Blame - patchpanel/minijailed_process_runner_test.cc - chromium.googlesource.com/chromiumos/platform2

blob: a21aa60c137df1eb2e30df829adfe241d101900e [file] [log] [blame]

Garrick Evans	64a2df3	2018-12-12 16:53:46 +0900	[diff] [blame]	1	// Copyright 2019 The Chromium OS Authors. All rights reserved.
				2	// Use of this source code is governed by a BSD-style license that can be
				3	// found in the LICENSE file.
				4
Garrick Evans	3388a03	2020-03-24 11:25:55 +0900	[diff] [blame]	5	#include "patchpanel/minijailed_process_runner.h"
Garrick Evans	64a2df3	2018-12-12 16:53:46 +0900	[diff] [blame]	6
				7	#include <linux/capability.h>
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	8	#include <memory>
Garrick Evans	64a2df3	2018-12-12 16:53:46 +0900	[diff] [blame]	9
				10	#include <brillo/minijail/mock_minijail.h>
				11	#include <gmock/gmock.h>
				12	#include <gtest/gtest.h>
				13
Garrick Evans	3388a03	2020-03-24 11:25:55 +0900	[diff] [blame]	14	#include "patchpanel/net_util.h"
Garrick Evans	7a1a9ee	2020-01-28 11:03:57 +0900	[diff] [blame]	15
Garrick Evans	64a2df3	2018-12-12 16:53:46 +0900	[diff] [blame]	16	using testing::_;
				17	using testing::DoAll;
				18	using testing::Eq;
				19	using testing::Return;
				20	using testing::SetArgPointee;
				21	using testing::StrEq;
				22
Garrick Evans	3388a03	2020-03-24 11:25:55 +0900	[diff] [blame]	23	namespace patchpanel {
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	24	namespace {
				25
				26	constexpr pid_t kFakePid = 123;
				27
				28	class FakeSyscallImpl : public MinijailedProcessRunner::SyscallImpl {
				29	public:
				30	pid_t WaitPID(pid_t pid, int* wstatus, int options) override { return pid; }
				31	};
Garrick Evans	64a2df3	2018-12-12 16:53:46 +0900	[diff] [blame]	32
				33	class MinijailProcessRunnerTest : public testing::Test {
				34	protected:
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	35	MinijailProcessRunnerTest()
				36	: runner_(&mj_, std::make_unique<FakeSyscallImpl>()) {}
Garrick Evans	64a2df3	2018-12-12 16:53:46 +0900	[diff] [blame]	37
				38	void SetUp() override {
				39	ON_CALL(mj_, DropRoot(_, _, _)).WillByDefault(Return(true));
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	40	ON_CALL(mj_, RunPipesAndDestroy(_, _, _, _, _, _))
				41	.WillByDefault(DoAll(SetArgPointee<2>(kFakePid), Return(true)));
Garrick Evans	64a2df3	2018-12-12 16:53:46 +0900	[diff] [blame]	42	}
				43
				44	brillo::MockMinijail mj_;
				45	MinijailedProcessRunner runner_;
				46	};
				47
				48	// Special matcher needed for vector<char*> type.
				49	// Lifted from shill/process_manager_test.cc
				50	MATCHER_P2(IsProcessArgs, program, args, "") {
				51	if (std::string(arg[0]) != program) {
				52	return false;
				53	}
				54	int index = 1;
				55	for (const auto& option : args) {
				56	if (std::string(arg[index++]) != option) {
				57	return false;
				58	}
				59	}
				60	return arg[index] == nullptr;
				61	}
				62
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	63	TEST_F(MinijailProcessRunnerTest, modprobe_all) {
Garrick Evans	78b414e	2019-03-14 15:58:56 +0900	[diff] [blame]	64	uint64_t caps = CAP_TO_MASK(CAP_SYS_MODULE);
				65
				66	const std::vector<std::string> args = {"-a", "module1", "module2"};
				67	EXPECT_CALL(mj_, New());
				68	EXPECT_CALL(mj_, DropRoot(_, StrEq("nobody"), StrEq("nobody")));
				69	EXPECT_CALL(mj_, UseCapabilities(_, Eq(caps)));
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	70	EXPECT_CALL(mj_, RunPipesAndDestroy(_, IsProcessArgs("/sbin/modprobe", args),
				71	_, _, _, _));
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	72	runner_.modprobe_all({"module1", "module2"});
Garrick Evans	78b414e	2019-03-14 15:58:56 +0900	[diff] [blame]	73	}
				74
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	75	TEST_F(MinijailProcessRunnerTest, sysctl_w) {
Garrick Evans	6d227b9	2019-12-03 16:11:29 +0900	[diff] [blame]	76	const std::vector<std::string> args = {"-w", "a.b.c=1"};
				77	EXPECT_CALL(mj_, New());
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	78	EXPECT_CALL(mj_, RunPipesAndDestroy(
				79	_, IsProcessArgs("/usr/sbin/sysctl", args), _, _, _, _));
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	80	runner_.sysctl_w("a.b.c", "1");
Garrick Evans	6d227b9	2019-12-03 16:11:29 +0900	[diff] [blame]	81	}
				82
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	83	TEST_F(MinijailProcessRunnerTest, ip) {
				84	uint64_t caps = CAP_TO_MASK(CAP_NET_ADMIN) \| CAP_TO_MASK(CAP_NET_RAW);
				85	const std::vector<std::string> args = {"obj", "cmd", "arg", "arg"};
				86
				87	EXPECT_CALL(mj_, New());
				88	EXPECT_CALL(mj_, DropRoot(_, StrEq("nobody"), StrEq("nobody")));
				89	EXPECT_CALL(mj_, UseCapabilities(_, Eq(caps)));
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	90	EXPECT_CALL(
				91	mj_, RunPipesAndDestroy(_, IsProcessArgs("/bin/ip", args), _, _, _, _));
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	92	runner_.ip("obj", "cmd", {"arg", "arg"});
				93	}
				94
				95	TEST_F(MinijailProcessRunnerTest, ip6) {
				96	uint64_t caps = CAP_TO_MASK(CAP_NET_ADMIN) \| CAP_TO_MASK(CAP_NET_RAW);
				97	const std::vector<std::string> args = {"-6", "obj", "cmd", "arg", "arg"};
				98
				99	EXPECT_CALL(mj_, New());
				100	EXPECT_CALL(mj_, DropRoot(_, StrEq("nobody"), StrEq("nobody")));
				101	EXPECT_CALL(mj_, UseCapabilities(_, Eq(caps)));
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	102	EXPECT_CALL(
				103	mj_, RunPipesAndDestroy(_, IsProcessArgs("/bin/ip", args), _, _, _, _));
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	104	runner_.ip6("obj", "cmd", {"arg", "arg"});
				105	}
				106
				107	TEST_F(MinijailProcessRunnerTest, iptables) {
				108	const std::vector<std::string> args = {"-t", "table", "arg", "arg"};
				109
				110	EXPECT_CALL(mj_, New());
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	111	EXPECT_CALL(mj_, RunPipesAndDestroy(_, IsProcessArgs("/sbin/iptables", args),
				112	_, _, _, _));
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	113	runner_.iptables("table", {"arg", "arg"});
				114	}
				115
				116	TEST_F(MinijailProcessRunnerTest, ip6tables) {
				117	const std::vector<std::string> args = {"-t", "table", "arg", "arg"};
				118
				119	EXPECT_CALL(mj_, New());
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	120	EXPECT_CALL(mj_, RunPipesAndDestroy(_, IsProcessArgs("/sbin/ip6tables", args),
				121	_, _, _, _));
Garrick Evans	8e8e347	2020-01-23 14:03:50 +0900	[diff] [blame]	122	runner_.ip6tables("table", {"arg", "arg"});
Garrick Evans	6d227b9	2019-12-03 16:11:29 +0900	[diff] [blame]	123	}
				124
Jie Jiang	cf5ce9c	2020-07-14 17:22:03 +0900	[diff] [blame]	125	} // namespace
Garrick Evans	3388a03	2020-03-24 11:25:55 +0900	[diff] [blame]	126	} // namespace patchpanel