OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <stdio.h> | 9 #include <stdio.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
130 ASSERT_TRUE(WorkingDirectoryIsRoot()); | 130 ASSERT_TRUE(WorkingDirectoryIsRoot()); |
131 } | 131 } |
132 | 132 |
133 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) { | 133 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) { |
134 CHECK(Credentials::DropAllCapabilities()); | 134 CHECK(Credentials::DropAllCapabilities()); |
135 // Probably missing kernel support. | 135 // Probably missing kernel support. |
136 if (!Credentials::MoveToNewUserNS()) return; | 136 if (!Credentials::MoveToNewUserNS()) return; |
137 CHECK(Credentials::DropFileSystemAccess()); | 137 CHECK(Credentials::DropFileSystemAccess()); |
138 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 138 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
139 CHECK(WorkingDirectoryIsRoot()); | 139 CHECK(WorkingDirectoryIsRoot()); |
| 140 CHECK(base::IsDirectoryEmpty(base::FilePath("/"))); |
140 // We want the chroot to never have a subdirectory. A subdirectory | 141 // We want the chroot to never have a subdirectory. A subdirectory |
141 // could allow a chroot escape. | 142 // could allow a chroot escape. |
142 CHECK_NE(0, mkdir("/test", 0700)); | 143 CHECK_NE(0, mkdir("/test", 0700)); |
143 } | 144 } |
144 | 145 |
145 // Check that after dropping filesystem access and dropping privileges | 146 // Check that after dropping filesystem access and dropping privileges |
146 // it is not possible to regain capabilities. | 147 // it is not possible to regain capabilities. |
147 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) { | 148 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) { |
148 CHECK(Credentials::DropAllCapabilities()); | 149 CHECK(Credentials::DropAllCapabilities()); |
149 // Probably missing kernel support. | 150 // Probably missing kernel support. |
150 if (!Credentials::MoveToNewUserNS()) return; | 151 if (!Credentials::MoveToNewUserNS()) return; |
151 CHECK(Credentials::DropFileSystemAccess()); | 152 CHECK(Credentials::DropFileSystemAccess()); |
152 CHECK(Credentials::DropAllCapabilities()); | 153 CHECK(Credentials::DropAllCapabilities()); |
153 | 154 |
154 // The kernel should now prevent us from regaining capabilities because we | 155 // The kernel should now prevent us from regaining capabilities because we |
155 // are in a chroot. | 156 // are in a chroot. |
156 CHECK(!Credentials::SupportsNewUserNS()); | 157 CHECK(!Credentials::SupportsNewUserNS()); |
157 CHECK(!Credentials::MoveToNewUserNS()); | 158 CHECK(!Credentials::MoveToNewUserNS()); |
158 } | 159 } |
159 | 160 |
160 } // namespace. | 161 } // namespace. |
161 | 162 |
162 } // namespace sandbox. | 163 } // namespace sandbox. |
OLD | NEW |