1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/test/base/in_process_browser_test.h" 6 #include "content/public/browser/zygote_host_linux.h" 7 #include "content/public/common/sandbox_linux.h" 8 9 typedef InProcessBrowserTest SandboxLinuxTest; 10 11 // Both the SUID sandbox (http://crbug.com/137653) and the Seccomp-BPF sandbox 12 // are currently incompatible with ASan. 13 #if defined(OS_LINUX) && !defined(ADDRESS_SANITIZER) 14 #define MAYBE_SandboxStatus \ 15 SandboxStatus 16 #else 17 #define MAYBE_SandboxStatus \ 18 DISABLED_SandboxStatus 19 #endif 20 21 IN_PROC_BROWSER_TEST_F(SandboxLinuxTest, MAYBE_SandboxStatus) { 22 // Get expected sandboxing status of renderers. 23 const int status = content::ZygoteHost::GetInstance()->GetSandboxStatus(); 24 25 // The setuid sandbox is required as our first-layer sandbox. 26 bool good_layer1 = status & content::kSandboxLinuxSUID && 27 status & content::kSandboxLinuxPIDNS && 28 status & content::kSandboxLinuxNetNS; 29 // A second-layer sandbox is also required to be adequately sandboxed. 30 bool good_layer2 = status & content::kSandboxLinuxSeccompBpf; 31 32 EXPECT_TRUE(good_layer1); 33 EXPECT_TRUE(good_layer2); 34 } 35
