summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/gtest
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-05-04 09:09:10 +0200
committerGitHub <noreply@github.com>2018-05-04 09:09:10 +0200
commit4a2aeb152e48c44efa57c140660e99792f4dd350 (patch)
tree7b786de2b175122814a53232268b1147a8bd0bfb /security/sandbox/linux/gtest
parent20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff)
parentf265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff)
downloadUXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'security/sandbox/linux/gtest')
-rw-r--r--security/sandbox/linux/gtest/TestBroker.cpp626
-rw-r--r--security/sandbox/linux/gtest/TestBrokerPolicy.cpp98
-rw-r--r--security/sandbox/linux/gtest/TestSandboxUtil.cpp44
-rw-r--r--security/sandbox/linux/gtest/moz.build27
4 files changed, 0 insertions, 795 deletions
diff --git a/security/sandbox/linux/gtest/TestBroker.cpp b/security/sandbox/linux/gtest/TestBroker.cpp
deleted file mode 100644
index a311e181a..000000000
--- a/security/sandbox/linux/gtest/TestBroker.cpp
+++ /dev/null
@@ -1,626 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "gtest/gtest.h"
-
-#include "broker/SandboxBroker.h"
-#include "broker/SandboxBrokerUtils.h"
-#include "SandboxBrokerClient.h"
-
-#include <errno.h>
-#include <fcntl.h>
-#include <pthread.h>
-#include <stdlib.h>
-#include <sched.h>
-#include <semaphore.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "mozilla/Atomics.h"
-#include "mozilla/NullPtr.h"
-#include "mozilla/PodOperations.h"
-#include "mozilla/UniquePtr.h"
-#include "mozilla/ipc/FileDescriptor.h"
-
-namespace mozilla {
-
-static const int MAY_ACCESS = SandboxBroker::MAY_ACCESS;
-static const int MAY_READ = SandboxBroker::MAY_READ;
-static const int MAY_WRITE = SandboxBroker::MAY_WRITE;
-static const int MAY_CREATE = SandboxBroker::MAY_CREATE;
-static const auto AddAlways = SandboxBroker::Policy::AddAlways;
-
-class SandboxBrokerTest : public ::testing::Test
-{
- UniquePtr<SandboxBroker> mServer;
- UniquePtr<SandboxBrokerClient> mClient;
-
- UniquePtr<const SandboxBroker::Policy> GetPolicy() const;
-
- template<class C, void (C::* Main)()>
- static void* ThreadMain(void* arg) {
- (static_cast<C*>(arg)->*Main)();
- return nullptr;
- }
-
-protected:
- int Open(const char* aPath, int aFlags) {
- return mClient->Open(aPath, aFlags);
- }
- int Access(const char* aPath, int aMode) {
- return mClient->Access(aPath, aMode);
- }
- int Stat(const char* aPath, statstruct* aStat) {
- return mClient->Stat(aPath, aStat);
- }
- int LStat(const char* aPath, statstruct* aStat) {
- return mClient->LStat(aPath, aStat);
- }
- int Chmod(const char* aPath, int aMode) {
- return mClient->Chmod(aPath, aMode);
- }
- int Link(const char* aPath, const char* bPath) {
- return mClient->Link(aPath, bPath);
- }
- int Mkdir(const char* aPath, int aMode) {
- return mClient->Mkdir(aPath, aMode);
- }
- int Symlink(const char* aPath, const char* bPath) {
- return mClient->Symlink(aPath, bPath);
- }
- int Rename(const char* aPath, const char* bPath) {
- return mClient->Rename(aPath, bPath);
- }
- int Rmdir(const char* aPath) {
- return mClient->Rmdir(aPath);
- }
- int Unlink(const char* aPath) {
- return mClient->Unlink(aPath);
- }
- ssize_t Readlink(const char* aPath, char* aBuff, size_t aSize) {
- return mClient->Readlink(aPath, aBuff, aSize);
- }
-
- virtual void SetUp() {
- ipc::FileDescriptor fd;
-
- mServer = SandboxBroker::Create(GetPolicy(), getpid(), fd);
- ASSERT_NE(mServer, nullptr);
- ASSERT_TRUE(fd.IsValid());
- auto rawFD = fd.ClonePlatformHandle();
- mClient.reset(new SandboxBrokerClient(rawFD.release()));
- }
-
- template<class C, void (C::* Main)()>
- void StartThread(pthread_t *aThread) {
- ASSERT_EQ(0, pthread_create(aThread, nullptr, ThreadMain<C, Main>,
- static_cast<C*>(this)));
- }
-
- template<class C, void (C::* Main)()>
- void RunOnManyThreads() {
- static const int kNumThreads = 5;
- pthread_t threads[kNumThreads];
- for (int i = 0; i < kNumThreads; ++i) {
- StartThread<C, Main>(&threads[i]);
- }
- for (int i = 0; i < kNumThreads; ++i) {
- void* retval;
- ASSERT_EQ(pthread_join(threads[i], &retval), 0);
- ASSERT_EQ(retval, static_cast<void*>(nullptr));
- }
- }
-
-public:
- void MultiThreadOpenWorker();
- void MultiThreadStatWorker();
-};
-
-UniquePtr<const SandboxBroker::Policy>
-SandboxBrokerTest::GetPolicy() const
-{
- UniquePtr<SandboxBroker::Policy> policy(new SandboxBroker::Policy());
-
- policy->AddPath(MAY_READ | MAY_WRITE, "/dev/null", AddAlways);
- policy->AddPath(MAY_READ, "/dev/zero", AddAlways);
- policy->AddPath(MAY_READ, "/var/empty/qwertyuiop", AddAlways);
- policy->AddPath(MAY_ACCESS, "/proc/self", AddAlways); // Warning: Linux-specific.
- policy->AddPath(MAY_READ | MAY_WRITE, "/tmp", AddAlways);
- policy->AddPath(MAY_READ | MAY_WRITE | MAY_CREATE, "/tmp/blublu", AddAlways);
- policy->AddPath(MAY_READ | MAY_WRITE | MAY_CREATE, "/tmp/blublublu", AddAlways);
-
- return Move(policy);
-}
-
-TEST_F(SandboxBrokerTest, OpenForRead)
-{
- int fd;
-
- fd = Open("/dev/null", O_RDONLY);
- ASSERT_GE(fd, 0) << "Opening /dev/null failed.";
- close(fd);
- fd = Open("/dev/zero", O_RDONLY);
- ASSERT_GE(fd, 0) << "Opening /dev/zero failed.";
- close(fd);
- fd = Open("/var/empty/qwertyuiop", O_RDONLY);
- EXPECT_EQ(-ENOENT, fd) << "Opening allowed but nonexistent file succeeded.";
- fd = Open("/proc/self", O_RDONLY);
- EXPECT_EQ(-EACCES, fd) << "Opening stat-only file for read succeeded.";
- fd = Open("/proc/self/stat", O_RDONLY);
- EXPECT_EQ(-EACCES, fd) << "Opening disallowed file succeeded.";
-}
-
-TEST_F(SandboxBrokerTest, OpenForWrite)
-{
- int fd;
-
- fd = Open("/dev/null", O_WRONLY);
- ASSERT_GE(fd, 0) << "Opening /dev/null write-only failed.";
- close(fd);
- fd = Open("/dev/null", O_RDWR);
- ASSERT_GE(fd, 0) << "Opening /dev/null read/write failed.";
- close(fd);
- fd = Open("/dev/zero", O_WRONLY);
- ASSERT_EQ(-EACCES, fd) << "Opening read-only-by-policy file write-only succeeded.";
- fd = Open("/dev/zero", O_RDWR);
- ASSERT_EQ(-EACCES, fd) << "Opening read-only-by-policy file read/write succeeded.";
-}
-
-TEST_F(SandboxBrokerTest, SimpleRead)
-{
- int fd;
- char c;
-
- fd = Open("/dev/null", O_RDONLY);
- ASSERT_GE(fd, 0);
- EXPECT_EQ(0, read(fd, &c, 1));
- close(fd);
- fd = Open("/dev/zero", O_RDONLY);
- ASSERT_GE(fd, 0);
- ASSERT_EQ(1, read(fd, &c, 1));
- EXPECT_EQ(c, '\0');
-}
-
-TEST_F(SandboxBrokerTest, Access)
-{
- EXPECT_EQ(0, Access("/dev/null", F_OK));
- EXPECT_EQ(0, Access("/dev/null", R_OK));
- EXPECT_EQ(0, Access("/dev/null", W_OK));
- EXPECT_EQ(0, Access("/dev/null", R_OK|W_OK));
- EXPECT_EQ(-EACCES, Access("/dev/null", X_OK));
- EXPECT_EQ(-EACCES, Access("/dev/null", R_OK|X_OK));
-
- EXPECT_EQ(0, Access("/dev/zero", R_OK));
- EXPECT_EQ(-EACCES, Access("/dev/zero", W_OK));
- EXPECT_EQ(-EACCES, Access("/dev/zero", R_OK|W_OK));
-
- EXPECT_EQ(-ENOENT, Access("/var/empty/qwertyuiop", R_OK));
- EXPECT_EQ(-EACCES, Access("/var/empty/qwertyuiop", W_OK));
-
- EXPECT_EQ(0, Access("/proc/self", F_OK));
- EXPECT_EQ(-EACCES, Access("/proc/self", R_OK));
-
- EXPECT_EQ(-EACCES, Access("/proc/self/stat", F_OK));
-}
-
-TEST_F(SandboxBrokerTest, Stat)
-{
- statstruct realStat, brokeredStat;
- ASSERT_EQ(0, statsyscall("/dev/null", &realStat)) << "Shouldn't ever fail!";
- EXPECT_EQ(0, Stat("/dev/null", &brokeredStat));
- EXPECT_EQ(realStat.st_ino, brokeredStat.st_ino);
- EXPECT_EQ(realStat.st_rdev, brokeredStat.st_rdev);
-
- EXPECT_EQ(-ENOENT, Stat("/var/empty/qwertyuiop", &brokeredStat));
- EXPECT_EQ(-EACCES, Stat("/dev", &brokeredStat));
-
- EXPECT_EQ(0, Stat("/proc/self", &brokeredStat));
- EXPECT_TRUE(S_ISDIR(brokeredStat.st_mode));
-}
-
-TEST_F(SandboxBrokerTest, LStat)
-{
- statstruct realStat, brokeredStat;
- ASSERT_EQ(0, lstatsyscall("/dev/null", &realStat));
- EXPECT_EQ(0, LStat("/dev/null", &brokeredStat));
- EXPECT_EQ(realStat.st_ino, brokeredStat.st_ino);
- EXPECT_EQ(realStat.st_rdev, brokeredStat.st_rdev);
-
- EXPECT_EQ(-ENOENT, LStat("/var/empty/qwertyuiop", &brokeredStat));
- EXPECT_EQ(-EACCES, LStat("/dev", &brokeredStat));
-
- EXPECT_EQ(0, LStat("/proc/self", &brokeredStat));
- EXPECT_TRUE(S_ISLNK(brokeredStat.st_mode));
-}
-
-static void PrePostTestCleanup(void)
-{
- unlink("/tmp/blublu");
- rmdir("/tmp/blublu");
- unlink("/tmp/nope");
- rmdir("/tmp/nope");
- unlink("/tmp/blublublu");
- rmdir("/tmp/blublublu");
-}
-
-TEST_F(SandboxBrokerTest, Chmod)
-{
- PrePostTestCleanup();
-
- int fd = Open("/tmp/blublu", O_WRONLY | O_CREAT);
- ASSERT_GE(fd, 0) << "Opening /tmp/blublu for writing failed.";
- close(fd);
- // Set read only. SandboxBroker enforces 0600 mode flags.
- ASSERT_EQ(0, Chmod("/tmp/blublu", S_IRUSR));
- // SandboxBroker doesn't use real access(), it just checks against
- // the policy. So it can't see the change in permisions here.
- // This won't work:
- // EXPECT_EQ(-EACCES, Access("/tmp/blublu", W_OK));
- statstruct realStat;
- EXPECT_EQ(0, statsyscall("/tmp/blublu", &realStat));
- EXPECT_EQ((mode_t)S_IRUSR, realStat.st_mode & 0777);
-
- ASSERT_EQ(0, Chmod("/tmp/blublu", S_IRUSR | S_IWUSR));
- EXPECT_EQ(0, statsyscall("/tmp/blublu", &realStat));
- EXPECT_EQ((mode_t)(S_IRUSR | S_IWUSR), realStat.st_mode & 0777);
- EXPECT_EQ(0, unlink("/tmp/blublu"));
-
- PrePostTestCleanup();
-}
-
-TEST_F(SandboxBrokerTest, Link)
-{
- PrePostTestCleanup();
-
- int fd = Open("/tmp/blublu", O_WRONLY | O_CREAT);
- ASSERT_GE(fd, 0) << "Opening /tmp/blublu for writing failed.";
- close(fd);
- ASSERT_EQ(0, Link("/tmp/blublu", "/tmp/blublublu"));
- EXPECT_EQ(0, Access("/tmp/blublublu", F_OK));
- // Not whitelisted target path
- EXPECT_EQ(-EACCES, Link("/tmp/blublu", "/tmp/nope"));
- EXPECT_EQ(0, unlink("/tmp/blublublu"));
- EXPECT_EQ(0, unlink("/tmp/blublu"));
-
- PrePostTestCleanup();
-}
-
-TEST_F(SandboxBrokerTest, Symlink)
-{
- PrePostTestCleanup();
-
- int fd = Open("/tmp/blublu", O_WRONLY | O_CREAT);
- ASSERT_GE(fd, 0) << "Opening /tmp/blublu for writing failed.";
- close(fd);
- ASSERT_EQ(0, Symlink("/tmp/blublu", "/tmp/blublublu"));
- EXPECT_EQ(0, Access("/tmp/blublublu", F_OK));
- statstruct aStat;
- ASSERT_EQ(0, lstatsyscall("/tmp/blublublu", &aStat));
- EXPECT_EQ((mode_t)S_IFLNK, aStat.st_mode & S_IFMT);
- // Not whitelisted target path
- EXPECT_EQ(-EACCES, Symlink("/tmp/blublu", "/tmp/nope"));
- EXPECT_EQ(0, unlink("/tmp/blublublu"));
- EXPECT_EQ(0, unlink("/tmp/blublu"));
-
- PrePostTestCleanup();
-}
-
-TEST_F(SandboxBrokerTest, Mkdir)
-{
- PrePostTestCleanup();
-
- ASSERT_EQ(0, mkdir("/tmp/blublu", 0600))
- << "Creating dir /tmp/blublu failed.";
- EXPECT_EQ(0, Access("/tmp/blublu", F_OK));
- // Not whitelisted target path
- EXPECT_EQ(-EACCES, Mkdir("/tmp/nope", 0600))
- << "Creating dir without MAY_CREATE succeed.";
- EXPECT_EQ(0, rmdir("/tmp/blublu"));
-
- PrePostTestCleanup();
-}
-
-TEST_F(SandboxBrokerTest, Rename)
-{
- PrePostTestCleanup();
-
- ASSERT_EQ(0, mkdir("/tmp/blublu", 0600))
- << "Creating dir /tmp/blublu failed.";
- EXPECT_EQ(0, Access("/tmp/blublu", F_OK));
- ASSERT_EQ(0, Rename("/tmp/blublu", "/tmp/blublublu"));
- EXPECT_EQ(0, Access("/tmp/blublublu", F_OK));
- EXPECT_EQ(-ENOENT , Access("/tmp/blublu", F_OK));
- // Not whitelisted target path
- EXPECT_EQ(-EACCES, Rename("/tmp/blublublu", "/tmp/nope"))
- << "Renaming dir without write access succeed.";
- EXPECT_EQ(0, rmdir("/tmp/blublublu"));
-
- PrePostTestCleanup();
-}
-
-TEST_F(SandboxBrokerTest, Rmdir)
-{
- PrePostTestCleanup();
-
- ASSERT_EQ(0, mkdir("/tmp/blublu", 0600))
- << "Creating dir /tmp/blublu failed.";
- EXPECT_EQ(0, Access("/tmp/blublu", F_OK));
- ASSERT_EQ(0, Rmdir("/tmp/blublu"));
- EXPECT_EQ(-ENOENT, Access("/tmp/blublu", F_OK));
- // Bypass sandbox to create a non-deletable dir
- ASSERT_EQ(0, mkdir("/tmp/nope", 0600));
- EXPECT_EQ(-EACCES, Rmdir("/tmp/nope"));
-
- PrePostTestCleanup();
-}
-
-TEST_F(SandboxBrokerTest, Unlink)
-{
- PrePostTestCleanup();
-
- int fd = Open("/tmp/blublu", O_WRONLY | O_CREAT);
- ASSERT_GE(fd, 0) << "Opening /tmp/blublu for writing failed.";
- close(fd);
- EXPECT_EQ(0, Access("/tmp/blublu", F_OK));
- EXPECT_EQ(0, Unlink("/tmp/blublu"));
- EXPECT_EQ(-ENOENT , Access("/tmp/blublu", F_OK));
- // Bypass sandbox to write a non-deletable file
- fd = open("/tmp/nope", O_WRONLY | O_CREAT, 0600);
- ASSERT_GE(fd, 0) << "Opening /tmp/nope for writing failed.";
- close(fd);
- EXPECT_EQ(-EACCES, Unlink("/tmp/nope"));
-
- PrePostTestCleanup();
-}
-
-TEST_F(SandboxBrokerTest, Readlink)
-{
- PrePostTestCleanup();
-
- int fd = Open("/tmp/blublu", O_WRONLY | O_CREAT);
- ASSERT_GE(fd, 0) << "Opening /tmp/blublu for writing failed.";
- close(fd);
- ASSERT_EQ(0, Symlink("/tmp/blublu", "/tmp/blublublu"));
- EXPECT_EQ(0, Access("/tmp/blublublu", F_OK));
- char linkBuff[256];
- EXPECT_EQ(11, Readlink("/tmp/blublublu", linkBuff, sizeof(linkBuff)));
- linkBuff[11] = '\0';
- EXPECT_EQ(0, strcmp(linkBuff, "/tmp/blublu"));
-
- PrePostTestCleanup();
-}
-
-TEST_F(SandboxBrokerTest, MultiThreadOpen) {
- RunOnManyThreads<SandboxBrokerTest,
- &SandboxBrokerTest::MultiThreadOpenWorker>();
-}
-void SandboxBrokerTest::MultiThreadOpenWorker() {
- static const int kNumLoops = 10000;
-
- for (int i = 1; i <= kNumLoops; ++i) {
- int nullfd = Open("/dev/null", O_RDONLY);
- int zerofd = Open("/dev/zero", O_RDONLY);
- ASSERT_GE(nullfd, 0) << "Loop " << i << "/" << kNumLoops;
- ASSERT_GE(zerofd, 0) << "Loop " << i << "/" << kNumLoops;
- char c;
- ASSERT_EQ(0, read(nullfd, &c, 1)) << "Loop " << i << "/" << kNumLoops;
- ASSERT_EQ(1, read(zerofd, &c, 1)) << "Loop " << i << "/" << kNumLoops;
- ASSERT_EQ('\0', c) << "Loop " << i << "/" << kNumLoops;
- close(nullfd);
- close(zerofd);
- }
-}
-
-TEST_F(SandboxBrokerTest, MultiThreadStat) {
- RunOnManyThreads<SandboxBrokerTest,
- &SandboxBrokerTest::MultiThreadStatWorker>();
-}
-void SandboxBrokerTest::MultiThreadStatWorker() {
- static const int kNumLoops = 7500;
- statstruct nullStat, zeroStat, selfStat;
- dev_t realNullDev, realZeroDev;
- ino_t realSelfInode;
-
- ASSERT_EQ(0, statsyscall("/dev/null", &nullStat)) << "Shouldn't ever fail!";
- ASSERT_EQ(0, statsyscall("/dev/zero", &zeroStat)) << "Shouldn't ever fail!";
- ASSERT_EQ(0, lstatsyscall("/proc/self", &selfStat)) << "Shouldn't ever fail!";
- ASSERT_TRUE(S_ISLNK(selfStat.st_mode)) << "Shouldn't ever fail!";
- realNullDev = nullStat.st_rdev;
- realZeroDev = zeroStat.st_rdev;
- realSelfInode = selfStat.st_ino;
- for (int i = 1; i <= kNumLoops; ++i) {
- ASSERT_EQ(0, Stat("/dev/null", &nullStat))
- << "Loop " << i << "/" << kNumLoops;
- ASSERT_EQ(0, Stat("/dev/zero", &zeroStat))
- << "Loop " << i << "/" << kNumLoops;
- ASSERT_EQ(0, LStat("/proc/self", &selfStat))
- << "Loop " << i << "/" << kNumLoops;
-
- ASSERT_EQ(realNullDev, nullStat.st_rdev)
- << "Loop " << i << "/" << kNumLoops;
- ASSERT_EQ(realZeroDev, zeroStat.st_rdev)
- << "Loop " << i << "/" << kNumLoops;
- ASSERT_TRUE(S_ISLNK(selfStat.st_mode))
- << "Loop " << i << "/" << kNumLoops;
- ASSERT_EQ(realSelfInode, selfStat.st_ino)
- << "Loop " << i << "/" << kNumLoops;
- }
-}
-
-#if 0
-class SandboxBrokerSigStress : public SandboxBrokerTest
-{
- int mSigNum;
- struct sigaction mOldAction;
- Atomic<void*> mVoidPtr;
-
- static void SigHandler(int aSigNum, siginfo_t* aSigInfo, void *aCtx) {
- ASSERT_EQ(SI_QUEUE, aSigInfo->si_code);
- SandboxBrokerSigStress* that =
- static_cast<SandboxBrokerSigStress*>(aSigInfo->si_value.sival_ptr);
- ASSERT_EQ(that->mSigNum, aSigNum);
- that->DoSomething();
- }
-
-protected:
- Atomic<int> mTestIter;
- sem_t mSemaphore;
-
- void SignalThread(pthread_t aThread) {
- union sigval sv;
- sv.sival_ptr = this;
- ASSERT_NE(0, mSigNum);
- ASSERT_EQ(0, pthread_sigqueue(aThread, mSigNum, sv));
- }
-
- virtual void SetUp() {
- ASSERT_EQ(0, sem_init(&mSemaphore, 0, 0));
- mVoidPtr = nullptr;
- mSigNum = 0;
- for (int sigNum = SIGRTMIN; sigNum < SIGRTMAX; ++sigNum) {
- ASSERT_EQ(0, sigaction(sigNum, nullptr, &mOldAction));
- if ((mOldAction.sa_flags & SA_SIGINFO) == 0 &&
- mOldAction.sa_handler == SIG_DFL) {
- struct sigaction newAction;
- PodZero(&newAction);
- newAction.sa_flags = SA_SIGINFO;
- newAction.sa_sigaction = SigHandler;
- ASSERT_EQ(0, sigaction(sigNum, &newAction, nullptr));
- mSigNum = sigNum;
- break;
- }
- }
- ASSERT_NE(mSigNum, 0);
-
- SandboxBrokerTest::SetUp();
- }
-
- virtual void TearDown() {
- ASSERT_EQ(0, sem_destroy(&mSemaphore));
- if (mSigNum != 0) {
- ASSERT_EQ(0, sigaction(mSigNum, &mOldAction, nullptr));
- }
- if (mVoidPtr) {
- free(mVoidPtr);
- }
- }
-
- void DoSomething();
-
-public:
- void MallocWorker();
- void FreeWorker();
-};
-
-TEST_F(SandboxBrokerSigStress, StressTest)
-{
- static const int kIters = 6250;
- static const int kNsecPerIterPerIter = 4;
- struct timespec delay = { 0, 0 };
- pthread_t threads[2];
-
- mTestIter = kIters;
-
- StartThread<SandboxBrokerSigStress,
- &SandboxBrokerSigStress::MallocWorker>(&threads[0]);
- StartThread<SandboxBrokerSigStress,
- &SandboxBrokerSigStress::FreeWorker>(&threads[1]);
-
- for (int i = kIters; i > 0; --i) {
- SignalThread(threads[i % 2]);
- while (sem_wait(&mSemaphore) == -1 && errno == EINTR)
- /* retry */;
- ASSERT_EQ(i - 1, mTestIter);
- delay.tv_nsec += kNsecPerIterPerIter;
- struct timespec req = delay, rem;
- while (nanosleep(&req, &rem) == -1 && errno == EINTR) {
- req = rem;
- }
- }
- void *retval;
- ASSERT_EQ(0, pthread_join(threads[0], &retval));
- ASSERT_EQ(nullptr, retval);
- ASSERT_EQ(0, pthread_join(threads[1], &retval));
- ASSERT_EQ(nullptr, retval);
-}
-
-void
-SandboxBrokerSigStress::MallocWorker()
-{
- static const size_t kSize = 64;
-
- void* mem = malloc(kSize);
- while (mTestIter > 0) {
- ASSERT_NE(mem, mVoidPtr);
- mem = mVoidPtr.exchange(mem);
- if (mem) {
- sched_yield();
- } else {
- mem = malloc(kSize);
- }
- }
- if (mem) {
- free(mem);
- }
-}
-
-void
-SandboxBrokerSigStress::FreeWorker()
-{
- void *mem = nullptr;
- while (mTestIter > 0) {
- mem = mVoidPtr.exchange(mem);
- if (mem) {
- free(mem);
- mem = nullptr;
- } else {
- sched_yield();
- }
- }
-}
-
-void
-SandboxBrokerSigStress::DoSomething()
-{
- int fd;
- char c;
- struct stat st;
-
- //fprintf(stderr, "Don't try this at home: %d\n", static_cast<int>(mTestIter));
- switch (mTestIter % 5) {
- case 0:
- fd = Open("/dev/null", O_RDWR);
- ASSERT_GE(fd, 0);
- ASSERT_EQ(0, read(fd, &c, 1));
- close(fd);
- break;
- case 1:
- fd = Open("/dev/zero", O_RDONLY);
- ASSERT_GE(fd, 0);
- ASSERT_EQ(1, read(fd, &c, 1));
- ASSERT_EQ('\0', c);
- close(fd);
- break;
- case 2:
- ASSERT_EQ(0, Access("/dev/null", W_OK));
- break;
- case 3:
- ASSERT_EQ(0, Stat("/proc/self", &st));
- ASSERT_TRUE(S_ISDIR(st.st_mode));
- break;
- case 4:
- ASSERT_EQ(0, LStat("/proc/self", &st));
- ASSERT_TRUE(S_ISLNK(st.st_mode));
- break;
- }
- mTestIter--;
- sem_post(&mSemaphore);
-}
-#endif
-
-} // namespace mozilla
diff --git a/security/sandbox/linux/gtest/TestBrokerPolicy.cpp b/security/sandbox/linux/gtest/TestBrokerPolicy.cpp
deleted file mode 100644
index 474458446..000000000
--- a/security/sandbox/linux/gtest/TestBrokerPolicy.cpp
+++ /dev/null
@@ -1,98 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "gtest/gtest.h"
-
-#include "broker/SandboxBroker.h"
-
-namespace mozilla {
-
-static const int MAY_ACCESS = SandboxBroker::MAY_ACCESS;
-static const int MAY_READ = SandboxBroker::MAY_READ;
-static const int MAY_WRITE = SandboxBroker::MAY_WRITE;
-//static const int MAY_CREATE = SandboxBroker::MAY_CREATE;
-//static const int RECURSIVE = SandboxBroker::RECURSIVE;
-static const auto AddAlways = SandboxBroker::Policy::AddAlways;
-
-TEST(SandboxBrokerPolicyLookup, Simple)
-{
- SandboxBroker::Policy p;
- p.AddPath(MAY_READ, "/dev/urandom", AddAlways);
-
- EXPECT_NE(0, p.Lookup("/dev/urandom")) << "Added path not found.";
- EXPECT_EQ(MAY_ACCESS | MAY_READ, p.Lookup("/dev/urandom"))
- << "Added path found with wrong perms.";
- EXPECT_EQ(0, p.Lookup("/etc/passwd")) << "Non-added path was found.";
-}
-
-TEST(SandboxBrokerPolicyLookup, CopyCtor)
-{
- SandboxBroker::Policy psrc;
- psrc.AddPath(MAY_READ | MAY_WRITE, "/dev/null", AddAlways);
- SandboxBroker::Policy pdst(psrc);
- psrc.AddPath(MAY_READ, "/dev/zero", AddAlways);
- pdst.AddPath(MAY_READ, "/dev/urandom", AddAlways);
-
- EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/null"))
- << "Common path absent in copy source.";
- EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, pdst.Lookup("/dev/null"))
- << "Common path absent in copy destination.";
-
- EXPECT_EQ(MAY_ACCESS | MAY_READ, psrc.Lookup("/dev/zero"))
- << "Source-only path is absent.";
- EXPECT_EQ(0, pdst.Lookup("/dev/zero"))
- << "Source-only path is present in copy destination.";
-
- EXPECT_EQ(0, psrc.Lookup("/dev/urandom"))
- << "Destination-only path is present in copy source.";
- EXPECT_EQ(MAY_ACCESS | MAY_READ, pdst.Lookup("/dev/urandom"))
- << "Destination-only path is absent.";
-
- EXPECT_EQ(0, psrc.Lookup("/etc/passwd"))
- << "Non-added path is present in copy source.";
- EXPECT_EQ(0, pdst.Lookup("/etc/passwd"))
- << "Non-added path is present in copy source.";
-}
-
-TEST(SandboxBrokerPolicyLookup, Recursive)
-{
- SandboxBroker::Policy psrc;
- psrc.AddPath(MAY_READ | MAY_WRITE, "/dev/null", AddAlways);
- psrc.AddPath(MAY_READ, "/dev/zero", AddAlways);
- psrc.AddPath(MAY_READ, "/dev/urandom", AddAlways);
-
- EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/null"))
- << "Basic path is present.";
- EXPECT_EQ(MAY_ACCESS | MAY_READ, psrc.Lookup("/dev/zero"))
- << "Basic path has no extra flags";
-
- psrc.AddDir(MAY_READ | MAY_WRITE, "/dev/");
-
- EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/random"))
- << "Permission via recursive dir.";
- EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/sd/0"))
- << "Permission via recursive dir, nested deeper";
- EXPECT_EQ(0, psrc.Lookup("/dev/sd/0/"))
- << "Invalid path format.";
- EXPECT_EQ(0, psrc.Lookup("/usr/dev/sd"))
- << "Match must be a prefix.";
-
- psrc.AddDir(MAY_READ, "/dev/sd/");
- EXPECT_EQ(MAY_ACCESS | MAY_READ | MAY_WRITE, psrc.Lookup("/dev/sd/0"))
- << "Extra permissions from parent path granted.";
- EXPECT_EQ(0, psrc.Lookup("/dev/.."))
- << "Refuse attempted subdir escape.";
-
- psrc.AddDir(MAY_READ, "/tmp");
- EXPECT_EQ(MAY_ACCESS | MAY_READ, psrc.Lookup("/tmp/good/a"))
- << "Check whether dir add with no trailing / was sucessful.";
- EXPECT_EQ(0, psrc.Lookup("/tmp_good_but_bad"))
- << "Enforce terminator on directories.";
- EXPECT_EQ(0, psrc.Lookup("/tmp/."))
- << "Do not allow opening a directory handle.";
-}
-
-} // namespace mozilla
diff --git a/security/sandbox/linux/gtest/TestSandboxUtil.cpp b/security/sandbox/linux/gtest/TestSandboxUtil.cpp
deleted file mode 100644
index cd29813f9..000000000
--- a/security/sandbox/linux/gtest/TestSandboxUtil.cpp
+++ /dev/null
@@ -1,44 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "gtest/gtest.h"
-
-#include "SandboxUtil.h"
-#include "SandboxInfo.h"
-
-#include <pthread.h>
-
-namespace mozilla {
-
-// In order to test IsSingleThreaded when the test-running process is
-// single-threaded, before assorted XPCOM components have created many
-// additional threads, a static initializer is used.
-
-namespace {
-
-struct EarlyTest {
- bool mWasSingleThreaded;
-
- EarlyTest()
- : mWasSingleThreaded(IsSingleThreaded())
- { }
-};
-
-static const EarlyTest gEarlyTest;
-
-} // namespace
-
-TEST(SandboxUtil, IsSingleThreaded)
-{
- // If the test system if affected by kUnexpectedThreads, (1) there's
- // no point in doing this test, and (2) if that happens on Mozilla
- // CI then burning the tree is an appropriate response.
- ASSERT_FALSE(SandboxInfo::Get().Test(SandboxInfo::kUnexpectedThreads));
- EXPECT_TRUE(gEarlyTest.mWasSingleThreaded);
- EXPECT_FALSE(IsSingleThreaded());
-}
-
-} // namespace mozilla
diff --git a/security/sandbox/linux/gtest/moz.build b/security/sandbox/linux/gtest/moz.build
deleted file mode 100644
index 7aecc7fe3..000000000
--- a/security/sandbox/linux/gtest/moz.build
+++ /dev/null
@@ -1,27 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-Library('sandboxtest')
-
-SOURCES = [
- '../SandboxBrokerClient.cpp',
- '../SandboxUtil.cpp',
- 'TestBroker.cpp',
- 'TestBrokerPolicy.cpp',
- 'TestSandboxUtil.cpp',
-]
-
-LOCAL_INCLUDES += [
- '/security/sandbox/linux',
-]
-
-include('/ipc/chromium/chromium-config.mozbuild')
-
-LOCAL_INCLUDES += [
- '/security/sandbox/chromium',
-]
-
-FINAL_LIBRARY = 'xul-gtest'