public void CreateSandboxedProcessInfoWithExplicitReporting()
{
var instance = CreateSandboxExecRunner();
var processInfo = SandboxExecRunner.CreateSandboxedProcessInfo("/usr/bin/touch", instance);
// Make sure the SandboxExec sandboxed process info is always gerenated to explicitly report all file accesses
XAssert.IsTrue(processInfo.FileAccessManifest.ReportFileAccesses);
XAssert.IsFalse(processInfo.FileAccessManifest.FailUnexpectedFileAccesses);
}
public void TestParseArgsWithDoubleDashInProcArgs()
{
var procArgs = new string[] { "/bin/cat", "--" };
var args = new[] { "--" }.Concat(procArgs).ToArray();
var result = SandboxExecRunner.ParseArgs(args);
XAssert.AreEqual(Defaults, result.toolOptions);
XAssert.ArrayEqual(procArgs, result.procArgs);
}
public void TestParseArgsWithTwoToolArgs(string arg1, string arg2, bool?expectedVerboseValue, int?expectedQueueSizeValue)
{
var procArgs = new string[] { "/bin/cat", "--" };
var args = new[] { arg1, arg2, "--" }.Concat(procArgs).ToArray();
var result = SandboxExecRunner.ParseArgs(args);
XAssert.AreEqual(expectedVerboseValue ?? Defaults.Verbose, result.toolOptions.Verbose);
XAssert.AreEqual(expectedQueueSizeValue ?? (int)Defaults.ReportQueueSizeMB, (int)result.toolOptions.ReportQueueSizeMB);
XAssert.ArrayEqual(procArgs, result.procArgs);
}
public void TestParseArgsNoToolArgs(bool withSeparator)
{
var procArgs = new string[] { "/bin/ls", "-l" };
var args = withSeparator
? new[] { "--" }.Concat(procArgs).ToArray()
: procArgs;
var result = SandboxExecRunner.ParseArgs(args);
XAssert.AreEqual(Defaults, result.toolOptions);
XAssert.ArrayEqual(procArgs, result.procArgs);
}
public void CommandLineArgumentsGetParsedCorrectly()
{
var input = new string[] { "/usr/bin/clang", "test.c", "-o", "test", "'a b c'", "/a/b/c/d e f.app" };
var arguments = SandboxExecRunner.ExtractAndEscapeCommandLineArguments(input);
if (OperatingSystemHelper.IsUnixOS)
{
XAssert.AreEqual("'test.c' '-o' 'test' ''\\''a b c'\\''' '/a/b/c/d e f.app'", arguments);
}
else
{
XAssert.AreEqual("test.c -o test 'a b c' /a/b/c/d e f.app", arguments);
}
}
public void TestSandboxConnectionNotInTestMode()
{
if (OperatingSystemHelper.IsMacOS)
{
return; // doesn't work with the kext
}
using var sandboxConnection = CreateSandboxConnection(isInTestMode: false);
var instance = new SandboxExecRunner(sandboxConnection);
var processInfo = SandboxExecRunner.CreateSandboxedProcessInfo("/usr/bin/touch", instance);
// Make sure the SandboxExec sandboxed process info is always generated to explicitly report all file accesses
XAssert.IsTrue(processInfo.FileAccessManifest.ReportFileAccesses);
XAssert.IsFalse(processInfo.FileAccessManifest.FailUnexpectedFileAccesses);
}
public async Task CheckForFileAccessReportsWhenRunningProcessWithKextLoaded()
{
try
{
var instance = CreateSandboxExecRunner();
var process = await SandboxExecRunner.ExecuteAsync(instance, new string[] { "/bin/ls", "." }, TestOutputDirectory);
var result = await process.GetResultAsync();
var distinctAccessReports = instance.DedupeAccessReports(
result.FileAccesses,
result.ExplicitlyReportedFileAccesses,
result.AllUnexpectedFileAccesses);
XAssert.IsTrue(distinctAccessReports.Count > 0);
XAssert.IsTrue(distinctAccessReports.Contains(" R /bin/ls"));
}
catch (Exception ex)
{
// This should not happen if the sandbox is loaded and non of the report processing did throw
XAssert.Fail("CheckForFileAccessReportsWhenRunningProcessWithKextLoaded, threw an exception: {0}", ex);
}
}