OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <memory> | 5 #include <memory> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/strings/string16.h" | 8 #include "base/strings/string16.h" |
9 #include "base/strings/sys_string_conversions.h" | 9 #include "base/strings/sys_string_conversions.h" |
10 #include "base/win/scoped_handle.h" | 10 #include "base/win/scoped_handle.h" |
11 #include "base/win/scoped_process_information.h" | 11 #include "base/win/scoped_process_information.h" |
12 #include "base/win/windows_version.h" | 12 #include "base/win/windows_version.h" |
13 #include "sandbox/win/src/process_thread_interception.h" | |
13 #include "sandbox/win/src/sandbox.h" | 14 #include "sandbox/win/src/sandbox.h" |
14 #include "sandbox/win/src/sandbox_factory.h" | 15 #include "sandbox/win/src/sandbox_factory.h" |
15 #include "sandbox/win/src/sandbox_policy.h" | 16 #include "sandbox/win/src/sandbox_policy.h" |
16 #include "sandbox/win/tests/common/controller.h" | 17 #include "sandbox/win/tests/common/controller.h" |
17 #include "testing/gtest/include/gtest/gtest.h" | 18 #include "testing/gtest/include/gtest/gtest.h" |
18 | 19 |
19 namespace { | 20 namespace { |
20 | 21 |
21 // While the shell API provides better calls than this home brew function | 22 // While the shell API provides better calls than this home brew function |
22 // we use GetSystemWindowsDirectoryW which does not query the registry so | 23 // we use GetSystemWindowsDirectoryW which does not query the registry so |
(...skipping 228 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
251 return SBOX_TEST_DENIED; | 252 return SBOX_TEST_DENIED; |
252 } | 253 } |
253 } else { | 254 } else { |
254 ::CloseHandle(token); | 255 ::CloseHandle(token); |
255 return SBOX_TEST_SUCCEEDED; | 256 return SBOX_TEST_SUCCEEDED; |
256 } | 257 } |
257 | 258 |
258 return SBOX_TEST_FAILED; | 259 return SBOX_TEST_FAILED; |
259 } | 260 } |
260 | 261 |
262 // Generate a event name, used to test thread creation. | |
263 std::wstring GenerateEventName(DWORD pid) { | |
264 wchar_t buff[30] = {0}; | |
265 int res = swprintf_s(buff, sizeof(buff) / sizeof(buff[0]), | |
266 L"ProcessPolicyTest_%08x", pid); | |
267 if (-1 != res) { | |
268 return std::wstring(buff); | |
269 } | |
270 return std::wstring(); | |
271 } | |
272 | |
273 // This is the function that is called when testing thread creation. | |
274 // It is expected to set an event that the caller is waiting on. | |
275 DWORD TestThreadFunc(LPVOID lpdwThreadParam) { | |
276 std::wstring event_name = GenerateEventName((DWORD)lpdwThreadParam); | |
277 if (!event_name.length()) { | |
278 return 1; | |
279 } | |
280 HANDLE event = ::OpenEvent(EVENT_ALL_ACCESS | EVENT_MODIFY_STATE, FALSE, | |
281 event_name.c_str()); | |
282 if (!event) { | |
283 return 1; | |
284 } | |
285 if (!SetEvent(event)) { | |
286 return 1; | |
287 } | |
288 return 0; | |
289 } | |
290 | |
291 SBOX_TESTS_COMMAND int Process_CreateThread(int argc, wchar_t** argv) { | |
292 DWORD pid = ::GetCurrentProcessId(); | |
293 std::wstring event_name = GenerateEventName(pid); | |
294 if (!event_name.length()) { | |
295 return SBOX_TEST_FAILED; | |
296 } | |
297 HANDLE event = ::CreateEvent(NULL, TRUE, FALSE, event_name.c_str()); | |
298 | |
299 if (!event) { | |
300 return SBOX_TEST_FAILED; | |
301 } | |
302 | |
303 DWORD thread_id = 0; | |
304 HANDLE thread = NULL; | |
305 thread = ::CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&TestThreadFunc, | |
306 (LPVOID)pid, 0, &thread_id); | |
307 | |
308 if (!thread) { | |
309 return SBOX_TEST_FAILED; | |
310 } | |
311 if (!thread_id) { | |
312 return SBOX_TEST_FAILED; | |
Will Harris
2015/12/03 06:41:50
if the interception returns 0 thread_id on XP how
liamjm (20p)
2015/12/03 21:53:29
Yes, CSRSS is only disable on >= win8 so this code
| |
313 } | |
314 | |
315 if (WaitForSingleObject(thread, INFINITE) != WAIT_OBJECT_0) { | |
316 return SBOX_TEST_FAILED; | |
317 } | |
318 DWORD exit_code = 0; | |
319 if (!GetExitCodeThread(thread, &exit_code)) { | |
320 return SBOX_TEST_FAILED; | |
321 } | |
322 if (exit_code) { | |
323 return SBOX_TEST_FAILED; | |
324 } | |
325 if (WaitForSingleObject(event, INFINITE) != WAIT_OBJECT_0) { | |
326 return SBOX_TEST_FAILED; | |
327 } | |
328 return SBOX_TEST_SUCCEEDED; | |
329 } | |
330 | |
261 TEST(ProcessPolicyTest, TestAllAccess) { | 331 TEST(ProcessPolicyTest, TestAllAccess) { |
262 // Check if the "all access" rule fails to be added when the token is too | 332 // Check if the "all access" rule fails to be added when the token is too |
263 // powerful. | 333 // powerful. |
264 TestRunner runner; | 334 TestRunner runner; |
265 | 335 |
266 // Check the failing case. | 336 // Check the failing case. |
267 runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 337 runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
268 EXPECT_EQ(SBOX_ERROR_UNSUPPORTED, | 338 EXPECT_EQ(SBOX_ERROR_UNSUPPORTED, |
269 runner.GetPolicy()->AddRule(TargetPolicy::SUBSYS_PROCESS, | 339 runner.GetPolicy()->AddRule(TargetPolicy::SUBSYS_PROCESS, |
270 TargetPolicy::PROCESS_ALL_EXEC, | 340 TargetPolicy::PROCESS_ALL_EXEC, |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
375 base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); | 445 base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
376 ASSERT_TRUE(!exe_path.empty()); | 446 ASSERT_TRUE(!exe_path.empty()); |
377 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, | 447 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
378 TargetPolicy::PROCESS_ALL_EXEC, | 448 TargetPolicy::PROCESS_ALL_EXEC, |
379 exe_path.c_str())); | 449 exe_path.c_str())); |
380 | 450 |
381 EXPECT_EQ(SBOX_TEST_SUCCEEDED, | 451 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
382 runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); | 452 runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); |
383 } | 453 } |
384 | 454 |
455 // This tests that the CreateThread works with CSRSS not locked down. | |
456 // In other words, that the interception passes through OK. | |
457 TEST(ProcessPolicyTest, TestCreateThreadWithCsrss) { | |
458 TestRunner runner(JOB_NONE, USER_INTERACTIVE, USER_INTERACTIVE); | |
459 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_CreateThread")); | |
460 } | |
461 | |
462 // This tests that the CreateThread works with CSRSS locked down. | |
463 // In other words, that the interception correctly works. | |
464 TEST(ProcessPolicyTest, TestCreateThreadWithoutCsrss) { | |
465 TestRunner runner(JOB_NONE, USER_INTERACTIVE, USER_INTERACTIVE); | |
466 | |
467 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, | |
468 TargetPolicy::PROCESS_MIN_EXEC, | |
Will Harris
2015/12/03 06:41:50
why do you need TargetPolicy::PROCESS_MIN_EXEC
liamjm (20p)
2015/12/03 21:53:29
Changed to PROCESS_ALL_EXEC as this is more suitab
Will Harris
2015/12/03 23:58:13
can you explain why this policy is needed at all?
rickyz (no longer on Chrome)
2015/12/07 10:37:54
Background for "this is not important" - this was
| |
469 L"this is not important")); | |
470 | |
471 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_CreateThread")); | |
472 } | |
473 | |
474 // This tests that our CreateThread interceptors works when called directly. | |
475 TEST(ProcessPolicyTest, TestCreateThreadOutsideSandbox) { | |
476 DWORD pid = ::GetCurrentProcessId(); | |
477 std::wstring event_name = GenerateEventName(pid); | |
478 ASSERT_STRNE(NULL, event_name.c_str()); | |
479 HANDLE event = ::CreateEvent(NULL, TRUE, FALSE, event_name.c_str()); | |
480 EXPECT_NE(NULL, int(event)); | |
481 | |
482 DWORD thread_id = 0; | |
483 HANDLE thread = NULL; | |
484 thread = TargetCreateThread(::CreateThread, NULL, 0, | |
485 (LPTHREAD_START_ROUTINE)&TestThreadFunc, | |
486 (LPVOID)pid, 0, &thread_id); | |
487 EXPECT_NE(NULL, int(thread)); | |
488 EXPECT_EQ(WAIT_OBJECT_0, WaitForSingleObject(thread, INFINITE)); | |
489 EXPECT_EQ(WAIT_OBJECT_0, WaitForSingleObject(event, INFINITE)); | |
490 } | |
491 | |
385 } // namespace sandbox | 492 } // namespace sandbox |
OLD | NEW |