OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/sandbox_types.h" | 5 #include "sandbox/win/src/sandbox_types.h" |
6 #include "sandbox/win/src/sandbox_nt_types.h" | 6 #include "sandbox/win/src/sandbox_nt_types.h" |
7 #include "sandbox/win/src/policy_engine_params.h" | 7 #include "sandbox/win/src/policy_engine_params.h" |
8 #include "sandbox/win/src/policy_engine_opcodes.h" | 8 #include "sandbox/win/src/policy_engine_opcodes.h" |
9 #include "testing/gtest/include/gtest/gtest.h" | 9 #include "testing/gtest/include/gtest/gtest.h" |
10 | 10 |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
115 ASSERT_NE(nullptr, op4); | 115 ASSERT_NE(nullptr, op4); |
116 EXPECT_EQ(EVAL_FALSE, op4->Evaluate(&ppb1, 1, NULL)); | 116 EXPECT_EQ(EVAL_FALSE, op4->Evaluate(&ppb1, 1, NULL)); |
117 | 117 |
118 // Test that we clear the match context | 118 // Test that we clear the match context |
119 PolicyOpcode* op5 = opcode_maker.MakeOpAlwaysTrue(kPolClearContext); | 119 PolicyOpcode* op5 = opcode_maker.MakeOpAlwaysTrue(kPolClearContext); |
120 ASSERT_NE(nullptr, op5); | 120 ASSERT_NE(nullptr, op5); |
121 MatchContext context; | 121 MatchContext context; |
122 context.position = 1; | 122 context.position = 1; |
123 context.options = kPolUseOREval; | 123 context.options = kPolUseOREval; |
124 EXPECT_EQ(EVAL_TRUE, op5->Evaluate(&ppb1, 1, &context)); | 124 EXPECT_EQ(EVAL_TRUE, op5->Evaluate(&ppb1, 1, &context)); |
125 EXPECT_EQ(0, context.position); | 125 EXPECT_EQ(0u, context.position); |
126 MatchContext context2; | 126 MatchContext context2; |
127 EXPECT_EQ(context2.options, context.options); | 127 EXPECT_EQ(context2.options, context.options); |
128 } | 128 } |
129 | 129 |
130 TEST(PolicyEngineTest, OpcodeMakerCase1) { | 130 TEST(PolicyEngineTest, OpcodeMakerCase1) { |
131 // Testing that the opcode maker does not overrun the | 131 // Testing that the opcode maker does not overrun the |
132 // supplied buffer. It should only be able to make 'count' opcodes. | 132 // supplied buffer. It should only be able to make 'count' opcodes. |
133 void* dummy = NULL; | 133 void* dummy = NULL; |
134 ParameterSet ppb1 = ParamPickerMake(dummy); | 134 ParameterSet ppb1 = ParamPickerMake(dummy); |
135 | 135 |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
273 EXPECT_TRUE(_countof(txt3) + _countof(txt2) == mc1.position + 2); | 273 EXPECT_TRUE(_countof(txt3) + _countof(txt2) == mc1.position + 2); |
274 | 274 |
275 // We now keep on matching but now we skip 6 characters which means | 275 // We now keep on matching but now we skip 6 characters which means |
276 // we skip the string ' over '. And we zero the match context. This is | 276 // we skip the string ' over '. And we zero the match context. This is |
277 // the primitive that we use to build '??'. | 277 // the primitive that we use to build '??'. |
278 PolicyOpcode* op4 = opcode_maker.MakeOpWStringMatch(0, txt4, 6, | 278 PolicyOpcode* op4 = opcode_maker.MakeOpWStringMatch(0, txt4, 6, |
279 CASE_SENSITIVE, | 279 CASE_SENSITIVE, |
280 kPolClearContext); | 280 kPolClearContext); |
281 ASSERT_NE(nullptr, op4); | 281 ASSERT_NE(nullptr, op4); |
282 EXPECT_EQ(EVAL_TRUE, op4->Evaluate(&pp_tc1, 1, &mc1)); | 282 EXPECT_EQ(EVAL_TRUE, op4->Evaluate(&pp_tc1, 1, &mc1)); |
283 EXPECT_EQ(0, mc1.position); | 283 EXPECT_EQ(0u, mc1.position); |
284 | 284 |
285 // Test that we can properly match the last part of the string | 285 // Test that we can properly match the last part of the string |
286 PolicyOpcode* op4b = opcode_maker.MakeOpWStringMatch(0, txt4, kSeekToEnd, | 286 PolicyOpcode* op4b = opcode_maker.MakeOpWStringMatch(0, txt4, kSeekToEnd, |
287 CASE_SENSITIVE, | 287 CASE_SENSITIVE, |
288 kPolClearContext); | 288 kPolClearContext); |
289 ASSERT_NE(nullptr, op4b); | 289 ASSERT_NE(nullptr, op4b); |
290 EXPECT_EQ(EVAL_TRUE, op4b->Evaluate(&pp_tc1, 1, &mc1)); | 290 EXPECT_EQ(EVAL_TRUE, op4b->Evaluate(&pp_tc1, 1, &mc1)); |
291 EXPECT_EQ(0, mc1.position); | 291 EXPECT_EQ(0u, mc1.position); |
292 | 292 |
293 // Test matching 'jumps over' over the entire string. This is the | 293 // Test matching 'jumps over' over the entire string. This is the |
294 // primitive we build '*' from. | 294 // primitive we build '*' from. |
295 PolicyOpcode* op5 = opcode_maker.MakeOpWStringMatch(0, txt5, kSeekForward, | 295 PolicyOpcode* op5 = opcode_maker.MakeOpWStringMatch(0, txt5, kSeekForward, |
296 CASE_SENSITIVE, kPolNone); | 296 CASE_SENSITIVE, kPolNone); |
297 ASSERT_NE(nullptr, op5); | 297 ASSERT_NE(nullptr, op5); |
298 EXPECT_EQ(EVAL_TRUE, op5->Evaluate(&pp_tc1, 1, &mc1)); | 298 EXPECT_EQ(EVAL_TRUE, op5->Evaluate(&pp_tc1, 1, &mc1)); |
299 EXPECT_EQ(24, mc1.position); | 299 EXPECT_EQ(24u, mc1.position); |
300 | 300 |
301 // Test that we don't match because it is not at the end of the string | 301 // Test that we don't match because it is not at the end of the string |
302 PolicyOpcode* op5b = opcode_maker.MakeOpWStringMatch(0, txt5, kSeekToEnd, | 302 PolicyOpcode* op5b = opcode_maker.MakeOpWStringMatch(0, txt5, kSeekToEnd, |
303 CASE_SENSITIVE, | 303 CASE_SENSITIVE, |
304 kPolNone); | 304 kPolNone); |
305 ASSERT_NE(nullptr, op5b); | 305 ASSERT_NE(nullptr, op5b); |
306 EXPECT_EQ(EVAL_FALSE, op5b->Evaluate(&pp_tc1, 1, &mc1)); | 306 EXPECT_EQ(EVAL_FALSE, op5b->Evaluate(&pp_tc1, 1, &mc1)); |
307 EXPECT_EQ(24, mc1.position); | 307 EXPECT_EQ(24u, mc1.position); |
308 | 308 |
309 // Test that we function if the string does not fit. In this case we | 309 // Test that we function if the string does not fit. In this case we |
310 // try to match 'the lazy dog' against 'he lazy dog'. | 310 // try to match 'the lazy dog' against 'he lazy dog'. |
311 PolicyOpcode* op6 = opcode_maker.MakeOpWStringMatch(0, txt4, 2, | 311 PolicyOpcode* op6 = opcode_maker.MakeOpWStringMatch(0, txt4, 2, |
312 CASE_SENSITIVE, kPolNone); | 312 CASE_SENSITIVE, kPolNone); |
313 ASSERT_NE(nullptr, op6); | 313 ASSERT_NE(nullptr, op6); |
314 EXPECT_EQ(EVAL_FALSE, op6->Evaluate(&pp_tc1, 1, &mc1)); | 314 EXPECT_EQ(EVAL_FALSE, op6->Evaluate(&pp_tc1, 1, &mc1)); |
315 | 315 |
316 // Testing matching against 'g' which should be the last char. | 316 // Testing matching against 'g' which should be the last char. |
317 MatchContext mc2; | 317 MatchContext mc2; |
318 PolicyOpcode* op7 = opcode_maker.MakeOpWStringMatch(0, txt6, kSeekForward, | 318 PolicyOpcode* op7 = opcode_maker.MakeOpWStringMatch(0, txt6, kSeekForward, |
319 CASE_SENSITIVE, kPolNone); | 319 CASE_SENSITIVE, kPolNone); |
320 ASSERT_NE(nullptr, op7); | 320 ASSERT_NE(nullptr, op7); |
321 EXPECT_EQ(EVAL_TRUE, op7->Evaluate(&pp_tc1, 1, &mc2)); | 321 EXPECT_EQ(EVAL_TRUE, op7->Evaluate(&pp_tc1, 1, &mc2)); |
322 EXPECT_EQ(37, mc2.position); | 322 EXPECT_EQ(37u, mc2.position); |
323 | 323 |
324 // Trying to match again should fail since we are in the last char. | 324 // Trying to match again should fail since we are in the last char. |
325 // This also covers a couple of boundary conditions. | 325 // This also covers a couple of boundary conditions. |
326 EXPECT_EQ(EVAL_FALSE, op7->Evaluate(&pp_tc1, 1, &mc2)); | 326 EXPECT_EQ(EVAL_FALSE, op7->Evaluate(&pp_tc1, 1, &mc2)); |
327 EXPECT_EQ(37, mc2.position); | 327 EXPECT_EQ(37u, mc2.position); |
328 } | 328 } |
329 | 329 |
330 TEST(PolicyEngineTest, WCharOpcodes2) { | 330 TEST(PolicyEngineTest, WCharOpcodes2) { |
331 SetupNtdllImports(); | 331 SetupNtdllImports(); |
332 | 332 |
333 const wchar_t* path1 = L"c:\\documents and settings\\Microsoft\\BLAH.txt"; | 333 const wchar_t* path1 = L"c:\\documents and settings\\Microsoft\\BLAH.txt"; |
334 const wchar_t txt1[] = L"Settings\\microsoft"; | 334 const wchar_t txt1[] = L"Settings\\microsoft"; |
335 ParameterSet pp_tc1 = ParamPickerMake(path1); | 335 ParameterSet pp_tc1 = ParamPickerMake(path1); |
336 | 336 |
337 char memory[kOpcodeMemory]; | 337 char memory[kOpcodeMemory]; |
338 OpcodeFactory opcode_maker(memory, sizeof(memory)); | 338 OpcodeFactory opcode_maker(memory, sizeof(memory)); |
339 MatchContext mc1; | 339 MatchContext mc1; |
340 | 340 |
341 // Testing case-insensitive does not buy us much since it this option | 341 // Testing case-insensitive does not buy us much since it this option |
342 // is just passed to the Microsoft API that we use normally, but just for | 342 // is just passed to the Microsoft API that we use normally, but just for |
343 // coverage, here it is: | 343 // coverage, here it is: |
344 PolicyOpcode* op1s = opcode_maker.MakeOpWStringMatch(0, txt1, kSeekForward, | 344 PolicyOpcode* op1s = opcode_maker.MakeOpWStringMatch(0, txt1, kSeekForward, |
345 CASE_SENSITIVE, kPolNone); | 345 CASE_SENSITIVE, kPolNone); |
346 ASSERT_NE(nullptr, op1s); | 346 ASSERT_NE(nullptr, op1s); |
347 PolicyOpcode* op1i = opcode_maker.MakeOpWStringMatch(0, txt1, kSeekForward, | 347 PolicyOpcode* op1i = opcode_maker.MakeOpWStringMatch(0, txt1, kSeekForward, |
348 CASE_INSENSITIVE, | 348 CASE_INSENSITIVE, |
349 kPolNone); | 349 kPolNone); |
350 ASSERT_NE(nullptr, op1i); | 350 ASSERT_NE(nullptr, op1i); |
351 EXPECT_EQ(EVAL_FALSE, op1s->Evaluate(&pp_tc1, 1, &mc1)); | 351 EXPECT_EQ(EVAL_FALSE, op1s->Evaluate(&pp_tc1, 1, &mc1)); |
352 EXPECT_EQ(EVAL_TRUE, op1i->Evaluate(&pp_tc1, 1, &mc1)); | 352 EXPECT_EQ(EVAL_TRUE, op1i->Evaluate(&pp_tc1, 1, &mc1)); |
353 EXPECT_EQ(35, mc1.position); | 353 EXPECT_EQ(35u, mc1.position); |
354 } | 354 } |
355 | 355 |
356 TEST(PolicyEngineTest, ActionOpcodes) { | 356 TEST(PolicyEngineTest, ActionOpcodes) { |
357 char memory[kOpcodeMemory]; | 357 char memory[kOpcodeMemory]; |
358 OpcodeFactory opcode_maker(memory, sizeof(memory)); | 358 OpcodeFactory opcode_maker(memory, sizeof(memory)); |
359 MatchContext mc1; | 359 MatchContext mc1; |
360 void* dummy = NULL; | 360 void* dummy = NULL; |
361 ParameterSet ppb1 = ParamPickerMake(dummy); | 361 ParameterSet ppb1 = ParamPickerMake(dummy); |
362 | 362 |
363 PolicyOpcode* op1 = opcode_maker.MakeOpAction(ASK_BROKER, kPolNone); | 363 PolicyOpcode* op1 = opcode_maker.MakeOpAction(ASK_BROKER, kPolNone); |
364 ASSERT_NE(nullptr, op1); | 364 ASSERT_NE(nullptr, op1); |
365 EXPECT_TRUE(op1->IsAction()); | 365 EXPECT_TRUE(op1->IsAction()); |
366 EXPECT_EQ(ASK_BROKER, op1->Evaluate(&ppb1, 1, &mc1)); | 366 EXPECT_EQ(ASK_BROKER, op1->Evaluate(&ppb1, 1, &mc1)); |
367 } | 367 } |
368 | 368 |
369 } // namespace sandbox | 369 } // namespace sandbox |
OLD | NEW |