1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "sandbox/mac/dispatch_source_mach.h"
6
7 #include <mach/mach.h>
8
9 #include "base/logging.h"
10 #include "base/mac/scoped_mach_port.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/test/test_timeouts.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14
15 namespace sandbox {
16
17 class DispatchSourceMachTest : public testing::Test {
18 public:
SetUp()19 virtual void SetUp() OVERRIDE {
20 mach_port_t port = MACH_PORT_NULL;
21 ASSERT_EQ(KERN_SUCCESS, mach_port_allocate(mach_task_self(),
22 MACH_PORT_RIGHT_RECEIVE, &port));
23 receive_right_.reset(port);
24
25 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(mach_task_self(), port,
26 port, MACH_MSG_TYPE_MAKE_SEND));
27 send_right_.reset(port);
28 }
29
port()30 mach_port_t port() { return receive_right_.get(); }
31
WaitForSemaphore(dispatch_semaphore_t semaphore)32 void WaitForSemaphore(dispatch_semaphore_t semaphore) {
33 dispatch_semaphore_wait(semaphore, dispatch_time(
34 DISPATCH_TIME_NOW,
35 TestTimeouts::action_timeout().InSeconds() * NSEC_PER_SEC));
36 }
37
38 private:
39 base::mac::ScopedMachReceiveRight receive_right_;
40 base::mac::ScopedMachSendRight send_right_;
41 };
42
TEST_F(DispatchSourceMachTest,ReceiveAfterResume)43 TEST_F(DispatchSourceMachTest, ReceiveAfterResume) {
44 dispatch_semaphore_t signal = dispatch_semaphore_create(0);
45
46 bool __block did_receive = false;
47 DispatchSourceMach source("org.chromium.sandbox.test.ReceiveAfterResume",
48 port(), ^{
49 mach_msg_empty_rcv_t msg = {{0}};
50 msg.header.msgh_size = sizeof(msg);
51 msg.header.msgh_local_port = port();
52 mach_msg_receive(&msg.header);
53 did_receive = true;
54
55 dispatch_semaphore_signal(signal);
56 });
57
58 mach_msg_empty_send_t msg = {{0}};
59 msg.header.msgh_size = sizeof(msg);
60 msg.header.msgh_remote_port = port();
61 msg.header.msgh_bits = MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_COPY_SEND);
62 ASSERT_EQ(KERN_SUCCESS, mach_msg_send(&msg.header));
63
64 EXPECT_FALSE(did_receive);
65
66 source.Resume();
67
68 WaitForSemaphore(signal);
69
70 EXPECT_TRUE(did_receive);
71 }
72
TEST_F(DispatchSourceMachTest,NoMessagesAfterDestruction)73 TEST_F(DispatchSourceMachTest, NoMessagesAfterDestruction) {
74 scoped_ptr<int> count(new int(0));
75 int* __block count_ptr = count.get();
76
77 scoped_ptr<DispatchSourceMach> source(new DispatchSourceMach(
78 "org.chromium.sandbox.test.NoMessagesAfterDestruction",
79 port(), ^{
80 mach_msg_empty_rcv_t msg = {{0}};
81 msg.header.msgh_size = sizeof(msg);
82 msg.header.msgh_local_port = port();
83 mach_msg_receive(&msg.header);
84 LOG(INFO) << "Receieve " << *count_ptr;
85 ++(*count_ptr);
86 }));
87 source->Resume();
88
89 dispatch_queue_t queue =
90 dispatch_queue_create("org.chromium.sandbox.test.MessageSend", NULL);
91 dispatch_semaphore_t signal = dispatch_semaphore_create(0);
92 for (int i = 0; i < 30; ++i) {
93 dispatch_async(queue, ^{
94 mach_msg_empty_send_t msg = {{0}};
95 msg.header.msgh_size = sizeof(msg);
96 msg.header.msgh_remote_port = port();
97 msg.header.msgh_bits =
98 MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_COPY_SEND);
99 mach_msg_send(&msg.header);
100 });
101
102 // After sending five messages, shut down the source and taint the
103 // pointer the handler dereferences. The test will crash if |count_ptr|
104 // is being used after "free".
105 if (i == 5) {
106 scoped_ptr<DispatchSourceMach>* source_ptr = &source;
107 dispatch_async(queue, ^{
108 source_ptr->reset();
109 count_ptr = reinterpret_cast<int*>(0xdeaddead);
110 dispatch_semaphore_signal(signal);
111 });
112 }
113 }
114
115 WaitForSemaphore(signal);
116 dispatch_release(queue);
117 }
118
119 } // namespace sandbox
120