Home | History | Annotate | Download | only in mac 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "sandbox/mac/policy.h"
      6 
      7 #include "testing/gtest/include/gtest/gtest.h"
      8 
      9 namespace sandbox {
     10 
     11 TEST(PolicyTest, ValidEmptyPolicy) {
     12   EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy()));
     13 }
     14 
     15 TEST(PolicyTest, ValidPolicy) {
     16   BootstrapSandboxPolicy policy;
     17   policy.rules["allow"] = Rule(POLICY_ALLOW);
     18   policy.rules["deny_error"] = Rule(POLICY_DENY_ERROR);
     19   policy.rules["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT);
     20   policy.rules["substitue"] = Rule(mach_task_self());
     21   EXPECT_TRUE(IsPolicyValid(policy));
     22 }
     23 
     24 TEST(PolicyTest, InvalidPolicyEmptyRule) {
     25   Rule rule;
     26   BootstrapSandboxPolicy policy;
     27   policy.rules["test"] = rule;
     28   EXPECT_FALSE(IsPolicyValid(policy));
     29 }
     30 
     31 TEST(PolicyTest, InvalidPolicySubstitue) {
     32   Rule rule(POLICY_SUBSTITUTE_PORT);
     33   BootstrapSandboxPolicy policy;
     34   policy.rules["test"] = rule;
     35   EXPECT_FALSE(IsPolicyValid(policy));
     36 }
     37 
     38 TEST(PolicyTest, InvalidPolicyWithPortAllow) {
     39   Rule rule(POLICY_ALLOW);
     40   rule.substitute_port = mach_task_self();
     41   BootstrapSandboxPolicy policy;
     42   policy.rules["allow"] = rule;
     43   EXPECT_FALSE(IsPolicyValid(policy));
     44 }
     45 
     46 TEST(PolicyTest, InvalidPolicyWithPortDenyError) {
     47   Rule rule(POLICY_DENY_ERROR);
     48   rule.substitute_port = mach_task_self();
     49   BootstrapSandboxPolicy policy;
     50   policy.rules["deny_error"] = rule;
     51   EXPECT_FALSE(IsPolicyValid(policy));
     52 }
     53 
     54 TEST(PolicyTest, InvalidPolicyWithPortDummy) {
     55   Rule rule(POLICY_DENY_DUMMY_PORT);
     56   rule.substitute_port = mach_task_self();
     57   BootstrapSandboxPolicy policy;
     58   policy.rules["deny_dummy"] = rule;
     59   EXPECT_FALSE(IsPolicyValid(policy));
     60 }
     61 
     62 TEST(PolicyTest, InvalidPolicyDefaultRule) {
     63   BootstrapSandboxPolicy policy;
     64   policy.default_rule = Rule();
     65   EXPECT_FALSE(IsPolicyValid(policy));
     66 }
     67 
     68 TEST(PolicyTest, InvalidPolicyDefaultRuleSubstitue) {
     69   BootstrapSandboxPolicy policy;
     70   policy.default_rule = Rule(POLICY_SUBSTITUTE_PORT);
     71   EXPECT_FALSE(IsPolicyValid(policy));
     72 }
     73 
     74 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortAllow) {
     75   Rule rule(POLICY_ALLOW);
     76   rule.substitute_port = mach_task_self();
     77   BootstrapSandboxPolicy policy;
     78   policy.default_rule = rule;
     79   EXPECT_FALSE(IsPolicyValid(policy));
     80 }
     81 
     82 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDenyError) {
     83   Rule rule(POLICY_DENY_ERROR);
     84   rule.substitute_port = mach_task_self();
     85   BootstrapSandboxPolicy policy;
     86   policy.default_rule = rule;
     87   EXPECT_FALSE(IsPolicyValid(policy));
     88 }
     89 
     90 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDummy) {
     91   Rule rule(POLICY_DENY_DUMMY_PORT);
     92   rule.substitute_port = mach_task_self();
     93   BootstrapSandboxPolicy policy;
     94   policy.default_rule = rule;
     95   EXPECT_FALSE(IsPolicyValid(policy));
     96 }
     97 
     98 }  // namespace sandbox
     99