security_SandboxStatus.py revision 40f2187948887ad8e782fa4f28fba98b83f7818c 
17f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
27f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar# Use of this source code is governed by a BSD-style license that can be
37f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar# found in the LICENSE file.
47f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
5f6fcbb7405686dd0dc46884435a9ee3fa835f2abJorge Lucangeli Obesimport re
6132d1f71fbc53f15a50bb2e5b739614e05abf230Jorge Lucangeli Obes
7437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkarfrom autotest_lib.client.bin import test, utils
87f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkarfrom autotest_lib.client.common_lib import error
97f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkarfrom autotest_lib.client.common_lib.cros import chrome
107f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkarfrom telemetry.core import exceptions
117f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
127f2338c4c27f543d594d134aee7764cc49ccf88aAchuith BhandarkarSANDBOXES = [u'SUID Sandbox',
13f6fcbb7405686dd0dc46884435a9ee3fa835f2abJorge Lucangeli Obes             u'\xa0\xa0PID name ?spaces',
147f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar             u'\xa0\xa0Network namespaces',
157f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar             u'Seccomp-BPF sandbox']
167f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
1740f2187948887ad8e782fa4f28fba98b83f7818cAchuith Bhandarkarclass security_SandboxStatus(test.test):
187f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar    """Verify sandbox status."""
197f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar    version = 1
207f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
217f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
22437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar    def _EvaluateJavaScript(self, js):
23437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar        '''Evaluates js, returns None if an exception was thrown.'''
24437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar
25437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar        try:
26437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar            return self._tab.EvaluateJavaScript(js)
27437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar        except exceptions.EvaluateException:
28437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar            return None
29437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar
307f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar    def _TableEntry(self, row, column):
317f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        '''Fetches table cell text content corresponding to row, column.'''
327f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
337f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        table_js = ("document.getElementsByTagName('table')[0]."
347f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar                    "rows[%d].cells[%d].textContent" % (row, column))
35437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar        return utils.poll_for_condition(
36437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar                lambda: self._EvaluateJavaScript(table_js),
3739d873f13ddfefa607e3557b520514253a451d9dJorge Lucangeli Obes                exception=error.TestError(
38437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar                       'Failed to evaluate in chrome://sandbox "%s"'
39437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar                        % table_js),
40437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar                timeout=30)
417f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
427f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
437f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar    def _CheckRowName(self, row, expected_name):
447f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        '''Ensures the name of the row is as we expect.'''
457f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
467f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        actual_name = self._TableEntry(row, 0)
47f6fcbb7405686dd0dc46884435a9ee3fa835f2abJorge Lucangeli Obes        if not re.match(expected_name, actual_name):
48f6fcbb7405686dd0dc46884435a9ee3fa835f2abJorge Lucangeli Obes            raise error.TestFail('Expected row %d to be "%s", found "%s"'
49f6fcbb7405686dd0dc46884435a9ee3fa835f2abJorge Lucangeli Obes                                 % (row, expected_name, actual_name))
507f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
517f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
527f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar    def _CheckRowNames(self, expected_names):
537f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        for row in range(len(expected_names)):
547f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar            self._CheckRowName(row, expected_names[row])
557f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
567f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
577f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar    def _CheckRowValues(self, num_rows):
587f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        '''Ensures all sandboxes are on.'''
597f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
607f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        for row in range(num_rows):
617f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar            value = self._TableEntry(row, 1)
627f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar            if value != "Yes":
637f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar                name = self._TableEntry(row, 0)
64f6fcbb7405686dd0dc46884435a9ee3fa835f2abJorge Lucangeli Obes                raise error.TestFail('"%s" enabled = "%s"' % (name, value))
657f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
667f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
677f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar    def _CheckGPUCell(self, cell, content, error_msg):
687f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        '''Checks the content of the cells in the GPU sandbox row.'''
697f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
707f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        gpu_js = ("document.getElementsByTagName('table')"
717f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar                  "[1].rows[1].cells[%d].textContent" % cell)
727f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        try:
73437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar            res = utils.poll_for_condition(
74437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar                    lambda: self._EvaluateJavaScript(gpu_js),
75437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar                    timeout=30)
76437b235360e63d2b94590e8bfb7ac0b4f29f4e4aAchuith Bhandarkar        except utils.TimeoutError:
7739d873f13ddfefa607e3557b520514253a451d9dJorge Lucangeli Obes            raise error.TestError('Failed to evaluate in chrome://gpu "%s"'
7839d873f13ddfefa607e3557b520514253a451d9dJorge Lucangeli Obes                                  % gpu_js)
79132d1f71fbc53f15a50bb2e5b739614e05abf230Jorge Lucangeli Obes
807f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar        if res.find(content) == -1:
8139d873f13ddfefa607e3557b520514253a451d9dJorge Lucangeli Obes            raise error.TestFail(error_msg)
827f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
837f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
847f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar    def run_once(self):
8557c75076df269ecd843ad246c7deb4f360db8532Achuith Bhandarkar        with chrome.Chrome() as cr:
867f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar            self._tab = cr.browser.tabs[0]
877f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar            self._tab.Navigate('chrome://sandbox')
887f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar            self._CheckRowNames(SANDBOXES)
897f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar            self._CheckRowValues(len(SANDBOXES))
907f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar
917f2338c4c27f543d594d134aee7764cc49ccf88aAchuith Bhandarkar            self._tab.Navigate('chrome://gpu')
9239d873f13ddfefa607e3557b520514253a451d9dJorge Lucangeli Obes            self._CheckGPUCell(0, 'Sandboxed',
9339d873f13ddfefa607e3557b520514253a451d9dJorge Lucangeli Obes                               'Could not locate "Sandboxed" row in table')
9439d873f13ddfefa607e3557b520514253a451d9dJorge Lucangeli Obes            self._CheckGPUCell(1, 'true', 'GPU not sandboxed')
95