src/sandbox/linux/suid/client/setuid_sandbox_client_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/environment.h"
   6 #include "base/logging.h"
   7 #include "base/memory/scoped_ptr.h"
   8 #include "base/strings/string_number_conversions.h"
   9 #include "testing/gtest/include/gtest/gtest.h"
  10
  11 #include "sandbox/linux/suid/common/sandbox.h"
  12 #include "setuid_sandbox_client.h"
  13
  14 namespace sandbox {
  15
  16 TEST(SetuidSandboxClient, SetupLaunchEnvironment) {
  17   const char kTestValue[] = "This is a test";
  18   scoped_ptr<base::Environment> env(base::Environment::Create());
  19   EXPECT_TRUE(env != NULL);
  20
  21   std::string saved_ld_preload;
  22   bool environment_had_ld_preload;
  23   // First, back-up the real LD_PRELOAD if any.
  24   environment_had_ld_preload = env->GetVar("LD_PRELOAD", &saved_ld_preload);
  25   // Setup environment variables to save or not save.
  26   EXPECT_TRUE(env->SetVar("LD_PRELOAD", kTestValue));
  27   EXPECT_TRUE(env->UnSetVar("LD_ORIGIN_PATH"));
  28
  29   scoped_ptr<SetuidSandboxClient>
  30       sandbox_client(SetuidSandboxClient::Create());
  31   EXPECT_TRUE(sandbox_client != NULL);
  32
  33   // Make sure the environment is clean.
  34   EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiRequest));
  35   EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiProvides));
  36
  37   sandbox_client->SetupLaunchEnvironment();
  38
  39   // Check if the requested API environment was set.
  40   std::string api_request;
  41   EXPECT_TRUE(env->GetVar(kSandboxEnvironmentApiRequest, &api_request));
  42   int api_request_num;
  43   EXPECT_TRUE(base::StringToInt(api_request, &api_request_num));
  44   EXPECT_EQ(api_request_num, kSUIDSandboxApiNumber);
  45
  46   // Now check if LD_PRELOAD was saved to SANDBOX_LD_PRELOAD.
  47   std::string sandbox_ld_preload;
  48   EXPECT_TRUE(env->GetVar("SANDBOX_LD_PRELOAD", &sandbox_ld_preload));
  49   EXPECT_EQ(sandbox_ld_preload, kTestValue);
  50
  51   // Check that LD_ORIGIN_PATH was not saved.
  52   EXPECT_FALSE(env->HasVar("SANDBOX_LD_ORIGIN_PATH"));
  53
  54   // We should not forget to restore LD_PRELOAD at the end, or this environment
  55   // variable will affect the next running tests!
  56   if (environment_had_ld_preload) {
  57     EXPECT_TRUE(env->SetVar("LD_PRELOAD", saved_ld_preload));
  58   } else {
  59     EXPECT_TRUE(env->UnSetVar("LD_PRELOAD"));
  60   }
  61 }
  62
  63 TEST(SetuidSandboxClient, SandboxedClientAPI) {
  64   scoped_ptr<base::Environment> env(base::Environment::Create());
  65   EXPECT_TRUE(env != NULL);
  66
  67   scoped_ptr<SetuidSandboxClient>
  68       sandbox_client(SetuidSandboxClient::Create());
  69   EXPECT_TRUE(sandbox_client != NULL);
  70
  71   // Set-up a fake environment as if we went through the setuid sandbox.
  72   EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides,
  73               base::IntToString(kSUIDSandboxApiNumber)));
  74   EXPECT_TRUE(env->SetVar(kSandboxDescriptorEnvironmentVarName, "1"));
  75   EXPECT_TRUE(env->SetVar(kSandboxPIDNSEnvironmentVarName, "1"));
  76   EXPECT_TRUE(env->UnSetVar(kSandboxNETNSEnvironmentVarName));
  77
  78   // Check the API.
  79   EXPECT_TRUE(sandbox_client->IsSuidSandboxUpToDate());
  80   EXPECT_TRUE(sandbox_client->IsSuidSandboxChild());
  81   EXPECT_TRUE(sandbox_client->IsInNewPIDNamespace());
  82   EXPECT_FALSE(sandbox_client->IsInNewNETNamespace());
  83
  84   // Forge an incorrect API version and check.
  85   EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides,
  86               base::IntToString(kSUIDSandboxApiNumber + 1)));
  87   EXPECT_FALSE(sandbox_client->IsSuidSandboxUpToDate());
  88   // We didn't go through the actual sandboxing mechanism as it is
  89   // very hard in a unit test.
  90   EXPECT_FALSE(sandbox_client->IsSandboxed());
  91 }
  92
  93 }  // namespace sandbox
  94