mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Internal change
PiperOrigin-RevId: 400144449 Change-Id: Ic0cbd6a3b27012cfb406694bdf2944a5b9905580
This commit is contained in:
parent
4050f34efc
commit
98e590463b
13
sandboxed_api/examples/sum/main_sum_test.sh
Executable file
13
sandboxed_api/examples/sum/main_sum_test.sh
Executable file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Unit test for main_sum example.
|
||||||
|
|
||||||
|
source googletest.sh || exit 1
|
||||||
|
|
||||||
|
[[ -n "$COVERAGE" ]] && exit 0
|
||||||
|
|
||||||
|
BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/examples/sum/main_sum
|
||||||
|
|
||||||
|
"$BIN" || die 'FAILED: it should have exited with 0'
|
||||||
|
|
||||||
|
echo 'PASS'
|
||||||
|
|
21
sandboxed_api/examples/zlib/main_zlib_test.sh
Executable file
21
sandboxed_api/examples/zlib/main_zlib_test.sh
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Unit test for main_zlib example.
|
||||||
|
|
||||||
|
source googletest.sh || exit 1
|
||||||
|
|
||||||
|
[[ -n "$COVERAGE" ]] && exit 0
|
||||||
|
|
||||||
|
BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/examples/zlib/main_zlib
|
||||||
|
TESTDATA="$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/examples/zlib/testdata"
|
||||||
|
|
||||||
|
echo "aaaa" | "$BIN" || die 'FAILED: it should have exited with 0'
|
||||||
|
|
||||||
|
capture_test_stdout
|
||||||
|
echo "This is a test string" | "$BIN"
|
||||||
|
diff_test_stdout "$TESTDATA/simple.out"
|
||||||
|
|
||||||
|
capture_test_stdout
|
||||||
|
cat "$TESTDATA/zlib_main" | "$BIN"
|
||||||
|
diff_test_stdout "$TESTDATA/complex.out"
|
||||||
|
|
||||||
|
echo 'PASS'
|
12
sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox_test.sh
Executable file
12
sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox_test.sh
Executable file
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Unit test for the custom_fork_sandbox example.
|
||||||
|
|
||||||
|
source googletest.sh || exit 1
|
||||||
|
|
||||||
|
[[ -n "$COVERAGE" ]] && exit 0
|
||||||
|
|
||||||
|
BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2/examples/custom_fork/custom_fork_sandbox
|
||||||
|
|
||||||
|
"$BIN" || die 'FAILED: it should have exited with 0'
|
||||||
|
|
||||||
|
echo 'PASS'
|
14
sandboxed_api/sandbox2/examples/network/network_sandbox_test.sh
Executable file
14
sandboxed_api/sandbox2/examples/network/network_sandbox_test.sh
Executable file
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
source googletest.sh || exit 1
|
||||||
|
|
||||||
|
# Find input files
|
||||||
|
BINDIR=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2
|
||||||
|
EXE=$BINDIR/examples/network/network_sandbox
|
||||||
|
|
||||||
|
# test it
|
||||||
|
ls "${EXE}" || exit 2
|
||||||
|
|
||||||
|
"${EXE}" || die 'FAILED: it should have exited with 0'
|
||||||
|
|
||||||
|
exit 0
|
16
sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox_test.sh
Executable file
16
sandboxed_api/sandbox2/examples/network_proxy/networkproxy_sandbox_test.sh
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
source googletest.sh || exit 1
|
||||||
|
|
||||||
|
# Find input files
|
||||||
|
BINDIR=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2
|
||||||
|
EXE=$BINDIR/examples/network_proxy/networkproxy_sandbox
|
||||||
|
|
||||||
|
# test it
|
||||||
|
ls "${EXE}" || exit 2
|
||||||
|
|
||||||
|
"${EXE}" --connect_with_handler || die 'TEST1 FAILED: it should have exited with 0'
|
||||||
|
"${EXE}" --noconnect_with_handler || \
|
||||||
|
die 'TEST2 FAILED: it should have exited with 0'
|
||||||
|
|
||||||
|
exit 0
|
12
sandboxed_api/sandbox2/examples/static/static_sandbox_test.sh
Executable file
12
sandboxed_api/sandbox2/examples/static/static_sandbox_test.sh
Executable file
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Unit test for static_sandbox example.
|
||||||
|
|
||||||
|
source googletest.sh || exit 1
|
||||||
|
|
||||||
|
[[ -n "$COVERAGE" ]] && exit 0
|
||||||
|
|
||||||
|
BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2/examples/static/static_sandbox
|
||||||
|
|
||||||
|
"$BIN" || die 'FAILED: it should have exited with 0'
|
||||||
|
|
||||||
|
echo 'PASS'
|
99
sandboxed_api/sandbox2/examples/tool/sandbox2tool_test.sh
Executable file
99
sandboxed_api/sandbox2/examples/tool/sandbox2tool_test.sh
Executable file
|
@ -0,0 +1,99 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Unit test for sandbox2tool example.
|
||||||
|
|
||||||
|
source googletest.sh || exit 1
|
||||||
|
|
||||||
|
BIN=$TEST_SRCDIR/com_google_sandboxed_api/sandboxed_api/sandbox2/examples/tool/sandbox2tool
|
||||||
|
|
||||||
|
out=$("$BIN" -sandbox2tool_resolve_and_add_libraries -sandbox2tool_walltime_timeout=1 /bin/sleep 60 2>&1)
|
||||||
|
result=$?
|
||||||
|
if [[ $result -ne 2 ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die 'sleep 60 should hit walltime 1 and return 2 (sandbox violation)'
|
||||||
|
fi
|
||||||
|
if [[ "$out" != *"Process TIMEOUT"* ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die 'sleep 60 should hit walltime 1 and timeout'
|
||||||
|
fi
|
||||||
|
|
||||||
|
out=$("$BIN" -sandbox2tool_resolve_and_add_libraries -sandbox2tool_pause_kill -- /bin/sleep 5 2>&1)
|
||||||
|
result=$?
|
||||||
|
if [[ $result -ne 2 ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die 'pausing and then killing the command should return 2 (sandbox violation)'
|
||||||
|
fi
|
||||||
|
if [[ "$out" != *"Process terminated with a SIGNAL"* ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die 'pausing and killing sleep command should be terminated with SIGKILL'
|
||||||
|
fi
|
||||||
|
|
||||||
|
out=$("$BIN" \
|
||||||
|
--sandbox2tool_resolve_and_add_libraries \
|
||||||
|
--sandbox2tool_additional_bind_mounts '/etc,/proc' \
|
||||||
|
--sandbox2tool_mount_tmp \
|
||||||
|
-- /bin/cat /proc/1/cmdline 2>&1)
|
||||||
|
result=$?
|
||||||
|
if [[ $result -ne 0 ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die 'reading /proc/1/cmdline should not fail'
|
||||||
|
fi
|
||||||
|
|
||||||
|
out=$("$BIN" \
|
||||||
|
--sandbox2tool_resolve_and_add_libraries \
|
||||||
|
--sandbox2tool_additional_bind_mounts '/etc,/proc' \
|
||||||
|
-sandbox2tool_mount_tmp \
|
||||||
|
-- /bin/ls /proc/1/fd/ 2>&1)
|
||||||
|
result=$?
|
||||||
|
if [[ $result -ne 0 ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die 'listing /proc/1/fd should work'
|
||||||
|
fi
|
||||||
|
|
||||||
|
out=$("$BIN" \
|
||||||
|
--sandbox2tool_resolve_and_add_libraries \
|
||||||
|
--sandbox2tool_additional_bind_mounts '/etc' \
|
||||||
|
-- /bin/ls /tmp 2>&1)
|
||||||
|
result=$?
|
||||||
|
if [[ $result -ne 1 ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die "ls /tmp should return 1 (child error) but was $result"
|
||||||
|
fi
|
||||||
|
|
||||||
|
out=$("$BIN" \
|
||||||
|
--sandbox2tool_resolve_and_add_libraries \
|
||||||
|
--sandbox2tool_additional_bind_mounts '/tmp' \
|
||||||
|
-- /bin/sh -c 'echo "test" > /tmp/sb2tool_test_file' 2>&1)
|
||||||
|
result=$?
|
||||||
|
if [[ $result -ne 1 ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die "it shouldn't be possible to write to a ro-mapping. Result was: $result"
|
||||||
|
fi
|
||||||
|
|
||||||
|
SB2_TMP_DIR="$TEST_TMPDIR/sb2tool_test_dir"
|
||||||
|
mkdir "$SB2_TMP_DIR" || die "couldn't create tmp directory"
|
||||||
|
|
||||||
|
out=$("$BIN" \
|
||||||
|
--sandbox2tool_resolve_and_add_libraries \
|
||||||
|
--sandbox2tool_additional_bind_mounts "$SB2_TMP_DIR" \
|
||||||
|
-sandbox2tool_mount_tmp \
|
||||||
|
-- /bin/sh -c "cd $SB2_TMP_DIR" 2>&1)
|
||||||
|
result=$?
|
||||||
|
if [[ $result -ne 0 ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die "Nested mounts under tmpfs should work. Result was: $result"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
echo 'hello world' > "$SB2_TMP_DIR/hello"
|
||||||
|
out=$("$BIN" \
|
||||||
|
--sandbox2tool_resolve_and_add_libraries \
|
||||||
|
--sandbox2tool_additional_bind_mounts "/etc,$SB2_TMP_DIR/hello=>/etc/passwd" \
|
||||||
|
-sandbox2tool_mount_tmp \
|
||||||
|
-- /bin/grep "hello world" /etc/passwd)
|
||||||
|
result=$?
|
||||||
|
if [[ $result -ne 0 ]]; then
|
||||||
|
echo "$out" >&2
|
||||||
|
die "Nested mounts should work. Result was: $result"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo 'PASS'
|
Loading…
Reference in New Issue
Block a user