1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "sandboxed_api/sandbox2/sanitizer.h"
16
17 #include <fcntl.h>
18 #include <sys/socket.h>
19 #include <sys/wait.h>
20 #include <unistd.h>
21
22 #include <cstdlib>
23 #include <memory>
24 #include <string>
25 #include <utility>
26 #include <vector>
27
28 #include "gmock/gmock.h"
29 #include "gtest/gtest.h"
30 #include "absl/container/flat_hash_set.h"
31 #include "absl/log/log.h"
32 #include "absl/strings/str_cat.h"
33 #include "sandboxed_api/sandbox2/comms.h"
34 #include "sandboxed_api/sandbox2/executor.h"
35 #include "sandboxed_api/sandbox2/policy.h"
36 #include "sandboxed_api/sandbox2/policybuilder.h"
37 #include "sandboxed_api/sandbox2/result.h"
38 #include "sandboxed_api/sandbox2/sandbox2.h"
39 #include "sandboxed_api/sandbox2/util.h"
40 #include "sandboxed_api/testing.h"
41 #include "sandboxed_api/util/status_matchers.h"
42
43 using ::sapi::CreateDefaultPermissiveTestPolicy;
44 using ::sapi::GetTestSourcePath;
45 using ::testing::Eq;
46 using ::testing::Gt;
47 using ::testing::Ne;
48
49 namespace sandbox2 {
50 namespace {
51
52 // Runs a new process and returns 0 if the process terminated with 0.
RunTestcase(const std::string & path,const std::vector<std::string> & args)53 int RunTestcase(const std::string& path, const std::vector<std::string>& args) {
54 util::CharPtrArray array = util::CharPtrArray::FromStringVector(args);
55 pid_t pid = fork();
56 if (pid < 0) {
57 PLOG(ERROR) << "fork()";
58 return 1;
59 }
60 if (pid == 0) {
61 execv(path.c_str(), const_cast<char**>(array.data()));
62 PLOG(ERROR) << "execv('" << path << "')";
63 exit(EXIT_FAILURE);
64 }
65
66 for (;;) {
67 int status;
68 while (wait4(pid, &status, __WALL, nullptr) != pid) {
69 }
70
71 if (WIFEXITED(status)) {
72 return WEXITSTATUS(status);
73 }
74 if (WIFSIGNALED(status)) {
75 LOG(ERROR) << "PID: " << pid << " signaled with: " << WTERMSIG(status);
76 return 128 + WTERMSIG(status);
77 }
78 }
79 }
80
81 // Test that marking file descriptors as close-on-exec works.
TEST(SanitizerTest,TestMarkFDsAsCOE)82 TEST(SanitizerTest, TestMarkFDsAsCOE) {
83 // Open a few file descriptors in non-close-on-exec mode.
84 int sock_fd[2];
85 ASSERT_THAT(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fd), Ne(-1));
86 ASSERT_THAT(open("/dev/full", O_RDONLY), Ne(-1));
87 int null_fd = open("/dev/null", O_RDWR);
88 ASSERT_THAT(null_fd, Ne(-1));
89
90 const absl::flat_hash_set<int> keep = {STDIN_FILENO, STDOUT_FILENO,
91 STDERR_FILENO, null_fd};
92 ASSERT_THAT(sanitizer::MarkAllFDsAsCOEExcept(keep), sapi::IsOk());
93
94 const std::string path = GetTestSourcePath("sandbox2/testcases/sanitizer");
95 std::vector<std::string> args;
96 for (auto fd : keep) {
97 args.push_back(absl::StrCat(fd));
98 }
99 ASSERT_THAT(RunTestcase(path, args), Eq(0));
100 }
101
102 // Test that default sanitizer leaves only 0/1/2 and 1023 (client comms FD)
103 // open but closes the rest.
TEST(SanitizerTest,TestSandboxedBinary)104 TEST(SanitizerTest, TestSandboxedBinary) {
105 // Open a few file descriptors in non-close-on-exec mode.
106 int sock_fd[2];
107 ASSERT_THAT(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fd), Ne(-1));
108 ASSERT_THAT(open("/dev/full", O_RDONLY), Ne(-1));
109 ASSERT_THAT(open("/dev/null", O_RDWR), Ne(-1));
110
111 const std::string path = GetTestSourcePath("sandbox2/testcases/sanitizer");
112 std::vector<std::string> args = {
113 absl::StrCat(STDIN_FILENO),
114 absl::StrCat(STDOUT_FILENO),
115 absl::StrCat(STDERR_FILENO),
116 absl::StrCat(Comms::kSandbox2ClientCommsFD),
117 };
118 auto executor = std::make_unique<Executor>(path, args);
119
120 SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
121 CreateDefaultPermissiveTestPolicy(path).TryBuild());
122
123 Sandbox2 s2(std::move(executor), std::move(policy));
124 auto result = s2.Run();
125
126 EXPECT_THAT(result.final_status(), Eq(Result::OK));
127 EXPECT_THAT(result.reason_code(), Eq(0));
128 }
129
130 // Test that sanitizer::CloseAllFDsExcept() closes all file descriptors except
131 // the ones listed.
TEST(SanitizerTest,TestCloseFDs)132 TEST(SanitizerTest, TestCloseFDs) {
133 // Open a few file descriptors in non-close-on-exec mode.
134 int sock_fd[2];
135 ASSERT_THAT(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fd), Ne(-1));
136 ASSERT_THAT(open("/dev/full", O_RDONLY), Ne(-1));
137 int null_fd = open("/dev/null", O_RDWR);
138 ASSERT_THAT(null_fd, Ne(-1));
139
140 const std::string path = GetTestSourcePath("sandbox2/testcases/close_fds");
141 std::vector<std::string> args;
142 std::vector<int> exceptions = {STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO,
143 null_fd};
144 for (auto fd : exceptions) {
145 args.push_back(absl::StrCat(fd));
146 }
147 EXPECT_THAT(RunTestcase(path, args), Eq(0));
148 }
149
TEST(SanitizerTest,TestGetProcStatusLine)150 TEST(SanitizerTest, TestGetProcStatusLine) {
151 // Test indirectly, GetNumberOfThreads() looks for the "Threads" value.
152 EXPECT_THAT(sanitizer::GetNumberOfThreads(getpid()), Gt(0));
153 }
154
155 } // namespace
156 } // namespace sandbox2
157