1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "gtest/gtest.h"
8
9 #include "broker/SandboxBroker.h"
10
11 namespace mozilla {
12
13 static const int MAY_ACCESS = SandboxBroker::MAY_ACCESS;
14 static const int MAY_READ = SandboxBroker::MAY_READ;
15 static const int MAY_WRITE = SandboxBroker::MAY_WRITE;
16 // static const int MAY_CREATE = SandboxBroker::MAY_CREATE;
17 // static const int RECURSIVE = SandboxBroker::RECURSIVE;
18 static const auto AddAlways = SandboxBroker::Policy::AddAlways;
19
TEST(SandboxBrokerPolicyLookup,Simple)20 TEST(SandboxBrokerPolicyLookup, Simple)
21 {
22 SandboxBroker::Policy p;
23 p.AddPath(MAY_READ, "/dev/urandom", AddAlways);
24
25 EXPECT_NE(0, p.Lookup("/dev/urandom")) << "Added path not found.";
26 EXPECT_EQ(MAY_ACCESS | MAY_READ, p.Lookup("/dev/urandom"))
27 << "Added path found with wrong perms.";
28 EXPECT_EQ(0, p.Lookup("/etc/passwd")) << "Non-added path was found.";
29 }
30
TEST(SandboxBrokerPolicyLookup,CopyCtor)31 TEST(SandboxBrokerPolicyLookup, CopyCtor)
32 {
33 SandboxBroker::Policy psrc;
34 psrc.AddPath(MAY_READ | MAY_WRITE, "/dev/null", AddAlways);
35 SandboxBroker::Policy pdst(psrc);
36 psrc.AddPath(MAY_READ, "/dev/zero", AddAlways);
37 pdst.AddPath(MAY_READ, "/dev/urandom", AddAlways);
38
39 EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/null"))
40 << "Common path absent in copy source.";
41 EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, pdst.Lookup("/dev/null"))
42 << "Common path absent in copy destination.";
43
44 EXPECT_EQ(MAY_ACCESS | MAY_READ, psrc.Lookup("/dev/zero"))
45 << "Source-only path is absent.";
46 EXPECT_EQ(0, pdst.Lookup("/dev/zero"))
47 << "Source-only path is present in copy destination.";
48
49 EXPECT_EQ(0, psrc.Lookup("/dev/urandom"))
50 << "Destination-only path is present in copy source.";
51 EXPECT_EQ(MAY_ACCESS | MAY_READ, pdst.Lookup("/dev/urandom"))
52 << "Destination-only path is absent.";
53
54 EXPECT_EQ(0, psrc.Lookup("/etc/passwd"))
55 << "Non-added path is present in copy source.";
56 EXPECT_EQ(0, pdst.Lookup("/etc/passwd"))
57 << "Non-added path is present in copy source.";
58 }
59
TEST(SandboxBrokerPolicyLookup,Recursive)60 TEST(SandboxBrokerPolicyLookup, Recursive)
61 {
62 SandboxBroker::Policy psrc;
63 psrc.AddPath(MAY_READ | MAY_WRITE, "/dev/null", AddAlways);
64 psrc.AddPath(MAY_READ, "/dev/zero", AddAlways);
65 psrc.AddPath(MAY_READ, "/dev/urandom", AddAlways);
66
67 EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/null"))
68 << "Basic path is present.";
69 EXPECT_EQ(MAY_ACCESS | MAY_READ, psrc.Lookup("/dev/zero"))
70 << "Basic path has no extra flags";
71
72 psrc.AddDir(MAY_READ | MAY_WRITE, "/dev/");
73
74 EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/random"))
75 << "Permission via recursive dir.";
76 EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/sd/0"))
77 << "Permission via recursive dir, nested deeper";
78 EXPECT_EQ(0, psrc.Lookup("/dev/sd/0/")) << "Invalid path format.";
79 EXPECT_EQ(0, psrc.Lookup("/usr/dev/sd")) << "Match must be a prefix.";
80
81 psrc.AddDir(MAY_READ, "/dev/sd/");
82 EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/sd/0"))
83 << "Extra permissions from parent path granted.";
84 EXPECT_EQ(0, psrc.Lookup("/dev/..")) << "Refuse attempted subdir escape.";
85
86 psrc.AddDir(MAY_READ, "/tmp");
87 EXPECT_EQ(MAY_ACCESS | MAY_READ, psrc.Lookup("/tmp/good/a"))
88 << "Check whether dir add with no trailing / was sucessful.";
89 EXPECT_EQ(0, psrc.Lookup("/tmp_good_but_bad"))
90 << "Enforce terminator on directories.";
91 EXPECT_EQ(0, psrc.Lookup("/tmp/."))
92 << "Do not allow opening a directory handle.";
93 }
94
95 } // namespace mozilla
96