xref: /aosp_15_r20/external/sandboxed-api/sandboxed_api/sandbox2/limits_test.cc (revision ec63e07ab9515d95e79c211197c445ef84cefa6a) 
1*ec63e07aSXin Li // Copyright 2019 Google LLC
2*ec63e07aSXin Li //
3*ec63e07aSXin Li // Licensed under the Apache License, Version 2.0 (the "License");
4*ec63e07aSXin Li // you may not use this file except in compliance with the License.
5*ec63e07aSXin Li // You may obtain a copy of the License at
6*ec63e07aSXin Li //
7*ec63e07aSXin Li //     https://www.apache.org/licenses/LICENSE-2.0
8*ec63e07aSXin Li //
9*ec63e07aSXin Li // Unless required by applicable law or agreed to in writing, software
10*ec63e07aSXin Li // distributed under the License is distributed on an "AS IS" BASIS,
11*ec63e07aSXin Li // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*ec63e07aSXin Li // See the License for the specific language governing permissions and
13*ec63e07aSXin Li // limitations under the License.
14*ec63e07aSXin Li 
15*ec63e07aSXin Li #include "sandboxed_api/sandbox2/limits.h"
16*ec63e07aSXin Li 
17*ec63e07aSXin Li #include <csignal>
18*ec63e07aSXin Li #include <memory>
19*ec63e07aSXin Li #include <string>
20*ec63e07aSXin Li #include <utility>
21*ec63e07aSXin Li #include <vector>
22*ec63e07aSXin Li 
23*ec63e07aSXin Li #include "gtest/gtest.h"
24*ec63e07aSXin Li #include "sandboxed_api/sandbox2/executor.h"
25*ec63e07aSXin Li #include "sandboxed_api/sandbox2/result.h"
26*ec63e07aSXin Li #include "sandboxed_api/sandbox2/sandbox2.h"
27*ec63e07aSXin Li #include "sandboxed_api/testing.h"
28*ec63e07aSXin Li #include "sandboxed_api/util/status_matchers.h"
29*ec63e07aSXin Li 
30*ec63e07aSXin Li namespace sandbox2 {
31*ec63e07aSXin Li namespace {
32*ec63e07aSXin Li 
33*ec63e07aSXin Li using ::sapi::CreateDefaultPermissiveTestPolicy;
34*ec63e07aSXin Li using ::sapi::GetTestSourcePath;
35*ec63e07aSXin Li 
GetLimitsTestcaseBinPath()36*ec63e07aSXin Li std::string GetLimitsTestcaseBinPath() {
37*ec63e07aSXin Li   return GetTestSourcePath("sandbox2/testcases/limits");
38*ec63e07aSXin Li }
39*ec63e07aSXin Li 
TEST(LimitsTest,RLimitASMmapUnderLimit)40*ec63e07aSXin Li TEST(LimitsTest, RLimitASMmapUnderLimit) {
41*ec63e07aSXin Li   SKIP_SANITIZERS;
42*ec63e07aSXin Li   const std::string path = GetLimitsTestcaseBinPath();
43*ec63e07aSXin Li   std::vector<std::string> args = {path, "1"};  // mmap(1 MiB)
44*ec63e07aSXin Li   auto executor = std::make_unique<sandbox2::Executor>(path, args);
45*ec63e07aSXin Li   executor->limits()->set_rlimit_as(100ULL << 20);  // 100 MiB
46*ec63e07aSXin Li 
47*ec63e07aSXin Li   SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
48*ec63e07aSXin Li                             CreateDefaultPermissiveTestPolicy(path).TryBuild());
49*ec63e07aSXin Li   sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
50*ec63e07aSXin Li   auto result = s2.Run();
51*ec63e07aSXin Li 
52*ec63e07aSXin Li   ASSERT_EQ(result.final_status(), sandbox2::Result::OK);
53*ec63e07aSXin Li   EXPECT_EQ(result.reason_code(), 0);
54*ec63e07aSXin Li }
55*ec63e07aSXin Li 
TEST(LimitsTest,RLimitASMmapAboveLimit)56*ec63e07aSXin Li TEST(LimitsTest, RLimitASMmapAboveLimit) {
57*ec63e07aSXin Li   SKIP_SANITIZERS;
58*ec63e07aSXin Li   const std::string path = GetLimitsTestcaseBinPath();
59*ec63e07aSXin Li   std::vector<std::string> args = {path, "2"};  // mmap(100 MiB)
60*ec63e07aSXin Li   auto executor = std::make_unique<sandbox2::Executor>(path, args);
61*ec63e07aSXin Li   executor->limits()->set_rlimit_as(100ULL << 20);  // 100 MiB
62*ec63e07aSXin Li 
63*ec63e07aSXin Li   SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
64*ec63e07aSXin Li                             CreateDefaultPermissiveTestPolicy(path).TryBuild());
65*ec63e07aSXin Li   sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
66*ec63e07aSXin Li   auto result = s2.Run();
67*ec63e07aSXin Li 
68*ec63e07aSXin Li   ASSERT_EQ(result.final_status(), sandbox2::Result::OK);
69*ec63e07aSXin Li   EXPECT_EQ(result.reason_code(), 0);
70*ec63e07aSXin Li }
71*ec63e07aSXin Li 
TEST(LimitsTest,RLimitASAllocaSmallUnderLimit)72*ec63e07aSXin Li TEST(LimitsTest, RLimitASAllocaSmallUnderLimit) {
73*ec63e07aSXin Li   SKIP_SANITIZERS;
74*ec63e07aSXin Li   const std::string path = GetLimitsTestcaseBinPath();
75*ec63e07aSXin Li   std::vector<std::string> args = {path, "3"};  // alloca(1 MiB)
76*ec63e07aSXin Li   auto executor = std::make_unique<sandbox2::Executor>(path, args);
77*ec63e07aSXin Li   executor->limits()->set_rlimit_as(100ULL << 20);  // 100 MiB
78*ec63e07aSXin Li 
79*ec63e07aSXin Li   SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
80*ec63e07aSXin Li                             CreateDefaultPermissiveTestPolicy(path).TryBuild());
81*ec63e07aSXin Li   sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
82*ec63e07aSXin Li   auto result = s2.Run();
83*ec63e07aSXin Li 
84*ec63e07aSXin Li   ASSERT_EQ(result.final_status(), sandbox2::Result::OK);
85*ec63e07aSXin Li   EXPECT_EQ(result.reason_code(), 0);
86*ec63e07aSXin Li }
87*ec63e07aSXin Li 
TEST(LimitsTest,RLimitASAllocaBigUnderLimit)88*ec63e07aSXin Li TEST(LimitsTest, RLimitASAllocaBigUnderLimit) {
89*ec63e07aSXin Li   SKIP_SANITIZERS;
90*ec63e07aSXin Li   const std::string path = GetLimitsTestcaseBinPath();
91*ec63e07aSXin Li   std::vector<std::string> args = {path, "4"};  // alloca(8 MiB)
92*ec63e07aSXin Li   auto executor = std::make_unique<sandbox2::Executor>(path, args);
93*ec63e07aSXin Li   executor->limits()->set_rlimit_as(100ULL << 20);  // 100 MiB
94*ec63e07aSXin Li 
95*ec63e07aSXin Li   SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
96*ec63e07aSXin Li                             CreateDefaultPermissiveTestPolicy(path).TryBuild());
97*ec63e07aSXin Li   sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
98*ec63e07aSXin Li   auto result = s2.Run();
99*ec63e07aSXin Li 
100*ec63e07aSXin Li   ASSERT_EQ(result.final_status(), sandbox2::Result::SIGNALED);
101*ec63e07aSXin Li   EXPECT_EQ(result.reason_code(), SIGSEGV);
102*ec63e07aSXin Li }
103*ec63e07aSXin Li 
TEST(LimitsTest,RLimitASAllocaBigAboveLimit)104*ec63e07aSXin Li TEST(LimitsTest, RLimitASAllocaBigAboveLimit) {
105*ec63e07aSXin Li   SKIP_SANITIZERS;
106*ec63e07aSXin Li   const std::string path = GetLimitsTestcaseBinPath();
107*ec63e07aSXin Li   std::vector<std::string> args = {path, "5"};  // alloca(100 MiB)
108*ec63e07aSXin Li   auto executor = std::make_unique<sandbox2::Executor>(path, args);
109*ec63e07aSXin Li   executor->limits()->set_rlimit_as(100ULL << 20);  // 100 MiB
110*ec63e07aSXin Li 
111*ec63e07aSXin Li   SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
112*ec63e07aSXin Li                             CreateDefaultPermissiveTestPolicy(path).TryBuild());
113*ec63e07aSXin Li   sandbox2::Sandbox2 s2(std::move(executor), std::move(policy));
114*ec63e07aSXin Li   auto result = s2.Run();
115*ec63e07aSXin Li 
116*ec63e07aSXin Li   ASSERT_EQ(result.final_status(), sandbox2::Result::SIGNALED);
117*ec63e07aSXin Li   EXPECT_EQ(result.reason_code(), SIGSEGV);
118*ec63e07aSXin Li }
119*ec63e07aSXin Li 
120*ec63e07aSXin Li }  // namespace
121*ec63e07aSXin Li }  // namespace sandbox2
122