| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/syscall_broker/broker_process.h" | 5 #include "sandbox/linux/syscall_broker/broker_process.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <poll.h> | 9 #include <poll.h> |
| 10 #include <sys/resource.h> | 10 #include <sys/resource.h> |
| 11 #include <sys/stat.h> | 11 #include <sys/stat.h> |
| 12 #include <sys/types.h> | 12 #include <sys/types.h> |
| 13 #include <sys/wait.h> | 13 #include <sys/wait.h> |
| 14 #include <unistd.h> | 14 #include <unistd.h> |
| 15 | 15 |
| 16 #include <algorithm> | 16 #include <algorithm> |
| 17 #include <string> | 17 #include <string> |
| 18 #include <vector> | 18 #include <vector> |
| 19 | 19 |
| 20 #include "base/basictypes.h" | 20 #include "base/basictypes.h" |
| 21 #include "base/bind.h" | 21 #include "base/bind.h" |
| 22 #include "base/files/file_util.h" | 22 #include "base/files/file_util.h" |
| 23 #include "base/files/scoped_file.h" | 23 #include "base/files/scoped_file.h" |
| 24 #include "base/logging.h" | 24 #include "base/logging.h" |
| 25 #include "base/memory/scoped_ptr.h" | 25 #include "base/memory/scoped_ptr.h" |
| 26 #include "base/posix/eintr_wrapper.h" | 26 #include "base/posix/eintr_wrapper.h" |
| 27 #include "base/posix/unix_domain_socket_linux.h" | 27 #include "base/posix/unix_domain_socket_linux.h" |
| 28 #include "sandbox/linux/syscall_broker/broker_client.h" |
| 28 #include "sandbox/linux/tests/scoped_temporary_file.h" | 29 #include "sandbox/linux/tests/scoped_temporary_file.h" |
| 29 #include "sandbox/linux/tests/test_utils.h" | 30 #include "sandbox/linux/tests/test_utils.h" |
| 30 #include "sandbox/linux/tests/unit_tests.h" | 31 #include "sandbox/linux/tests/unit_tests.h" |
| 31 #include "testing/gtest/include/gtest/gtest.h" | 32 #include "testing/gtest/include/gtest/gtest.h" |
| 32 | 33 |
| 33 namespace sandbox { | 34 namespace sandbox { |
| 34 | 35 |
| 35 namespace syscall_broker { | 36 namespace syscall_broker { |
| 36 | 37 |
| 37 class BrokerProcessTestHelper { | 38 class BrokerProcessTestHelper { |
| 38 public: | 39 public: |
| 39 static void CloseChannel(BrokerProcess* broker) { broker->CloseChannel(); } | 40 static void CloseChannel(BrokerProcess* broker) { broker->CloseChannel(); } |
| 40 static int get_ipc_socketpair(const BrokerProcess* broker) { | 41 // Get the client's IPC descriptor to send IPC requests directly. |
| 41 return broker->ipc_socketpair_; | 42 // TODO(jln): refator tests to get rid of this. |
| 43 static int GetIPCDescriptor(const BrokerProcess* broker) { |
| 44 return broker->broker_client_->GetIPCDescriptor(); |
| 42 } | 45 } |
| 43 }; | 46 }; |
| 44 | 47 |
| 45 namespace { | 48 namespace { |
| 46 | 49 |
| 47 bool NoOpCallback() { | 50 bool NoOpCallback() { |
| 48 return true; | 51 return true; |
| 49 } | 52 } |
| 50 | 53 |
| 51 } // namespace | 54 } // namespace |
| (...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 450 rlim.rlim_cur = fd_limit; | 453 rlim.rlim_cur = fd_limit; |
| 451 SANDBOX_ASSERT(0 == setrlimit(RLIMIT_NOFILE, &rlim)); | 454 SANDBOX_ASSERT(0 == setrlimit(RLIMIT_NOFILE, &rlim)); |
| 452 | 455 |
| 453 static const char kCpuInfo[] = "/proc/cpuinfo"; | 456 static const char kCpuInfo[] = "/proc/cpuinfo"; |
| 454 std::vector<std::string> read_whitelist; | 457 std::vector<std::string> read_whitelist; |
| 455 read_whitelist.push_back(kCpuInfo); | 458 read_whitelist.push_back(kCpuInfo); |
| 456 | 459 |
| 457 BrokerProcess open_broker(EPERM, read_whitelist, std::vector<std::string>()); | 460 BrokerProcess open_broker(EPERM, read_whitelist, std::vector<std::string>()); |
| 458 SANDBOX_ASSERT(open_broker.Init(base::Bind(&NoOpCallback))); | 461 SANDBOX_ASSERT(open_broker.Init(base::Bind(&NoOpCallback))); |
| 459 | 462 |
| 460 const int ipc_fd = BrokerProcessTestHelper::get_ipc_socketpair(&open_broker); | 463 const int ipc_fd = BrokerProcessTestHelper::GetIPCDescriptor(&open_broker); |
| 461 SANDBOX_ASSERT(ipc_fd >= 0); | 464 SANDBOX_ASSERT(ipc_fd >= 0); |
| 462 | 465 |
| 463 static const char kBogus[] = "not a pickle"; | 466 static const char kBogus[] = "not a pickle"; |
| 464 std::vector<int> fds; | 467 std::vector<int> fds; |
| 465 fds.push_back(message_fd.get()); | 468 fds.push_back(message_fd.get()); |
| 466 | 469 |
| 467 // The broker process should only have a couple spare file descriptors | 470 // The broker process should only have a couple spare file descriptors |
| 468 // available, but for good measure we send it fd_limit bogus IPCs anyway. | 471 // available, but for good measure we send it fd_limit bogus IPCs anyway. |
| 469 for (rlim_t i = 0; i < fd_limit; ++i) { | 472 for (rlim_t i = 0; i < fd_limit; ++i) { |
| 470 SANDBOX_ASSERT( | 473 SANDBOX_ASSERT( |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 526 ASSERT_EQ(0, HANDLE_EINTR(waitid(P_PID, broker_pid, &process_info, | 529 ASSERT_EQ(0, HANDLE_EINTR(waitid(P_PID, broker_pid, &process_info, |
| 527 WEXITED | WNOWAIT))); | 530 WEXITED | WNOWAIT))); |
| 528 EXPECT_EQ(broker_pid, process_info.si_pid); | 531 EXPECT_EQ(broker_pid, process_info.si_pid); |
| 529 EXPECT_EQ(CLD_EXITED, process_info.si_code); | 532 EXPECT_EQ(CLD_EXITED, process_info.si_code); |
| 530 EXPECT_EQ(1, process_info.si_status); | 533 EXPECT_EQ(1, process_info.si_status); |
| 531 } | 534 } |
| 532 | 535 |
| 533 } // namespace syscall_broker | 536 } // namespace syscall_broker |
| 534 | 537 |
| 535 } // namespace sandbox | 538 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 717673002:
Linux sandbox: introduce BrokerChannel (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master