sandbox/linux/services/credentials_unittest.cc - Issue 863933004: Linux sandbox: Make ChrootToSafeEmptyDir() faster.

Side by Side Diff: sandbox/linux/services/credentials_unittest.cc

Issue 863933004: Linux sandbox: Make ChrootToSafeEmptyDir() faster. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « sandbox/linux/services/credentials.cc ('k') | no next file » | no next file with comments »

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/linux/services/credentials.h"	5 #include "sandbox/linux/services/credentials.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8 #include <fcntl.h>	8 #include <fcntl.h>

9 #include <stdio.h>	9 #include <stdio.h>

10 #include <sys/stat.h>	10 #include <sys/stat.h>

(...skipping 119 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
130 ASSERT_TRUE(WorkingDirectoryIsRoot());	130 ASSERT_TRUE(WorkingDirectoryIsRoot());

131 }	131 }

132	132

133 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) {	133 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) {

134 CHECK(Credentials::DropAllCapabilities());	134 CHECK(Credentials::DropAllCapabilities());

135 // Probably missing kernel support.	135 // Probably missing kernel support.

136 if (!Credentials::MoveToNewUserNS()) return;	136 if (!Credentials::MoveToNewUserNS()) return;

137 CHECK(Credentials::DropFileSystemAccess());	137 CHECK(Credentials::DropFileSystemAccess());

138 CHECK(!base::DirectoryExists(base::FilePath("/proc")));	138 CHECK(!base::DirectoryExists(base::FilePath("/proc")));

139 CHECK(WorkingDirectoryIsRoot());	139 CHECK(WorkingDirectoryIsRoot());

	140 CHECK(base::IsDirectoryEmpty(base::FilePath("/")));

140 // We want the chroot to never have a subdirectory. A subdirectory	141 // We want the chroot to never have a subdirectory. A subdirectory

141 // could allow a chroot escape.	142 // could allow a chroot escape.

142 CHECK_NE(0, mkdir("/test", 0700));	143 CHECK_NE(0, mkdir("/test", 0700));

143 }	144 }

144	145

145 // Check that after dropping filesystem access and dropping privileges	146 // Check that after dropping filesystem access and dropping privileges

146 // it is not possible to regain capabilities.	147 // it is not possible to regain capabilities.

147 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) {	148 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) {

148 CHECK(Credentials::DropAllCapabilities());	149 CHECK(Credentials::DropAllCapabilities());

149 // Probably missing kernel support.	150 // Probably missing kernel support.

150 if (!Credentials::MoveToNewUserNS()) return;	151 if (!Credentials::MoveToNewUserNS()) return;

151 CHECK(Credentials::DropFileSystemAccess());	152 CHECK(Credentials::DropFileSystemAccess());

152 CHECK(Credentials::DropAllCapabilities());	153 CHECK(Credentials::DropAllCapabilities());

153	154

154 // The kernel should now prevent us from regaining capabilities because we	155 // The kernel should now prevent us from regaining capabilities because we

155 // are in a chroot.	156 // are in a chroot.

156 CHECK(!Credentials::SupportsNewUserNS());	157 CHECK(!Credentials::SupportsNewUserNS());

157 CHECK(!Credentials::MoveToNewUserNS());	158 CHECK(!Credentials::MoveToNewUserNS());

158 }	159 }

159	160

160 } // namespace.	161 } // namespace.

161	162

162 } // namespace sandbox.	163 } // namespace sandbox.

OLD	NEW