OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/policy_engine_params.h" | 5 #include "sandbox/win/src/policy_engine_params.h" |
6 #include "sandbox/win/src/policy_engine_processor.h" | 6 #include "sandbox/win/src/policy_engine_processor.h" |
7 #include "sandbox/win/src/policy_low_level.h" | 7 #include "sandbox/win/src/policy_low_level.h" |
8 #include "testing/gtest/include/gtest/gtest.h" | 8 #include "testing/gtest/include/gtest/gtest.h" |
9 | 9 |
10 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = { | 10 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = { |
(...skipping 374 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
385 // Testing 3 rules in 3 services. Two of the services resemble File services. | 385 // Testing 3 rules in 3 services. Two of the services resemble File services. |
386 TEST(PolicyEngineTest, ThreeRulesTest) { | 386 TEST(PolicyEngineTest, ThreeRulesTest) { |
387 SetupNtdllImports(); | 387 SetupNtdllImports(); |
388 PolicyRule pr_pipe(FAKE_SUCCESS); | 388 PolicyRule pr_pipe(FAKE_SUCCESS); |
389 EXPECT_TRUE(pr_pipe.AddStringMatch(IF, 0, L"\\\\/?/?\\Pipe\\Chrome.*", | 389 EXPECT_TRUE(pr_pipe.AddStringMatch(IF, 0, L"\\\\/?/?\\Pipe\\Chrome.*", |
390 CASE_INSENSITIVE)); | 390 CASE_INSENSITIVE)); |
391 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 1, OPEN_EXISTING, EQUAL)); | 391 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 1, OPEN_EXISTING, EQUAL)); |
392 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | 392 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); |
393 | 393 |
394 size_t opc1 = pr_pipe.GetOpcodeCount(); | 394 size_t opc1 = pr_pipe.GetOpcodeCount(); |
395 EXPECT_EQ(3, opc1); | 395 EXPECT_EQ(3u, opc1); |
396 | 396 |
397 PolicyRule pr_dump(ASK_BROKER); | 397 PolicyRule pr_dump(ASK_BROKER); |
398 EXPECT_TRUE(pr_dump.AddStringMatch(IF, 0, L"\\\\/?/?\\*\\Crash Reports\\*", | 398 EXPECT_TRUE(pr_dump.AddStringMatch(IF, 0, L"\\\\/?/?\\*\\Crash Reports\\*", |
399 CASE_INSENSITIVE)); | 399 CASE_INSENSITIVE)); |
400 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 1, CREATE_ALWAYS, EQUAL)); | 400 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 1, CREATE_ALWAYS, EQUAL)); |
401 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | 401 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); |
402 | 402 |
403 size_t opc2 = pr_dump.GetOpcodeCount(); | 403 size_t opc2 = pr_dump.GetOpcodeCount(); |
404 EXPECT_EQ(4, opc2); | 404 EXPECT_EQ(4u, opc2); |
405 | 405 |
406 PolicyRule pr_winexe(SIGNAL_ALARM); | 406 PolicyRule pr_winexe(SIGNAL_ALARM); |
407 EXPECT_TRUE(pr_winexe.AddStringMatch(IF, 0, L"\\\\/?/?\\C:\\Windows\\*.exe", | 407 EXPECT_TRUE(pr_winexe.AddStringMatch(IF, 0, L"\\\\/?/?\\C:\\Windows\\*.exe", |
408 CASE_INSENSITIVE)); | 408 CASE_INSENSITIVE)); |
409 EXPECT_TRUE(pr_winexe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | 409 EXPECT_TRUE(pr_winexe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); |
410 | 410 |
411 size_t opc3 = pr_winexe.GetOpcodeCount(); | 411 size_t opc3 = pr_winexe.GetOpcodeCount(); |
412 EXPECT_EQ(3, opc3); | 412 EXPECT_EQ(3u, opc3); |
413 | 413 |
414 PolicyRule pr_adobe(GIVE_CACHED); | 414 PolicyRule pr_adobe(GIVE_CACHED); |
415 EXPECT_TRUE(pr_adobe.AddStringMatch(IF, 0, L"c:\\adobe\\ver?.?\\", | 415 EXPECT_TRUE(pr_adobe.AddStringMatch(IF, 0, L"c:\\adobe\\ver?.?\\", |
416 CASE_SENSITIVE)); | 416 CASE_SENSITIVE)); |
417 EXPECT_TRUE(pr_adobe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | 417 EXPECT_TRUE(pr_adobe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); |
418 | 418 |
419 size_t opc4 = pr_adobe.GetOpcodeCount(); | 419 size_t opc4 = pr_adobe.GetOpcodeCount(); |
420 EXPECT_EQ(4, opc4); | 420 EXPECT_EQ(4u, opc4); |
421 | 421 |
422 PolicyRule pr_none(GIVE_FIRST); | 422 PolicyRule pr_none(GIVE_FIRST); |
423 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_READONLY, AND)); | 423 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_READONLY, AND)); |
424 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_SYSTEM, AND)); | 424 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_SYSTEM, AND)); |
425 | 425 |
426 size_t opc5 = pr_none.GetOpcodeCount(); | 426 size_t opc5 = pr_none.GetOpcodeCount(); |
427 EXPECT_EQ(2, opc5); | 427 EXPECT_EQ(2u, opc5); |
428 | 428 |
429 PolicyGlobal* policy = MakePolicyMemory(); | 429 PolicyGlobal* policy = MakePolicyMemory(); |
430 | 430 |
431 const uint32 kNtFakeNone = 4; | 431 const uint32 kNtFakeNone = 4; |
432 const uint32 kNtFakeCreateFile = 5; | 432 const uint32 kNtFakeCreateFile = 5; |
433 const uint32 kNtFakeOpenFile = 6; | 433 const uint32 kNtFakeOpenFile = 6; |
434 | 434 |
435 LowLevelPolicy policyGen(policy); | 435 LowLevelPolicy policyGen(policy); |
436 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_pipe)); | 436 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_pipe)); |
437 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_dump)); | 437 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_dump)); |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
609 name = L"domo.txt"; | 609 name = L"domo.txt"; |
610 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 610 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
611 EXPECT_EQ(NO_POLICY_MATCH, result); | 611 EXPECT_EQ(NO_POLICY_MATCH, result); |
612 | 612 |
613 name = L"hello.bmp"; | 613 name = L"hello.bmp"; |
614 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 614 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
615 EXPECT_EQ(POLICY_MATCH, result); | 615 EXPECT_EQ(POLICY_MATCH, result); |
616 EXPECT_EQ(ASK_BROKER, pol_ev_copy.GetAction()); | 616 EXPECT_EQ(ASK_BROKER, pol_ev_copy.GetAction()); |
617 } | 617 } |
618 } // namespace sandbox | 618 } // namespace sandbox |
OLD | NEW |