// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <sched.h> #include <stddef.h> #include <stdio.h> #include <string.h> #include <sys/socket.h> #include <sys/syscall.h> #include <sys/wait.h> #include <unistd.h> #include <utility> #include <vector> #include "base/check_op.h" #include "base/files/scoped_file.h" #include "base/notreached.h" #include "base/posix/eintr_wrapper.h" #include "base/posix/unix_domain_socket.h" #include "base/process/process.h" #include "sandbox/linux/services/syscall_wrappers.h" #include "sandbox/linux/tests/unit_tests.h" // Additional tests for base's UnixDomainSocket to make sure it behaves // correctly in the presence of sandboxing functionality (e.g., receiving // PIDs across namespaces). namespace sandbox { namespace { const char kHello[] = …; // If the calling process isn't root, then try using unshare(CLONE_NEWUSER) // to fake it. void FakeRoot() { … } void WaitForExit(pid_t pid) { … } base::ProcessId GetParentProcessId(base::ProcessId pid) { … } // SendHello sends a "hello" to socket fd, and then blocks until the recipient // acknowledges it by calling RecvHello. void SendHello(int fd) { … } // RecvHello receives and acknowledges a "hello" on socket fd, and returns the // process ID of the sender in sender_pid. Optionally, write_pipe can be used // to return a file descriptor, and the acknowledgement will be delayed until // the descriptor is closed. // (Implementation details: SendHello allocates a new pipe, sends us the writing // end alongside the "hello" message, and then blocks until we close the writing // end of the pipe.) void RecvHello(int fd, base::ProcessId* sender_pid, base::ScopedFD* write_pipe = NULL) { … } // Check that receiving PIDs works across a fork(). SANDBOX_TEST(UnixDomainSocketTest, Fork) { … } // Similar to Fork above, but forking the child into a new pid namespace. SANDBOX_TEST(UnixDomainSocketTest, Namespace) { … } // Again similar to Fork, but now with nested PID namespaces. SANDBOX_TEST(UnixDomainSocketTest, DoubleNamespace) { … } // Tests that GetPeerPid() returns 0 if the peer does not exist in caller's // namespace. SANDBOX_TEST(UnixDomainSocketTest, ImpossiblePid) { … } } // namespace } // namespace sandbox
Codebase Browser
chromium