OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | |
9 #include <stdio.h> | 8 #include <stdio.h> |
10 #include <sys/stat.h> | |
11 #include <sys/types.h> | |
12 #include <unistd.h> | 9 #include <unistd.h> |
13 | 10 |
14 #include "base/file_util.h" | |
15 #include "base/logging.h" | 11 #include "base/logging.h" |
16 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
17 #include "sandbox/linux/tests/unit_tests.h" | 13 #include "sandbox/linux/tests/unit_tests.h" |
18 #include "testing/gtest/include/gtest/gtest.h" | 14 #include "testing/gtest/include/gtest/gtest.h" |
19 | 15 |
20 using file_util::ScopedFD; | |
21 | |
22 namespace sandbox { | 16 namespace sandbox { |
23 | 17 |
24 namespace { | 18 namespace { |
25 | 19 |
26 bool DirectoryExists(const char* path) { | 20 bool DirectoryExists(const char* path) { |
27 struct stat dir; | 21 struct stat dir; |
28 errno = 0; | 22 errno = 0; |
29 int ret = stat(path, &dir); | 23 int ret = stat(path, &dir); |
30 return -1 != ret || ENOENT != errno; | 24 return -1 != ret || ENOENT != errno; |
31 } | 25 } |
(...skipping 19 matching lines...) Expand all Loading... |
51 | 45 |
52 // Give dynamic tools a simple thing to test. | 46 // Give dynamic tools a simple thing to test. |
53 TEST(Credentials, CreateAndDestroy) { | 47 TEST(Credentials, CreateAndDestroy) { |
54 { | 48 { |
55 Credentials cred1; | 49 Credentials cred1; |
56 (void) cred1; | 50 (void) cred1; |
57 } | 51 } |
58 scoped_ptr<Credentials> cred2(new Credentials); | 52 scoped_ptr<Credentials> cred2(new Credentials); |
59 } | 53 } |
60 | 54 |
61 TEST(Credentials, HasOpenDirectory) { | |
62 Credentials creds; | |
63 // No open directory should exist at startup. | |
64 EXPECT_FALSE(creds.HasOpenDirectory(-1)); | |
65 { | |
66 // Have a "/dev" file descriptor around. | |
67 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); | |
68 ScopedFD dev_fd_closer(&dev_fd); | |
69 EXPECT_TRUE(creds.HasOpenDirectory(-1)); | |
70 } | |
71 EXPECT_FALSE(creds.HasOpenDirectory(-1)); | |
72 } | |
73 | |
74 TEST(Credentials, HasOpenDirectoryWithFD) { | |
75 Credentials creds; | |
76 | |
77 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY); | |
78 ScopedFD proc_fd_closer(&proc_fd); | |
79 ASSERT_LE(0, proc_fd); | |
80 | |
81 // Don't pass |proc_fd|, an open directory (proc_fd) should | |
82 // be detected. | |
83 EXPECT_TRUE(creds.HasOpenDirectory(-1)); | |
84 // Pass |proc_fd| and no open directory should be detected. | |
85 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); | |
86 | |
87 { | |
88 // Have a "/dev" file descriptor around. | |
89 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY); | |
90 ScopedFD dev_fd_closer(&dev_fd); | |
91 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd)); | |
92 } | |
93 | |
94 // The "/dev" file descriptor should now be closed, |proc_fd| is the only | |
95 // directory file descriptor open. | |
96 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd)); | |
97 } | |
98 | |
99 SANDBOX_TEST(Credentials, DropAllCaps) { | 55 SANDBOX_TEST(Credentials, DropAllCaps) { |
100 Credentials creds; | 56 Credentials creds; |
101 CHECK(creds.DropAllCapabilities()); | 57 CHECK(creds.DropAllCapabilities()); |
102 CHECK(!creds.HasAnyCapability()); | 58 CHECK(!creds.HasAnyCapability()); |
103 } | 59 } |
104 | 60 |
105 SANDBOX_TEST(Credentials, GetCurrentCapString) { | 61 SANDBOX_TEST(Credentials, GetCurrentCapString) { |
106 Credentials creds; | 62 Credentials creds; |
107 CHECK(creds.DropAllCapabilities()); | 63 CHECK(creds.DropAllCapabilities()); |
108 const char kNoCapabilityText[] = "="; | 64 const char kNoCapabilityText[] = "="; |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
206 CHECK(creds.DropAllCapabilities()); | 162 CHECK(creds.DropAllCapabilities()); |
207 | 163 |
208 // The kernel should now prevent us from regaining capabilities because we | 164 // The kernel should now prevent us from regaining capabilities because we |
209 // are in a chroot. | 165 // are in a chroot. |
210 CHECK(!creds.MoveToNewUserNS()); | 166 CHECK(!creds.MoveToNewUserNS()); |
211 } | 167 } |
212 | 168 |
213 } // namespace. | 169 } // namespace. |
214 | 170 |
215 } // namespace sandbox. | 171 } // namespace sandbox. |
OLD | NEW |