OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/tests/common/controller.h" | 5 #include "sandbox/win/tests/common/controller.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/memory/shared_memory.h" | 9 #include "base/memory/shared_memory.h" |
10 #include "base/process/process.h" | 10 #include "base/process/process.h" |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
83 if (!is_initialized) { | 83 if (!is_initialized) { |
84 if (SBOX_ALL_OK != broker->Init()) | 84 if (SBOX_ALL_OK != broker->Init()) |
85 return NULL; | 85 return NULL; |
86 | 86 |
87 is_initialized = true; | 87 is_initialized = true; |
88 } | 88 } |
89 | 89 |
90 return broker; | 90 return broker; |
91 } | 91 } |
92 | 92 |
93 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, | 93 TestRunner::TestRunner(JobLevel job_level, |
| 94 TokenLevel startup_token, |
94 TokenLevel main_token) | 95 TokenLevel main_token) |
95 : is_init_(false), is_async_(false), no_sandbox_(false), | 96 : is_init_(false), |
| 97 is_async_(false), |
| 98 no_sandbox_(false), |
| 99 disable_csrss_(true), |
96 target_process_id_(0) { | 100 target_process_id_(0) { |
97 Init(job_level, startup_token, main_token); | 101 Init(job_level, startup_token, main_token); |
98 } | 102 } |
99 | 103 |
100 TestRunner::TestRunner() | 104 TestRunner::TestRunner() |
101 : is_init_(false), is_async_(false), no_sandbox_(false), | 105 : is_init_(false), |
| 106 is_async_(false), |
| 107 no_sandbox_(false), |
| 108 disable_csrss_(true), |
102 target_process_id_(0) { | 109 target_process_id_(0) { |
103 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); | 110 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
104 } | 111 } |
105 | 112 |
106 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, | 113 void TestRunner::Init(JobLevel job_level, |
| 114 TokenLevel startup_token, |
107 TokenLevel main_token) { | 115 TokenLevel main_token) { |
108 broker_ = NULL; | 116 broker_ = NULL; |
109 policy_ = NULL; | 117 policy_ = NULL; |
110 timeout_ = kDefaultTimeout; | 118 timeout_ = kDefaultTimeout; |
111 state_ = AFTER_REVERT; | 119 state_ = AFTER_REVERT; |
112 is_async_= false; | 120 is_async_= false; |
113 kill_on_destruction_ = true; | 121 kill_on_destruction_ = true; |
114 target_process_id_ = 0; | 122 target_process_id_ = 0; |
115 | 123 |
116 broker_ = GetBroker(); | 124 broker_ = GetBroker(); |
117 if (!broker_) | 125 if (!broker_) |
118 return; | 126 return; |
119 | 127 |
120 policy_ = broker_->CreatePolicy(); | 128 policy_ = broker_->CreatePolicy(); |
121 if (!policy_) | 129 if (!policy_) |
122 return; | 130 return; |
123 | 131 |
124 policy_->SetJobLevel(job_level, 0); | 132 policy_->SetJobLevel(job_level, 0); |
125 policy_->SetTokenLevel(startup_token, main_token); | 133 policy_->SetTokenLevel(startup_token, main_token); |
126 | 134 |
127 // Close all ALPC ports. | |
128 if (base::win::GetVersion() >= base::win::VERSION_WIN8) { | |
129 policy_->AddKernelObjectToClose(L"ALPC Port", NULL); | |
130 } | |
131 | |
132 is_init_ = true; | 135 is_init_ = true; |
133 } | 136 } |
134 | 137 |
135 TargetPolicy* TestRunner::GetPolicy() { | 138 TargetPolicy* TestRunner::GetPolicy() { |
136 return policy_; | 139 return policy_; |
137 } | 140 } |
138 | 141 |
139 TestRunner::~TestRunner() { | 142 TestRunner::~TestRunner() { |
140 if (target_process_.IsValid() && kill_on_destruction_) | 143 if (target_process_.IsValid() && kill_on_destruction_) |
141 ::TerminateProcess(target_process_.Get(), 0); | 144 ::TerminateProcess(target_process_.Get(), 0); |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
203 return SBOX_TEST_FAILED_TO_RUN_TEST; | 206 return SBOX_TEST_FAILED_TO_RUN_TEST; |
204 | 207 |
205 // For simplicity TestRunner supports only one process per instance. | 208 // For simplicity TestRunner supports only one process per instance. |
206 if (target_process_.IsValid()) { | 209 if (target_process_.IsValid()) { |
207 if (IsProcessRunning(target_process_.Get())) | 210 if (IsProcessRunning(target_process_.Get())) |
208 return SBOX_TEST_FAILED_TO_RUN_TEST; | 211 return SBOX_TEST_FAILED_TO_RUN_TEST; |
209 target_process_.Close(); | 212 target_process_.Close(); |
210 target_process_id_ = 0; | 213 target_process_id_ = 0; |
211 } | 214 } |
212 | 215 |
| 216 if (disable_csrss_) { |
| 217 // Close all ALPC ports to disable CSRSS. |
| 218 if (base::win::GetVersion() >= base::win::VERSION_WIN8) { |
| 219 policy_->AddKernelObjectToClose(L"ALPC Port", NULL); |
| 220 } |
| 221 } |
| 222 |
213 // Get the path to the sandboxed process. | 223 // Get the path to the sandboxed process. |
214 wchar_t prog_name[MAX_PATH]; | 224 wchar_t prog_name[MAX_PATH]; |
215 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 225 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
216 | 226 |
217 // Launch the sandboxed process. | 227 // Launch the sandboxed process. |
218 ResultCode result = SBOX_ALL_OK; | 228 ResultCode result = SBOX_ALL_OK; |
219 PROCESS_INFORMATION target = {0}; | 229 PROCESS_INFORMATION target = {0}; |
220 | 230 |
221 base::string16 arguments(L"\""); | 231 base::string16 arguments(L"\""); |
222 arguments += prog_name; | 232 arguments += prog_name; |
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
361 | 371 |
362 target->LowerToken(); | 372 target->LowerToken(); |
363 } else if (0 != _wcsicmp(argv[1], L"-child-no-sandbox")) { | 373 } else if (0 != _wcsicmp(argv[1], L"-child-no-sandbox")) { |
364 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | 374 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
365 } | 375 } |
366 | 376 |
367 return command(argc - 4, argv + 4); | 377 return command(argc - 4, argv + 4); |
368 } | 378 } |
369 | 379 |
370 } // namespace sandbox | 380 } // namespace sandbox |
OLD | NEW |