1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "sandbox/mac/policy.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace sandbox {
TEST(PolicyTest, ValidEmptyPolicy) {
EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy()));
}
TEST(PolicyTest, ValidPolicy) {
BootstrapSandboxPolicy policy;
policy.rules["allow"] = Rule(POLICY_ALLOW);
policy.rules["deny_error"] = Rule(POLICY_DENY_ERROR);
policy.rules["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT);
policy.rules["substitue"] = Rule(mach_task_self());
EXPECT_TRUE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyEmptyRule) {
Rule rule;
BootstrapSandboxPolicy policy;
policy.rules["test"] = rule;
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicySubstitue) {
Rule rule(POLICY_SUBSTITUTE_PORT);
BootstrapSandboxPolicy policy;
policy.rules["test"] = rule;
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyWithPortAllow) {
Rule rule(POLICY_ALLOW);
rule.substitute_port = mach_task_self();
BootstrapSandboxPolicy policy;
policy.rules["allow"] = rule;
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyWithPortDenyError) {
Rule rule(POLICY_DENY_ERROR);
rule.substitute_port = mach_task_self();
BootstrapSandboxPolicy policy;
policy.rules["deny_error"] = rule;
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyWithPortDummy) {
Rule rule(POLICY_DENY_DUMMY_PORT);
rule.substitute_port = mach_task_self();
BootstrapSandboxPolicy policy;
policy.rules["deny_dummy"] = rule;
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyDefaultRule) {
BootstrapSandboxPolicy policy;
policy.default_rule = Rule();
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyDefaultRuleSubstitue) {
BootstrapSandboxPolicy policy;
policy.default_rule = Rule(POLICY_SUBSTITUTE_PORT);
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortAllow) {
Rule rule(POLICY_ALLOW);
rule.substitute_port = mach_task_self();
BootstrapSandboxPolicy policy;
policy.default_rule = rule;
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDenyError) {
Rule rule(POLICY_DENY_ERROR);
rule.substitute_port = mach_task_self();
BootstrapSandboxPolicy policy;
policy.default_rule = rule;
EXPECT_FALSE(IsPolicyValid(policy));
}
TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDummy) {
Rule rule(POLICY_DENY_DUMMY_PORT);
rule.substitute_port = mach_task_self();
BootstrapSandboxPolicy policy;
policy.default_rule = rule;
EXPECT_FALSE(IsPolicyValid(policy));
}
} // namespace sandbox
|
