapSandboxPolicy policy; |
| 42 policy["allow"] = rule; | 42 policy.rules["allow"] = rule; |
| 43 EXPECT_FALSE(IsPolicyValid(policy)); | 43 EXPECT_FALSE(IsPolicyValid(policy)); |
| 44 } | 44 } |
| 45 | 45 |
| 46 TEST(PolicyTest, InvalidPolicyWithPortDenyError) { | 46 TEST(PolicyTest, InvalidPolicyWithPortDenyError) { |
| 47 Rule rule(POLICY_DENY_ERROR); | 47 Rule rule(POLICY_DENY_ERROR); |
| 48 rule.substitute_port = mach_task_self(); | 48 rule.substitute_port = mach_task_self(); |
| 49 BootstrapSandboxPolicy policy; | 49 BootstrapSandboxPolicy policy; |
| 50 policy["deny_error"] = rule; | 50 policy.rules["deny_error"] = rule; |
| 51 EXPECT_FALSE(IsPolicyValid(policy)); | 51 EXPECT_FALSE(IsPolicyValid(policy)); |
| 52 } | 52 } |
| 53 | 53 |
| 54 TEST(PolicyTest, InvalidPolicyWithPortDummy) { | 54 TEST(PolicyTest, InvalidPolicyWithPortDummy) { |
| 55 Rule rule(POLICY_DENY_DUMMY_PORT); | 55 Rule rule(POLICY_DENY_DUMMY_PORT); |
| 56 rule.substitute_port = mach_task_self(); | 56 rule.substitute_port = mach_task_self(); |
| 57 BootstrapSandboxPolicy policy; | 57 BootstrapSandboxPolicy policy; |
| 58 policy["deny_dummy"] = rule; | 58 policy.rules["deny_dummy"] = rule; |
| 59 EXPECT_FALSE(IsPolicyValid(policy)); | 59 EXPECT_FALSE(IsPolicyValid(policy)); |
| 60 } | 60 } |
| 61 | 61 |
| 62 TEST(PolicyTest, InvalidPolicyDefaultRule) { |
| 63 BootstrapSandboxPolicy policy; |
| 64 policy.default_rule = Rule(); |
| 65 EXPECT_FALSE(IsPolicyValid(policy)); |
| 66 } |
| 67 |
| 68 TEST(PolicyTest, InvalidPolicyDefaultRuleSubstitue) { |
| 69 BootstrapSandboxPolicy policy; |
| 70 policy.default_rule = Rule(POLICY_SUBSTITUTE_PORT); |
| 71 EXPECT_FALSE(IsPolicyValid(policy)); |
| 72 } |
| 73 |
| 74 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortAllow) { |
| 75 Rule rule(POLICY_ALLOW); |
| 76 rule.substitute_port = mach_task_self(); |
| 77 BootstrapSandboxPolicy policy; |
| 78 policy.default_rule = rule; |
| 79 EXPECT_FALSE(IsPolicyValid(policy)); |
| 80 } |
| 81 |
| 82 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDenyError) { |
| 83 Rule rule(POLICY_DENY_ERROR); |
| 84 rule.substitute_port = mach_task_self(); |
| 85 BootstrapSandboxPolicy policy; |
| 86 policy.default_rule = rule; |
| 87 EXPECT_FALSE(IsPolicyValid(policy)); |
| 88 } |
| 89 |
| 90 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDummy) { |
| 91 Rule rule(POLICY_DENY_DUMMY_PORT); |
| 92 rule.substitute_port = mach_task_self(); |
| 93 BootstrapSandboxPolicy policy; |
| 94 policy.default_rule = rule; |
| 95 EXPECT_FALSE(IsPolicyValid(policy)); |
| 96 } |
| 97 |
| 62 } // namespace sandbox | 98 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 310833003:
Make BootstrapSandboxPolicy a struct, containing the existing rule map and a new default rule. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src