Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(572)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/credentials_unittest.cc

Issue 761903003: Update from https://crrev.com/306655 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/services/credentials.cc ('k') | sandbox/linux/services/proc_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/credentials.h" 5 #include "sandbox/linux/services/credentials.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <stdio.h> 9 #include <stdio.h>
10 #include <sys/stat.h> 10 #include <sys/stat.h>
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
50 50
51 // Give dynamic tools a simple thing to test. 51 // Give dynamic tools a simple thing to test.
52 TEST(Credentials, CreateAndDestroy) { 52 TEST(Credentials, CreateAndDestroy) {
53 { 53 {
54 Credentials cred1; 54 Credentials cred1;
55 (void) cred1; 55 (void) cred1;
56 } 56 }
57 scoped_ptr<Credentials> cred2(new Credentials); 57 scoped_ptr<Credentials> cred2(new Credentials);
58 } 58 }
59 59
60 TEST(Credentials, CountOpenFds) {
61 base::ScopedFD proc_fd(open("/proc", O_RDONLY | O_DIRECTORY));
62 ASSERT_TRUE(proc_fd.is_valid());
63 Credentials creds;
64 int fd_count = creds.CountOpenFds(proc_fd.get());
65 int fd = open("/dev/null", O_RDONLY);
66 ASSERT_LE(0, fd);
67 EXPECT_EQ(fd_count + 1, creds.CountOpenFds(proc_fd.get()));
68 ASSERT_EQ(0, IGNORE_EINTR(close(fd)));
69 EXPECT_EQ(fd_count, creds.CountOpenFds(proc_fd.get()));
70 }
71
72 TEST(Credentials, HasOpenDirectory) {
73 Credentials creds;
74 // No open directory should exist at startup.
75 EXPECT_FALSE(creds.HasOpenDirectory(-1));
76 {
77 // Have a "/dev" file descriptor around.
78 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY);
79 base::ScopedFD dev_fd_closer(dev_fd);
80 EXPECT_TRUE(creds.HasOpenDirectory(-1));
81 }
82 EXPECT_FALSE(creds.HasOpenDirectory(-1));
83 }
84
85 TEST(Credentials, HasOpenDirectoryWithFD) {
86 Credentials creds;
87
88 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY);
89 base::ScopedFD proc_fd_closer(proc_fd);
90 ASSERT_LE(0, proc_fd);
91
92 // Don't pass |proc_fd|, an open directory (proc_fd) should
93 // be detected.
94 EXPECT_TRUE(creds.HasOpenDirectory(-1));
95 // Pass |proc_fd| and no open directory should be detected.
96 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd));
97
98 {
99 // Have a "/dev" file descriptor around.
100 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY);
101 base::ScopedFD dev_fd_closer(dev_fd);
102 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd));
103 }
104
105 // The "/dev" file descriptor should now be closed, |proc_fd| is the only
106 // directory file descriptor open.
107 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd));
108 }
109
110 SANDBOX_TEST(Credentials, DropAllCaps) { 60 SANDBOX_TEST(Credentials, DropAllCaps) {
111 Credentials creds; 61 Credentials creds;
112 CHECK(creds.DropAllCapabilities()); 62 CHECK(creds.DropAllCapabilities());
113 CHECK(!creds.HasAnyCapability()); 63 CHECK(!creds.HasAnyCapability());
114 } 64 }
115 65
116 SANDBOX_TEST(Credentials, GetCurrentCapString) { 66 SANDBOX_TEST(Credentials, GetCurrentCapString) {
117 Credentials creds; 67 Credentials creds;
118 CHECK(creds.DropAllCapabilities()); 68 CHECK(creds.DropAllCapabilities());
119 const char kNoCapabilityText[] = "="; 69 const char kNoCapabilityText[] = "=";
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
227 177
228 // The kernel should now prevent us from regaining capabilities because we 178 // The kernel should now prevent us from regaining capabilities because we
229 // are in a chroot. 179 // are in a chroot.
230 CHECK(!Credentials::SupportsNewUserNS()); 180 CHECK(!Credentials::SupportsNewUserNS());
231 CHECK(!creds.MoveToNewUserNS()); 181 CHECK(!creds.MoveToNewUserNS());
232 } 182 }
233 183
234 } // namespace. 184 } // namespace.
235 185
236 } // namespace sandbox. 186 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/services/credentials.cc ('k') | sandbox/linux/services/proc_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698