setuid_sandbox_client_unittest.cc revision 5821806d5e7f356e8fa4b058a389a808ea183019
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/environment.h" 6#include "base/logging.h" 7#include "base/memory/scoped_ptr.h" 8#include "base/string_number_conversions.h" 9#include "testing/gtest/include/gtest/gtest.h" 10 11#include "sandbox/linux/suid/common/sandbox.h" 12#include "setuid_sandbox_client.h" 13 14namespace sandbox { 15 16TEST(SetuidSandboxClient, SetupLaunchEnvironment) { 17 const char kTestValue[] = "This is a test"; 18 scoped_ptr<base::Environment> env(base::Environment::Create()); 19 EXPECT_TRUE(env != NULL); 20 21 std::string saved_ld_preload; 22 bool environment_had_ld_preload; 23 // First, back-up the real LD_PRELOAD if any. 24 environment_had_ld_preload = env->GetVar("LD_PRELOAD", &saved_ld_preload); 25 // Setup environment variables to save or not save. 26 EXPECT_TRUE(env->SetVar("LD_PRELOAD", kTestValue)); 27 EXPECT_TRUE(env->UnSetVar("LD_ORIGIN_PATH")); 28 29 scoped_ptr<SetuidSandboxClient> 30 sandbox_client(SetuidSandboxClient::Create()); 31 EXPECT_TRUE(sandbox_client != NULL); 32 33 // Make sure the environment is clean. 34 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiRequest)); 35 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiProvides)); 36 37 sandbox_client->SetupLaunchEnvironment(); 38 39 // Check if the requested API environment was set. 40 std::string api_request; 41 EXPECT_TRUE(env->GetVar(kSandboxEnvironmentApiRequest, &api_request)); 42 int api_request_num; 43 EXPECT_TRUE(base::StringToInt(api_request, &api_request_num)); 44 EXPECT_EQ(api_request_num, kSUIDSandboxApiNumber); 45 46 // Now check if LD_PRELOAD was saved to SANDBOX_LD_PRELOAD. 47 std::string sandbox_ld_preload; 48 EXPECT_TRUE(env->GetVar("SANDBOX_LD_PRELOAD", &sandbox_ld_preload)); 49 EXPECT_EQ(sandbox_ld_preload, kTestValue); 50 51 // Check that LD_ORIGIN_PATH was not saved. 52 EXPECT_FALSE(env->HasVar("SANDBOX_LD_ORIGIN_PATH")); 53 54 // We should not forget to restore LD_PRELOAD at the end, or this environment 55 // variable will affect the next running tests! 56 if (environment_had_ld_preload) { 57 EXPECT_TRUE(env->SetVar("LD_PRELOAD", saved_ld_preload)); 58 } else { 59 EXPECT_TRUE(env->UnSetVar("LD_PRELOAD")); 60 } 61} 62 63TEST(SetuidSandboxClient, SandboxedClientAPI) { 64 scoped_ptr<base::Environment> env(base::Environment::Create()); 65 EXPECT_TRUE(env != NULL); 66 67 scoped_ptr<SetuidSandboxClient> 68 sandbox_client(SetuidSandboxClient::Create()); 69 EXPECT_TRUE(sandbox_client != NULL); 70 71 // Set-up a fake environment as if we went through the setuid sandbox. 72 EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides, 73 base::IntToString(kSUIDSandboxApiNumber))); 74 EXPECT_TRUE(env->SetVar(kSandboxDescriptorEnvironmentVarName, "1")); 75 EXPECT_TRUE(env->SetVar(kSandboxPIDNSEnvironmentVarName, "1")); 76 EXPECT_TRUE(env->UnSetVar(kSandboxNETNSEnvironmentVarName)); 77 78 // Check the API. 79 EXPECT_TRUE(sandbox_client->IsSuidSandboxUpToDate()); 80 EXPECT_TRUE(sandbox_client->IsSuidSandboxChild()); 81 EXPECT_TRUE(sandbox_client->IsInNewPIDNamespace()); 82 EXPECT_FALSE(sandbox_client->IsInNewNETNamespace()); 83 84 // Forge an incorrect API version and check. 85 EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides, 86 base::IntToString(kSUIDSandboxApiNumber + 1))); 87 EXPECT_FALSE(sandbox_client->IsSuidSandboxUpToDate()); 88 // We didn't go through the actual sandboxing mechanism as it is 89 // very hard in a unit test. 90 EXPECT_FALSE(sandbox_client->IsSandboxed()); 91} 92 93} // namespace sandbox 94 95