| nick | 0903dda | 2014-11-14 13:11:49 +0900 | [diff] [blame] | 1 | // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef IPC_IPC_SECURITY_TEST_UTIL_H_ |
| 6 | #define IPC_IPC_SECURITY_TEST_UTIL_H_ |
| 7 | |
| tfarina | 2d565d3 | 2015-09-16 18:56:21 +0900 | [diff] [blame] | 8 | #include "base/macros.h" |
| nick | 0903dda | 2014-11-14 13:11:49 +0900 | [diff] [blame] | 9 | |
| 10 | namespace IPC { |
| 11 | |
| 12 | class ChannelProxy; |
| 13 | class Message; |
| 14 | |
| 15 | class IpcSecurityTestUtil { |
| 16 | public: |
| 17 | // Enables testing of security exploit scenarios where a compromised child |
| 18 | // process can send a malicious message of an arbitrary type. |
| 19 | // |
| 20 | // This function will post the message to the IPC channel's thread, where it |
| 21 | // is offered to the channel's listeners. Afterwards, a reply task is posted |
| 22 | // back to the current thread. This function blocks until the reply task is |
| 23 | // received. For messages forwarded back to the current thread, we won't |
| 24 | // return until after the message has been handled here. |
| 25 | // |
| 26 | // Use this only for testing security bugs in a browsertest; other uses are |
| 27 | // likely perilous. Unit tests should be using IPC::TestSink which has an |
| 28 | // OnMessageReceived method you can call directly. Non-security browsertests |
| 29 | // should just exercise the child process's normal codepaths to send messages. |
| 30 | static void PwnMessageReceived(ChannelProxy* channel, const Message& message); |
| 31 | |
| 32 | private: |
| 33 | IpcSecurityTestUtil(); // Not instantiable. |
| 34 | |
| 35 | DISALLOW_COPY_AND_ASSIGN(IpcSecurityTestUtil); |
| 36 | }; |
| 37 | |
| 38 | } // namespace IPC |
| 39 | |
| 40 | #endif // IPC_IPC_SECURITY_TEST_UTIL_H_ |