| Index: sandbox/src/process_policy_test.cc
|
| diff --git a/sandbox/src/process_policy_test.cc b/sandbox/src/process_policy_test.cc
|
| deleted file mode 100644
|
| index 783446e55229d73103854d6c00c221ca9c611117..0000000000000000000000000000000000000000
|
| --- a/sandbox/src/process_policy_test.cc
|
| +++ /dev/null
|
| @@ -1,295 +0,0 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include <memory>
|
| -#include <string>
|
| -
|
| -#include "base/sys_string_conversions.h"
|
| -#include "base/win/scoped_handle.h"
|
| -#include "base/win/scoped_process_information.h"
|
| -#include "sandbox/src/sandbox.h"
|
| -#include "sandbox/src/sandbox_policy.h"
|
| -#include "sandbox/src/sandbox_factory.h"
|
| -#include "sandbox/tests/common/controller.h"
|
| -#include "testing/gtest/include/gtest/gtest.h"
|
| -
|
| -namespace {
|
| -
|
| -// While the shell API provides better calls than this home brew function
|
| -// we use GetSystemWindowsDirectoryW which does not query the registry so
|
| -// it is safe to use after revert.
|
| -std::wstring MakeFullPathToSystem32(const wchar_t* name) {
|
| - wchar_t windows_path[MAX_PATH] = {0};
|
| - ::GetSystemWindowsDirectoryW(windows_path, MAX_PATH);
|
| - std::wstring full_path(windows_path);
|
| - if (full_path.empty()) {
|
| - return full_path;
|
| - }
|
| - full_path += L"\\system32\\";
|
| - full_path += name;
|
| - return full_path;
|
| -}
|
| -
|
| -// Creates a process with the |exe| and |command| parameter using the
|
| -// unicode and ascii version of the api.
|
| -sandbox::SboxTestResult CreateProcessHelper(const std::wstring &exe,
|
| - const std::wstring &command) {
|
| - base::win::ScopedProcessInformation pi;
|
| - STARTUPINFOW si = {sizeof(si)};
|
| -
|
| - const wchar_t *exe_name = NULL;
|
| - if (!exe.empty())
|
| - exe_name = exe.c_str();
|
| -
|
| - const wchar_t *cmd_line = NULL;
|
| - if (!command.empty())
|
| - cmd_line = command.c_str();
|
| -
|
| - // Create the process with the unicode version of the API.
|
| - sandbox::SboxTestResult ret1 = sandbox::SBOX_TEST_FAILED;
|
| - if (!::CreateProcessW(exe_name, const_cast<wchar_t*>(cmd_line), NULL, NULL,
|
| - FALSE, 0, NULL, NULL, &si, pi.Receive())) {
|
| - DWORD last_error = GetLastError();
|
| - if ((ERROR_NOT_ENOUGH_QUOTA == last_error) ||
|
| - (ERROR_ACCESS_DENIED == last_error) ||
|
| - (ERROR_FILE_NOT_FOUND == last_error)) {
|
| - ret1 = sandbox::SBOX_TEST_DENIED;
|
| - } else {
|
| - ret1 = sandbox::SBOX_TEST_FAILED;
|
| - }
|
| - } else {
|
| - ret1 = sandbox::SBOX_TEST_SUCCEEDED;
|
| - }
|
| -
|
| - pi.Close();
|
| -
|
| - // Do the same with the ansi version of the api
|
| - STARTUPINFOA sia = {sizeof(sia)};
|
| - sandbox::SboxTestResult ret2 = sandbox::SBOX_TEST_FAILED;
|
| -
|
| - std::string narrow_cmd_line;
|
| - if (cmd_line)
|
| - narrow_cmd_line = base::SysWideToMultiByte(cmd_line, CP_UTF8);
|
| - if (!::CreateProcessA(
|
| - exe_name ? base::SysWideToMultiByte(exe_name, CP_UTF8).c_str() : NULL,
|
| - cmd_line ? const_cast<char*>(narrow_cmd_line.c_str()) : NULL,
|
| - NULL, NULL, FALSE, 0, NULL, NULL, &sia, pi.Receive())) {
|
| - DWORD last_error = GetLastError();
|
| - if ((ERROR_NOT_ENOUGH_QUOTA == last_error) ||
|
| - (ERROR_ACCESS_DENIED == last_error) ||
|
| - (ERROR_FILE_NOT_FOUND == last_error)) {
|
| - ret2 = sandbox::SBOX_TEST_DENIED;
|
| - } else {
|
| - ret2 = sandbox::SBOX_TEST_FAILED;
|
| - }
|
| - } else {
|
| - ret2 = sandbox::SBOX_TEST_SUCCEEDED;
|
| - }
|
| -
|
| - if (ret1 == ret2)
|
| - return ret1;
|
| -
|
| - return sandbox::SBOX_TEST_FAILED;
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -namespace sandbox {
|
| -
|
| -// Tries to create the process in argv[0] using 7 different ways.
|
| -// Since we also try the Ansi and Unicode version of the CreateProcess API,
|
| -// The process referenced by argv[0] will be spawned 14 times.
|
| -SBOX_TESTS_COMMAND int Process_RunApp(int argc, wchar_t **argv) {
|
| - if (argc != 1) {
|
| - return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
|
| - }
|
| - if ((NULL == argv) || (NULL == argv[0])) {
|
| - return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
|
| - }
|
| - std::wstring path = MakeFullPathToSystem32(argv[0]);
|
| -
|
| - // TEST 1: Try with the path in the app_name.
|
| - int result1 = CreateProcessHelper(path, std::wstring());
|
| -
|
| - // TEST 2: Try with the path in the cmd_line.
|
| - std::wstring cmd_line = L"\"";
|
| - cmd_line += path;
|
| - cmd_line += L"\"";
|
| - int result2 = CreateProcessHelper(std::wstring(), cmd_line);
|
| -
|
| - // TEST 3: Try file name in the cmd_line.
|
| - int result3 = CreateProcessHelper(std::wstring(), argv[0]);
|
| -
|
| - // TEST 4: Try file name in the app_name and current directory sets correctly.
|
| - std::wstring system32 = MakeFullPathToSystem32(L"");
|
| - wchar_t current_directory[MAX_PATH + 1];
|
| - int result4;
|
| - bool test_succeeded = false;
|
| - DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory);
|
| - if (0 != ret && ret < MAX_PATH) {
|
| - current_directory[ret] = L'\\';
|
| - current_directory[ret+1] = L'\0';
|
| - if (::SetCurrentDirectory(system32.c_str())) {
|
| - result4 = CreateProcessHelper(argv[0], std::wstring());
|
| - if (::SetCurrentDirectory(current_directory)) {
|
| - test_succeeded = true;
|
| - }
|
| - }
|
| - }
|
| - if (!test_succeeded)
|
| - result4 = SBOX_TEST_FAILED;
|
| -
|
| - // TEST 5: Try with the path in the cmd_line and arguments.
|
| - cmd_line = L"\"";
|
| - cmd_line += path;
|
| - cmd_line += L"\" /INSERT";
|
| - int result5 = CreateProcessHelper(std::wstring(), cmd_line);
|
| -
|
| - // TEST 6: Try with the file_name in the cmd_line and arguments.
|
| - cmd_line = argv[0];
|
| - cmd_line += L" /INSERT";
|
| - int result6 = CreateProcessHelper(std::wstring(), cmd_line);
|
| -
|
| - // TEST 7: Try with the path without the drive.
|
| - cmd_line = path.substr(path.find(L'\\'));
|
| - int result7 = CreateProcessHelper(std::wstring(), cmd_line);
|
| -
|
| - // Check if they all returned the same thing.
|
| - if ((result1 == result2) && (result2 == result3) && (result3 == result4) &&
|
| - (result4 == result5) && (result5 == result6) && (result6 == result7))
|
| - return result1;
|
| -
|
| - return SBOX_TEST_FAILED;
|
| -}
|
| -
|
| -// Creates a process and checks if it's possible to get a handle to it's token.
|
| -SBOX_TESTS_COMMAND int Process_GetChildProcessToken(int argc, wchar_t **argv) {
|
| - if (argc != 1)
|
| - return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
|
| -
|
| - if ((NULL == argv) || (NULL == argv[0]))
|
| - return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
|
| -
|
| - std::wstring path = MakeFullPathToSystem32(argv[0]);
|
| -
|
| - base::win::ScopedProcessInformation pi;
|
| - STARTUPINFOW si = {sizeof(si)};
|
| -
|
| - if (!::CreateProcessW(path.c_str(), NULL, NULL, NULL, FALSE, CREATE_SUSPENDED,
|
| - NULL, NULL, &si, pi.Receive())) {
|
| - return SBOX_TEST_FAILED;
|
| - }
|
| -
|
| - HANDLE token = NULL;
|
| - BOOL result =
|
| - ::OpenProcessToken(pi.process_handle(), TOKEN_IMPERSONATE, &token);
|
| - DWORD error = ::GetLastError();
|
| -
|
| - base::win::ScopedHandle token_handle(token);
|
| -
|
| - if (!::TerminateProcess(pi.process_handle(), 0))
|
| - return SBOX_TEST_FAILED;
|
| -
|
| - if (result && token)
|
| - return SBOX_TEST_SUCCEEDED;
|
| -
|
| - if (ERROR_ACCESS_DENIED == error)
|
| - return SBOX_TEST_DENIED;
|
| -
|
| - return SBOX_TEST_FAILED;
|
| -}
|
| -
|
| -
|
| -SBOX_TESTS_COMMAND int Process_OpenToken(int argc, wchar_t **argv) {
|
| - HANDLE token;
|
| - if (!::OpenProcessToken(::GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) {
|
| - if (ERROR_ACCESS_DENIED == ::GetLastError()) {
|
| - return SBOX_TEST_DENIED;
|
| - }
|
| - } else {
|
| - ::CloseHandle(token);
|
| - return SBOX_TEST_SUCCEEDED;
|
| - }
|
| -
|
| - return SBOX_TEST_FAILED;
|
| -}
|
| -
|
| -TEST(ProcessPolicyTest, TestAllAccess) {
|
| - // Check if the "all access" rule fails to be added when the token is too
|
| - // powerful.
|
| - TestRunner runner;
|
| -
|
| - // Check the failing case.
|
| - runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN);
|
| - EXPECT_EQ(SBOX_ERROR_UNSUPPORTED,
|
| - runner.GetPolicy()->AddRule(TargetPolicy::SUBSYS_PROCESS,
|
| - TargetPolicy::PROCESS_ALL_EXEC,
|
| - L"this is not important"));
|
| -
|
| - // Check the working case.
|
| - runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_INTERACTIVE);
|
| -
|
| - EXPECT_EQ(SBOX_ALL_OK,
|
| - runner.GetPolicy()->AddRule(TargetPolicy::SUBSYS_PROCESS,
|
| - TargetPolicy::PROCESS_ALL_EXEC,
|
| - L"this is not important"));
|
| -}
|
| -
|
| -// This test is disabled. See bug 1305476.
|
| -TEST(ProcessPolicyTest, DISABLED_RunFindstrExe) {
|
| - TestRunner runner;
|
| - std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe");
|
| - std::wstring system32 = MakeFullPathToSystem32(L"");
|
| - ASSERT_TRUE(!exe_path.empty());
|
| - EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
|
| - TargetPolicy::PROCESS_MIN_EXEC,
|
| - exe_path.c_str()));
|
| -
|
| - // Need to add directory rules for the directories that we use in
|
| - // SetCurrentDirectory.
|
| - EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY,
|
| - system32.c_str()));
|
| -
|
| - wchar_t current_directory[MAX_PATH];
|
| - DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory);
|
| - ASSERT_TRUE(0 != ret && ret < MAX_PATH);
|
| -
|
| - wcscat_s(current_directory, MAX_PATH, L"\\");
|
| - EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY,
|
| - current_directory));
|
| -
|
| - EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_RunApp findstr.exe"));
|
| - EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp calc.exe"));
|
| -}
|
| -
|
| -TEST(ProcessPolicyTest, OpenToken) {
|
| - TestRunner runner;
|
| - EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_OpenToken"));
|
| -}
|
| -
|
| -TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) {
|
| - TestRunner runner;
|
| - std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe");
|
| - ASSERT_TRUE(!exe_path.empty());
|
| - EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
|
| - TargetPolicy::PROCESS_MIN_EXEC,
|
| - exe_path.c_str()));
|
| -
|
| - EXPECT_EQ(SBOX_TEST_DENIED,
|
| - runner.RunTest(L"Process_GetChildProcessToken findstr.exe"));
|
| -}
|
| -
|
| -TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccess) {
|
| - TestRunner runner(JOB_UNPROTECTED, USER_INTERACTIVE, USER_INTERACTIVE);
|
| - std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe");
|
| - ASSERT_TRUE(!exe_path.empty());
|
| - EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
|
| - TargetPolicy::PROCESS_ALL_EXEC,
|
| - exe_path.c_str()));
|
| -
|
| - EXPECT_EQ(SBOX_TEST_SUCCEEDED,
|
| - runner.RunTest(L"Process_GetChildProcessToken findstr.exe"));
|
| -}
|
| -
|
| -} // namespace sandbox
|
|
|
Chromium Code Reviews
Issue 10689170:
Move the Windows sandbox to sandbox/win (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src