Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(217)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/syscall_broker/broker_file_permission_unittest.cc

Issue 721553002: sandbox: Extend BrokerPolicy to support file creation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: jln review changes Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« sandbox/linux/syscall_broker/broker_file_permission.h ('K') | « sandbox/linux/syscall_broker/broker_file_permission.cc ('k') | sandbox/linux/syscall_broker/broker_host.cc » ('j') | sandbox/linux/syscall_broker/broker_process_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "sandbox/linux/syscall_broker/broker_file_permission.h"
6
7 #include <fcntl.h>
8 #include <string.h>
9 #include <sys/stat.h>
10 #include <sys/types.h>
11
12 #include "base/logging.h"
13 #include "sandbox/linux/tests/test_utils.h"
14 #include "sandbox/linux/tests/unit_tests.h"
15 #include "testing/gtest/include/gtest/gtest.h"
16
17 namespace sandbox {
18
19 namespace syscall_broker {
20
21 // Creation tests are DEATH tests as a bad permission causes termination.
22 SANDBOX_DEATH_TEST(BrokerFilePermission, CreateGood, DEATH_SUCCESS()) {
23 const char k_Path[] = "/tmp/good";
24 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(k_Path);
25 }
26
27 SANDBOX_DEATH_TEST(BrokerFilePermission, CreateGoodRecursive, DEATH_SUCCESS()) {
28 const char k_Path[] = "/tmp/good/";
29 BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(k_Path);
30 }
31
32 SANDBOX_DEATH_TEST(BrokerFilePermission, CreateBad, DEATH_MESSAGE("")) {
33 const char k_Path[] = "/tmp/bad/";
34 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(k_Path);
35 }
36
37 SANDBOX_DEATH_TEST(BrokerFilePermission,
38 CreateBadRecursive,
39 DEATH_MESSAGE("")) {
40 const char k_Path[] = "/tmp/bad";
41 BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(k_Path);
42 }
43
44 SANDBOX_DEATH_TEST(BrokerFilePermission, CreateBadNotAbs, DEATH_MESSAGE("")) {
45 const char k_Path[] = "tmp/bad";
46 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(k_Path);
47 }
48
49 void CheckPerm(BrokerFilePermission& perm,
50 const char* path,
51 int access_flags,
52 bool create) {
53 const char* file_to_open;
54
55 // check bad perms
56 switch (access_flags) {
57 case O_RDONLY:
58 ASSERT_TRUE(perm.CheckOpen(path, O_RDONLY, &file_to_open, NULL));
59 ASSERT_FALSE(perm.CheckOpen(path, O_WRONLY, &file_to_open, NULL));
60 ASSERT_FALSE(perm.CheckOpen(path, O_RDWR, &file_to_open, NULL));
61 break;
62 case O_WRONLY:
63 ASSERT_FALSE(perm.CheckOpen(path, O_RDONLY, &file_to_open, NULL));
64 ASSERT_TRUE(perm.CheckOpen(path, O_WRONLY, &file_to_open, NULL));
65 ASSERT_FALSE(perm.CheckOpen(path, O_RDWR, &file_to_open, NULL));
66 break;
67 case O_RDWR:
68 ASSERT_TRUE(perm.CheckOpen(path, O_RDONLY, &file_to_open, NULL));
69 ASSERT_TRUE(perm.CheckOpen(path, O_WRONLY, &file_to_open, NULL));
70 ASSERT_TRUE(perm.CheckOpen(path, O_RDWR, &file_to_open, NULL));
71 break;
72 default:
73 // Bad test case
74 NOTREACHED();
75 }
76
77 // check every possible flag and act accordingly.
78 for (int i = 2; i < 32; i++) {
79 int flag = 1 << i;
80 switch (flag) {
81 case O_APPEND:
82 case O_ASYNC:
83 case O_DIRECT:
84 case O_DIRECTORY:
85 case O_DSYNC:
86 case O_EXCL:
87 case O_NOATIME:
88 case O_NOCTTY:
89 case O_NOFOLLOW:
90 case O_NONBLOCK:
91 #if (O_NONBLOCK != O_NDELAY)
92 case O_NDELAY:
93 #endif
94 case (O_SYNC & ~O_DSYNC):
95 case O_TRUNC:
96 ASSERT_TRUE(
97 perm.CheckOpen(path, access_flags | flag, &file_to_open, NULL));
98 break;
99 case O_CLOEXEC:
100 case O_CREAT:
101 default:
102 ASSERT_FALSE(
103 perm.CheckOpen(path, access_flags | flag, &file_to_open, NULL));
104 }
105 }
106 if (create) {
107 bool unlink;
108 ASSERT_TRUE(perm.CheckOpen(path, O_CREAT | O_EXCL | access_flags,
109 &file_to_open, &unlink));
110 ASSERT_FALSE(unlink);
111 } else {
112 ASSERT_FALSE(perm.CheckOpen(path, O_CREAT | O_EXCL | access_flags,
113 &file_to_open, NULL));
114 }
115 }
116
117 TEST(BrokerFilePermission, ReadOnly) {
118 const char k_Path[] = "/tmp/good";
119 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(k_Path);
120 CheckPerm(perm, k_Path, O_RDONLY, false);
121 }
122
123 TEST(BrokerFilePermission, ReadOnlyRecursive) {
124 const char k_Path[] = "/tmp/good/";
125 const char k_PathFile[] = "/tmp/good/file";
126 BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(k_Path);
127 CheckPerm(perm, k_PathFile, O_RDONLY, false);
128 }
129
130 TEST(BrokerFilePermission, WriteOnly) {
131 const char k_Path[] = "/tmp/good";
132 BrokerFilePermission perm = BrokerFilePermission::WriteOnly(k_Path);
133 CheckPerm(perm, k_Path, O_WRONLY, false);
134 }
135
136 TEST(BrokerFilePermission, ReadWrite) {
137 const char k_Path[] = "/tmp/good";
138 BrokerFilePermission perm = BrokerFilePermission::ReadWrite(k_Path);
139 CheckPerm(perm, k_Path, O_RDWR, false);
140 }
141
142 TEST(BrokerFilePermission, ReadWriteCreate) {
143 const char k_Path[] = "/tmp/good";
144 BrokerFilePermission perm = BrokerFilePermission::ReadWriteCreate(k_Path);
145 CheckPerm(perm, k_Path, O_RDWR, true);
146 }
147
148 void CheckUnlink(BrokerFilePermission& perm,
149 const char* path,
150 int access_flags) {
151 bool unlink;
152 ASSERT_FALSE(perm.CheckOpen(path, access_flags, NULL, &unlink));
153 ASSERT_FALSE(perm.CheckOpen(path, access_flags | O_CREAT, NULL, &unlink));
154 ASSERT_TRUE(
155 perm.CheckOpen(path, access_flags | O_CREAT | O_EXCL, NULL, &unlink));
156 ASSERT_TRUE(unlink);
157 }
158
159 TEST(BrokerFilePermission, ReadWriteCreateUnlink) {
160 const char k_Path[] = "/tmp/good";
161 BrokerFilePermission perm =
162 BrokerFilePermission::ReadWriteCreateUnlink(k_Path);
163 CheckUnlink(perm, k_Path, O_RDWR);
164 }
165
166 TEST(BrokerFilePermission, ReadWriteCreateUnlinkRecursive) {
167 const char k_Path[] = "/tmp/good/";
168 const char k_PathFile[] = "/tmp/good/file";
169 BrokerFilePermission perm =
170 BrokerFilePermission::ReadWriteCreateUnlinkRecursive(k_Path);
171 CheckUnlink(perm, k_PathFile, O_RDWR);
172 }
173
174 class BrokerFilePermissionTester {
175 public:
176 static bool ValidatePath(const char* path) {
177 return BrokerFilePermission::ValidatePath(path);
178 }
179
180 private:
181 DISALLOW_COPY_AND_ASSIGN(BrokerFilePermissionTester);
182 };
183
184 TEST(BrokerFilePermission, ValidatePath) {
185 ASSERT_TRUE(BrokerFilePermissionTester::ValidatePath("/path"));
186 ASSERT_TRUE(BrokerFilePermissionTester::ValidatePath("/"));
187 ASSERT_TRUE(BrokerFilePermissionTester::ValidatePath("/..path"));
188
189 ASSERT_FALSE(BrokerFilePermissionTester::ValidatePath(""));
190 ASSERT_FALSE(BrokerFilePermissionTester::ValidatePath("bad"));
191 ASSERT_FALSE(BrokerFilePermissionTester::ValidatePath("/bad/"));
192 ASSERT_FALSE(BrokerFilePermissionTester::ValidatePath("/bad/"));
193 ASSERT_FALSE(BrokerFilePermissionTester::ValidatePath("/bad/.."));
194 ASSERT_FALSE(BrokerFilePermissionTester::ValidatePath("/bad/../bad"));
195 ASSERT_FALSE(BrokerFilePermissionTester::ValidatePath("/../bad"));
196 }
197
198 } // namespace syscall_broker
199
200 } // namespace sandbox
OLDNEW
« sandbox/linux/syscall_broker/broker_file_permission.h ('K') | « sandbox/linux/syscall_broker/broker_file_permission.cc ('k') | sandbox/linux/syscall_broker/broker_host.cc » ('j') | sandbox/linux/syscall_broker/broker_process_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698