1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/environment.h"
6 #include "base/logging.h"
7 #include "base/memory/scoped_ptr.h"
8 #include "base/strings/string_number_conversions.h"
9 #include "testing/gtest/include/gtest/gtest.h"
11 #include "sandbox/linux/suid/common/sandbox.h"
12 #include "setuid_sandbox_client.h"
16 TEST(SetuidSandboxClient, SetupLaunchEnvironment) {
17 const char kTestValue[] = "This is a test";
18 scoped_ptr<base::Environment> env(base::Environment::Create());
19 EXPECT_TRUE(env != NULL);
21 std::string saved_ld_preload;
22 bool environment_had_ld_preload;
23 // First, back-up the real LD_PRELOAD if any.
24 environment_had_ld_preload = env->GetVar("LD_PRELOAD", &saved_ld_preload);
25 // Setup environment variables to save or not save.
26 EXPECT_TRUE(env->SetVar("LD_PRELOAD", kTestValue));
27 EXPECT_TRUE(env->UnSetVar("LD_ORIGIN_PATH"));
29 scoped_ptr<SetuidSandboxClient>
30 sandbox_client(SetuidSandboxClient::Create());
31 EXPECT_TRUE(sandbox_client != NULL);
33 // Make sure the environment is clean.
34 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiRequest));
35 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiProvides));
37 sandbox_client->SetupLaunchEnvironment();
39 // Check if the requested API environment was set.
40 std::string api_request;
41 EXPECT_TRUE(env->GetVar(kSandboxEnvironmentApiRequest, &api_request));
43 EXPECT_TRUE(base::StringToInt(api_request, &api_request_num));
44 EXPECT_EQ(api_request_num, kSUIDSandboxApiNumber);
46 // Now check if LD_PRELOAD was saved to SANDBOX_LD_PRELOAD.
47 std::string sandbox_ld_preload;
48 EXPECT_TRUE(env->GetVar("SANDBOX_LD_PRELOAD", &sandbox_ld_preload));
49 EXPECT_EQ(sandbox_ld_preload, kTestValue);
51 // Check that LD_ORIGIN_PATH was not saved.
52 EXPECT_FALSE(env->HasVar("SANDBOX_LD_ORIGIN_PATH"));
54 // We should not forget to restore LD_PRELOAD at the end, or this environment
55 // variable will affect the next running tests!
56 if (environment_had_ld_preload) {
57 EXPECT_TRUE(env->SetVar("LD_PRELOAD", saved_ld_preload));
59 EXPECT_TRUE(env->UnSetVar("LD_PRELOAD"));
63 TEST(SetuidSandboxClient, SandboxedClientAPI) {
64 scoped_ptr<base::Environment> env(base::Environment::Create());
65 EXPECT_TRUE(env != NULL);
67 scoped_ptr<SetuidSandboxClient>
68 sandbox_client(SetuidSandboxClient::Create());
69 EXPECT_TRUE(sandbox_client != NULL);
71 // Set-up a fake environment as if we went through the setuid sandbox.
72 EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides,
73 base::IntToString(kSUIDSandboxApiNumber)));
74 EXPECT_TRUE(env->SetVar(kSandboxDescriptorEnvironmentVarName, "1"));
75 EXPECT_TRUE(env->SetVar(kSandboxPIDNSEnvironmentVarName, "1"));
76 EXPECT_TRUE(env->UnSetVar(kSandboxNETNSEnvironmentVarName));
79 EXPECT_TRUE(sandbox_client->IsSuidSandboxUpToDate());
80 EXPECT_TRUE(sandbox_client->IsSuidSandboxChild());
81 EXPECT_TRUE(sandbox_client->IsInNewPIDNamespace());
82 EXPECT_FALSE(sandbox_client->IsInNewNETNamespace());
84 // Forge an incorrect API version and check.
85 EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides,
86 base::IntToString(kSUIDSandboxApiNumber + 1)));
87 EXPECT_FALSE(sandbox_client->IsSuidSandboxUpToDate());
88 // We didn't go through the actual sandboxing mechanism as it is
89 // very hard in a unit test.
90 EXPECT_FALSE(sandbox_client->IsSandboxed());
93 } // namespace sandbox