Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / ppapi / proxy / nacl_message_scanner_unittest.cc
blob41b1e016335f0e37df3a9a76fd6fe3b2882dde9b
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "ipc/ipc_message.h"
6 #include "ppapi/proxy/nacl_message_scanner.h"
7 #include "ppapi/proxy/ppapi_messages.h"
8 #include "ppapi/proxy/ppapi_proxy_test.h"
9 #include "ppapi/proxy/serialized_handle.h"
10 #include "ppapi/shared_impl/host_resource.h"
12 namespace ppapi {
13 namespace proxy {
15 namespace {
16 const PP_Resource kInvalidResource = 0;
17 const PP_Resource kFileSystem = 1;
18 const PP_Resource kFileIO = 2;
19 const int64_t kQuotaReservationAmount = 100;
22 class NaClMessageScannerTest : public PluginProxyTest {
23 public:
24 NaClMessageScannerTest() {}
26 NaClMessageScanner::FileSystem* FindFileSystem(
27 const NaClMessageScanner& scanner,
28 PP_Resource file_system) {
29 NaClMessageScanner::FileSystemMap::const_iterator it =
30 scanner.file_systems_.find(file_system);
31 return (it != scanner.file_systems_.end()) ? it->second : NULL;
34 NaClMessageScanner::FileIO* FindFileIO(
35 const NaClMessageScanner& scanner,
36 PP_Resource file_io) {
37 NaClMessageScanner::FileIOMap::const_iterator it =
38 scanner.files_.find(file_io);
39 return (it != scanner.files_.end()) ? it->second : NULL;
42 void OpenQuotaFile(NaClMessageScanner* scanner,
43 PP_Resource file_io,
44 PP_Resource file_system) {
45 std::vector<SerializedHandle> unused_handles;
46 ResourceMessageReplyParams fio_reply_params(file_io, 0);
47 scoped_ptr<IPC::Message> new_msg_ptr;
48 scanner->ScanMessage(
49 PpapiPluginMsg_ResourceReply(
50 fio_reply_params,
51 PpapiPluginMsg_FileIO_OpenReply(file_system, 0)),
52 PpapiPluginMsg_ResourceReply::ID,
53 &unused_handles,
54 &new_msg_ptr);
55 EXPECT_FALSE(new_msg_ptr);
59 TEST_F(NaClMessageScannerTest, FileOpenClose) {
60 NaClMessageScanner test;
61 std::vector<SerializedHandle> unused_handles;
62 ResourceMessageCallParams fio_call_params(kFileIO, 0);
63 ResourceMessageCallParams fs_call_params(kFileSystem, 0);
64 ResourceMessageReplyParams fio_reply_params(kFileIO, 0);
65 ResourceMessageReplyParams fs_reply_params(kFileSystem, 0);
66 scoped_ptr<IPC::Message> new_msg_ptr;
68 EXPECT_EQ(NULL, FindFileSystem(test, kFileSystem));
69 EXPECT_EQ(NULL, FindFileIO(test, kFileIO));
71 // Open a file, not in a quota file system.
72 test.ScanMessage(
73 PpapiPluginMsg_ResourceReply(
74 fio_reply_params,
75 PpapiPluginMsg_FileIO_OpenReply(kInvalidResource, 0)),
76 PpapiPluginMsg_ResourceReply::ID,
77 &unused_handles,
78 &new_msg_ptr);
79 EXPECT_FALSE(new_msg_ptr);
80 EXPECT_FALSE(FindFileSystem(test, kFileSystem));
81 EXPECT_FALSE(FindFileIO(test, kFileIO));
83 // Open a file in a quota file system; info objects for it and its file system
84 // should be created.
85 OpenQuotaFile(&test, kFileIO, kFileSystem);
86 NaClMessageScanner::FileSystem* fs = FindFileSystem(test, kFileSystem);
87 NaClMessageScanner::FileIO* fio = FindFileIO(test, kFileIO);
88 EXPECT_TRUE(fs);
89 EXPECT_EQ(0, fs->reserved_quota());
90 EXPECT_TRUE(fio);
91 EXPECT_EQ(0, fio->max_written_offset());
93 const int64_t kNewFileSize = 10;
94 fio->SetMaxWrittenOffset(kNewFileSize);
96 // We should not be able to under-report max_written_offset when closing.
97 test.ScanUntrustedMessage(
98 PpapiHostMsg_ResourceCall(
99 fio_call_params,
100 PpapiHostMsg_FileIO_Close(FileGrowth(0, 0))),
101 &new_msg_ptr);
102 EXPECT_TRUE(new_msg_ptr);
103 ResourceMessageCallParams call_params;
104 IPC::Message nested_msg;
105 FileGrowth file_growth;
106 EXPECT_TRUE(UnpackMessage<PpapiHostMsg_ResourceCall>(
107 *new_msg_ptr, &call_params, &nested_msg) &&
108 UnpackMessage<PpapiHostMsg_FileIO_Close>(
109 nested_msg, &file_growth));
110 new_msg_ptr.reset();
111 EXPECT_EQ(kNewFileSize, file_growth.max_written_offset);
112 EXPECT_FALSE(FindFileIO(test, kFileIO));
114 // Reopen the file.
115 OpenQuotaFile(&test, kFileIO, kFileSystem);
116 fio = FindFileIO(test, kFileIO);
117 fio->SetMaxWrittenOffset(kNewFileSize);
119 // Close with correct max_written_offset.
120 test.ScanUntrustedMessage(
121 PpapiHostMsg_ResourceCall(
122 fio_call_params,
123 PpapiHostMsg_FileIO_Close(FileGrowth(kNewFileSize, 0))),
124 &new_msg_ptr);
125 EXPECT_FALSE(new_msg_ptr);
126 EXPECT_FALSE(FindFileIO(test, kFileIO));
128 // Destroy file system.
129 test.ScanUntrustedMessage(
130 PpapiHostMsg_ResourceCall(
131 fs_call_params,
132 PpapiHostMsg_ResourceDestroyed(kFileSystem)),
133 &new_msg_ptr);
134 EXPECT_FALSE(FindFileSystem(test, kFileSystem));
137 TEST_F(NaClMessageScannerTest, QuotaAuditing) {
138 NaClMessageScanner test;
139 std::vector<SerializedHandle> unused_handles;
140 ResourceMessageCallParams fio_call_params(kFileIO, 0);
141 ResourceMessageCallParams fs_call_params(kFileSystem, 0);
142 ResourceMessageReplyParams fio_reply_params(kFileIO, 0);
143 ResourceMessageReplyParams fs_reply_params(kFileSystem, 0);
144 scoped_ptr<IPC::Message> new_msg_ptr;
146 OpenQuotaFile(&test, kFileIO, kFileSystem);
147 NaClMessageScanner::FileSystem* fs = FindFileSystem(test, kFileSystem);
148 NaClMessageScanner::FileIO* fio = FindFileIO(test, kFileIO);
149 EXPECT_TRUE(fs);
150 EXPECT_EQ(0, fs->reserved_quota());
151 EXPECT_TRUE(fio);
152 EXPECT_EQ(0, fio->max_written_offset());
154 // Without reserving quota, we should not be able to grow the file.
155 EXPECT_FALSE(fio->Grow(1));
156 EXPECT_EQ(0, fs->reserved_quota());
157 EXPECT_EQ(0, fio->max_written_offset());
159 // Receive reserved quota, and updated file sizes.
160 const int64_t kNewFileSize = 10;
161 FileSizeMap file_sizes;
162 file_sizes[kFileIO] = kNewFileSize;
163 test.ScanMessage(
164 PpapiPluginMsg_ResourceReply(
165 fs_reply_params,
166 PpapiPluginMsg_FileSystem_ReserveQuotaReply(
167 kQuotaReservationAmount,
168 file_sizes)),
169 PpapiPluginMsg_ResourceReply::ID,
170 &unused_handles,
171 &new_msg_ptr);
172 EXPECT_FALSE(new_msg_ptr);
173 EXPECT_EQ(kQuotaReservationAmount, fs->reserved_quota());
174 EXPECT_EQ(kNewFileSize, fio->max_written_offset());
176 // We should be able to grow the file within quota.
177 EXPECT_TRUE(fio->Grow(1));
178 EXPECT_EQ(kQuotaReservationAmount - 1, fs->reserved_quota());
179 EXPECT_EQ(kNewFileSize + 1, fio->max_written_offset());
181 // We should not be able to grow the file over quota.
182 EXPECT_FALSE(fio->Grow(kQuotaReservationAmount));
183 EXPECT_EQ(kQuotaReservationAmount - 1, fs->reserved_quota());
184 EXPECT_EQ(kNewFileSize + 1, fio->max_written_offset());
186 // Plugin should not under-report max written offsets when reserving quota.
187 file_sizes[kFileIO] = 0; // should be kNewFileSize + 1.
188 test.ScanUntrustedMessage(
189 PpapiHostMsg_ResourceCall(
190 fio_call_params,
191 PpapiHostMsg_FileSystem_ReserveQuota(
192 kQuotaReservationAmount,
193 FileSizeMapToFileGrowthMapForTesting(file_sizes))),
194 &new_msg_ptr);
195 EXPECT_TRUE(new_msg_ptr);
196 ResourceMessageCallParams call_params;
197 IPC::Message nested_msg;
198 int64_t amount = 0;
199 FileGrowthMap new_file_growths;
200 EXPECT_TRUE(UnpackMessage<PpapiHostMsg_ResourceCall>(
201 *new_msg_ptr, &call_params, &nested_msg) &&
202 UnpackMessage<PpapiHostMsg_FileSystem_ReserveQuota>(
203 nested_msg, &amount, &new_file_growths));
204 new_msg_ptr.reset();
205 EXPECT_EQ(kQuotaReservationAmount, amount);
206 EXPECT_EQ(kNewFileSize + 1, new_file_growths[kFileIO].max_written_offset);
209 TEST_F(NaClMessageScannerTest, SetLength) {
210 NaClMessageScanner test;
211 std::vector<SerializedHandle> unused_handles;
212 ResourceMessageCallParams fio_call_params(kFileIO, 0);
213 ResourceMessageCallParams fs_call_params(kFileSystem, 0);
214 ResourceMessageReplyParams fio_reply_params(kFileIO, 0);
215 ResourceMessageReplyParams fs_reply_params(kFileSystem, 0);
216 scoped_ptr<IPC::Message> new_msg_ptr;
218 OpenQuotaFile(&test, kFileIO, kFileSystem);
219 NaClMessageScanner::FileSystem* fs = FindFileSystem(test, kFileSystem);
220 NaClMessageScanner::FileIO* fio = FindFileIO(test, kFileIO);
222 // Receive reserved quota, and updated file sizes.
223 const int64_t kNewFileSize = 10;
224 FileSizeMap file_sizes;
225 file_sizes[kFileIO] = 0;
226 test.ScanMessage(
227 PpapiPluginMsg_ResourceReply(
228 fs_reply_params,
229 PpapiPluginMsg_FileSystem_ReserveQuotaReply(
230 kQuotaReservationAmount,
231 file_sizes)),
232 PpapiPluginMsg_ResourceReply::ID,
233 &unused_handles,
234 &new_msg_ptr);
236 // We should be able to SetLength within quota.
237 test.ScanUntrustedMessage(
238 PpapiHostMsg_ResourceCall(
239 fio_call_params,
240 PpapiHostMsg_FileIO_SetLength(kNewFileSize)),
241 &new_msg_ptr);
242 EXPECT_FALSE(new_msg_ptr);
243 EXPECT_EQ(kQuotaReservationAmount - kNewFileSize, fs->reserved_quota());
244 EXPECT_EQ(kNewFileSize, fio->max_written_offset());
246 // We shouldn't be able to SetLength beyond quota. The message should be
247 // rewritten to fail with length == -1.
248 test.ScanUntrustedMessage(
249 PpapiHostMsg_ResourceCall(
250 fio_call_params,
251 PpapiHostMsg_FileIO_SetLength(kQuotaReservationAmount + 1)),
252 &new_msg_ptr);
253 EXPECT_TRUE(new_msg_ptr);
254 ResourceMessageCallParams call_params;
255 IPC::Message nested_msg;
256 int64_t length = 0;
257 EXPECT_TRUE(UnpackMessage<PpapiHostMsg_ResourceCall>(
258 *new_msg_ptr, &call_params, &nested_msg) &&
259 UnpackMessage<PpapiHostMsg_FileIO_SetLength>(
260 nested_msg, &length));
261 new_msg_ptr.reset();
262 EXPECT_EQ(-1, length);
263 EXPECT_EQ(kQuotaReservationAmount - kNewFileSize, fs->reserved_quota());
264 EXPECT_EQ(kNewFileSize, fio->max_written_offset());
267 } // namespace proxy
268 } // namespace ppapi