OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/broker_process.h" | 5 #include "sandbox/linux/services/broker_process.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 fd = open_broker.Open(k_NotWhitelisted, O_RDONLY); | 92 fd = open_broker.Open(k_NotWhitelisted, O_RDONLY); |
93 EXPECT_EQ(fd, -EPERM); | 93 EXPECT_EQ(fd, -EPERM); |
94 fd = open_broker.Open(k_NotWhitelisted, O_WRONLY); | 94 fd = open_broker.Open(k_NotWhitelisted, O_WRONLY); |
95 EXPECT_EQ(fd, -EPERM); | 95 EXPECT_EQ(fd, -EPERM); |
96 fd = open_broker.Open(k_NotWhitelisted, O_RDWR); | 96 fd = open_broker.Open(k_NotWhitelisted, O_RDWR); |
97 EXPECT_EQ(fd, -EPERM); | 97 EXPECT_EQ(fd, -EPERM); |
98 | 98 |
99 // We have some extra sanity check for clearly wrong values. | 99 // We have some extra sanity check for clearly wrong values. |
100 fd = open_broker.Open(kRW_WhiteListed, O_RDONLY|O_WRONLY|O_RDWR); | 100 fd = open_broker.Open(kRW_WhiteListed, O_RDONLY|O_WRONLY|O_RDWR); |
101 EXPECT_EQ(fd, -EPERM); | 101 EXPECT_EQ(fd, -EPERM); |
| 102 |
| 103 // It makes no sense to allow O_CREAT in a 2-parameters open. Ensure this |
| 104 // is denied. |
| 105 fd = open_broker.Open(kRW_WhiteListed, O_RDWR|O_CREAT); |
| 106 EXPECT_EQ(fd, -EPERM); |
102 } | 107 } |
103 | 108 |
104 // Run the same thing twice. The second time, we make sure that no security | 109 // Run the same thing twice. The second time, we make sure that no security |
105 // check is performed on the client. | 110 // check is performed on the client. |
106 TEST(BrokerProcess, OpenFilePermsWithClientCheck) { | 111 TEST(BrokerProcess, OpenFilePermsWithClientCheck) { |
107 TestOpenFilePerms(true /* fast_check_in_client */); | 112 TestOpenFilePerms(true /* fast_check_in_client */); |
108 } | 113 } |
109 | 114 |
110 TEST(BrokerProcess, OpenOpenFilePermsNoClientCheck) { | 115 TEST(BrokerProcess, OpenOpenFilePermsNoClientCheck) { |
111 TestOpenFilePerms(false /* fast_check_in_client */); | 116 TestOpenFilePerms(false /* fast_check_in_client */); |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
278 | 283 |
279 TEST(BrokerProcess, ComplexFlagsWithClientCheck) { | 284 TEST(BrokerProcess, ComplexFlagsWithClientCheck) { |
280 TestComplexFlags(true /* fast_check_in_client */); | 285 TestComplexFlags(true /* fast_check_in_client */); |
281 } | 286 } |
282 | 287 |
283 TEST(BrokerProcess, ComplexFlagsNoClientCheck) { | 288 TEST(BrokerProcess, ComplexFlagsNoClientCheck) { |
284 TestComplexFlags(false /* fast_check_in_client */); | 289 TestComplexFlags(false /* fast_check_in_client */); |
285 } | 290 } |
286 | 291 |
287 } // namespace sandbox | 292 } // namespace sandbox |
OLD | NEW |