| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/suid/client/setuid_sandbox_host.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 5 #include "base/environment.h" | 9 #include "base/environment.h" |
| 6 #include "base/logging.h" | 10 #include "base/logging.h" |
| 7 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 8 #include "base/strings/string_number_conversions.h" | 12 #include "base/strings/string_number_conversions.h" |
| 9 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" | |
| 10 #include "sandbox/linux/suid/common/sandbox.h" | 13 #include "sandbox/linux/suid/common/sandbox.h" |
| 11 #include "testing/gtest/include/gtest/gtest.h" | 14 #include "testing/gtest/include/gtest/gtest.h" |
| 12 | 15 |
| 13 namespace sandbox { | 16 namespace sandbox { |
| 14 | 17 |
| 15 TEST(SetuidSandboxClient, SetupLaunchEnvironment) { | 18 TEST(SetuidSandboxHost, SetupLaunchEnvironment) { |
| 16 const char kTestValue[] = "This is a test"; | 19 const char kTestValue[] = "This is a test"; |
| 17 scoped_ptr<base::Environment> env(base::Environment::Create()); | 20 scoped_ptr<base::Environment> env(base::Environment::Create()); |
| 18 EXPECT_TRUE(env != NULL); | 21 EXPECT_TRUE(env != NULL); |
| 19 | 22 |
| 20 std::string saved_ld_preload; | 23 std::string saved_ld_preload; |
| 21 bool environment_had_ld_preload; | 24 bool environment_had_ld_preload; |
| 22 // First, back-up the real LD_PRELOAD if any. | 25 // First, back-up the real LD_PRELOAD if any. |
| 23 environment_had_ld_preload = env->GetVar("LD_PRELOAD", &saved_ld_preload); | 26 environment_had_ld_preload = env->GetVar("LD_PRELOAD", &saved_ld_preload); |
| 24 // Setup environment variables to save or not save. | 27 // Setup environment variables to save or not save. |
| 25 EXPECT_TRUE(env->SetVar("LD_PRELOAD", kTestValue)); | 28 EXPECT_TRUE(env->SetVar("LD_PRELOAD", kTestValue)); |
| 26 EXPECT_TRUE(env->UnSetVar("LD_ORIGIN_PATH")); | 29 EXPECT_TRUE(env->UnSetVar("LD_ORIGIN_PATH")); |
| 27 | 30 |
| 28 scoped_ptr<SetuidSandboxClient> | 31 scoped_ptr<SetuidSandboxHost> sandbox_host(SetuidSandboxHost::Create()); |
| 29 sandbox_client(SetuidSandboxClient::Create()); | 32 EXPECT_TRUE(sandbox_host != NULL); |
| 30 EXPECT_TRUE(sandbox_client != NULL); | |
| 31 | 33 |
| 32 // Make sure the environment is clean. | 34 // Make sure the environment is clean. |
| 33 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiRequest)); | 35 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiRequest)); |
| 34 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiProvides)); | 36 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiProvides)); |
| 35 | 37 |
| 36 sandbox_client->SetupLaunchEnvironment(); | 38 sandbox_host->SetupLaunchEnvironment(); |
| 37 | 39 |
| 38 // Check if the requested API environment was set. | 40 // Check if the requested API environment was set. |
| 39 std::string api_request; | 41 std::string api_request; |
| 40 EXPECT_TRUE(env->GetVar(kSandboxEnvironmentApiRequest, &api_request)); | 42 EXPECT_TRUE(env->GetVar(kSandboxEnvironmentApiRequest, &api_request)); |
| 41 int api_request_num; | 43 int api_request_num; |
| 42 EXPECT_TRUE(base::StringToInt(api_request, &api_request_num)); | 44 EXPECT_TRUE(base::StringToInt(api_request, &api_request_num)); |
| 43 EXPECT_EQ(api_request_num, kSUIDSandboxApiNumber); | 45 EXPECT_EQ(api_request_num, kSUIDSandboxApiNumber); |
| 44 | 46 |
| 45 // Now check if LD_PRELOAD was saved to SANDBOX_LD_PRELOAD. | 47 // Now check if LD_PRELOAD was saved to SANDBOX_LD_PRELOAD. |
| 46 std::string sandbox_ld_preload; | 48 std::string sandbox_ld_preload; |
| 47 EXPECT_TRUE(env->GetVar("SANDBOX_LD_PRELOAD", &sandbox_ld_preload)); | 49 EXPECT_TRUE(env->GetVar("SANDBOX_LD_PRELOAD", &sandbox_ld_preload)); |
| 48 EXPECT_EQ(sandbox_ld_preload, kTestValue); | 50 EXPECT_EQ(sandbox_ld_preload, kTestValue); |
| 49 | 51 |
| 50 // Check that LD_ORIGIN_PATH was not saved. | 52 // Check that LD_ORIGIN_PATH was not saved. |
| 51 EXPECT_FALSE(env->HasVar("SANDBOX_LD_ORIGIN_PATH")); | 53 EXPECT_FALSE(env->HasVar("SANDBOX_LD_ORIGIN_PATH")); |
| 52 | 54 |
| 53 // We should not forget to restore LD_PRELOAD at the end, or this environment | 55 // We should not forget to restore LD_PRELOAD at the end, or this environment |
| 54 // variable will affect the next running tests! | 56 // variable will affect the next running tests! |
| 55 if (environment_had_ld_preload) { | 57 if (environment_had_ld_preload) { |
| 56 EXPECT_TRUE(env->SetVar("LD_PRELOAD", saved_ld_preload)); | 58 EXPECT_TRUE(env->SetVar("LD_PRELOAD", saved_ld_preload)); |
| 57 } else { | 59 } else { |
| 58 EXPECT_TRUE(env->UnSetVar("LD_PRELOAD")); | 60 EXPECT_TRUE(env->UnSetVar("LD_PRELOAD")); |
| 59 } | 61 } |
| 60 } | 62 } |
| 61 | 63 |
| 62 TEST(SetuidSandboxClient, SandboxedClientAPI) { | |
| 63 scoped_ptr<base::Environment> env(base::Environment::Create()); | |
| 64 EXPECT_TRUE(env != NULL); | |
| 65 | |
| 66 scoped_ptr<SetuidSandboxClient> | |
| 67 sandbox_client(SetuidSandboxClient::Create()); | |
| 68 EXPECT_TRUE(sandbox_client != NULL); | |
| 69 | |
| 70 // Set-up a fake environment as if we went through the setuid sandbox. | |
| 71 EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides, | |
| 72 base::IntToString(kSUIDSandboxApiNumber))); | |
| 73 EXPECT_TRUE(env->SetVar(kSandboxDescriptorEnvironmentVarName, "1")); | |
| 74 EXPECT_TRUE(env->SetVar(kSandboxPIDNSEnvironmentVarName, "1")); | |
| 75 EXPECT_TRUE(env->UnSetVar(kSandboxNETNSEnvironmentVarName)); | |
| 76 | |
| 77 // Check the API. | |
| 78 EXPECT_TRUE(sandbox_client->IsSuidSandboxUpToDate()); | |
| 79 EXPECT_TRUE(sandbox_client->IsSuidSandboxChild()); | |
| 80 EXPECT_TRUE(sandbox_client->IsInNewPIDNamespace()); | |
| 81 EXPECT_FALSE(sandbox_client->IsInNewNETNamespace()); | |
| 82 | |
| 83 // Forge an incorrect API version and check. | |
| 84 EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides, | |
| 85 base::IntToString(kSUIDSandboxApiNumber + 1))); | |
| 86 EXPECT_FALSE(sandbox_client->IsSuidSandboxUpToDate()); | |
| 87 // We didn't go through the actual sandboxing mechanism as it is | |
| 88 // very hard in a unit test. | |
| 89 EXPECT_FALSE(sandbox_client->IsSandboxed()); | |
| 90 } | |
| 91 | |
| 92 // This test doesn't accomplish much, but will make sure that analysis tools | 64 // This test doesn't accomplish much, but will make sure that analysis tools |
| 93 // will run this codepath. | 65 // will run this codepath. |
| 94 TEST(SetuidSandboxClient, GetSandboxBinaryPath) { | 66 TEST(SetuidSandboxHost, GetSandboxBinaryPath) { |
| 95 scoped_ptr<SetuidSandboxClient> setuid_sandbox_client( | 67 scoped_ptr<SetuidSandboxHost> setuid_sandbox_host( |
| 96 SetuidSandboxClient::Create()); | 68 SetuidSandboxHost::Create()); |
| 97 ignore_result(setuid_sandbox_client->GetSandboxBinaryPath()); | 69 ignore_result(setuid_sandbox_host->GetSandboxBinaryPath()); |
| 98 } | 70 } |
| 99 | 71 |
| 100 } // namespace sandbox | 72 } // namespace sandbox |
| 101 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 903273002:
Update from https://crrev.com/315085 (Closed)
Base URL: git@github.com:domokit/mojo.git@master