Commit 1d979043 authored by Greg Kerr's avatar Greg Kerr Committed by Commit Bot

macOS Sandbox: Port fontloading test to V2 sandbox.

This removes all of the obsolete unit testing code from the V1 sandbox.

Bug: 902597
Change-Id: I426e3b815e0bf23036815750aab350adbb22e068
Reviewed-on: https://chromium-review.googlesource.com/c/1327527
Commit-Queue: Greg Kerr <kerrnel@chromium.org>
Reviewed-by: default avatarRobert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#612416}
parent 53095cfc
......@@ -8,14 +8,20 @@
#include "base/bind.h"
#include "base/callback.h"
#include "base/command_line.h"
#include "base/files/file_util.h"
#include "base/files/scoped_file.h"
#include "base/mac/scoped_cftyperef.h"
#include "base/memory/ref_counted.h"
#include "base/memory/shared_memory.h"
#include "base/posix/eintr_wrapper.h"
#include "base/process/kill.h"
#include "base/strings/stringprintf.h"
#include "base/strings/sys_string_conversions.h"
#include "base/strings/utf_string_conversions.h"
#include "base/test/multiprocess_test.h"
#include "base/test/test_timeouts.h"
#include "content/browser/sandbox_parameters_mac.h"
#include "content/common/mac/font_loader.h"
#include "crypto/openssl_util.h"
#include "sandbox/mac/seatbelt.h"
#include "sandbox/mac/seatbelt_exec.h"
......@@ -40,8 +46,8 @@ namespace {
// crbug.com/740009: This allows the unit test to cleanup temporary directories,
// and is safe since this is only a unit test.
constexpr char kTempDirSuffix[] =
"(allow file* (subpath \"/private/var/folders\"))";
constexpr char kClipboardArg[] = "pasteboard-name";
"(allow file* (subpath \"/private/var/folders/\"))";
constexpr char kExtraDataArg[] = "extra-data";
class SandboxMacTest : public base::MultiProcessTest {
protected:
......@@ -49,6 +55,9 @@ class SandboxMacTest : public base::MultiProcessTest {
base::CommandLine cl = MultiProcessTest::MakeCmdLine(procname);
cl.AppendArg(
base::StringPrintf("%s%d", sandbox::switches::kSeatbeltClient, pipe_));
if (!extra_data_.empty()) {
cl.AppendSwitchASCII(kExtraDataArg, extra_data_);
}
return cl;
}
......@@ -150,17 +159,7 @@ class SandboxMacTest : public base::MultiProcessTest {
}
int pipe_{0};
};
class SandboxMacClipboardTest : public SandboxMacTest {
protected:
base::CommandLine MakeCmdLine(const std::string& procname) override {
base::CommandLine cl = SandboxMacTest::MakeCmdLine(procname);
cl.AppendSwitchASCII(kClipboardArg, pasteboard_name_);
return cl;
}
std::string pasteboard_name_{};
std::string extra_data_{};
};
void CheckCreateSeatbeltServer() {
......@@ -178,6 +177,11 @@ void CheckCreateSeatbeltServer() {
CHECK(result.server->InitializeSandbox());
}
std::string GetExtraDataValue() {
base::CommandLine* cl = base::CommandLine::ForCurrentProcess();
return cl->GetSwitchValueASCII(kExtraDataArg);
}
} // namespace
MULTIPROCESS_TEST_MAIN(RendererWriteProcess) {
......@@ -201,8 +205,7 @@ TEST_F(SandboxMacTest, RendererCannotWriteHomeDir) {
MULTIPROCESS_TEST_MAIN(ClipboardAccessProcess) {
CheckCreateSeatbeltServer();
base::CommandLine* cl = base::CommandLine::ForCurrentProcess();
std::string pasteboard_name = cl->GetSwitchValueASCII(kClipboardArg);
std::string pasteboard_name = GetExtraDataValue();
CHECK(!pasteboard_name.empty());
CHECK([NSPasteboard pasteboardWithName:base::SysUTF8ToNSString(
pasteboard_name)] == nil);
......@@ -211,12 +214,12 @@ MULTIPROCESS_TEST_MAIN(ClipboardAccessProcess) {
return 0;
}
TEST_F(SandboxMacClipboardTest, ClipboardAccess) {
TEST_F(SandboxMacTest, ClipboardAccess) {
scoped_refptr<ui::UniquePasteboard> pb = new ui::UniquePasteboard;
ASSERT_TRUE(pb->get());
EXPECT_EQ([[pb->get() types] count], 0U);
pasteboard_name_ = base::SysNSStringToUTF8([pb->get() name]);
extra_data_ = base::SysNSStringToUTF8([pb->get() name]);
ExecuteInAllSandboxTypes("ClipboardAccessProcess",
base::BindRepeating(
......@@ -240,4 +243,74 @@ TEST_F(SandboxMacTest, SSLInitTest) {
ExecuteInAllSandboxTypes("SSLProcess", base::RepeatingClosure());
}
MULTIPROCESS_TEST_MAIN(FontLoadingProcess) {
// Create a shared memory handle to mimic what the browser process does.
std::string font_file_path = GetExtraDataValue();
CHECK(!font_file_path.empty());
std::string font_data;
CHECK(base::ReadFileToString(base::FilePath(font_file_path), &font_data));
size_t font_data_length = font_data.length();
CHECK(font_data_length > 0);
auto font_shmem = mojo::SharedBufferHandle::Create(font_data_length);
CHECK(font_shmem.is_valid());
mojo::ScopedSharedBufferMapping mapping = font_shmem->Map(font_data_length);
CHECK(mapping);
memcpy(mapping.get(), font_data.c_str(), font_data_length);
// Now init the sandbox.
CheckCreateSeatbeltServer();
mojo::ScopedSharedBufferHandle shmem_handle =
font_shmem->Clone(mojo::SharedBufferHandle::AccessMode::READ_ONLY);
CHECK(shmem_handle.is_valid());
base::ScopedCFTypeRef<CGFontRef> cgfont;
CHECK(FontLoader::CGFontRefFromBuffer(
std::move(shmem_handle), font_data_length, cgfont.InitializeInto()));
CHECK(cgfont);
base::ScopedCFTypeRef<CTFontRef> ctfont(
CTFontCreateWithGraphicsFont(cgfont.get(), 16.0, NULL, NULL));
CHECK(ctfont);
// Do something with the font to make sure it's loaded.
CGFloat cap_height = CTFontGetCapHeight(ctfont);
CHECK(cap_height > 0.0);
return 0;
}
TEST_F(SandboxMacTest, FontLoadingTest) {
base::FilePath temp_file_path;
FILE* temp_file = base::CreateAndOpenTemporaryFile(&temp_file_path);
ASSERT_TRUE(temp_file);
base::ScopedFILE temp_file_closer(temp_file);
std::unique_ptr<FontLoader::ResultInternal> result =
FontLoader::LoadFontForTesting(base::ASCIIToUTF16("Geeza Pro"), 16);
ASSERT_TRUE(result);
ASSERT_TRUE(result->font_data.is_valid());
uint64_t font_data_size = result->font_data->GetSize();
EXPECT_GT(font_data_size, 0U);
EXPECT_GT(result->font_id, 0U);
mojo::ScopedSharedBufferMapping mapping =
result->font_data->Map(font_data_size);
ASSERT_TRUE(mapping);
base::WriteFileDescriptor(fileno(temp_file),
static_cast<const char*>(mapping.get()),
font_data_size);
extra_data_ = temp_file_path.value();
ExecuteInRendererSandbox("FontLoadingProcess");
temp_file_closer.reset();
ASSERT_TRUE(base::DeleteFile(temp_file_path, false));
}
} // namespace content
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#import <Cocoa/Cocoa.h>
#include <stddef.h>
#include <memory>
#include "base/files/file_util.h"
#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "base/mac/scoped_cftyperef.h"
#include "base/memory/shared_memory.h"
#include "base/strings/utf_string_conversions.h"
#include "content/common/mac/font_loader.h"
#include "content/common/sandbox_mac_unittest_helper.h"
#include "services/service_manager/sandbox/sandbox_type.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace content {
class FontLoadingTestCase : public MacSandboxTestCase {
public:
FontLoadingTestCase() : font_data_length_(-1) {}
bool BeforeSandboxInit() override;
bool SandboxedTest() override;
private:
mojo::ScopedSharedBufferHandle font_shmem_;
size_t font_data_length_;
};
REGISTER_SANDBOX_TEST_CASE(FontLoadingTestCase);
// Load raw font data into shared memory object.
bool FontLoadingTestCase::BeforeSandboxInit() {
std::string font_data;
if (!base::ReadFileToString(base::FilePath(test_data_.c_str()), &font_data)) {
LOG(ERROR) << "Failed to read font data from file (" << test_data_ << ")";
return false;
}
font_data_length_ = font_data.length();
if (font_data_length_ <= 0) {
LOG(ERROR) << "No font data: " << font_data_length_;
return false;
}
font_shmem_ = mojo::SharedBufferHandle::Create(font_data_length_);
if (!font_shmem_.is_valid()) {
LOG(ERROR) << "Failed to create shared memory object.";
return false;
}
mojo::ScopedSharedBufferMapping mapping = font_shmem_->Map(font_data_length_);
if (!mapping) {
LOG(ERROR) << "ScopedSharedBufferHandle::Map failed";
return false;
}
memcpy(mapping.get(), font_data.c_str(), font_data_length_);
return true;
}
bool FontLoadingTestCase::SandboxedTest() {
mojo::ScopedSharedBufferHandle shmem_handle =
font_shmem_->Clone(mojo::SharedBufferHandle::AccessMode::READ_ONLY);
if (!shmem_handle.is_valid()) {
LOG(ERROR) << "ScopedSharedBufferHandle handle duplication failed";
return false;
}
CGFontRef cg_font_ref;
if (!FontLoader::CGFontRefFromBuffer(std::move(shmem_handle),
font_data_length_, &cg_font_ref)) {
LOG(ERROR) << "Call to CreateCGFontFromBuffer() failed";
return false;
}
if (!cg_font_ref) {
LOG(ERROR) << "Got NULL CGFontRef";
return false;
}
base::ScopedCFTypeRef<CGFontRef> cgfont(cg_font_ref);
CTFontRef ct_font_ref =
CTFontCreateWithGraphicsFont(cgfont.get(), 16.0, NULL, NULL);
base::ScopedCFTypeRef<CTFontRef> ctfont(ct_font_ref);
if (!ct_font_ref) {
LOG(ERROR) << "CTFontCreateWithGraphicsFont() failed";
return false;
}
// Do something with the font to make sure it's loaded.
CGFloat cap_height = CTFontGetCapHeight(ct_font_ref);
if (cap_height <= 0.0) {
LOG(ERROR) << "Got bad value for CTFontGetCapHeight " << cap_height;
return false;
}
return true;
}
TEST_F(MacSandboxTest, FontLoadingTest) {
base::FilePath temp_file_path;
FILE* temp_file = base::CreateAndOpenTemporaryFile(&temp_file_path);
ASSERT_TRUE(temp_file);
base::ScopedFILE temp_file_closer(temp_file);
std::unique_ptr<FontLoader::ResultInternal> result =
FontLoader::LoadFontForTesting(base::ASCIIToUTF16("Geeza Pro"), 16);
ASSERT_TRUE(result);
ASSERT_TRUE(result->font_data.is_valid());
uint64_t font_data_size = result->font_data->GetSize();
EXPECT_GT(font_data_size, 0U);
EXPECT_GT(result->font_id, 0U);
mojo::ScopedSharedBufferMapping mapping =
result->font_data->Map(font_data_size);
ASSERT_TRUE(mapping);
base::WriteFileDescriptor(fileno(temp_file),
static_cast<const char*>(mapping.get()),
font_data_size);
ASSERT_TRUE(RunTestInSandbox(service_manager::SANDBOX_TYPE_RENDERER,
"FontLoadingTestCase",
temp_file_path.value().c_str()));
temp_file_closer.reset();
ASSERT_TRUE(base::DeleteFile(temp_file_path, false));
}
} // namespace content
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_COMMON_SANDBOX_MAC_UNITTEST_HELPER_H_
#define CONTENT_COMMON_SANDBOX_MAC_UNITTEST_HELPER_H_
#include "base/test/multiprocess_test.h"
#include "services/service_manager/sandbox/mac/sandbox_mac.h"
#include "services/service_manager/sandbox/sandbox_type.h"
namespace content {
// Helpers for writing unit tests that runs in the context of the Mac sandbox.
//
// How to write a sandboxed test:
// 1. Create a class that inherits from MacSandboxTestCase and overrides
// its functions to run code before or after the sandbox is initialised in a
// subprocess.
// 2. Register the class you just created with the REGISTER_SANDBOX_TEST_CASE()
// macro.
// 3. Write a test [using TEST_F()] that inherits from MacSandboxTest and call
// one of its helper functions to launch the test.
//
// Example:
// class TestCaseThatRunsInSandboxedSubprocess : public MacSandboxTestCase {
// public:
// virtual bool SandboxedTest() {
// .. test code that runs in sandbox goes here ..
// return true; // always succeed.
// }
// };
//
// // Register the test case you just created.
// REGISTER_SANDBOX_TEST_CASE(TestCaseThatRunsInSandboxedSubprocess);
//
// TEST_F(MacSandboxTest, ATest) {
// EXPECT_TRUE(RunTestInAllSandboxTypes(
// "TestCaseThatRunsInSandboxedSubprocess",
// NULL));
// }
// Base test type with helper functions to spawn a subprocess that exercises
// a given test in the sandbox.
class MacSandboxTest : public base::MultiProcessTest {
public:
// Runs a test specified by |test_name| in a sandbox of the type specified
// by |sandbox_type|. |test_data| is a custom string that a test can pass
// to the child process runing in the sandbox, or NULL if additional data is
// required.
// Returns true if the test passes, false if either of the functions in
// the corresponding MacSandboxTestCase return false.
bool RunTestInSandbox(service_manager::SandboxType sandbox_type,
const char* test_name,
const char* test_data);
// Runs the test specified by |test_name| in all the different sandbox types
// known to content, one by one.
// Returns true if the test passes, false if either of the functions in
// the corresponding MacSandboxTestCase return false in any of the spawned
// processes.
//
// DANGER DANGER DANGER:
// Additional sandbox types defined by the embedder (e.g. the NaCl sandbox)
// won't be covered by these tests.
bool RunTestInAllSandboxTypes(const char* test_name,
const char* test_data);
};
// Class to ease writing test cases that run inside the OS X sandbox.
// This class is instantiated in a subprocess, and allows you to run test code
// at various stages of execution.
// Note that you must register the subclass you create with the
// REGISTER_SANDBOX_TEST_CASE so it's visible to the test driver.
class MacSandboxTestCase {
public:
virtual ~MacSandboxTestCase() {}
// Code that runs in the sandboxed subprocess before the sandbox is
// initialized.
// Returning false from this function will cause the entire test case to fail.
virtual bool BeforeSandboxInit();
// Code that runs in the sandboxed subprocess when the sandbox has been
// enabled.
// Returning false from this function will cause the entire test case to fail.
virtual bool SandboxedTest() = 0;
// The data that's passed in the |user_data| parameter of
// RunTest[s]InSandbox() is passed to this function.
virtual void SetTestData(const char* test_data);
protected:
std::string test_data_;
};
// Plumbing to support the REGISTER_SANDBOX_TEST_CASE macro.
namespace internal {
// Register a test case with a given name.
void AddSandboxTestCase(const char* test_name, MacSandboxTestCase* test_class);
// Construction of this class causes a new entry to be placed in a global
// map.
template <class T> struct RegisterSandboxTest {
RegisterSandboxTest(const char* test_name) {
AddSandboxTestCase(test_name, new T);
}
};
#define REGISTER_SANDBOX_TEST_CASE(class_name) \
namespace { \
content::internal::RegisterSandboxTest<class_name> \
register_test##class_name(#class_name); \
} // namespace
} // namespace internal
} // namespace content
#endif // CONTENT_COMMON_SANDBOX_MAC_UNITTEST_HELPER_H_
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/common/sandbox_mac_unittest_helper.h"
extern "C" {
#include <sandbox.h>
}
#include <map>
#include <memory>
#include "base/logging.h"
#include "base/process/kill.h"
#include "content/test/test_content_client.h"
#include "services/service_manager/sandbox/mac/sandbox_mac.h"
#include "services/service_manager/sandbox/sandbox_type.h"
#include "testing/multiprocess_func_list.h"
namespace content {
namespace {
const char* kSandboxTypeKey = "CHROMIUM_SANDBOX_SANDBOX_TYPE";
const char* kSandboxTestNameKey = "CHROMIUM_SANDBOX_TEST_NAME";
const char* kTestDataKey = "CHROMIUM_SANDBOX_USER_DATA";
} // namespace
// Support infrastructure for REGISTER_SANDBOX_TEST_CASE macro.
namespace internal {
typedef std::map<std::string,MacSandboxTestCase*> SandboxTestMap;
// A function that returns a common map from string -> test case class.
SandboxTestMap& GetSandboxTestMap() {
static SandboxTestMap test_map;
return test_map;
}
void AddSandboxTestCase(const char* test_name, MacSandboxTestCase* test_class) {
SandboxTestMap& test_map = GetSandboxTestMap();
if (test_map.find(test_name) != test_map.end()) {
LOG(ERROR) << "Trying to register duplicate test" << test_name;
NOTREACHED();
}
test_map[test_name] = test_class;
}
} // namespace internal
bool MacSandboxTest::RunTestInAllSandboxTypes(const char* test_name,
const char* test_data) {
// Go through all the sandbox types, and run the test case in each of them
// if one fails, abort.
for (int i = static_cast<int>(service_manager::SANDBOX_TYPE_FIRST_TYPE);
i < service_manager::SANDBOX_TYPE_AFTER_LAST_TYPE; ++i) {
if (service_manager::IsUnsandboxedSandboxType(
static_cast<service_manager::SandboxType>(i))) {
continue;
}
if (!RunTestInSandbox(static_cast<service_manager::SandboxType>(i),
test_name, test_data)) {
LOG(ERROR) << "Sandboxed test (" << test_name << ")"
<< "Failed in sandbox type " << i << "user data: ("
<< test_data << ")";
return false;
}
}
return true;
}
bool MacSandboxTest::RunTestInSandbox(service_manager::SandboxType sandbox_type,
const char* test_name,
const char* test_data) {
std::stringstream s;
s << static_cast<int>(static_cast<int>(sandbox_type));
setenv(kSandboxTypeKey, s.str().c_str(), 1);
setenv(kSandboxTestNameKey, test_name, 1);
if (test_data)
setenv(kTestDataKey, test_data, 1);
base::Process child_process = SpawnChild("mac_sandbox_test_runner");
if (!child_process.IsValid()) {
LOG(WARNING) << "SpawnChild failed";
return false;
}
int code = -1;
if (!child_process.WaitForExit(&code)) {
LOG(WARNING) << "Process::WaitForExit failed";
return false;
}
return code == 0;
}
bool MacSandboxTestCase::BeforeSandboxInit() {
return true;
}
void MacSandboxTestCase::SetTestData(const char* test_data) {
test_data_ = test_data;
}
// Given a test name specified by |name| return that test case.
// If no test case is found for the given name, return NULL.
MacSandboxTestCase *SandboxTestForName(const char* name) {
using internal::SandboxTestMap;
using internal::GetSandboxTestMap;
SandboxTestMap all_tests = GetSandboxTestMap();
SandboxTestMap::iterator it = all_tests.find(name);
if (it == all_tests.end()) {
LOG(ERROR) << "Couldn't find sandbox test case(" << name << ")";
return NULL;
}
return it->second;
}
// Main function for driver process that enables the sandbox and runs test
// code.
MULTIPROCESS_TEST_MAIN(mac_sandbox_test_runner) {
TestContentClient content_client;
SetContentClient(&content_client);
// Extract parameters.
char* sandbox_type_str = getenv(kSandboxTypeKey);
if (!sandbox_type_str) {
LOG(ERROR) << "Sandbox type not specified";
return -1;
}
auto sandbox_type =
static_cast<service_manager::SandboxType>(atoi(sandbox_type_str));
char* sandbox_test_name = getenv(kSandboxTestNameKey);
if (!sandbox_test_name) {
LOG(ERROR) << "Sandbox test name not specified";
return -1;
}
const char* test_data = getenv(kTestDataKey);
// Find Test Function to run;
std::unique_ptr<MacSandboxTestCase> test_case(
SandboxTestForName(sandbox_test_name));
if (!test_case) {
LOG(ERROR) << "Invalid sandbox test name (" << sandbox_test_name << ")";
return -1;
}
if (test_data)
test_case->SetTestData(test_data);
// Run Test.
if (!test_case->BeforeSandboxInit()) {
LOG(ERROR) << sandbox_test_name << "Failed test before sandbox init";
return -1;
}
service_manager::SandboxMac::Warmup(sandbox_type);
if (!service_manager::SandboxMac::Enable(sandbox_type)) {
LOG(ERROR) << "Failed to initialize sandbox " << sandbox_type;
return -1;
}
if (!test_case->SandboxedTest()) {
LOG(ERROR) << sandbox_test_name << "Failed sandboxed test";
return -1;
}
return 0;
}
} // namespace content
......@@ -1682,9 +1682,6 @@ test("content_unittests") {
"../common/page_state_serialization_unittest.cc",
"../common/page_zoom_unittest.cc",
"../common/plugin_list_unittest.cc",
"../common/sandbox_mac_fontloading_unittest.mm",
"../common/sandbox_mac_unittest_helper.h",
"../common/sandbox_mac_unittest_helper.mm",
"../common/service_manager/service_manager_connection_impl_unittest.cc",
"../common/service_worker/service_worker_types_unittest.cc",
"../common/service_worker/service_worker_utils_unittest.cc",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment