1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "sandbox/mac/policy.h" 6 7#include "testing/gtest/include/gtest/gtest.h" 8 9namespace sandbox { 10 11TEST(PolicyTest, ValidEmptyPolicy) { 12 EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy())); 13} 14 15TEST(PolicyTest, ValidPolicy) { 16 BootstrapSandboxPolicy policy; 17 policy.rules["allow"] = Rule(POLICY_ALLOW); 18 policy.rules["deny_error"] = Rule(POLICY_DENY_ERROR); 19 policy.rules["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT); 20 policy.rules["substitue"] = Rule(mach_task_self()); 21 EXPECT_TRUE(IsPolicyValid(policy)); 22} 23 24TEST(PolicyTest, InvalidPolicyEmptyRule) { 25 Rule rule; 26 BootstrapSandboxPolicy policy; 27 policy.rules["test"] = rule; 28 EXPECT_FALSE(IsPolicyValid(policy)); 29} 30 31TEST(PolicyTest, InvalidPolicySubstitue) { 32 Rule rule(POLICY_SUBSTITUTE_PORT); 33 BootstrapSandboxPolicy policy; 34 policy.rules["test"] = rule; 35 EXPECT_FALSE(IsPolicyValid(policy)); 36} 37 38TEST(PolicyTest, InvalidPolicyWithPortAllow) { 39 Rule rule(POLICY_ALLOW); 40 rule.substitute_port = mach_task_self(); 41 BootstrapSandboxPolicy policy; 42 policy.rules["allow"] = rule; 43 EXPECT_FALSE(IsPolicyValid(policy)); 44} 45 46TEST(PolicyTest, InvalidPolicyWithPortDenyError) { 47 Rule rule(POLICY_DENY_ERROR); 48 rule.substitute_port = mach_task_self(); 49 BootstrapSandboxPolicy policy; 50 policy.rules["deny_error"] = rule; 51 EXPECT_FALSE(IsPolicyValid(policy)); 52} 53 54TEST(PolicyTest, InvalidPolicyWithPortDummy) { 55 Rule rule(POLICY_DENY_DUMMY_PORT); 56 rule.substitute_port = mach_task_self(); 57 BootstrapSandboxPolicy policy; 58 policy.rules["deny_dummy"] = rule; 59 EXPECT_FALSE(IsPolicyValid(policy)); 60} 61 62TEST(PolicyTest, InvalidPolicyDefaultRule) { 63 BootstrapSandboxPolicy policy; 64 policy.default_rule = Rule(); 65 EXPECT_FALSE(IsPolicyValid(policy)); 66} 67 68TEST(PolicyTest, InvalidPolicyDefaultRuleSubstitue) { 69 BootstrapSandboxPolicy policy; 70 policy.default_rule = Rule(POLICY_SUBSTITUTE_PORT); 71 EXPECT_FALSE(IsPolicyValid(policy)); 72} 73 74TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortAllow) { 75 Rule rule(POLICY_ALLOW); 76 rule.substitute_port = mach_task_self(); 77 BootstrapSandboxPolicy policy; 78 policy.default_rule = rule; 79 EXPECT_FALSE(IsPolicyValid(policy)); 80} 81 82TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDenyError) { 83 Rule rule(POLICY_DENY_ERROR); 84 rule.substitute_port = mach_task_self(); 85 BootstrapSandboxPolicy policy; 86 policy.default_rule = rule; 87 EXPECT_FALSE(IsPolicyValid(policy)); 88} 89 90TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDummy) { 91 Rule rule(POLICY_DENY_DUMMY_PORT); 92 rule.substitute_port = mach_task_self(); 93 BootstrapSandboxPolicy policy; 94 policy.default_rule = rule; 95 EXPECT_FALSE(IsPolicyValid(policy)); 96} 97 98} // namespace sandbox 99