1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/environment.h" 6 #include "base/logging.h" 7 #include "base/memory/scoped_ptr.h" 8 #include "base/strings/string_number_conversions.h" 9 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" 10 #include "sandbox/linux/suid/common/sandbox.h" 11 #include "testing/gtest/include/gtest/gtest.h" 12 13 namespace sandbox { 14 15 TEST(SetuidSandboxClient, SetupLaunchEnvironment) { 16 const char kTestValue[] = "This is a test"; 17 scoped_ptr<base::Environment> env(base::Environment::Create()); 18 EXPECT_TRUE(env != NULL); 19 20 std::string saved_ld_preload; 21 bool environment_had_ld_preload; 22 // First, back-up the real LD_PRELOAD if any. 23 environment_had_ld_preload = env->GetVar("LD_PRELOAD", &saved_ld_preload); 24 // Setup environment variables to save or not save. 25 EXPECT_TRUE(env->SetVar("LD_PRELOAD", kTestValue)); 26 EXPECT_TRUE(env->UnSetVar("LD_ORIGIN_PATH")); 27 28 scoped_ptr<SetuidSandboxClient> 29 sandbox_client(SetuidSandboxClient::Create()); 30 EXPECT_TRUE(sandbox_client != NULL); 31 32 // Make sure the environment is clean. 33 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiRequest)); 34 EXPECT_TRUE(env->UnSetVar(kSandboxEnvironmentApiProvides)); 35 36 sandbox_client->SetupLaunchEnvironment(); 37 38 // Check if the requested API environment was set. 39 std::string api_request; 40 EXPECT_TRUE(env->GetVar(kSandboxEnvironmentApiRequest, &api_request)); 41 int api_request_num; 42 EXPECT_TRUE(base::StringToInt(api_request, &api_request_num)); 43 EXPECT_EQ(api_request_num, kSUIDSandboxApiNumber); 44 45 // Now check if LD_PRELOAD was saved to SANDBOX_LD_PRELOAD. 46 std::string sandbox_ld_preload; 47 EXPECT_TRUE(env->GetVar("SANDBOX_LD_PRELOAD", &sandbox_ld_preload)); 48 EXPECT_EQ(sandbox_ld_preload, kTestValue); 49 50 // Check that LD_ORIGIN_PATH was not saved. 51 EXPECT_FALSE(env->HasVar("SANDBOX_LD_ORIGIN_PATH")); 52 53 // We should not forget to restore LD_PRELOAD at the end, or this environment 54 // variable will affect the next running tests! 55 if (environment_had_ld_preload) { 56 EXPECT_TRUE(env->SetVar("LD_PRELOAD", saved_ld_preload)); 57 } else { 58 EXPECT_TRUE(env->UnSetVar("LD_PRELOAD")); 59 } 60 } 61 62 TEST(SetuidSandboxClient, SandboxedClientAPI) { 63 scoped_ptr<base::Environment> env(base::Environment::Create()); 64 EXPECT_TRUE(env != NULL); 65 66 scoped_ptr<SetuidSandboxClient> 67 sandbox_client(SetuidSandboxClient::Create()); 68 EXPECT_TRUE(sandbox_client != NULL); 69 70 // Set-up a fake environment as if we went through the setuid sandbox. 71 EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides, 72 base::IntToString(kSUIDSandboxApiNumber))); 73 EXPECT_TRUE(env->SetVar(kSandboxDescriptorEnvironmentVarName, "1")); 74 EXPECT_TRUE(env->SetVar(kSandboxPIDNSEnvironmentVarName, "1")); 75 EXPECT_TRUE(env->UnSetVar(kSandboxNETNSEnvironmentVarName)); 76 77 // Check the API. 78 EXPECT_TRUE(sandbox_client->IsSuidSandboxUpToDate()); 79 EXPECT_TRUE(sandbox_client->IsSuidSandboxChild()); 80 EXPECT_TRUE(sandbox_client->IsInNewPIDNamespace()); 81 EXPECT_FALSE(sandbox_client->IsInNewNETNamespace()); 82 83 // Forge an incorrect API version and check. 84 EXPECT_TRUE(env->SetVar(kSandboxEnvironmentApiProvides, 85 base::IntToString(kSUIDSandboxApiNumber + 1))); 86 EXPECT_FALSE(sandbox_client->IsSuidSandboxUpToDate()); 87 // We didn't go through the actual sandboxing mechanism as it is 88 // very hard in a unit test. 89 EXPECT_FALSE(sandbox_client->IsSandboxed()); 90 } 91 92 // This test doesn't accomplish much, but will make sure that analysis tools 93 // will run this codepath. 94 TEST(SetuidSandboxClient, GetSandboxBinaryPath) { 95 scoped_ptr<SetuidSandboxClient> setuid_sandbox_client( 96 SetuidSandboxClient::Create()); 97 ignore_result(setuid_sandbox_client->GetSandboxBinaryPath()); 98 } 99 100 } // namespace sandbox 101 102