| OLD | NEW |
|---|
| 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/win/windows_version.h" | 5 #include "base/win/windows_version.h" |
| 6 #include "sandbox/win/src/handle_closer.h" | 6 #include "sandbox/win/src/handle_closer.h" |
| 7 #include "sandbox/win/src/sandbox.h" | 7 #include "sandbox/win/src/sandbox.h" |
| 8 #include "sandbox/win/src/sandbox_policy.h" | 8 #include "sandbox/win/src/sandbox_policy.h" |
| 9 #include "sandbox/win/src/sandbox_factory.h" | 9 #include "sandbox/win/src/sandbox_factory.h" |
| 10 #include "sandbox/win/tests/common/controller.h" | 10 #include "sandbox/win/tests/common/controller.h" |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 TestRunner runner; | 64 TestRunner runner; |
| 65 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a | 65 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a |
| 66 // namedpipe name. Here we apply it like a wildcard. http://b/893603 | 66 // namedpipe name. Here we apply it like a wildcard. http://b/893603 |
| 67 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES, | 67 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES, |
| 68 TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 68 TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 69 L"\\\\.\\pipe\\test*")); | 69 L"\\\\.\\pipe\\test*")); |
| 70 | 70 |
| 71 EXPECT_EQ(SBOX_TEST_SUCCEEDED, | 71 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 72 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh")); | 72 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh")); |
| 73 | 73 |
| 74 // On XP, the sandbox can create a pipe without any help but it fails on | 74 EXPECT_EQ(SBOX_TEST_DENIED, |
| 75 // Vista+, this is why we do not test the "denied" case. | 75 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh")); |
| 76 if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { | |
| 77 EXPECT_EQ(SBOX_TEST_DENIED, | |
| 78 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh")); | |
| 79 } | |
| 80 } | 76 } |
| 81 | 77 |
| 82 // Tests if we can create a pipe with a path traversal in the sandbox. | 78 // Tests if we can create a pipe with a path traversal in the sandbox. |
| 83 TEST(NamedPipePolicyTest, CreatePipeTraversal) { | 79 TEST(NamedPipePolicyTest, CreatePipeTraversal) { |
| 84 TestRunner runner; | 80 TestRunner runner; |
| 85 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a | 81 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a |
| 86 // namedpipe name. Here we apply it like a wildcard. http://b/893603 | 82 // namedpipe name. Here we apply it like a wildcard. http://b/893603 |
| 87 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES, | 83 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES, |
| 88 TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 84 TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 89 L"\\\\.\\pipe\\test*")); | 85 L"\\\\.\\pipe\\test*")); |
| 90 | 86 |
| 91 // On XP, the sandbox can create a pipe without any help but it fails on | 87 EXPECT_EQ(SBOX_TEST_DENIED, |
| 92 // Vista+, this is why we do not test the "denied" case. | 88 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\..\\bleh")); |
| 93 if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { | 89 EXPECT_EQ(SBOX_TEST_DENIED, |
| 94 EXPECT_EQ(SBOX_TEST_DENIED, | 90 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/../bleh")); |
| 95 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\..\\bleh")); | 91 EXPECT_EQ(SBOX_TEST_DENIED, |
| 96 EXPECT_EQ(SBOX_TEST_DENIED, | 92 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\../bleh")); |
| 97 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/../bleh")); | 93 EXPECT_EQ(SBOX_TEST_DENIED, |
| 98 EXPECT_EQ(SBOX_TEST_DENIED, | 94 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/..\\bleh")); |
| 99 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\../bleh")); | |
| 100 EXPECT_EQ(SBOX_TEST_DENIED, | |
| 101 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/..\\bleh")); | |
| 102 } | |
| 103 } | 95 } |
| 104 | 96 |
| 105 // This tests that path canonicalization is actually disabled if we use \\?\ | 97 // This tests that path canonicalization is actually disabled if we use \\?\ |
| 106 // syntax. | 98 // syntax. |
| 107 TEST(NamedPipePolicyTest, CreatePipeCanonicalization) { | 99 TEST(NamedPipePolicyTest, CreatePipeCanonicalization) { |
| 108 // "For file I/O, the "\\?\" prefix to a path string tells the Windows APIs to | 100 // "For file I/O, the "\\?\" prefix to a path string tells the Windows APIs to |
| 109 // disable all string parsing and to send the string that follows it straight | 101 // disable all string parsing and to send the string that follows it straight |
| 110 // to the file system." | 102 // to the file system." |
| 111 // http://msdn.microsoft.com/en-us/library/aa365247(VS.85).aspx | 103 // http://msdn.microsoft.com/en-us/library/aa365247(VS.85).aspx |
| 112 const wchar_t* argv[2] = { L"\\\\?\\pipe\\test\\..\\bleh", | 104 const wchar_t* argv[2] = { L"\\\\?\\pipe\\test\\..\\bleh", |
| 113 L"\\Device\\NamedPipe\\test" }; | 105 L"\\Device\\NamedPipe\\test" }; |
| 114 EXPECT_EQ(SBOX_TEST_SUCCEEDED, | 106 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 115 NamedPipe_Create(2, const_cast<wchar_t**>(argv))); | 107 NamedPipe_Create(2, const_cast<wchar_t**>(argv))); |
| 116 } | 108 } |
| 117 | 109 |
| 118 // The same test as CreatePipe but this time using strict interceptions. | 110 // The same test as CreatePipe but this time using strict interceptions. |
| 119 TEST(NamedPipePolicyTest, CreatePipeStrictInterceptions) { | 111 TEST(NamedPipePolicyTest, CreatePipeStrictInterceptions) { |
| 120 TestRunner runner; | 112 TestRunner runner; |
| 121 runner.GetPolicy()->SetStrictInterceptions(); | 113 runner.GetPolicy()->SetStrictInterceptions(); |
| 122 | 114 |
| 123 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a | 115 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a |
| 124 // namedpipe name. Here we apply it like a wildcard. http://b/893603 | 116 // namedpipe name. Here we apply it like a wildcard. http://b/893603 |
| 125 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES, | 117 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES, |
| 126 TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 118 TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 127 L"\\\\.\\pipe\\test*")); | 119 L"\\\\.\\pipe\\test*")); |
| 128 | 120 |
| 129 EXPECT_EQ(SBOX_TEST_SUCCEEDED, | 121 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 130 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh")); | 122 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh")); |
| 131 | 123 |
| 132 // On XP, the sandbox can create a pipe without any help but it fails on | 124 EXPECT_EQ(SBOX_TEST_DENIED, |
| 133 // Vista+, this is why we do not test the "denied" case. | 125 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh")); |
| 134 if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { | |
| 135 EXPECT_EQ(SBOX_TEST_DENIED, | |
| 136 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh")); | |
| 137 } | |
| 138 } | 126 } |
| 139 | 127 |
| 140 } // namespace sandbox | 128 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1814863004:
Cleanup/Remove Windows XP/Vista version checks from Windows sandbox code (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master