• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "sandbox/mac/dispatch_source_mach.h"
6 
7 #include <mach/mach.h>
8 
9 #include "base/logging.h"
10 #include "base/mac/scoped_mach_port.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/test/test_timeouts.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14 
15 namespace sandbox {
16 
17 class DispatchSourceMachTest : public testing::Test {
18  public:
SetUp()19   virtual void SetUp() OVERRIDE {
20     mach_port_t port = MACH_PORT_NULL;
21     ASSERT_EQ(KERN_SUCCESS, mach_port_allocate(mach_task_self(),
22         MACH_PORT_RIGHT_RECEIVE, &port));
23     receive_right_.reset(port);
24 
25     ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(mach_task_self(), port,
26         port, MACH_MSG_TYPE_MAKE_SEND));
27     send_right_.reset(port);
28   }
29 
port()30   mach_port_t port() { return receive_right_.get(); }
31 
WaitForSemaphore(dispatch_semaphore_t semaphore)32   void WaitForSemaphore(dispatch_semaphore_t semaphore) {
33     dispatch_semaphore_wait(semaphore, dispatch_time(
34         DISPATCH_TIME_NOW,
35         TestTimeouts::action_timeout().InSeconds() * NSEC_PER_SEC));
36   }
37 
38  private:
39   base::mac::ScopedMachReceiveRight receive_right_;
40   base::mac::ScopedMachSendRight send_right_;
41 };
42 
TEST_F(DispatchSourceMachTest,ReceiveAfterResume)43 TEST_F(DispatchSourceMachTest, ReceiveAfterResume) {
44   dispatch_semaphore_t signal = dispatch_semaphore_create(0);
45 
46   bool __block did_receive = false;
47   DispatchSourceMach source("org.chromium.sandbox.test.ReceiveAfterResume",
48       port(), ^{
49           mach_msg_empty_rcv_t msg = {{0}};
50           msg.header.msgh_size = sizeof(msg);
51           msg.header.msgh_local_port = port();
52           mach_msg_receive(&msg.header);
53           did_receive = true;
54 
55           dispatch_semaphore_signal(signal);
56       });
57 
58   mach_msg_empty_send_t msg = {{0}};
59   msg.header.msgh_size = sizeof(msg);
60   msg.header.msgh_remote_port = port();
61   msg.header.msgh_bits = MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_COPY_SEND);
62   ASSERT_EQ(KERN_SUCCESS, mach_msg_send(&msg.header));
63 
64   EXPECT_FALSE(did_receive);
65 
66   source.Resume();
67 
68   WaitForSemaphore(signal);
69 
70   EXPECT_TRUE(did_receive);
71 }
72 
TEST_F(DispatchSourceMachTest,NoMessagesAfterDestruction)73 TEST_F(DispatchSourceMachTest, NoMessagesAfterDestruction) {
74   scoped_ptr<int> count(new int(0));
75   int* __block count_ptr = count.get();
76 
77   scoped_ptr<DispatchSourceMach> source(new DispatchSourceMach(
78       "org.chromium.sandbox.test.NoMessagesAfterDestruction",
79       port(), ^{
80           mach_msg_empty_rcv_t msg = {{0}};
81           msg.header.msgh_size = sizeof(msg);
82           msg.header.msgh_local_port = port();
83           mach_msg_receive(&msg.header);
84           LOG(INFO) << "Receieve " << *count_ptr;
85           ++(*count_ptr);
86       }));
87   source->Resume();
88 
89   dispatch_queue_t queue =
90       dispatch_queue_create("org.chromium.sandbox.test.MessageSend", NULL);
91   dispatch_semaphore_t signal = dispatch_semaphore_create(0);
92   for (int i = 0; i < 30; ++i) {
93     dispatch_async(queue, ^{
94         mach_msg_empty_send_t msg = {{0}};
95         msg.header.msgh_size = sizeof(msg);
96         msg.header.msgh_remote_port = port();
97         msg.header.msgh_bits =
98             MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_COPY_SEND);
99         mach_msg_send(&msg.header);
100     });
101 
102     // After sending five messages, shut down the source and taint the
103     // pointer the handler dereferences. The test will crash if |count_ptr|
104     // is being used after "free".
105     if (i == 5) {
106       scoped_ptr<DispatchSourceMach>* source_ptr = &source;
107       dispatch_async(queue, ^{
108           source_ptr->reset();
109           count_ptr = reinterpret_cast<int*>(0xdeaddead);
110           dispatch_semaphore_signal(signal);
111       });
112     }
113   }
114 
115   WaitForSemaphore(signal);
116   dispatch_release(queue);
117 }
118 
119 }  // namespace sandbox
120