Chromium Code Reviews Chromium Code Reviews
Issue 721553002:
sandbox: Extend BrokerPolicy to support file creation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "sandbox/linux/syscall_broker/broker_file_permission.h" | |
| 6 | |
| 7 #include <fcntl.h> | |
| 8 #include <string.h> | |
| 9 #include <sys/stat.h> | |
| 10 #include <sys/types.h> | |
| 11 #include <unistd.h> | |
| 12 | |
| 13 #include "base/logging.h" | |
| 14 #include "sandbox/linux/tests/test_utils.h" | |
| 15 #include "sandbox/linux/tests/unit_tests.h" | |
| 16 #include "testing/gtest/include/gtest/gtest.h" | |
| 17 | |
| 18 namespace sandbox { | |
| 19 | |
| 20 namespace syscall_broker { | |
| 21 | |
| 22 class BrokerFilePermissionTester { | |
| 23 public: | |
| 24 static bool ValidatePath(const char* path) { | |
| 25 return BrokerFilePermission::ValidatePath(path); | |
| 26 } | |
| 27 static const char* GetErrorMessage() { | |
| 28 return BrokerFilePermission::GetErrorMessageForTests(); | |
| 29 } | |
| 30 | |
| 31 private: | |
| 32 DISALLOW_COPY_AND_ASSIGN(BrokerFilePermissionTester); | |
| 33 }; | |
| 34 | |
| 35 namespace { | |
| 36 | |
| 37 // Creation tests are DEATH tests as a bad permission causes termination. | |
| 38 SANDBOX_TEST(BrokerFilePermission, CreateGood) { | |
| 39 const char kPath[] = "/tmp/good"; | |
| 40 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath); | |
| 41 } | |
| 42 | |
| 43 SANDBOX_TEST(BrokerFilePermission, CreateGoodRecursive) { | |
| 44 const char kPath[] = "/tmp/good/"; | |
| 45 BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(kPath); | |
| 46 } | |
| 47 | |
| 48 SANDBOX_DEATH_TEST( | |
| 49 BrokerFilePermission, | |
| 50 CreateBad, | |
| 51 DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) { | |
| 52 const char kPath[] = "/tmp/bad/"; | |
| 53 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath); | |
| 54 } | |
| 55 | |
| 56 SANDBOX_DEATH_TEST( | |
| 57 BrokerFilePermission, | |
| 58 CreateBadRecursive, | |
| 59 DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) { | |
| 60 const char kPath[] = "/tmp/bad"; | |
| 61 BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(kPath); | |
| 62 } | |
| 63 | |
| 64 SANDBOX_DEATH_TEST( | |
| 65 BrokerFilePermission, | |
| 66 CreateBadNotAbs, | |
| 67 DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) { | |
| 68 const char kPath[] = "tmp/bad"; | |
| 69 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath); | |
| 70 } | |
| 71 | |
| 72 SANDBOX_DEATH_TEST( | |
| 73 BrokerFilePermission, | |
| 74 CreateBadEmpty, | |
| 75 DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) { | |
| 76 const char kPath[] = ""; | |
| 77 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath); | |
| 78 } | |
| 79 | |
| 80 // CheckPerm tests |path| against |perm| given |access_flags|. | |
| 81 // If |create| is true then file creation is tested for success. | |
| 82 void CheckPerm(const BrokerFilePermission& perm, | |
| 83 const char* path, | |
| 84 int access_flags, | |
| 85 bool create) { | |
| 86 const char* file_to_open = NULL; | |
| 87 | |
| 88 ASSERT_FALSE(perm.CheckAccess(path, X_OK, NULL)); | |
| 89 ASSERT_TRUE(perm.CheckAccess(path, F_OK, NULL)); | |
| 90 // check bad perms | |
| 91 switch (access_flags) { | |
| 92 case O_RDONLY: | |
| 93 ASSERT_TRUE(perm.CheckOpen(path, O_RDONLY, &file_to_open, NULL)); | |
| 94 ASSERT_FALSE(perm.CheckOpen(path, O_WRONLY, &file_to_open, NULL)); | |
| 95 ASSERT_FALSE(perm.CheckOpen(path, O_RDWR, &file_to_open, NULL)); | |
| 96 ASSERT_TRUE(perm.CheckAccess(path, R_OK, NULL)); | |
| 97 ASSERT_FALSE(perm.CheckAccess(path, W_OK, NULL)); | |
| 98 break; | |
| 99 case O_WRONLY: | |
| 100 ASSERT_FALSE(perm.CheckOpen(path, O_RDONLY, &file_to_open, NULL)); | |
| 101 ASSERT_TRUE(perm.CheckOpen(path, O_WRONLY, &file_to_open, NULL)); | |
| 102 ASSERT_FALSE(perm.CheckOpen(path, O_RDWR, &file_to_open, NULL)); | |
| 103 ASSERT_FALSE(perm.CheckAccess(path, R_OK, NULL)); | |
| 104 ASSERT_TRUE(perm.CheckAccess(path, W_OK, NULL)); | |
| 105 break; | |
| 106 case O_RDWR: | |
| 107 ASSERT_TRUE(perm.CheckOpen(path, O_RDONLY, &file_to_open, NULL)); | |
| 108 ASSERT_TRUE(perm.CheckOpen(path, O_WRONLY, &file_to_open, NULL)); | |
| 109 ASSERT_TRUE(perm.CheckOpen(path, O_RDWR, &file_to_open, NULL)); | |
| 110 ASSERT_TRUE(perm.CheckAccess(path, R_OK, NULL)); | |
| 111 ASSERT_TRUE(perm.CheckAccess(path, W_OK, NULL)); | |
| 112 break; | |
| 113 default: | |
| 114 // Bad test case | |
| 115 NOTREACHED(); | |
| 116 } | |
| 117 | |
| 118 // O_SYNC can be defined as (__O_SYNC|O_DSYNC) | |
| 119 #ifdef O_DSYNC | |
| 120 const int kSyncFlag = O_SYNC & ~O_DSYNC; | |
| 121 #else | |
| 122 const int kSyncFlag = O_SYNC; | |
| 123 #endif | |
| 124 | |
| 125 // check every possible flag and act accordingly. | |
| 126 for (int i = 2; i < 32; i++) { | |
| 127 int flag = 1 << i; | |
| 128 switch (flag) { | |
| 129 case O_APPEND: | |
| 130 case O_ASYNC: | |
| 131 case O_DIRECT: | |
| 132 case O_DIRECTORY: | |
| 133 #ifdef O_DSYNC | |
| 134 case O_DSYNC: | |
| 135 #endif | |
| 136 case O_EXCL: | |
| 137 case O_LARGEFILE: | |
| 138 case O_NOATIME: | |
| 139 case O_NOCTTY: | |
| 140 case O_NOFOLLOW: | |
| 141 case O_NONBLOCK: | |
| 142 #if (O_NONBLOCK != O_NDELAY) | |
| 143 case O_NDELAY: | |
| 144 #endif | |
| 145 case kSyncFlag: | |
| 146 case O_TRUNC: | |
| 147 ASSERT_TRUE( | |
| 148 perm.CheckOpen(path, access_flags | flag, &file_to_open, NULL)); | |
| 149 break; | |
| 150 case O_CLOEXEC: | |
| 151 case O_CREAT: | |
| 152 default: | |
| 153 ASSERT_FALSE( | |
| 154 perm.CheckOpen(path, access_flags | flag, &file_to_open, NULL)); | |
| 155 } | |
| 156 } | |
| 157 if (create) { | |
| 158 bool unlink; | |
| 159 ASSERT_TRUE(perm.CheckOpen(path, O_CREAT | O_EXCL | access_flags, | |
| 160 &file_to_open, &unlink)); | |
| 161 ASSERT_FALSE(unlink); | |
| 162 } else { | |
| 163 ASSERT_FALSE(perm.CheckOpen(path, O_CREAT | O_EXCL | access_flags, | |
| 164 &file_to_open, NULL)); | |
| 165 } | |
| 166 } | |
| 167 | |
| 168 TEST(BrokerFilePermission, ReadOnly) { | |
| 169 const char kPath[] = "/tmp/good"; | |
| 170 BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath); | |
| 171 CheckPerm(perm, kPath, O_RDONLY, false); // CheckPerm must be last | |
|
jln (very slow on Chromium)
2014/11/26 19:49:06
Explain why: "For ASSERT* to successfully exit the
| |
| 172 } | |
| 173 | |
| 174 TEST(BrokerFilePermission, ReadOnlyRecursive) { | |
| 175 const char kPath[] = "/tmp/good/"; | |
| 176 const char kPathFile[] = "/tmp/good/file"; | |
| 177 BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(kPath); | |
| 178 CheckPerm(perm, kPathFile, O_RDONLY, false); // CheckPerm must be last | |
| 179 } | |
| 180 | |
| 181 TEST(BrokerFilePermission, WriteOnly) { | |
| 182 const char kPath[] = "/tmp/good"; | |
| 183 BrokerFilePermission perm = BrokerFilePermission::WriteOnly(kPath); | |
| 184 CheckPerm(perm, kPath, O_WRONLY, false); // CheckPerm must be last | |
| 185 } | |
| 186 | |
| 187 TEST(BrokerFilePermission, ReadWrite) { | |
| 188 const char kPath[] = "/tmp/good"; | |
| 189 BrokerFilePermission perm = BrokerFilePermission::ReadWrite(kPath); | |
| 190 CheckPerm(perm, kPath, O_RDWR, false); // CheckPerm must be last | |
| 191 } | |
| 192 | |
| 193 TEST(BrokerFilePermission, ReadWriteCreate) { | |
| 194 const char kPath[] = "/tmp/good"; | |
| 195 BrokerFilePermission perm = BrokerFilePermission::ReadWriteCreate(kPath); | |
| 196 CheckPerm(perm, kPath, O_RDWR, true); // CheckPerm must be last | |
| 197 } | |
| 198 | |
| 199 void CheckUnlink(BrokerFilePermission& perm, | |
| 200 const char* path, | |
| 201 int access_flags) { | |
| 202 bool unlink; | |
| 203 ASSERT_FALSE(perm.CheckOpen(path, access_flags, NULL, &unlink)); | |
| 204 ASSERT_FALSE(perm.CheckOpen(path, access_flags | O_CREAT, NULL, &unlink)); | |
| 205 ASSERT_TRUE( | |
| 206 perm.CheckOpen(path, access_flags | O_CREAT | O_EXCL, NULL, &unlink)); | |
| 207 ASSERT_TRUE(unlink); | |
| 208 } | |
| 209 | |
| 210 TEST(BrokerFilePermission, ReadWriteCreateUnlink) { | |
| 211 const char kPath[] = "/tmp/good"; | |
| 212 BrokerFilePermission perm = | |
| 213 BrokerFilePermission::ReadWriteCreateUnlink(kPath); | |
| 214 CheckUnlink(perm, kPath, O_RDWR); // CheckUnlink must be last | |
| 215 } | |
| 216 | |
| 217 TEST(BrokerFilePermission, ReadWriteCreateUnlinkRecursive) { | |
| 218 const char kPath[] = "/tmp/good/"; | |
| 219 const char kPathFile[] = "/tmp/good/file"; | |
| 220 BrokerFilePermission perm = | |
| 221 BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kPath); | |
| 222 CheckUnlink(perm, kPathFile, O_RDWR); // CheckUnlink must be last | |
| 223 } | |
| 224 | |
| 225 TEST(BrokerFilePermission, ValidatePath) { | |
| 226 EXPECT_TRUE(BrokerFilePermissionTester::ValidatePath("/path")); | |
| 227 EXPECT_TRUE(BrokerFilePermissionTester::ValidatePath("/")); | |
| 228 EXPECT_TRUE(BrokerFilePermissionTester::ValidatePath("/..path")); | |
| 229 | |
| 230 EXPECT_FALSE(BrokerFilePermissionTester::ValidatePath("")); | |
| 231 EXPECT_FALSE(BrokerFilePermissionTester::ValidatePath("bad")); | |
| 232 EXPECT_FALSE(BrokerFilePermissionTester::ValidatePath("/bad/")); | |
| 233 EXPECT_FALSE(BrokerFilePermissionTester::ValidatePath("bad/")); | |
| 234 EXPECT_FALSE(BrokerFilePermissionTester::ValidatePath("/bad/..")); | |
| 235 EXPECT_FALSE(BrokerFilePermissionTester::ValidatePath("/bad/../bad")); | |
| 236 EXPECT_FALSE(BrokerFilePermissionTester::ValidatePath("/../bad")); | |
| 237 } | |
| 238 | |
| 239 } // namespace | |
| 240 | |
| 241 } // namespace syscall_broker | |
| 242 | |
| 243 } // namespace sandbox | |
| OLD | NEW |
