Chromium Code Reviews Chromium Code Reviews
Issue 1624083003:
Fix sandbox process policy tests. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: sandbox/win/src/process_policy_test.cc |
| diff --git a/sandbox/win/src/process_policy_test.cc b/sandbox/win/src/process_policy_test.cc |
| index 47240a05a26f21ed4dd6b19ff848ccd9a895596a..f7e8ffc44fa26adc0ea72ef4f2e22d5afe420759 100644 |
| --- a/sandbox/win/src/process_policy_test.cc |
| +++ b/sandbox/win/src/process_policy_test.cc |
| @@ -5,6 +5,7 @@ |
| #include <memory> |
| #include <string> |
| +#include "base/memory/scoped_ptr.h" |
| #include "base/strings/string16.h" |
| #include "base/strings/sys_string_conversions.h" |
| #include "base/win/scoped_handle.h" |
| @@ -18,39 +19,24 @@ |
| namespace { |
| -// While the shell API provides better calls than this home brew function |
| -// we use GetSystemWindowsDirectoryW which does not query the registry so |
| -// it is safe to use after revert. |
| -base::string16 MakeFullPathToSystem32(const wchar_t* name) { |
| - wchar_t windows_path[MAX_PATH] = {0}; |
| - ::GetSystemWindowsDirectoryW(windows_path, MAX_PATH); |
| - base::string16 full_path(windows_path); |
| - if (full_path.empty()) { |
| - return full_path; |
| - } |
| - full_path += L"\\system32\\"; |
| - full_path += name; |
| - return full_path; |
| -} |
| - |
| // Creates a process with the |exe| and |command| parameter using the |
| // unicode and ascii version of the api. |
| sandbox::SboxTestResult CreateProcessHelper(const base::string16& exe, |
| const base::string16& command) { |
| base::win::ScopedProcessInformation pi; |
| STARTUPINFOW si = {sizeof(si)}; |
| - |
| - const wchar_t *exe_name = NULL; |
| + const wchar_t* exe_name = NULL; |
| if (!exe.empty()) |
| exe_name = exe.c_str(); |
| - base::string16 writable_command = command; |
| + scoped_ptr<wchar_t, base::FreeDeleter> writable_command( |
| + _wcsdup(command.c_str())); |
| // Create the process with the unicode version of the API. |
| sandbox::SboxTestResult ret1 = sandbox::SBOX_TEST_FAILED; |
| PROCESS_INFORMATION temp_process_info = {}; |
| if (::CreateProcessW(exe_name, |
| - command.empty() ? NULL : &writable_command[0], |
| + command.empty() ? NULL : writable_command.get(), |
| NULL, |
| NULL, |
| FALSE, |
| @@ -114,7 +100,7 @@ SBOX_TESTS_COMMAND int Process_RunApp1(int argc, wchar_t **argv) { |
| if ((NULL == argv) || (NULL == argv[0])) { |
| return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| } |
| - base::string16 path = MakeFullPathToSystem32(argv[0]); |
| + base::string16 path = MakePathToSys(argv[0], false); |
| // TEST 1: Try with the path in the app_name. |
| return CreateProcessHelper(path, base::string16()); |
| @@ -127,7 +113,7 @@ SBOX_TESTS_COMMAND int Process_RunApp2(int argc, wchar_t **argv) { |
| if ((NULL == argv) || (NULL == argv[0])) { |
| return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| } |
| - base::string16 path = MakeFullPathToSystem32(argv[0]); |
| + base::string16 path = MakePathToSys(argv[0], false); |
| // TEST 2: Try with the path in the cmd_line. |
| base::string16 cmd_line = L"\""; |
| @@ -143,7 +129,6 @@ SBOX_TESTS_COMMAND int Process_RunApp3(int argc, wchar_t **argv) { |
| if ((NULL == argv) || (NULL == argv[0])) { |
| return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| } |
| - |
| // TEST 3: Try file name in the cmd_line. |
| return CreateProcessHelper(base::string16(), argv[0]); |
| } |
| @@ -157,7 +142,7 @@ SBOX_TESTS_COMMAND int Process_RunApp4(int argc, wchar_t **argv) { |
| } |
| // TEST 4: Try file name in the app_name and current directory sets correctly. |
| - base::string16 system32 = MakeFullPathToSystem32(L""); |
| + base::string16 system32 = MakePathToSys(L"", false); |
| wchar_t current_directory[MAX_PATH + 1]; |
| DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory); |
| if (!ret) |
| @@ -182,7 +167,7 @@ SBOX_TESTS_COMMAND int Process_RunApp5(int argc, wchar_t **argv) { |
| if ((NULL == argv) || (NULL == argv[0])) { |
| return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| } |
| - base::string16 path = MakeFullPathToSystem32(argv[0]); |
| + base::string16 path = MakePathToSys(argv[0], false); |
| // TEST 5: Try with the path in the cmd_line and arguments. |
| base::string16 cmd_line = L"\""; |
| @@ -213,7 +198,7 @@ SBOX_TESTS_COMMAND int Process_GetChildProcessToken(int argc, wchar_t **argv) { |
| if ((NULL == argv) || (NULL == argv[0])) |
| return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| - base::string16 path = MakeFullPathToSystem32(argv[0]); |
| + base::string16 path = MakePathToSys(argv[0], false); |
| STARTUPINFOW si = {sizeof(si)}; |
| @@ -281,17 +266,23 @@ TEST(ProcessPolicyTest, TestAllAccess) { |
| TEST(ProcessPolicyTest, CreateProcessAW) { |
| TestRunner runner; |
| - base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| - base::string16 system32 = MakeFullPathToSystem32(L""); |
| - ASSERT_TRUE(!exe_path.empty()); |
| + base::string16 maybe_virtual_exe_path = MakePathToSys(L"findstr.exe", false); |
| + base::string16 non_virtual_exe_path = MakePathToSys32(L"findstr.exe", false); |
| + ASSERT_TRUE(!maybe_virtual_exe_path.empty()); |
| + |
| EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| TargetPolicy::PROCESS_MIN_EXEC, |
| - exe_path.c_str())); |
| + maybe_virtual_exe_path.c_str())); |
| + |
| + if (non_virtual_exe_path != maybe_virtual_exe_path) { |
| + EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| + TargetPolicy::PROCESS_MIN_EXEC, |
| + non_virtual_exe_path.c_str())); |
| + } |
|
cpu_(ooo_6.6-7.5)
2016/01/25 22:34:05
nice
|
| // Need to add directory rules for the directories that we use in |
| // SetCurrentDirectory. |
| - EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY, |
| - system32.c_str())); |
| + EXPECT_TRUE(runner.AddRuleSys32(TargetPolicy::FILES_ALLOW_DIR_ANY, L"")); |
| wchar_t current_directory[MAX_PATH]; |
| DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory); |
| @@ -304,6 +295,7 @@ TEST(ProcessPolicyTest, CreateProcessAW) { |
| EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp1 calc.exe")); |
| EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp2 calc.exe")); |
| EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp3 calc.exe")); |
| + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp4 calc.exe")); |
| EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp5 calc.exe")); |
| EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp6 calc.exe")); |
| @@ -314,21 +306,11 @@ TEST(ProcessPolicyTest, CreateProcessAW) { |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| runner.RunTest(L"Process_RunApp3 findstr.exe")); |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| + runner.RunTest(L"Process_RunApp4 findstr.exe")); |
| + EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| runner.RunTest(L"Process_RunApp5 findstr.exe")); |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| runner.RunTest(L"Process_RunApp6 findstr.exe")); |
| - |
| -#if !defined(_WIN64) |
| - if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA && |
| - base::win::OSInfo::GetInstance()->architecture() != |
| - base::win::OSInfo::X86_ARCHITECTURE) { // http://crbug.com/580800 |
| - // WinXP results are not reliable. |
| - EXPECT_EQ(SBOX_TEST_SECOND_ERROR, |
| - runner.RunTest(L"Process_RunApp4 calc.exe")); |
| - EXPECT_EQ(SBOX_TEST_SECOND_ERROR, |
| - runner.RunTest(L"Process_RunApp4 findstr.exe")); |
| - } |
| -#endif |
| } |
| TEST(ProcessPolicyTest, OpenToken) { |
| @@ -338,7 +320,7 @@ TEST(ProcessPolicyTest, OpenToken) { |
| TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) { |
| TestRunner runner; |
| - base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| + base::string16 exe_path = MakePathToSys(L"findstr.exe", false); |
| ASSERT_TRUE(!exe_path.empty()); |
| EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| TargetPolicy::PROCESS_MIN_EXEC, |
| @@ -350,7 +332,7 @@ TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) { |
| TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccess) { |
| TestRunner runner(JOB_UNPROTECTED, USER_INTERACTIVE, USER_INTERACTIVE); |
| - base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| + base::string16 exe_path = MakePathToSys(L"findstr.exe", false); |
| ASSERT_TRUE(!exe_path.empty()); |
| EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| TargetPolicy::PROCESS_ALL_EXEC, |
| @@ -362,7 +344,7 @@ TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccess) { |
| TEST(ProcessPolicyTest, TestGetProcessTokenMinAccessNoJob) { |
| TestRunner runner(JOB_NONE, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
| - base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| + base::string16 exe_path = MakePathToSys(L"findstr.exe", false); |
| ASSERT_TRUE(!exe_path.empty()); |
| EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| TargetPolicy::PROCESS_MIN_EXEC, |
| @@ -374,7 +356,7 @@ TEST(ProcessPolicyTest, TestGetProcessTokenMinAccessNoJob) { |
| TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccessNoJob) { |
| TestRunner runner(JOB_NONE, USER_INTERACTIVE, USER_INTERACTIVE); |
| - base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| + base::string16 exe_path = MakePathToSys(L"findstr.exe", false); |
| ASSERT_TRUE(!exe_path.empty()); |
| EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| TargetPolicy::PROCESS_ALL_EXEC, |
