src/sys/appmgr/integration_tests/sandbox/namespace_test.cc - fuchsia - Git at Google

 // Copyright 2018 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "src/sys/appmgr/integration_tests/sandbox/namespace_test.h"

 #include <errno.h>
 #include <fuchsia/sys/cpp/fidl.h>
 #include <lib/fdio/directory.h>
 #include <string.h>
 #include <unistd.h>
 #include <zircon/errors.h>

 #include <sstream>
 #include <string>

 #include <fbl/unique_fd.h>

 namespace {

 namespace fio = fuchsia_io;

 std::string rights_str(fio::wire::OpenFlags rights) {
   std::ostringstream os;
   if (rights & fio::wire::OpenFlags::kRightReadable) {
     os << 'r';
   }
   if (rights & fio::wire::OpenFlags::kRightWritable) {
     os << 'w';
   }
   if (rights & fio::wire::OpenFlags::kRightExecutable) {
     os << 'x';
   }
   return os.str();
 }

 }  // namespace

 bool NamespaceTest::Exists(const char* path) {
   struct stat stat_;
   return stat(path, &stat_) == 0;
 }

 void NamespaceTest::ExpectExists(const char* path) {
   EXPECT_TRUE(Exists(path)) << "Can't find " << path << ": " << strerror(errno);
 }

 void NamespaceTest::ExpectDoesNotExist(const char* path) {
   EXPECT_FALSE(Exists(path)) << "Unexpectedly found " << path;
 }

 void NamespaceTest::ExpectPathSupportsRights(const char* path, fio::wire::OpenFlags rights) {
   ASSERT_FALSE(rights & ~fio::wire::kOpenRights)
       << "Unsupported rights in ExpectPathSupportsRights call";

   fbl::unique_fd fd;
   EXPECT_EQ(ZX_OK, fdio_open_fd(path, static_cast<uint32_t>(rights), fd.reset_and_get_address()))
       << "Failed to open " << path << " with rights: " << rights_str(rights);
   EXPECT_GE(fd.get(), 0);
 }

 void NamespaceTest::ExpectPathSupportsStrictRights(const char* path,
                                                    fuchsia_io::wire::OpenFlags rights,
                                                    bool require_access_denied) {
   ExpectPathSupportsRights(path, rights);

   // Check that the path can't be opened with rights other than the ones passed in 'rights'.
   for (uint32_t r = 1; r < static_cast<uint32_t>(fio::wire::kOpenRights); r = r << 1) {
     uint32_t rights_bit = static_cast<uint32_t>(fio::wire::kOpenRights) & r;
     if (!rights_bit || (static_cast<uint32_t>(rights) & rights_bit)) {
       continue;
     }

     fbl::unique_fd fd;
     zx_status_t status = fdio_open_fd(path, rights_bit, fd.reset_and_get_address());
     EXPECT_NE(ZX_OK, status) << "Opening " << path << " with '"
                              << rights_str(static_cast<fio::wire::OpenFlags>(rights_bit))
                              << "' right unexpectedly succeeded";
     if (status != ZX_OK && require_access_denied) {
       EXPECT_EQ(ZX_ERR_ACCESS_DENIED, status)
           << "Opening " << path << " with '"
           << rights_str(static_cast<fio::wire::OpenFlags>(rights_bit))
           << "' right failed with wrong/unexpected status";
     }
   }
 }

 TEST_F(NamespaceTest, SanityCheck) {
   ExpectExists("/svc/");
   ExpectDoesNotExist("/this_should_not_exist");
 }
	// Copyright 2018 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "src/sys/appmgr/integration_tests/sandbox/namespace_test.h"

	#include <errno.h>
	#include <fuchsia/sys/cpp/fidl.h>
	#include <lib/fdio/directory.h>
	#include <string.h>
	#include <unistd.h>
	#include <zircon/errors.h>

	#include <sstream>
	#include <string>

	#include <fbl/unique_fd.h>

	namespace {

	namespace fio = fuchsia_io;

	std::string rights_str(fio::wire::OpenFlags rights) {
	std::ostringstream os;
	if (rights & fio::wire::OpenFlags::kRightReadable) {
	os << 'r';
	}
	if (rights & fio::wire::OpenFlags::kRightWritable) {
	os << 'w';
	}
	if (rights & fio::wire::OpenFlags::kRightExecutable) {
	os << 'x';
	}
	return os.str();
	}

	} // namespace

	bool NamespaceTest::Exists(const char* path) {
	struct stat stat_;
	return stat(path, &stat_) == 0;
	}

	void NamespaceTest::ExpectExists(const char* path) {
	EXPECT_TRUE(Exists(path)) << "Can't find " << path << ": " << strerror(errno);
	}

	void NamespaceTest::ExpectDoesNotExist(const char* path) {
	EXPECT_FALSE(Exists(path)) << "Unexpectedly found " << path;
	}

	void NamespaceTest::ExpectPathSupportsRights(const char* path, fio::wire::OpenFlags rights) {
	ASSERT_FALSE(rights & ~fio::wire::kOpenRights)
	<< "Unsupported rights in ExpectPathSupportsRights call";

	fbl::unique_fd fd;
	EXPECT_EQ(ZX_OK, fdio_open_fd(path, static_cast<uint32_t>(rights), fd.reset_and_get_address()))
	<< "Failed to open " << path << " with rights: " << rights_str(rights);
	EXPECT_GE(fd.get(), 0);
	}

	void NamespaceTest::ExpectPathSupportsStrictRights(const char* path,
	fuchsia_io::wire::OpenFlags rights,
	bool require_access_denied) {
	ExpectPathSupportsRights(path, rights);

	// Check that the path can't be opened with rights other than the ones passed in 'rights'.
	for (uint32_t r = 1; r < static_cast<uint32_t>(fio::wire::kOpenRights); r = r << 1) {
	uint32_t rights_bit = static_cast<uint32_t>(fio::wire::kOpenRights) & r;
	if (!rights_bit \|\| (static_cast<uint32_t>(rights) & rights_bit)) {
	continue;
	}

	fbl::unique_fd fd;
	zx_status_t status = fdio_open_fd(path, rights_bit, fd.reset_and_get_address());
	EXPECT_NE(ZX_OK, status) << "Opening " << path << " with '"
	<< rights_str(static_cast<fio::wire::OpenFlags>(rights_bit))
	<< "' right unexpectedly succeeded";
	if (status != ZX_OK && require_access_denied) {
	EXPECT_EQ(ZX_ERR_ACCESS_DENIED, status)
	<< "Opening " << path << " with '"
	<< rights_str(static_cast<fio::wire::OpenFlags>(rights_bit))
	<< "' right failed with wrong/unexpected status";
	}
	}
	}

	TEST_F(NamespaceTest, SanityCheck) {
	ExpectExists("/svc/");
	ExpectDoesNotExist("/this_should_not_exist");
	}