| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "sandbox/mac/policy.h" |
| |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace sandbox { |
| |
| TEST(PolicyTest, ValidEmptyPolicy) { |
| EXPECT_TRUE(IsPolicyValid(BootstrapSandboxPolicy())); |
| } |
| |
| TEST(PolicyTest, ValidPolicy) { |
| BootstrapSandboxPolicy policy; |
| policy.rules["allow"] = Rule(POLICY_ALLOW); |
| policy.rules["deny_error"] = Rule(POLICY_DENY_ERROR); |
| policy.rules["deny_dummy"] = Rule(POLICY_DENY_DUMMY_PORT); |
| policy.rules["substitue"] = Rule(mach_task_self()); |
| EXPECT_TRUE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyEmptyRule) { |
| Rule rule; |
| BootstrapSandboxPolicy policy; |
| policy.rules["test"] = rule; |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicySubstitue) { |
| Rule rule(POLICY_SUBSTITUTE_PORT); |
| BootstrapSandboxPolicy policy; |
| policy.rules["test"] = rule; |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyWithPortAllow) { |
| Rule rule(POLICY_ALLOW); |
| rule.substitute_port = mach_task_self(); |
| BootstrapSandboxPolicy policy; |
| policy.rules["allow"] = rule; |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyWithPortDenyError) { |
| Rule rule(POLICY_DENY_ERROR); |
| rule.substitute_port = mach_task_self(); |
| BootstrapSandboxPolicy policy; |
| policy.rules["deny_error"] = rule; |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyWithPortDummy) { |
| Rule rule(POLICY_DENY_DUMMY_PORT); |
| rule.substitute_port = mach_task_self(); |
| BootstrapSandboxPolicy policy; |
| policy.rules["deny_dummy"] = rule; |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyDefaultRule) { |
| BootstrapSandboxPolicy policy; |
| policy.default_rule = Rule(); |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyDefaultRuleSubstitue) { |
| BootstrapSandboxPolicy policy; |
| policy.default_rule = Rule(POLICY_SUBSTITUTE_PORT); |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortAllow) { |
| Rule rule(POLICY_ALLOW); |
| rule.substitute_port = mach_task_self(); |
| BootstrapSandboxPolicy policy; |
| policy.default_rule = rule; |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDenyError) { |
| Rule rule(POLICY_DENY_ERROR); |
| rule.substitute_port = mach_task_self(); |
| BootstrapSandboxPolicy policy; |
| policy.default_rule = rule; |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| TEST(PolicyTest, InvalidPolicyDefaultRuleWithPortDummy) { |
| Rule rule(POLICY_DENY_DUMMY_PORT); |
| rule.substitute_port = mach_task_self(); |
| BootstrapSandboxPolicy policy; |
| policy.default_rule = rule; |
| EXPECT_FALSE(IsPolicyValid(policy)); |
| } |
| |
| } // namespace sandbox |