OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import <Cocoa/Cocoa.h> | 5 #import <Cocoa/Cocoa.h> |
6 | 6 |
7 #include "base/files/file_util.h" | 7 #include "base/files/file_util.h" |
8 #include "base/files/scoped_file.h" | 8 #include "base/files/scoped_file.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/strings/sys_string_conversions.h" | 10 #include "base/strings/sys_string_conversions.h" |
(...skipping 10 matching lines...) Expand all Loading... |
21 | 21 |
22 namespace content { | 22 namespace content { |
23 | 23 |
24 //--------------------- Clipboard Sandboxing ---------------------- | 24 //--------------------- Clipboard Sandboxing ---------------------- |
25 // Test case for checking sandboxing of clipboard access. | 25 // Test case for checking sandboxing of clipboard access. |
26 class MacSandboxedClipboardTestCase : public MacSandboxTestCase { | 26 class MacSandboxedClipboardTestCase : public MacSandboxTestCase { |
27 public: | 27 public: |
28 MacSandboxedClipboardTestCase(); | 28 MacSandboxedClipboardTestCase(); |
29 virtual ~MacSandboxedClipboardTestCase(); | 29 virtual ~MacSandboxedClipboardTestCase(); |
30 | 30 |
31 virtual bool SandboxedTest() OVERRIDE; | 31 virtual bool SandboxedTest() override; |
32 | 32 |
33 virtual void SetTestData(const char* test_data) OVERRIDE; | 33 virtual void SetTestData(const char* test_data) override; |
34 private: | 34 private: |
35 NSString* clipboard_name_; | 35 NSString* clipboard_name_; |
36 }; | 36 }; |
37 | 37 |
38 REGISTER_SANDBOX_TEST_CASE(MacSandboxedClipboardTestCase); | 38 REGISTER_SANDBOX_TEST_CASE(MacSandboxedClipboardTestCase); |
39 | 39 |
40 MacSandboxedClipboardTestCase::MacSandboxedClipboardTestCase() : | 40 MacSandboxedClipboardTestCase::MacSandboxedClipboardTestCase() : |
41 clipboard_name_(nil) {} | 41 clipboard_name_(nil) {} |
42 | 42 |
43 MacSandboxedClipboardTestCase::~MacSandboxedClipboardTestCase() { | 43 MacSandboxedClipboardTestCase::~MacSandboxedClipboardTestCase() { |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
80 pasteboard_name.c_str())); | 80 pasteboard_name.c_str())); |
81 | 81 |
82 // After executing the test, the clipboard should still be empty. | 82 // After executing the test, the clipboard should still be empty. |
83 EXPECT_EQ([[pb types] count], 0U); | 83 EXPECT_EQ([[pb types] count], 0U); |
84 } | 84 } |
85 | 85 |
86 //--------------------- File Access Sandboxing ---------------------- | 86 //--------------------- File Access Sandboxing ---------------------- |
87 // Test case for checking sandboxing of filesystem apis. | 87 // Test case for checking sandboxing of filesystem apis. |
88 class MacSandboxedFileAccessTestCase : public MacSandboxTestCase { | 88 class MacSandboxedFileAccessTestCase : public MacSandboxTestCase { |
89 public: | 89 public: |
90 virtual bool SandboxedTest() OVERRIDE; | 90 virtual bool SandboxedTest() override; |
91 }; | 91 }; |
92 | 92 |
93 REGISTER_SANDBOX_TEST_CASE(MacSandboxedFileAccessTestCase); | 93 REGISTER_SANDBOX_TEST_CASE(MacSandboxedFileAccessTestCase); |
94 | 94 |
95 bool MacSandboxedFileAccessTestCase::SandboxedTest() { | 95 bool MacSandboxedFileAccessTestCase::SandboxedTest() { |
96 base::ScopedFD fdes(HANDLE_EINTR(open("/etc/passwd", O_RDONLY))); | 96 base::ScopedFD fdes(HANDLE_EINTR(open("/etc/passwd", O_RDONLY))); |
97 return !fdes.is_valid(); | 97 return !fdes.is_valid(); |
98 } | 98 } |
99 | 99 |
100 TEST_F(MacSandboxTest, FileAccess) { | 100 TEST_F(MacSandboxTest, FileAccess) { |
101 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedFileAccessTestCase", NULL)); | 101 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedFileAccessTestCase", NULL)); |
102 } | 102 } |
103 | 103 |
104 //--------------------- /dev/urandom Sandboxing ---------------------- | 104 //--------------------- /dev/urandom Sandboxing ---------------------- |
105 // /dev/urandom is available to any sandboxed process. | 105 // /dev/urandom is available to any sandboxed process. |
106 class MacSandboxedUrandomTestCase : public MacSandboxTestCase { | 106 class MacSandboxedUrandomTestCase : public MacSandboxTestCase { |
107 public: | 107 public: |
108 virtual bool SandboxedTest() OVERRIDE; | 108 virtual bool SandboxedTest() override; |
109 }; | 109 }; |
110 | 110 |
111 REGISTER_SANDBOX_TEST_CASE(MacSandboxedUrandomTestCase); | 111 REGISTER_SANDBOX_TEST_CASE(MacSandboxedUrandomTestCase); |
112 | 112 |
113 bool MacSandboxedUrandomTestCase::SandboxedTest() { | 113 bool MacSandboxedUrandomTestCase::SandboxedTest() { |
114 base::ScopedFD fdes(HANDLE_EINTR(open("/dev/urandom", O_RDONLY))); | 114 base::ScopedFD fdes(HANDLE_EINTR(open("/dev/urandom", O_RDONLY))); |
115 | 115 |
116 // Opening /dev/urandom succeeds under the sandbox. | 116 // Opening /dev/urandom succeeds under the sandbox. |
117 if (!fdes.is_valid()) | 117 if (!fdes.is_valid()) |
118 return false; | 118 return false; |
119 | 119 |
120 char buf[16]; | 120 char buf[16]; |
121 int rc = HANDLE_EINTR(read(fdes.get(), buf, sizeof(buf))); | 121 int rc = HANDLE_EINTR(read(fdes.get(), buf, sizeof(buf))); |
122 return rc == sizeof(buf); | 122 return rc == sizeof(buf); |
123 } | 123 } |
124 | 124 |
125 TEST_F(MacSandboxTest, UrandomAccess) { | 125 TEST_F(MacSandboxTest, UrandomAccess) { |
126 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedUrandomTestCase", NULL)); | 126 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedUrandomTestCase", NULL)); |
127 } | 127 } |
128 | 128 |
129 #if defined(USE_OPENSSL) | 129 #if defined(USE_OPENSSL) |
130 | 130 |
131 //--------------------- OpenSSL Sandboxing ---------------------- | 131 //--------------------- OpenSSL Sandboxing ---------------------- |
132 // Test case for checking sandboxing of OpenSSL initialization. | 132 // Test case for checking sandboxing of OpenSSL initialization. |
133 class MacSandboxedOpenSSLTestCase : public MacSandboxTestCase { | 133 class MacSandboxedOpenSSLTestCase : public MacSandboxTestCase { |
134 public: | 134 public: |
135 virtual bool SandboxedTest() OVERRIDE; | 135 virtual bool SandboxedTest() override; |
136 }; | 136 }; |
137 | 137 |
138 REGISTER_SANDBOX_TEST_CASE(MacSandboxedOpenSSLTestCase); | 138 REGISTER_SANDBOX_TEST_CASE(MacSandboxedOpenSSLTestCase); |
139 | 139 |
140 bool MacSandboxedOpenSSLTestCase::SandboxedTest() { | 140 bool MacSandboxedOpenSSLTestCase::SandboxedTest() { |
141 crypto::EnsureOpenSSLInit(); | 141 crypto::EnsureOpenSSLInit(); |
142 | 142 |
143 // Ensure that RAND_bytes is functional within the sandbox. | 143 // Ensure that RAND_bytes is functional within the sandbox. |
144 uint8_t byte; | 144 uint8_t byte; |
145 return RAND_bytes(&byte, 1) == 1; | 145 return RAND_bytes(&byte, 1) == 1; |
146 } | 146 } |
147 | 147 |
148 TEST_F(MacSandboxTest, OpenSSLAccess) { | 148 TEST_F(MacSandboxTest, OpenSSLAccess) { |
149 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedOpenSSLTestCase", NULL)); | 149 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedOpenSSLTestCase", NULL)); |
150 } | 150 } |
151 | 151 |
152 #else // !defined(USE_OPENSSL) | 152 #else // !defined(USE_OPENSSL) |
153 | 153 |
154 //--------------------- NSS Sandboxing ---------------------- | 154 //--------------------- NSS Sandboxing ---------------------- |
155 // Test case for checking sandboxing of NSS initialization. | 155 // Test case for checking sandboxing of NSS initialization. |
156 class MacSandboxedNSSTestCase : public MacSandboxTestCase { | 156 class MacSandboxedNSSTestCase : public MacSandboxTestCase { |
157 public: | 157 public: |
158 virtual bool SandboxedTest() OVERRIDE; | 158 virtual bool SandboxedTest() override; |
159 }; | 159 }; |
160 | 160 |
161 REGISTER_SANDBOX_TEST_CASE(MacSandboxedNSSTestCase); | 161 REGISTER_SANDBOX_TEST_CASE(MacSandboxedNSSTestCase); |
162 | 162 |
163 bool MacSandboxedNSSTestCase::SandboxedTest() { | 163 bool MacSandboxedNSSTestCase::SandboxedTest() { |
164 // If NSS cannot read from /dev/urandom, NSS initialization will call abort(), | 164 // If NSS cannot read from /dev/urandom, NSS initialization will call abort(), |
165 // which will cause this test case to fail. | 165 // which will cause this test case to fail. |
166 crypto::ForceNSSNoDBInit(); | 166 crypto::ForceNSSNoDBInit(); |
167 crypto::EnsureNSSInit(); | 167 crypto::EnsureNSSInit(); |
168 return true; | 168 return true; |
169 } | 169 } |
170 | 170 |
171 TEST_F(MacSandboxTest, NSSAccess) { | 171 TEST_F(MacSandboxTest, NSSAccess) { |
172 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedNSSTestCase", NULL)); | 172 EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedNSSTestCase", NULL)); |
173 } | 173 } |
174 | 174 |
175 #endif // defined(USE_OPENSSL) | 175 #endif // defined(USE_OPENSSL) |
176 | 176 |
177 } // namespace content | 177 } // namespace content |
OLD | NEW |