Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(46)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/dep_test.cc

Issue 10690058: Add sandbox support for Windows process mitigations (Closed) Base URL: https://src.chromium.org/svn/trunk/src/
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/dep.cc ('k') | sandbox/win/src/nt_internals.h » ('j') | sandbox/win/src/process_mitigations.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "sandbox/win/src/dep.h"
6
7 #include "sandbox/win/src/sandbox_utils.h"
8 #include "sandbox/win/tests/common/controller.h"
9 #include "testing/gtest/include/gtest/gtest.h"
10
11 namespace sandbox {
12
13 namespace {
14
15 BYTE kReturnCode[] = {
16 // ret
17 0xC3,
18 };
19
20 typedef void (*NullFunction)();
21
22 // This doesn't fail on Vista Service Pack 0 but it does on XP SP2 and Vista
23 // SP1. I guess this is a bug in Vista SP0 w.r.t .data PE section. Needs
24 // investigation to be sure it is a bug and not an error on my part.
25 bool GenerateDepException() {
26 bool result = false;
27 __try {
28 void* code = kReturnCode;
29 // Call this code.
30 reinterpret_cast<NullFunction>(code)();
31 } __except(EXCEPTION_EXECUTE_HANDLER) {
32 result = true;
33 }
34 return result;
35 }
36
37 bool GenerateDepAtl7Exception() {
38 // TODO(maruel): bug 1207762 Somehow test ATL7
39 return GenerateDepException();
40 }
41
42 SBOX_TESTS_COMMAND int CheckDepLevel(int argc, wchar_t **argv) {
43 if (1 != argc)
44 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
45
46 int flag = _wtoi(argv[0]);
47 switch (flag) {
48 case 1:
49 // DEP is completely disabled.
50 if (!SetCurrentProcessDEP(DEP_DISABLED)) {
51 if (!IsXPSP2OrLater())
52 // That's fine.
53 return SBOX_TEST_SUCCEEDED;
54 return SBOX_TEST_DENIED;
55 }
56 if (GenerateDepException())
57 return SBOX_TEST_FAILED;
58 if (GenerateDepAtl7Exception())
59 return SBOX_TEST_FAILED;
60 return SBOX_TEST_SUCCEEDED;
61 case 2:
62 // DEP is enabled with ATL7 thunk support.
63 if (!SetCurrentProcessDEP(DEP_ENABLED_ATL7_COMPAT)) {
64 if (!IsXPSP2OrLater())
65 // That's fine.
66 return SBOX_TEST_SUCCEEDED;
67 return SBOX_TEST_DENIED;
68 }
69 if (!GenerateDepException())
70 return SBOX_TEST_FAILED;
71 if (GenerateDepAtl7Exception())
72 return SBOX_TEST_FAILED;
73 return SBOX_TEST_SUCCEEDED;
74 case 3:
75 // DEP is enabled.
76 if (!SetCurrentProcessDEP(DEP_ENABLED)) {
77 if (!IsXPSP2OrLater())
78 // That's fine.
79 return SBOX_TEST_SUCCEEDED;
80 return SBOX_TEST_DENIED;
81 }
82 if (!GenerateDepException())
83 return SBOX_TEST_FAILED;
84 if (!GenerateDepAtl7Exception())
85 return SBOX_TEST_FAILED;
86 return SBOX_TEST_SUCCEEDED;
87 case 4:
88 // DEP can't be disabled.
89 if (!SetCurrentProcessDEP(DEP_ENABLED)) {
90 if (!IsXPSP2OrLater())
91 // That's fine.
92 return SBOX_TEST_SUCCEEDED;
93 }
94 if (SetCurrentProcessDEP(DEP_DISABLED)) {
95 return SBOX_TEST_DENIED;
96 }
97 // Verify that it is still enabled.
98 if (!GenerateDepException())
99 return SBOX_TEST_FAILED;
100 if (!GenerateDepAtl7Exception())
101 return SBOX_TEST_FAILED;
102 return SBOX_TEST_SUCCEEDED;
103 case 5:
104 // DEP can't be disabled.
105 if (!SetCurrentProcessDEP(DEP_ENABLED_ATL7_COMPAT)) {
106 if (!IsXPSP2OrLater())
107 // That's fine.
108 return SBOX_TEST_SUCCEEDED;
109 }
110 if (SetCurrentProcessDEP(DEP_DISABLED)) {
111 return SBOX_TEST_DENIED;
112 }
113 // Verify that it is still enabled.
114 if (!GenerateDepException())
115 return SBOX_TEST_FAILED;
116 if (!GenerateDepAtl7Exception())
117 return SBOX_TEST_FAILED;
118 return SBOX_TEST_SUCCEEDED;
119 case 6:
120 // DEP can't be disabled.
121 if (!SetCurrentProcessDEP(DEP_ENABLED)) {
122 if (!IsXPSP2OrLater())
123 // That's fine.
124 return SBOX_TEST_SUCCEEDED;
125 }
126 if (SetCurrentProcessDEP(DEP_ENABLED_ATL7_COMPAT)) {
127 return SBOX_TEST_DENIED;
128 }
129 // Verify that it is still enabled.
130 if (!GenerateDepException())
131 return SBOX_TEST_FAILED;
132 if (!GenerateDepAtl7Exception())
133 return SBOX_TEST_FAILED;
134 return SBOX_TEST_SUCCEEDED;
135 default:
136 return SBOX_TEST_INVALID_PARAMETER;
137 }
138 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
139 }
140
141 } // namespace
142
143 // This test is disabled. See bug 1275842
144 TEST(DepTest, DISABLED_TestDepDisable) {
145 TestRunner runner(JOB_UNPROTECTED, USER_INTERACTIVE, USER_INTERACTIVE);
146
147 runner.SetTimeout(INFINITE);
148
149 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDepLevel 1"));
150 // TODO(maruel): bug 1207762 Somehow test ATL7
151 // EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDepLevel 2"));
152 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDepLevel 3"));
153 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDepLevel 4"));
154 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDepLevel 5"));
155 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDepLevel 6"));
156 }
157
158 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/dep.cc ('k') | sandbox/win/src/nt_internals.h » ('j') | sandbox/win/src/process_mitigations.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698