-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrule_engine_test.cc
106 lines (81 loc) · 2.91 KB
/
rule_engine_test.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "permission_broker/rule_engine.h"
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include <string>
#include "permission_broker/rule.h"
using std::string;
using ::testing::_;
using ::testing::Return;
namespace permission_broker {
class MockRule : public Rule {
public:
MockRule() : Rule("MockRule") {}
MockRule(const MockRule&) = delete;
MockRule& operator=(const MockRule&) = delete;
~MockRule() override = default;
MOCK_METHOD(Result, ProcessDevice, (udev_device * device), (override));
};
class MockRuleEngine : public RuleEngine {
public:
MockRuleEngine() = default;
MockRuleEngine(const MockRuleEngine&) = delete;
MockRuleEngine& operator=(const MockRuleEngine&) = delete;
~MockRuleEngine() override = default;
MOCK_METHOD(void, WaitForEmptyUdevQueue, (), (override));
};
class RuleEngineTest : public testing::Test {
public:
RuleEngineTest() = default;
RuleEngineTest(const RuleEngineTest&) = delete;
RuleEngineTest& operator=(const RuleEngineTest&) = delete;
~RuleEngineTest() override = default;
Rule::Result ProcessPath(const string& path) {
return engine_.ProcessPath(path);
}
protected:
Rule* CreateMockRule(const Rule::Result result) const {
MockRule* rule = new MockRule();
EXPECT_CALL(*rule, ProcessDevice(_)).WillOnce(Return(result));
return rule;
}
MockRuleEngine engine_;
};
TEST_F(RuleEngineTest, EmptyRuleChain) {
EXPECT_EQ(Rule::IGNORE, ProcessPath("/dev/null"));
}
TEST_F(RuleEngineTest, AllowAccess) {
engine_.AddRule(CreateMockRule(Rule::ALLOW));
EXPECT_EQ(Rule::ALLOW, ProcessPath("/dev/null"));
}
TEST_F(RuleEngineTest, DenyAccess) {
engine_.AddRule(CreateMockRule(Rule::DENY));
EXPECT_EQ(Rule::DENY, ProcessPath("/dev/null"));
}
TEST_F(RuleEngineTest, DenyPrecedence) {
engine_.AddRule(CreateMockRule(Rule::ALLOW));
engine_.AddRule(CreateMockRule(Rule::IGNORE));
engine_.AddRule(CreateMockRule(Rule::DENY));
EXPECT_EQ(Rule::DENY, ProcessPath("/dev/null"));
}
TEST_F(RuleEngineTest, AllowPrecedence) {
engine_.AddRule(CreateMockRule(Rule::IGNORE));
engine_.AddRule(CreateMockRule(Rule::ALLOW));
engine_.AddRule(CreateMockRule(Rule::IGNORE));
EXPECT_EQ(Rule::ALLOW, ProcessPath("/dev/null"));
}
TEST_F(RuleEngineTest, LockdownPrecedence) {
engine_.AddRule(CreateMockRule(Rule::IGNORE));
engine_.AddRule(CreateMockRule(Rule::ALLOW_WITH_LOCKDOWN));
engine_.AddRule(CreateMockRule(Rule::ALLOW));
EXPECT_EQ(Rule::ALLOW_WITH_LOCKDOWN, ProcessPath("/dev/null"));
}
TEST_F(RuleEngineTest, DetachPrecedence) {
engine_.AddRule(CreateMockRule(Rule::IGNORE));
engine_.AddRule(CreateMockRule(Rule::ALLOW_WITH_DETACH));
engine_.AddRule(CreateMockRule(Rule::ALLOW));
EXPECT_EQ(Rule::ALLOW_WITH_DETACH, ProcessPath("/dev/null"));
}
} // namespace permission_broker