sandbox/mac/policy_unittest.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/mac/policy.h"
   6
   7 #include "testing/gtest/include/gtest/gtest.h"
   8
   9 namespace sandbox {
  10
  11 TEST(PolicyTest, ValidEmptyPolicy) {
  12   EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy()));
  13 }
  14
  15 TEST(PolicyTest, ValidPolicy) {
  16   BootstrapSandboxPolicy policy;
  17   policy["allow"] = Rule(POLICY_ALLOW);
  18   policy["deny_error"] = Rule(POLICY_DENY_ERROR);
  19   policy["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT);
  20   policy["substitue"] = Rule(mach_task_self());
  21   EXPECT_TRUE(IsPolicyValid(policy));
  22 }
  23
  24 TEST(PolicyTest, InvalidPolicyEmptyRule) {
  25   Rule rule;
  26   BootstrapSandboxPolicy policy;
  27   policy["test"] = rule;
  28   EXPECT_FALSE(IsPolicyValid(policy));
  29 }
  30
  31 TEST(PolicyTest, InvalidPolicySubstitue) {
  32   Rule rule(POLICY_SUBSTITUTE_PORT);
  33   BootstrapSandboxPolicy policy;
  34   policy["test"] = rule;
  35   EXPECT_FALSE(IsPolicyValid(policy));
  36 }
  37
  38 TEST(PolicyTest, InvalidPolicyWithPortAllow) {
  39   Rule rule(POLICY_ALLOW);
  40   rule.substitute_port = mach_task_self();
  41   BootstrapSandboxPolicy policy;
  42   policy["allow"] = rule;
  43   EXPECT_FALSE(IsPolicyValid(policy));
  44 }
  45
  46 TEST(PolicyTest, InvalidPolicyWithPortDenyError) {
  47   Rule rule(POLICY_DENY_ERROR);
  48   rule.substitute_port = mach_task_self();
  49   BootstrapSandboxPolicy policy;
  50   policy["deny_error"] = rule;
  51   EXPECT_FALSE(IsPolicyValid(policy));
  52 }
  53
  54 TEST(PolicyTest, InvalidPolicyWithPortDummy) {
  55   Rule rule(POLICY_DENY_DUMMY_PORT);
  56   rule.substitute_port = mach_task_self();
  57   BootstrapSandboxPolicy policy;
  58   policy["deny_dummy"] = rule;
  59   EXPECT_FALSE(IsPolicyValid(policy));
  60 }
  61
  62 }  // namespace sandbox