// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sandbox/linux/syscall_broker/broker_file_permission.h" #include <fcntl.h> #include <string.h> #include <sys/inotify.h> #include <sys/stat.h> #include <sys/types.h> #include <unistd.h> #include "base/check.h" #include "base/notreached.h" #include "sandbox/linux/tests/test_utils.h" #include "sandbox/linux/tests/unit_tests.h" #include "testing/gtest/include/gtest/gtest.h" namespace sandbox { namespace syscall_broker { class BrokerFilePermissionTester { … }; namespace { // Creation tests are DEATH tests as a bad permission causes termination. SANDBOX_TEST(BrokerFilePermission, CreateGood) { … } SANDBOX_TEST(BrokerFilePermission, CreateGoodRecursive) { … } // In official builds, CHECK(x) causes a SIGTRAP on the architectures where the // sanbox is enabled (that are x86, x86_64, arm64 and 32-bit arm processes // running on a arm64 kernel). #if defined(OFFICIAL_BUILD) #define DEATH_BY_CHECK … #else #define DEATH_BY_CHECK(msg) … #endif SANDBOX_DEATH_TEST( BrokerFilePermission, CreateBad, DEATH_BY_CHECK(BrokerFilePermissionTester::GetErrorMessage())) { … } SANDBOX_DEATH_TEST( BrokerFilePermission, CreateBadRecursive, DEATH_BY_CHECK(BrokerFilePermissionTester::GetErrorMessage())) { … } SANDBOX_DEATH_TEST( BrokerFilePermission, CreateBadNotAbs, DEATH_BY_CHECK(BrokerFilePermissionTester::GetErrorMessage())) { … } SANDBOX_DEATH_TEST( BrokerFilePermission, CreateBadEmpty, DEATH_BY_CHECK(BrokerFilePermissionTester::GetErrorMessage())) { … } // CheckPerm tests |path| against |perm| given |access_flags|. // If |create| is true then file creation is tested for success. void CheckPerm(const BrokerFilePermission& perm, const char* path, int access_flags, bool create) { … } TEST(BrokerFilePermission, ReadOnly) { … } TEST(BrokerFilePermission, ReadOnlyRecursive) { … } // Explicit test for O_RDONLY|O_TRUNC, which should be denied due to // undefined behavior. TEST(BrokerFilePermission, ReadOnlyTruncate) { … } TEST(BrokerFilePermission, WriteOnly) { … } TEST(BrokerFilePermission, ReadWrite) { … } TEST(BrokerFilePermission, ReadWriteCreate) { … } void CheckUnlink(BrokerFilePermission& perm, const char* path, int access_flags) { … } TEST(BrokerFilePermission, ReadWriteCreateTemporaryRecursive) { … } TEST(BrokerFilePermission, StatOnlyWithIntermediateDirs) { … } TEST(BrokerFilePermission, InotifyAddWatchWithIntermediateDirs) { … } TEST(BrokerFilePermission, AllPermissions) { … } TEST(BrokerFilePermission, ValidatePath) { … } } // namespace } // namespace syscall_broker } // namespace sandbox
Codebase Browser
chromium