1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
6 * TestFixture for SUID Sandbox testing.
7 * @extends {testing.Test}
10 function SandboxStatusUITest() {}
12 SandboxStatusUITest.prototype = {
13 __proto__: testing.Test.prototype,
15 * Browse to the options page & call our preLoad().
17 browsePreload: 'chrome://sandbox',
21 // This test is for Linux only.
23 // - If failures of this test are a problem on a bot under your care,
24 // the proper way to address such failures is to install the SUID
26 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
27 // - PLEASE DO NOT GLOBALLY DISABLE THIS TEST.
28 // SUID sandbox is currently incompatible with AddressSanitizer,
29 // see http://crbug.com/137653.
30 GEN('#if defined(OS_LINUX) && !defined(ADDRESS_SANITIZER)');
31 GEN('# define MAYBE_testSUIDorNamespaceSandboxEnabled \\');
32 GEN(' testSUIDorNamespaceSandboxEnabled');
34 GEN('# define MAYBE_testSUIDorNamespaceSandboxEnabled \\');
35 GEN(' DISABLED_testSUIDorNamespaceSandboxEnabled');
39 * Test if the SUID sandbox is enabled.
41 TEST_F('SandboxStatusUITest',
42 'MAYBE_testSUIDorNamespaceSandboxEnabled', function() {
43 var namespaceyesstring = 'Namespace Sandbox\tYes';
44 var namespacenostring = 'Namespace Sandbox\tNo';
45 var suidyesstring = 'SUID Sandbox\tYes';
46 var suidnostring = 'SUID Sandbox\tNo';
48 var suidyes = document.body.innerText.match(suidyesstring);
49 var suidno = document.body.innerText.match(suidnostring);
50 var namespaceyes = document.body.innerText.match(namespaceyesstring);
51 var namespaceno = document.body.innerText.match(namespacenostring);
53 // Exactly one of the namespace or suid sandbox should be enabled.
54 expectTrue(suidyes !== null || namespaceyes !== null);
55 expectFalse(suidyes !== null && namespaceyes !== null);
57 if (namespaceyes !== null) {
58 expectEquals(null, namespaceno);
59 expectEquals(namespaceyesstring, namespaceyes[0]);
62 if (suidyes !== null) {
63 expectEquals(null, suidno);
64 expectEquals(suidyesstring, suidyes[0]);
68 // The seccomp-bpf sandbox is also not compatible with ASAN.
69 GEN('#if !defined(OS_LINUX) || defined(ADDRESS_SANITIZER)');
70 GEN('# define MAYBE_testBPFSandboxEnabled \\');
71 GEN(' DISABLED_testBPFSandboxEnabled');
73 GEN('# define MAYBE_testBPFSandboxEnabled \\');
74 GEN(' testBPFSandboxEnabled');
78 * Test if the seccomp-bpf sandbox is enabled.
80 TEST_F('SandboxStatusUITest', 'MAYBE_testBPFSandboxEnabled', function() {
81 var bpfyesstring = 'Seccomp-BPF sandbox\tYes';
82 var bpfnostring = 'Seccomp-BPF sandbox\tNo';
83 var bpfyes = document.body.innerText.match(bpfyesstring);
84 var bpfno = document.body.innerText.match(bpfnostring);
86 expectEquals(null, bpfno);
87 assertFalse(bpfyes === null);
88 expectEquals(bpfyesstring, bpfyes[0]);
92 * TestFixture for GPU Sandbox testing.
93 * @extends {testing.Test}
96 function GPUSandboxStatusUITest() {}
98 GPUSandboxStatusUITest.prototype = {
99 __proto__: testing.Test.prototype,
101 * Browse to the options page & call our preLoad().
103 browsePreload: 'chrome://gpu',
107 // This test is disabled because it can only pass on real hardware. We
108 // arrange for it to run on real hardware in specific configurations
109 // (such as Chrome OS hardware, via Autotest), then run it with
110 // --gtest_also_run_disabled_tests on those configurations.
113 * Test if the GPU sandbox is enabled.
115 TEST_F('GPUSandboxStatusUITest', 'DISABLED_testGPUSandboxEnabled', function() {
116 var gpuyesstring = 'Sandboxed\ttrue';
117 var gpunostring = 'Sandboxed\tfalse';
119 var observer = new MutationObserver(function(mutations) {
120 mutations.forEach(function(mutation) {
121 for (var i = 0; i < mutation.addedNodes.length; i++) {
122 // Here we can inspect each of the added nodes. We expect
123 // to find one that contains one of the GPU status strings.
124 var addedNode = mutation.addedNodes[i];
125 // Check for both. If it contains neither, it's an unrelated
126 // mutation event we don't care about. But if it contains one,
127 // pass or fail accordingly.
128 var gpuyes = addedNode.innerText.match(gpuyesstring);
129 var gpuno = addedNode.innerText.match(gpunostring);
130 if (gpuyes || gpuno) {
131 expectEquals(null, gpuno);
132 expectTrue(gpuyes && (gpuyes[0] == gpuyesstring));
138 observer.observe(document.getElementById('basic-info'), {childList: true});