// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "sandbox/linux/syscall_broker/broker_process.h" #include <errno.h> #include <fcntl.h> #include <poll.h> #include <stddef.h> #include <sys/inotify.h> #include <sys/resource.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> #include <algorithm> #include <memory> #include <string> #include <string_view> #include <vector> #include "base/containers/flat_map.h" #include "base/containers/flat_set.h" #include "base/files/file_util.h" #include "base/files/scoped_file.h" #include "base/files/scoped_temp_dir.h" #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/logging.h" #include "base/posix/eintr_wrapper.h" #include "base/posix/unix_domain_socket.h" #include "base/strings/string_number_conversions.h" #include "base/strings/stringprintf.h" #include "build/build_config.h" #include "sandbox/linux/syscall_broker/broker_client.h" #include "sandbox/linux/syscall_broker/broker_command.h" #include "sandbox/linux/tests/scoped_temporary_file.h" #include "sandbox/linux/tests/test_utils.h" #include "sandbox/linux/tests/unit_tests.h" #include "testing/gtest/include/gtest/gtest.h" namespace sandbox { namespace syscall_broker { BrokerType; class BrokerProcessTestHelper { … }; namespace { // Our fake errno must be less than 255 or various libc implementations will // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc // and musl up to 4096. constexpr int kFakeErrnoSentinel = …; bool NoOpCallback(const BrokerSandboxConfig&) { … } } // namespace TEST(BrokerProcess, CreateAndDestroy) { … } TEST(BrokerProcess, TestOpenAccessNull) { … } void TestOpenFilePerms(bool fast_check_in_client, int denied_errno) { … } // Run the same thing twice. The second time, we make sure that no security // check is performed on the client. TEST(BrokerProcess, OpenFilePermsWithClientCheck) { … } TEST(BrokerProcess, OpenOpenFilePermsNoClientCheck) { … } // Run the same twice again, but with ENOENT instead of EPERM. TEST(BrokerProcess, OpenFilePermsWithClientCheckNoEnt) { … } TEST(BrokerProcess, OpenOpenFilePermsNoClientCheckNoEnt) { … } void TestBadPaths(bool fast_check_in_client) { … } TEST(BrokerProcess, BadPathsClientCheck) { … } TEST(BrokerProcess, BadPathsNoClientCheck) { … } void TestOpenCpuinfo(bool fast_check_in_client, bool recursive) { … } // Run this test 4 times. With and without the check in client // and using a recursive path. TEST(BrokerProcess, OpenCpuinfoWithClientCheck) { … } TEST(BrokerProcess, OpenCpuinfoNoClientCheck) { … } TEST(BrokerProcess, OpenCpuinfoWithClientCheckRecursive) { … } TEST(BrokerProcess, OpenCpuinfoNoClientCheckRecursive) { … } TEST(BrokerProcess, OpenFileRW) { … } // SANDBOX_TEST because the process could die with a SIGPIPE // and we want this to happen in a subprocess. SANDBOX_TEST(BrokerProcess, BrokerDied) { … } void TestOpenComplexFlags(bool fast_check_in_client) { … } TEST(BrokerProcess, OpenComplexFlagsWithClientCheck) { … } TEST(BrokerProcess, OpenComplexFlagsNoClientCheck) { … } #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) // Flaky on Linux NG bots: https://crbug.com/595199. #define MAYBE_RecvMsgDescriptorLeak … #else #define MAYBE_RecvMsgDescriptorLeak … #endif // We need to allow noise because the broker will log when it receives our // bogus IPCs. SANDBOX_TEST_ALLOW_NOISE(BrokerProcess, MAYBE_RecvMsgDescriptorLeak) { … } bool CloseFD(int fd, const syscall_broker::BrokerSandboxConfig&) { … } // Return true if the other end of the |reader| pipe was closed, // false if |timeout_in_seconds| was reached or another event // or error occured. bool WaitForClosedPipeWriter(int reader, int timeout_in_ms) { … } // Closing the broker client's IPC channel should terminate the broker // process. TEST(BrokerProcess, BrokerDiesOnClosedChannel) { … } void TestRewriteProcSelfHelper(bool fast_check_in_client) { … } TEST(BrokerProcess, RewriteProcSelfClient) { … } TEST(BrokerProcess, RewriteProcSelfHost) { … } TEST(BrokerProcess, CreateFile) { … } void TestStatHelper(bool fast_check_in_client, bool follow_links) { … } TEST(BrokerProcess, StatFileClient) { … } TEST(BrokerProcess, StatFileHost) { … } void TestRenameHelper(bool fast_check_in_client) { … } TEST(BrokerProcess, RenameFileClient) { … } TEST(BrokerProcess, RenameFileHost) { … } void TestReadlinkHelper(bool fast_check_in_client) { … } TEST(BrokerProcess, ReadlinkFileClient) { … } TEST(BrokerProcess, ReadlinkFileHost) { … } void TestMkdirHelper(bool fast_check_in_client) { … } TEST(BrokerProcess, MkdirClient) { … } TEST(BrokerProcess, MkdirHost) { … } void TestRmdirHelper(bool fast_check_in_client) { … } TEST(BrokerProcess, RmdirClient) { … } TEST(BrokerProcess, RmdirHost) { … } // Will have to split this into many tests, and the "cleanup" will have ASSERTs. void TestUnlinkHelper(bool fast_check_in_client) { … } TEST(BrokerProcess, UnlinkClient) { … } TEST(BrokerProcess, UnlinkHost) { … } void TestInotifyAddWatchHelper(bool fast_check_in_client) { … } TEST(BrokerProcess, InotifyAddWatchClient) { … } TEST(BrokerProcess, InotifyAddWatchHost) { … } TEST(BrokerProcess, IsSyscallAllowed) { … } } // namespace syscall_broker } // namespace sandbox
Codebase Browser
chromium