1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
8 #include <sys/socket.h>
9 #include <sys/syscall.h>
15 #include "base/files/scoped_file.h"
16 #include "base/logging.h"
17 #include "base/memory/scoped_vector.h"
18 #include "base/posix/eintr_wrapper.h"
19 #include "base/posix/unix_domain_socket_linux.h"
20 #include "base/process/process.h"
21 #include "sandbox/linux/services/syscall_wrappers.h"
22 #include "sandbox/linux/tests/unit_tests.h"
24 // Additional tests for base's UnixDomainSocket to make sure it behaves
25 // correctly in the presence of sandboxing functionality (e.g., receiving
26 // PIDs across namespaces).
32 const char kHello
[] = "hello";
34 // If the calling process isn't root, then try using unshare(CLONE_NEWUSER)
37 // If we're already root, then allow test to proceed.
41 // Otherwise hope the kernel supports unprivileged namespaces.
42 if (unshare(CLONE_NEWUSER
) == 0)
45 printf("Permission to use CLONE_NEWPID missing; skipping test.\n");
46 UnitTests::IgnoreThisTest();
49 void WaitForExit(pid_t pid
) {
51 CHECK_EQ(pid
, HANDLE_EINTR(waitpid(pid
, &status
, 0)));
52 CHECK(WIFEXITED(status
));
53 CHECK_EQ(0, WEXITSTATUS(status
));
56 base::ProcessId
GetParentProcessId(base::ProcessId pid
) {
57 // base::GetParentProcessId() is defined as taking a ProcessHandle instead of
58 // a ProcessId, even though it's a POSIX-only function and IDs and Handles
59 // are both simply pid_t on POSIX... :/
60 base::Process process
= base::Process::Open(pid
);
61 CHECK(process
.IsValid());
62 base::ProcessId ret
= base::GetParentProcessId(process
.Handle());
66 // SendHello sends a "hello" to socket fd, and then blocks until the recipient
67 // acknowledges it by calling RecvHello.
68 void SendHello(int fd
) {
70 CHECK_EQ(0, pipe(pipe_fds
));
71 base::ScopedFD
read_pipe(pipe_fds
[0]);
72 base::ScopedFD
write_pipe(pipe_fds
[1]);
74 std::vector
<int> send_fds
;
75 send_fds
.push_back(write_pipe
.get());
76 CHECK(UnixDomainSocket::SendMsg(fd
, kHello
, sizeof(kHello
), send_fds
));
80 // Block until receiver closes their end of the pipe.
82 CHECK_EQ(0, HANDLE_EINTR(read(read_pipe
.get(), &ch
, 1)));
85 // RecvHello receives and acknowledges a "hello" on socket fd, and returns the
86 // process ID of the sender in sender_pid. Optionally, write_pipe can be used
87 // to return a file descriptor, and the acknowledgement will be delayed until
88 // the descriptor is closed.
89 // (Implementation details: SendHello allocates a new pipe, sends us the writing
90 // end alongside the "hello" message, and then blocks until we close the writing
92 void RecvHello(int fd
,
93 base::ProcessId
* sender_pid
,
94 base::ScopedFD
* write_pipe
= NULL
) {
95 // Extra receiving buffer space to make sure we really received only
96 // sizeof(kHello) bytes and it wasn't just truncated to fit the buffer.
97 char buf
[sizeof(kHello
) + 1];
98 ScopedVector
<base::ScopedFD
> message_fds
;
99 ssize_t n
= UnixDomainSocket::RecvMsgWithPid(
100 fd
, buf
, sizeof(buf
), &message_fds
, sender_pid
);
101 CHECK_EQ(sizeof(kHello
), static_cast<size_t>(n
));
102 CHECK_EQ(0, memcmp(buf
, kHello
, sizeof(kHello
)));
103 CHECK_EQ(1U, message_fds
.size());
105 write_pipe
->swap(*message_fds
[0]);
108 // Check that receiving PIDs works across a fork().
109 SANDBOX_TEST(UnixDomainSocketTest
, Fork
) {
111 CHECK_EQ(0, socketpair(AF_UNIX
, SOCK_SEQPACKET
, 0, fds
));
112 base::ScopedFD
recv_sock(fds
[0]);
113 base::ScopedFD
send_sock(fds
[1]);
115 CHECK(UnixDomainSocket::EnableReceiveProcessId(recv_sock
.get()));
117 const pid_t pid
= fork();
122 SendHello(send_sock
.get());
129 base::ProcessId sender_pid
;
130 RecvHello(recv_sock
.get(), &sender_pid
);
131 CHECK_EQ(pid
, sender_pid
);
136 // Similar to Fork above, but forking the child into a new pid namespace.
137 SANDBOX_TEST(UnixDomainSocketTest
, Namespace
) {
141 CHECK_EQ(0, socketpair(AF_UNIX
, SOCK_SEQPACKET
, 0, fds
));
142 base::ScopedFD
recv_sock(fds
[0]);
143 base::ScopedFD
send_sock(fds
[1]);
145 CHECK(UnixDomainSocket::EnableReceiveProcessId(recv_sock
.get()));
147 const pid_t pid
= sys_clone(CLONE_NEWPID
| SIGCHLD
, 0, 0, 0, 0);
153 // Check that we think we're pid 1 in our new namespace.
154 CHECK_EQ(1, sys_getpid());
156 SendHello(send_sock
.get());
163 base::ProcessId sender_pid
;
164 RecvHello(recv_sock
.get(), &sender_pid
);
165 CHECK_EQ(pid
, sender_pid
);
170 // Again similar to Fork, but now with nested PID namespaces.
171 SANDBOX_TEST(UnixDomainSocketTest
, DoubleNamespace
) {
175 CHECK_EQ(0, socketpair(AF_UNIX
, SOCK_SEQPACKET
, 0, fds
));
176 base::ScopedFD
recv_sock(fds
[0]);
177 base::ScopedFD
send_sock(fds
[1]);
179 CHECK(UnixDomainSocket::EnableReceiveProcessId(recv_sock
.get()));
181 const pid_t pid
= sys_clone(CLONE_NEWPID
| SIGCHLD
, 0, 0, 0, 0);
187 const pid_t pid2
= sys_clone(CLONE_NEWPID
| SIGCHLD
, 0, 0, 0, 0);
191 // Wait for grandchild to run to completion; see comments below.
194 // Fallthrough once grandchild has sent its hello and exited.
197 // Check that we think we're pid 1.
198 CHECK_EQ(1, sys_getpid());
200 SendHello(send_sock
.get());
207 // We have two messages to receive: first from the grand-child,
208 // then from the child.
209 for (unsigned iteration
= 0; iteration
< 2; ++iteration
) {
210 base::ProcessId sender_pid
;
211 base::ScopedFD pipe_fd
;
212 RecvHello(recv_sock
.get(), &sender_pid
, &pipe_fd
);
214 // We need our child and grandchild processes to both be alive for
215 // GetParentProcessId() to return a valid pid, hence the pipe trickery.
216 // (On the first iteration, grandchild is blocked reading from the pipe
217 // until we close it, and child is blocked waiting for grandchild to exit.)
219 case 0: // Grandchild's message
220 // Check that sender_pid refers to our grandchild by checking that pid
221 // (our child) is its parent.
222 CHECK_EQ(pid
, GetParentProcessId(sender_pid
));
224 case 1: // Child's message
225 CHECK_EQ(pid
, sender_pid
);
235 // Tests that GetPeerPid() returns 0 if the peer does not exist in caller's
237 SANDBOX_TEST(UnixDomainSocketTest
, ImpossiblePid
) {
241 CHECK_EQ(0, socketpair(AF_UNIX
, SOCK_SEQPACKET
, 0, fds
));
242 base::ScopedFD
send_sock(fds
[0]);
243 base::ScopedFD
recv_sock(fds
[1]);
245 CHECK(UnixDomainSocket::EnableReceiveProcessId(recv_sock
.get()));
247 const pid_t pid
= sys_clone(CLONE_NEWPID
| SIGCHLD
, 0, 0, 0, 0);
253 base::ProcessId sender_pid
;
254 RecvHello(recv_sock
.get(), &sender_pid
);
255 CHECK_EQ(0, sender_pid
);
261 SendHello(send_sock
.get());
267 } // namespace sandbox