sandbox/mac/policy_unittest.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/mac/policy.h"
   6
   7 #include "testing/gtest/include/gtest/gtest.h"
   8
   9 namespace sandbox {
  10
  11 TEST(PolicyTest, ValidEmptyPolicy) {
  12   EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy()));
  13 }
  14
  15 TEST(PolicyTest, ValidPolicy) {
  16   BootstrapSandboxPolicy policy;
  17   policy.rules["allow"] = Rule(POLICY_ALLOW);
  18   policy.rules["deny_error"] = Rule(POLICY_DENY_ERROR);
  19   policy.rules["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT);
  20   policy.rules["substitue"] = Rule(mach_task_self());
  21   EXPECT_TRUE(IsPolicyValid(policy));
  22 }
  23
  24 TEST(PolicyTest, InvalidPolicyEmptyRule) {
  25   Rule rule;
  26   BootstrapSandboxPolicy policy;
  27   policy.rules["test"] = rule;
  28   EXPECT_FALSE(IsPolicyValid(policy));
  29 }
  30
  31 TEST(PolicyTest, InvalidPolicySubstitue) {
  32   Rule rule(POLICY_SUBSTITUTE_PORT);
  33   BootstrapSandboxPolicy policy;
  34   policy.rules["test"] = rule;
  35   EXPECT_FALSE(IsPolicyValid(policy));
  36 }
  37
  38 TEST(PolicyTest, InvalidPolicyWithPortAllow) {
  39   Rule rule(POLICY_ALLOW);
  40   rule.substitute_port = mach_task_self();
  41   BootstrapSandboxPolicy policy;
  42   policy.rules["allow"] = rule;
  43   EXPECT_FALSE(IsPolicyValid(policy));
  44 }
  45
  46 TEST(PolicyTest, InvalidPolicyWithPortDenyError) {
  47   Rule rule(POLICY_DENY_ERROR);
  48   rule.substitute_port = mach_task_self();
  49   BootstrapSandboxPolicy policy;
  50   policy.rules["deny_error"] = rule;
  51   EXPECT_FALSE(IsPolicyValid(policy));
  52 }
  53
  54 TEST(PolicyTest, InvalidPolicyWithPortDummy) {
  55   Rule rule(POLICY_DENY_DUMMY_PORT);
  56   rule.substitute_port = mach_task_self();
  57   BootstrapSandboxPolicy policy;
  58   policy.rules["deny_dummy"] = rule;
  59   EXPECT_FALSE(IsPolicyValid(policy));
  60 }
  61
  62 TEST(PolicyTest, InvalidPolicyDefaultRule) {
  63   BootstrapSandboxPolicy policy;
  64   policy.default_rule = Rule();
  65   EXPECT_FALSE(IsPolicyValid(policy));
  66 }
  67
  68 TEST(PolicyTest, InvalidPolicyDefaultRuleSubstitue) {
  69   BootstrapSandboxPolicy policy;
  70   policy.default_rule = Rule(POLICY_SUBSTITUTE_PORT);
  71   EXPECT_FALSE(IsPolicyValid(policy));
  72 }
  73
  74 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortAllow) {
  75   Rule rule(POLICY_ALLOW);
  76   rule.substitute_port = mach_task_self();
  77   BootstrapSandboxPolicy policy;
  78   policy.default_rule = rule;
  79   EXPECT_FALSE(IsPolicyValid(policy));
  80 }
  81
  82 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDenyError) {
  83   Rule rule(POLICY_DENY_ERROR);
  84   rule.substitute_port = mach_task_self();
  85   BootstrapSandboxPolicy policy;
  86   policy.default_rule = rule;
  87   EXPECT_FALSE(IsPolicyValid(policy));
  88 }
  89
  90 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDummy) {
  91   Rule rule(POLICY_DENY_DUMMY_PORT);
  92   rule.substitute_port = mach_task_self();
  93   BootstrapSandboxPolicy policy;
  94   policy.default_rule = rule;
  95   EXPECT_FALSE(IsPolicyValid(policy));
  96 }
  97
  98 }  // namespace sandbox