Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(375)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/process_mitigations_test.cc

Issue 1826223004: Correctly handle child processes of sandboxed target processes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: remove unused test Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/broker_services.cc ('k') | sandbox/win/src/process_policy_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/files/file_util.h" 5 #include "base/files/file_util.h"
6 #include "base/files/scoped_temp_dir.h" 6 #include "base/files/scoped_temp_dir.h"
7 #include "base/memory/scoped_ptr.h" 7 #include "base/memory/scoped_ptr.h"
8 #include "base/path_service.h" 8 #include "base/path_service.h"
9 #include "base/process/launch.h" 9 #include "base/process/launch.h"
10 #include "base/strings/stringprintf.h" 10 #include "base/strings/stringprintf.h"
(...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after
198 EXPECT_EQ((is_success_test ? sandbox::SBOX_TEST_SUCCEEDED 198 EXPECT_EQ((is_success_test ? sandbox::SBOX_TEST_SUCCEEDED
199 : sandbox::SBOX_TEST_FAILED), 199 : sandbox::SBOX_TEST_FAILED),
200 runner.RunTest(test.c_str())); 200 runner.RunTest(test.c_str()));
201 } 201 }
202 202
203 } // namespace 203 } // namespace
204 204
205 namespace sandbox { 205 namespace sandbox {
206 206
207 // A shared helper test command that will attempt to CreateProcess 207 // A shared helper test command that will attempt to CreateProcess
208 // with a given command line. 208 // with a given command line. The second parameter, if set to non-zero
209 // will cause the child process to return exit code STATUS_ACCESS_VIOLATION.
209 // 210 //
210 // ***Make sure you've enabled basic process creation in the 211 // ***Make sure you've enabled basic process creation in the
211 // test sandbox settings via: 212 // test sandbox settings via:
212 // sandbox::TargetPolicy::SetJobLevel(), 213 // sandbox::TargetPolicy::SetJobLevel(),
213 // sandbox::TargetPolicy::SetTokenLevel(), 214 // sandbox::TargetPolicy::SetTokenLevel(),
214 // and TestRunner::SetDisableCsrss(). 215 // and TestRunner::SetDisableCsrss().
215 SBOX_TESTS_COMMAND int TestChildProcess(int argc, wchar_t** argv) { 216 SBOX_TESTS_COMMAND int TestChildProcess(int argc, wchar_t** argv) {
216 if (argc < 1) 217 if (argc < 2)
217 return SBOX_TEST_INVALID_PARAMETER; 218 return SBOX_TEST_INVALID_PARAMETER;
218 219
220 int desired_exit_code = _wtoi(argv[1]);
221 if (desired_exit_code)
222 desired_exit_code = STATUS_ACCESS_VIOLATION;
223
219 std::wstring cmd = argv[0]; 224 std::wstring cmd = argv[0];
220 base::LaunchOptions options = base::LaunchOptionsForTest(); 225 base::LaunchOptions options = base::LaunchOptionsForTest();
221 base::Process setup_proc = base::LaunchProcess(cmd.c_str(), options); 226 base::Process setup_proc = base::LaunchProcess(cmd.c_str(), options);
222 227
223 if (setup_proc.IsValid()) { 228 if (setup_proc.IsValid()) {
224 setup_proc.Terminate(0, false); 229 setup_proc.Terminate(desired_exit_code, false);
225 return SBOX_TEST_SUCCEEDED; 230 return SBOX_TEST_SUCCEEDED;
226 } 231 }
227 // Note: GetLastError from CreateProcess returns 5, "ERROR_ACCESS_DENIED". 232 // Note: GetLastError from CreateProcess returns 5, "ERROR_ACCESS_DENIED".
228 return SBOX_TEST_FAILED; 233 return SBOX_TEST_FAILED;
229 } 234 }
230 235
231 //------------------------------------------------------------------------------ 236 //------------------------------------------------------------------------------
232 // Win8 Checks: 237 // Win8 Checks:
233 // MITIGATION_DEP(_NO_ATL_THUNK) 238 // MITIGATION_DEP(_NO_ATL_THUNK)
234 // MITIGATION_EXTENSION_DLL_DISABLE 239 // MITIGATION_EXTENSION_DLL_DISABLE
(...skipping 430 matching lines...) Expand 10 before | Expand all | Expand 10 after
665 policy->SetJobLevel(JOB_INTERACTIVE, 0); 670 policy->SetJobLevel(JOB_INTERACTIVE, 0);
666 policy->SetTokenLevel(USER_UNPROTECTED, USER_UNPROTECTED); 671 policy->SetTokenLevel(USER_UNPROTECTED, USER_UNPROTECTED);
667 runner.SetDisableCsrss(false); 672 runner.SetDisableCsrss(false);
668 673
669 base::FilePath cmd; 674 base::FilePath cmd;
670 EXPECT_TRUE(base::PathService::Get(base::DIR_SYSTEM, &cmd)); 675 EXPECT_TRUE(base::PathService::Get(base::DIR_SYSTEM, &cmd));
671 cmd = cmd.Append(L"calc.exe"); 676 cmd = cmd.Append(L"calc.exe");
672 677
673 std::wstring test_command = L"TestChildProcess "; 678 std::wstring test_command = L"TestChildProcess ";
674 test_command += cmd.value().c_str(); 679 test_command += cmd.value().c_str();
680 test_command += L" 0";
675 681
676 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(test_command.c_str())); 682 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(test_command.c_str()));
677 } 683 }
678 684
679 // This test validates that setting the 685 // This test validates that setting the
680 // MITIGATION_CHILD_PROCESS_CREATION_RESTRICTED mitigation prevents 686 // MITIGATION_CHILD_PROCESS_CREATION_RESTRICTED mitigation prevents
681 // the spawning of child processes. 687 // the spawning of child processes.
682 TEST(ProcessMitigationsTest, CheckChildProcessFailure) { 688 TEST(ProcessMitigationsTest, CheckChildProcessFailure) {
683 TestRunner runner; 689 TestRunner runner;
684 sandbox::TargetPolicy* policy = runner.GetPolicy(); 690 sandbox::TargetPolicy* policy = runner.GetPolicy();
685 691
686 // Now set the job level to be <= JOB_LIMITED_USER 692 // Now set the job level to be <= JOB_LIMITED_USER
687 // and ensure we can no longer create a child process. 693 // and ensure we can no longer create a child process.
688 policy->SetJobLevel(JOB_LIMITED_USER, 0); 694 policy->SetJobLevel(JOB_LIMITED_USER, 0);
689 policy->SetTokenLevel(USER_UNPROTECTED, USER_UNPROTECTED); 695 policy->SetTokenLevel(USER_UNPROTECTED, USER_UNPROTECTED);
690 runner.SetDisableCsrss(false); 696 runner.SetDisableCsrss(false);
691 697
692 base::FilePath cmd; 698 base::FilePath cmd;
693 EXPECT_TRUE(base::PathService::Get(base::DIR_SYSTEM, &cmd)); 699 EXPECT_TRUE(base::PathService::Get(base::DIR_SYSTEM, &cmd));
694 cmd = cmd.Append(L"calc.exe"); 700 cmd = cmd.Append(L"calc.exe");
695 701
696 std::wstring test_command = L"TestChildProcess "; 702 std::wstring test_command = L"TestChildProcess ";
697 test_command += cmd.value().c_str(); 703 test_command += cmd.value().c_str();
704 test_command += L" 0";
705
706 EXPECT_EQ(SBOX_TEST_FAILED, runner.RunTest(test_command.c_str()));
707 }
708
709 // This test validates that we can spawn a child process if
710 // MITIGATION_CHILD_PROCESS_CREATION_RESTRICTED mitigation is
711 // not set. This also tests that a crashing child process is correctly handled
712 // by the broker.
713 TEST(ProcessMitigationsTest, CheckChildProcessSuccessAbnormalExit) {
714 TestRunner runner;
715 sandbox::TargetPolicy* policy = runner.GetPolicy();
716
717 // Set a policy that would normally allow for process creation.
718 policy->SetJobLevel(JOB_INTERACTIVE, 0);
719 policy->SetTokenLevel(USER_UNPROTECTED, USER_UNPROTECTED);
720 runner.SetDisableCsrss(false);
721
722 base::FilePath cmd;
723 EXPECT_TRUE(base::PathService::Get(base::DIR_SYSTEM, &cmd));
724 cmd = cmd.Append(L"calc.exe");
725
726 std::wstring test_command = L"TestChildProcess ";
727 test_command += cmd.value().c_str();
728 test_command += L" 1";
729
730 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(test_command.c_str()));
731 }
732
733 // This test validates that setting the
734 // MITIGATION_CHILD_PROCESS_CREATION_RESTRICTED mitigation prevents
735 // the spawning of child processes. This also tests that a crashing child
736 // process is correctly handled by the broker.
737 TEST(ProcessMitigationsTest, CheckChildProcessFailureAbnormalExit) {
738 TestRunner runner;
739 sandbox::TargetPolicy* policy = runner.GetPolicy();
740
741 // Now set the job level to be <= JOB_LIMITED_USER
742 // and ensure we can no longer create a child process.
743 policy->SetJobLevel(JOB_LIMITED_USER, 0);
744 policy->SetTokenLevel(USER_UNPROTECTED, USER_UNPROTECTED);
745 runner.SetDisableCsrss(false);
746
747 base::FilePath cmd;
748 EXPECT_TRUE(base::PathService::Get(base::DIR_SYSTEM, &cmd));
749 cmd = cmd.Append(L"calc.exe");
750
751 std::wstring test_command = L"TestChildProcess ";
752 test_command += cmd.value().c_str();
753 test_command += L" 1";
698 754
699 EXPECT_EQ(SBOX_TEST_FAILED, runner.RunTest(test_command.c_str())); 755 EXPECT_EQ(SBOX_TEST_FAILED, runner.RunTest(test_command.c_str()));
700 } 756 }
701 757
702 } // namespace sandbox 758 } // namespace sandbox
703
OLDNEW
« no previous file with comments | « sandbox/win/src/broker_services.cc ('k') | sandbox/win/src/process_policy_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698