1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/suid/client/setuid_sandbox_client.h"
7 #include "base/environment.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/strings/string_number_conversions.h"
10 #include "sandbox/linux/suid/common/sandbox.h"
11 #include "testing/gtest/include/gtest/gtest.h"
15 TEST(SetuidSandboxClient
, SandboxedClientAPI
) {
16 scoped_ptr
<base::Environment
> env(base::Environment::Create());
17 EXPECT_TRUE(env
!= NULL
);
19 scoped_ptr
<SetuidSandboxClient
>
20 sandbox_client(SetuidSandboxClient::Create());
21 EXPECT_TRUE(sandbox_client
!= NULL
);
23 // Set-up a fake environment as if we went through the setuid sandbox.
24 EXPECT_TRUE(env
->SetVar(kSandboxEnvironmentApiProvides
,
25 base::IntToString(kSUIDSandboxApiNumber
)));
26 EXPECT_TRUE(env
->SetVar(kSandboxDescriptorEnvironmentVarName
, "1"));
27 EXPECT_TRUE(env
->SetVar(kSandboxPIDNSEnvironmentVarName
, "1"));
28 EXPECT_TRUE(env
->UnSetVar(kSandboxNETNSEnvironmentVarName
));
31 EXPECT_TRUE(sandbox_client
->IsSuidSandboxUpToDate());
32 EXPECT_TRUE(sandbox_client
->IsSuidSandboxChild());
33 EXPECT_TRUE(sandbox_client
->IsInNewPIDNamespace());
34 EXPECT_FALSE(sandbox_client
->IsInNewNETNamespace());
36 // Forge an incorrect API version and check.
37 EXPECT_TRUE(env
->SetVar(kSandboxEnvironmentApiProvides
,
38 base::IntToString(kSUIDSandboxApiNumber
+ 1)));
39 EXPECT_FALSE(sandbox_client
->IsSuidSandboxUpToDate());
40 // We didn't go through the actual sandboxing mechanism as it is
41 // very hard in a unit test.
42 EXPECT_FALSE(sandbox_client
->IsSandboxed());
45 } // namespace sandbox
