1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/mac/policy.h" 6 7 #include "testing/gtest/include/gtest/gtest.h" 8 9 namespace sandbox { 10 11 TEST(PolicyTest, ValidEmptyPolicy) { 12 EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy())); 13 } 14 15 TEST(PolicyTest, ValidPolicy) { 16 BootstrapSandboxPolicy policy; 17 policy.rules["allow"] = Rule(POLICY_ALLOW); 18 policy.rules["deny_error"] = Rule(POLICY_DENY_ERROR); 19 policy.rules["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT); 20 policy.rules["substitue"] = Rule(mach_task_self()); 21 EXPECT_TRUE(IsPolicyValid(policy)); 22 } 23 24 TEST(PolicyTest, InvalidPolicyEmptyRule) { 25 Rule rule; 26 BootstrapSandboxPolicy policy; 27 policy.rules["test"] = rule; 28 EXPECT_FALSE(IsPolicyValid(policy)); 29 } 30 31 TEST(PolicyTest, InvalidPolicySubstitue) { 32 Rule rule(POLICY_SUBSTITUTE_PORT); 33 BootstrapSandboxPolicy policy; 34 policy.rules["test"] = rule; 35 EXPECT_FALSE(IsPolicyValid(policy)); 36 } 37 38 TEST(PolicyTest, InvalidPolicyWithPortAllow) { 39 Rule rule(POLICY_ALLOW); 40 rule.substitute_port = mach_task_self(); 41 BootstrapSandboxPolicy policy; 42 policy.rules["allow"] = rule; 43 EXPECT_FALSE(IsPolicyValid(policy)); 44 } 45 46 TEST(PolicyTest, InvalidPolicyWithPortDenyError) { 47 Rule rule(POLICY_DENY_ERROR); 48 rule.substitute_port = mach_task_self(); 49 BootstrapSandboxPolicy policy; 50 policy.rules["deny_error"] = rule; 51 EXPECT_FALSE(IsPolicyValid(policy)); 52 } 53 54 TEST(PolicyTest, InvalidPolicyWithPortDummy) { 55 Rule rule(POLICY_DENY_DUMMY_PORT); 56 rule.substitute_port = mach_task_self(); 57 BootstrapSandboxPolicy policy; 58 policy.rules["deny_dummy"] = rule; 59 EXPECT_FALSE(IsPolicyValid(policy)); 60 } 61 62 TEST(PolicyTest, InvalidPolicyDefaultRule) { 63 BootstrapSandboxPolicy policy; 64 policy.default_rule = Rule(); 65 EXPECT_FALSE(IsPolicyValid(policy)); 66 } 67 68 TEST(PolicyTest, InvalidPolicyDefaultRuleSubstitue) { 69 BootstrapSandboxPolicy policy; 70 policy.default_rule = Rule(POLICY_SUBSTITUTE_PORT); 71 EXPECT_FALSE(IsPolicyValid(policy)); 72 } 73 74 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortAllow) { 75 Rule rule(POLICY_ALLOW); 76 rule.substitute_port = mach_task_self(); 77 BootstrapSandboxPolicy policy; 78 policy.default_rule = rule; 79 EXPECT_FALSE(IsPolicyValid(policy)); 80 } 81 82 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDenyError) { 83 Rule rule(POLICY_DENY_ERROR); 84 rule.substitute_port = mach_task_self(); 85 BootstrapSandboxPolicy policy; 86 policy.default_rule = rule; 87 EXPECT_FALSE(IsPolicyValid(policy)); 88 } 89 90 TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDummy) { 91 Rule rule(POLICY_DENY_DUMMY_PORT); 92 rule.substitute_port = mach_task_self(); 93 BootstrapSandboxPolicy policy; 94 policy.default_rule = rule; 95 EXPECT_FALSE(IsPolicyValid(policy)); 96 } 97 98 } // namespace sandbox 99