mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Test that isatty is being allowed by AllowTCGETS.
PiperOrigin-RevId: 239370864 Change-Id: Id98f3e5d8dceedb3cfbcd23b980e828f576d3e8d
This commit is contained in:
parent
270491a0e7
commit
c8a4131e74
|
@ -47,6 +47,7 @@ std::unique_ptr<Policy> PolicyTestcasePolicy() {
|
|||
.AllowWrite()
|
||||
.AllowSyscall(__NR_close)
|
||||
.AllowSyscall(__NR_getppid)
|
||||
.AllowTCGETS()
|
||||
.BlockSyscallWithErrno(__NR_open, ENOENT)
|
||||
.BlockSyscallWithErrno(__NR_openat, ENOENT)
|
||||
.BlockSyscallWithErrno(__NR_access, ENOENT)
|
||||
|
@ -140,6 +141,20 @@ TEST(PolicyTest, BpfDisallowed) {
|
|||
EXPECT_THAT(result.reason_code(), Eq(__NR_bpf));
|
||||
}
|
||||
|
||||
TEST(PolicyTest, IsattyAllowed) {
|
||||
SKIP_SANITIZERS_AND_COVERAGE;
|
||||
const std::string path = GetTestSourcePath("sandbox2/testcases/policy");
|
||||
std::vector<std::string> args = {path, "6"};
|
||||
auto executor = absl::make_unique<Executor>(path, args);
|
||||
|
||||
auto policy = PolicyTestcasePolicy();
|
||||
|
||||
Sandbox2 s2(std::move(executor), std::move(policy));
|
||||
auto result = s2.Run();
|
||||
|
||||
ASSERT_THAT(result.final_status(), Eq(Result::OK));
|
||||
}
|
||||
|
||||
std::unique_ptr<Policy> MinimalTestcasePolicy() {
|
||||
return PolicyBuilder()
|
||||
.AllowStaticStartup()
|
||||
|
|
|
@ -77,6 +77,13 @@ void TestBpf() {
|
|||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
void TestIsatty() {
|
||||
isatty(0);
|
||||
|
||||
printf("Syscall violation should have been discovered by now\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
int main(int argc, char** argv) {
|
||||
// Disable buffering.
|
||||
setbuf(stdin, nullptr);
|
||||
|
@ -107,6 +114,9 @@ int main(int argc, char** argv) {
|
|||
case 5:
|
||||
TestBpf();
|
||||
break;
|
||||
case 6:
|
||||
TestIsatty();
|
||||
break;
|
||||
default:
|
||||
printf("Unknown test: %d\n", testno);
|
||||
return EXIT_FAILURE;
|
||||
|
|
Loading…
Reference in New Issue
Block a user