1*ec63e07aSXin Li // Copyright 2019 Google LLC
2*ec63e07aSXin Li //
3*ec63e07aSXin Li // Licensed under the Apache License, Version 2.0 (the "License");
4*ec63e07aSXin Li // you may not use this file except in compliance with the License.
5*ec63e07aSXin Li // You may obtain a copy of the License at
6*ec63e07aSXin Li //
7*ec63e07aSXin Li // https://www.apache.org/licenses/LICENSE-2.0
8*ec63e07aSXin Li //
9*ec63e07aSXin Li // Unless required by applicable law or agreed to in writing, software
10*ec63e07aSXin Li // distributed under the License is distributed on an "AS IS" BASIS,
11*ec63e07aSXin Li // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*ec63e07aSXin Li // See the License for the specific language governing permissions and
13*ec63e07aSXin Li // limitations under the License.
14*ec63e07aSXin Li
15*ec63e07aSXin Li #include "sandboxed_api/sandbox2/sanitizer.h"
16*ec63e07aSXin Li
17*ec63e07aSXin Li #include <fcntl.h>
18*ec63e07aSXin Li #include <sys/socket.h>
19*ec63e07aSXin Li #include <sys/wait.h>
20*ec63e07aSXin Li #include <unistd.h>
21*ec63e07aSXin Li
22*ec63e07aSXin Li #include <cstdlib>
23*ec63e07aSXin Li #include <memory>
24*ec63e07aSXin Li #include <string>
25*ec63e07aSXin Li #include <utility>
26*ec63e07aSXin Li #include <vector>
27*ec63e07aSXin Li
28*ec63e07aSXin Li #include "gmock/gmock.h"
29*ec63e07aSXin Li #include "gtest/gtest.h"
30*ec63e07aSXin Li #include "absl/container/flat_hash_set.h"
31*ec63e07aSXin Li #include "absl/log/log.h"
32*ec63e07aSXin Li #include "absl/strings/str_cat.h"
33*ec63e07aSXin Li #include "sandboxed_api/sandbox2/comms.h"
34*ec63e07aSXin Li #include "sandboxed_api/sandbox2/executor.h"
35*ec63e07aSXin Li #include "sandboxed_api/sandbox2/policy.h"
36*ec63e07aSXin Li #include "sandboxed_api/sandbox2/policybuilder.h"
37*ec63e07aSXin Li #include "sandboxed_api/sandbox2/result.h"
38*ec63e07aSXin Li #include "sandboxed_api/sandbox2/sandbox2.h"
39*ec63e07aSXin Li #include "sandboxed_api/sandbox2/util.h"
40*ec63e07aSXin Li #include "sandboxed_api/testing.h"
41*ec63e07aSXin Li #include "sandboxed_api/util/status_matchers.h"
42*ec63e07aSXin Li
43*ec63e07aSXin Li using ::sapi::CreateDefaultPermissiveTestPolicy;
44*ec63e07aSXin Li using ::sapi::GetTestSourcePath;
45*ec63e07aSXin Li using ::testing::Eq;
46*ec63e07aSXin Li using ::testing::Gt;
47*ec63e07aSXin Li using ::testing::Ne;
48*ec63e07aSXin Li
49*ec63e07aSXin Li namespace sandbox2 {
50*ec63e07aSXin Li namespace {
51*ec63e07aSXin Li
52*ec63e07aSXin Li // Runs a new process and returns 0 if the process terminated with 0.
RunTestcase(const std::string & path,const std::vector<std::string> & args)53*ec63e07aSXin Li int RunTestcase(const std::string& path, const std::vector<std::string>& args) {
54*ec63e07aSXin Li util::CharPtrArray array = util::CharPtrArray::FromStringVector(args);
55*ec63e07aSXin Li pid_t pid = fork();
56*ec63e07aSXin Li if (pid < 0) {
57*ec63e07aSXin Li PLOG(ERROR) << "fork()";
58*ec63e07aSXin Li return 1;
59*ec63e07aSXin Li }
60*ec63e07aSXin Li if (pid == 0) {
61*ec63e07aSXin Li execv(path.c_str(), const_cast<char**>(array.data()));
62*ec63e07aSXin Li PLOG(ERROR) << "execv('" << path << "')";
63*ec63e07aSXin Li exit(EXIT_FAILURE);
64*ec63e07aSXin Li }
65*ec63e07aSXin Li
66*ec63e07aSXin Li for (;;) {
67*ec63e07aSXin Li int status;
68*ec63e07aSXin Li while (wait4(pid, &status, __WALL, nullptr) != pid) {
69*ec63e07aSXin Li }
70*ec63e07aSXin Li
71*ec63e07aSXin Li if (WIFEXITED(status)) {
72*ec63e07aSXin Li return WEXITSTATUS(status);
73*ec63e07aSXin Li }
74*ec63e07aSXin Li if (WIFSIGNALED(status)) {
75*ec63e07aSXin Li LOG(ERROR) << "PID: " << pid << " signaled with: " << WTERMSIG(status);
76*ec63e07aSXin Li return 128 + WTERMSIG(status);
77*ec63e07aSXin Li }
78*ec63e07aSXin Li }
79*ec63e07aSXin Li }
80*ec63e07aSXin Li
81*ec63e07aSXin Li // Test that marking file descriptors as close-on-exec works.
TEST(SanitizerTest,TestMarkFDsAsCOE)82*ec63e07aSXin Li TEST(SanitizerTest, TestMarkFDsAsCOE) {
83*ec63e07aSXin Li // Open a few file descriptors in non-close-on-exec mode.
84*ec63e07aSXin Li int sock_fd[2];
85*ec63e07aSXin Li ASSERT_THAT(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fd), Ne(-1));
86*ec63e07aSXin Li ASSERT_THAT(open("/dev/full", O_RDONLY), Ne(-1));
87*ec63e07aSXin Li int null_fd = open("/dev/null", O_RDWR);
88*ec63e07aSXin Li ASSERT_THAT(null_fd, Ne(-1));
89*ec63e07aSXin Li
90*ec63e07aSXin Li const absl::flat_hash_set<int> keep = {STDIN_FILENO, STDOUT_FILENO,
91*ec63e07aSXin Li STDERR_FILENO, null_fd};
92*ec63e07aSXin Li ASSERT_THAT(sanitizer::MarkAllFDsAsCOEExcept(keep), sapi::IsOk());
93*ec63e07aSXin Li
94*ec63e07aSXin Li const std::string path = GetTestSourcePath("sandbox2/testcases/sanitizer");
95*ec63e07aSXin Li std::vector<std::string> args;
96*ec63e07aSXin Li for (auto fd : keep) {
97*ec63e07aSXin Li args.push_back(absl::StrCat(fd));
98*ec63e07aSXin Li }
99*ec63e07aSXin Li ASSERT_THAT(RunTestcase(path, args), Eq(0));
100*ec63e07aSXin Li }
101*ec63e07aSXin Li
102*ec63e07aSXin Li // Test that default sanitizer leaves only 0/1/2 and 1023 (client comms FD)
103*ec63e07aSXin Li // open but closes the rest.
TEST(SanitizerTest,TestSandboxedBinary)104*ec63e07aSXin Li TEST(SanitizerTest, TestSandboxedBinary) {
105*ec63e07aSXin Li // Open a few file descriptors in non-close-on-exec mode.
106*ec63e07aSXin Li int sock_fd[2];
107*ec63e07aSXin Li ASSERT_THAT(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fd), Ne(-1));
108*ec63e07aSXin Li ASSERT_THAT(open("/dev/full", O_RDONLY), Ne(-1));
109*ec63e07aSXin Li ASSERT_THAT(open("/dev/null", O_RDWR), Ne(-1));
110*ec63e07aSXin Li
111*ec63e07aSXin Li const std::string path = GetTestSourcePath("sandbox2/testcases/sanitizer");
112*ec63e07aSXin Li std::vector<std::string> args = {
113*ec63e07aSXin Li absl::StrCat(STDIN_FILENO),
114*ec63e07aSXin Li absl::StrCat(STDOUT_FILENO),
115*ec63e07aSXin Li absl::StrCat(STDERR_FILENO),
116*ec63e07aSXin Li absl::StrCat(Comms::kSandbox2ClientCommsFD),
117*ec63e07aSXin Li };
118*ec63e07aSXin Li auto executor = std::make_unique<Executor>(path, args);
119*ec63e07aSXin Li
120*ec63e07aSXin Li SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
121*ec63e07aSXin Li CreateDefaultPermissiveTestPolicy(path).TryBuild());
122*ec63e07aSXin Li
123*ec63e07aSXin Li Sandbox2 s2(std::move(executor), std::move(policy));
124*ec63e07aSXin Li auto result = s2.Run();
125*ec63e07aSXin Li
126*ec63e07aSXin Li EXPECT_THAT(result.final_status(), Eq(Result::OK));
127*ec63e07aSXin Li EXPECT_THAT(result.reason_code(), Eq(0));
128*ec63e07aSXin Li }
129*ec63e07aSXin Li
130*ec63e07aSXin Li // Test that sanitizer::CloseAllFDsExcept() closes all file descriptors except
131*ec63e07aSXin Li // the ones listed.
TEST(SanitizerTest,TestCloseFDs)132*ec63e07aSXin Li TEST(SanitizerTest, TestCloseFDs) {
133*ec63e07aSXin Li // Open a few file descriptors in non-close-on-exec mode.
134*ec63e07aSXin Li int sock_fd[2];
135*ec63e07aSXin Li ASSERT_THAT(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fd), Ne(-1));
136*ec63e07aSXin Li ASSERT_THAT(open("/dev/full", O_RDONLY), Ne(-1));
137*ec63e07aSXin Li int null_fd = open("/dev/null", O_RDWR);
138*ec63e07aSXin Li ASSERT_THAT(null_fd, Ne(-1));
139*ec63e07aSXin Li
140*ec63e07aSXin Li const std::string path = GetTestSourcePath("sandbox2/testcases/close_fds");
141*ec63e07aSXin Li std::vector<std::string> args;
142*ec63e07aSXin Li std::vector<int> exceptions = {STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO,
143*ec63e07aSXin Li null_fd};
144*ec63e07aSXin Li for (auto fd : exceptions) {
145*ec63e07aSXin Li args.push_back(absl::StrCat(fd));
146*ec63e07aSXin Li }
147*ec63e07aSXin Li EXPECT_THAT(RunTestcase(path, args), Eq(0));
148*ec63e07aSXin Li }
149*ec63e07aSXin Li
TEST(SanitizerTest,TestGetProcStatusLine)150*ec63e07aSXin Li TEST(SanitizerTest, TestGetProcStatusLine) {
151*ec63e07aSXin Li // Test indirectly, GetNumberOfThreads() looks for the "Threads" value.
152*ec63e07aSXin Li EXPECT_THAT(sanitizer::GetNumberOfThreads(getpid()), Gt(0));
153*ec63e07aSXin Li }
154*ec63e07aSXin Li
155*ec63e07aSXin Li } // namespace
156*ec63e07aSXin Li } // namespace sandbox2
157