Permission message rules: Each rule must have >= 1 required permissions
[chromium-blink-merge.git] / sandbox / linux / seccomp-bpf / sandbox_bpf_unittest.cc
blob580cad2525c8f9efb68999c7637158a14e097aab
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
7 #include <fcntl.h>
8 #include <unistd.h>
10 #include <iostream>
12 #include "base/files/scoped_file.h"
13 #include "base/posix/eintr_wrapper.h"
14 #include "sandbox/linux/tests/unit_tests.h"
15 #include "testing/gtest/include/gtest/gtest.h"
17 namespace sandbox {
18 namespace {
20 // NOTE: most tests for the SandboxBPF class are currently in
21 // integration_tests/.
23 TEST(SandboxBPF, CreateDestroy) {
24 // Give an opportunity to dynamic tools to perform some simple testing.
25 SandboxBPF sandbox(nullptr);
26 SandboxBPF* sandbox_ptr = new SandboxBPF(nullptr);
27 delete sandbox_ptr;
30 // This test should execute no matter whether we have kernel support. So,
31 // we make it a TEST() instead of a BPF_TEST().
32 TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupports)) {
33 // We check that we don't crash, but it's ok if the kernel doesn't
34 // support it.
35 bool seccomp_bpf_supported = SandboxBPF::SupportsSeccompSandbox(
36 SandboxBPF::SeccompLevel::SINGLE_THREADED);
37 bool seccomp_bpf_tsync_supported = SandboxBPF::SupportsSeccompSandbox(
38 SandboxBPF::SeccompLevel::MULTI_THREADED);
39 // We want to log whether or not seccomp BPF is actually supported
40 // since actual test coverage depends on it.
41 std::cout << "Seccomp BPF supported (single thread): "
42 << (seccomp_bpf_supported ? "true." : "false.") << "\n";
43 std::cout << "Seccomp BPF supported (multi thread): "
44 << (seccomp_bpf_tsync_supported ? "true." : "false.") << "\n";
45 std::cout << "Pointer size: " << sizeof(void*) << "\n";
48 SANDBOX_TEST(SandboxBPF, DISABLE_ON_TSAN(CallSupportsTwice)) {
49 bool single1 = SandboxBPF::SupportsSeccompSandbox(
50 SandboxBPF::SeccompLevel::SINGLE_THREADED);
51 bool single2 = SandboxBPF::SupportsSeccompSandbox(
52 SandboxBPF::SeccompLevel::SINGLE_THREADED);
53 ASSERT_EQ(single1, single2);
54 bool multi1 = SandboxBPF::SupportsSeccompSandbox(
55 SandboxBPF::SeccompLevel::MULTI_THREADED);
56 bool multi2 = SandboxBPF::SupportsSeccompSandbox(
57 SandboxBPF::SeccompLevel::MULTI_THREADED);
58 ASSERT_EQ(multi1, multi2);
60 // Multi threaded support implies single threaded support.
61 if (multi1) {
62 ASSERT_TRUE(single1);
66 TEST(SandboxBPF, ProcTaskFdDescriptorGetsClosed) {
67 int pipe_fds[2];
68 ASSERT_EQ(0, pipe(pipe_fds));
69 base::ScopedFD read_end(pipe_fds[0]);
70 base::ScopedFD write_end(pipe_fds[1]);
73 SandboxBPF sandbox(nullptr);
74 sandbox.SetProcFd(write_end.Pass());
77 ASSERT_EQ(0, fcntl(read_end.get(), F_SETFL, O_NONBLOCK));
78 char c;
79 // Check that the sandbox closed the write_end (read will EOF instead of
80 // returning EWOULDBLOCK).
81 ASSERT_EQ(0, read(read_end.get(), &c, 1));
84 } // namespace
85 } // sandbox