Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(455)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: trunk/src/sandbox/linux/services/credentials_unittest.cc

Issue 85343005: Revert 237242 "Linux sandbox: move CurrentProcessHasOpenDirectories" (Closed) Base URL: svn://svn.chromium.org/chrome/
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « trunk/src/sandbox/linux/services/credentials.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/credentials.h" 5 #include "sandbox/linux/services/credentials.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h>
9 #include <stdio.h> 8 #include <stdio.h>
10 #include <sys/stat.h>
11 #include <sys/types.h>
12 #include <unistd.h> 9 #include <unistd.h>
13 10
14 #include "base/file_util.h"
15 #include "base/logging.h" 11 #include "base/logging.h"
16 #include "base/memory/scoped_ptr.h" 12 #include "base/memory/scoped_ptr.h"
17 #include "sandbox/linux/tests/unit_tests.h" 13 #include "sandbox/linux/tests/unit_tests.h"
18 #include "testing/gtest/include/gtest/gtest.h" 14 #include "testing/gtest/include/gtest/gtest.h"
19 15
20 using file_util::ScopedFD;
21
22 namespace sandbox { 16 namespace sandbox {
23 17
24 namespace { 18 namespace {
25 19
26 bool DirectoryExists(const char* path) { 20 bool DirectoryExists(const char* path) {
27 struct stat dir; 21 struct stat dir;
28 errno = 0; 22 errno = 0;
29 int ret = stat(path, &dir); 23 int ret = stat(path, &dir);
30 return -1 != ret || ENOENT != errno; 24 return -1 != ret || ENOENT != errno;
31 } 25 }
(...skipping 19 matching lines...) Expand all
51 45
52 // Give dynamic tools a simple thing to test. 46 // Give dynamic tools a simple thing to test.
53 TEST(Credentials, CreateAndDestroy) { 47 TEST(Credentials, CreateAndDestroy) {
54 { 48 {
55 Credentials cred1; 49 Credentials cred1;
56 (void) cred1; 50 (void) cred1;
57 } 51 }
58 scoped_ptr<Credentials> cred2(new Credentials); 52 scoped_ptr<Credentials> cred2(new Credentials);
59 } 53 }
60 54
61 TEST(Credentials, HasOpenDirectory) {
62 Credentials creds;
63 // No open directory should exist at startup.
64 EXPECT_FALSE(creds.HasOpenDirectory(-1));
65 {
66 // Have a "/dev" file descriptor around.
67 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY);
68 ScopedFD dev_fd_closer(&dev_fd);
69 EXPECT_TRUE(creds.HasOpenDirectory(-1));
70 }
71 EXPECT_FALSE(creds.HasOpenDirectory(-1));
72 }
73
74 TEST(Credentials, HasOpenDirectoryWithFD) {
75 Credentials creds;
76
77 int proc_fd = open("/proc", O_RDONLY | O_DIRECTORY);
78 ScopedFD proc_fd_closer(&proc_fd);
79 ASSERT_LE(0, proc_fd);
80
81 // Don't pass |proc_fd|, an open directory (proc_fd) should
82 // be detected.
83 EXPECT_TRUE(creds.HasOpenDirectory(-1));
84 // Pass |proc_fd| and no open directory should be detected.
85 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd));
86
87 {
88 // Have a "/dev" file descriptor around.
89 int dev_fd = open("/dev", O_RDONLY | O_DIRECTORY);
90 ScopedFD dev_fd_closer(&dev_fd);
91 EXPECT_TRUE(creds.HasOpenDirectory(proc_fd));
92 }
93
94 // The "/dev" file descriptor should now be closed, |proc_fd| is the only
95 // directory file descriptor open.
96 EXPECT_FALSE(creds.HasOpenDirectory(proc_fd));
97 }
98
99 SANDBOX_TEST(Credentials, DropAllCaps) { 55 SANDBOX_TEST(Credentials, DropAllCaps) {
100 Credentials creds; 56 Credentials creds;
101 CHECK(creds.DropAllCapabilities()); 57 CHECK(creds.DropAllCapabilities());
102 CHECK(!creds.HasAnyCapability()); 58 CHECK(!creds.HasAnyCapability());
103 } 59 }
104 60
105 SANDBOX_TEST(Credentials, GetCurrentCapString) { 61 SANDBOX_TEST(Credentials, GetCurrentCapString) {
106 Credentials creds; 62 Credentials creds;
107 CHECK(creds.DropAllCapabilities()); 63 CHECK(creds.DropAllCapabilities());
108 const char kNoCapabilityText[] = "="; 64 const char kNoCapabilityText[] = "=";
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
206 CHECK(creds.DropAllCapabilities()); 162 CHECK(creds.DropAllCapabilities());
207 163
208 // The kernel should now prevent us from regaining capabilities because we 164 // The kernel should now prevent us from regaining capabilities because we
209 // are in a chroot. 165 // are in a chroot.
210 CHECK(!creds.MoveToNewUserNS()); 166 CHECK(!creds.MoveToNewUserNS());
211 } 167 }
212 168
213 } // namespace. 169 } // namespace.
214 170
215 } // namespace sandbox. 171 } // namespace sandbox.
OLDNEW
« no previous file with comments | « trunk/src/sandbox/linux/services/credentials.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698