OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include <windows.h> | |
6 #include <atlsecurity.h> | |
7 | |
8 #include "base/win/windows_version.h" | |
9 #include "testing/gtest/include/gtest/gtest.h" | |
10 #include "sandbox/win/src/sandbox.h" | |
11 #include "sandbox/win/src/sandbox_policy.h" | |
12 #include "sandbox/win/src/sandbox_factory.h" | |
13 #include "sandbox/win/tests/common/controller.h" | |
14 | |
15 namespace sandbox { | |
16 | |
17 | |
18 SBOX_TESTS_COMMAND int CheckIntegrityLevel(int argc, wchar_t **argv) { | |
19 ATL::CAccessToken token; | |
20 if (!token.GetEffectiveToken(TOKEN_READ)) | |
21 return SBOX_TEST_FAILED; | |
22 | |
23 char* buffer[100]; | |
24 DWORD buf_size = 100; | |
25 if (!::GetTokenInformation(token.GetHandle(), TokenIntegrityLevel, | |
26 reinterpret_cast<void*>(buffer), buf_size, | |
27 &buf_size)) | |
28 return SBOX_TEST_FAILED; | |
29 | |
30 TOKEN_MANDATORY_LABEL* label = | |
31 reinterpret_cast<TOKEN_MANDATORY_LABEL*>(buffer); | |
32 | |
33 PSID sid_low = NULL; | |
34 if (!::ConvertStringSidToSid(L"S-1-16-4096", &sid_low)) | |
35 return SBOX_TEST_FAILED; | |
36 | |
37 BOOL is_low_sid = ::EqualSid(label->Label.Sid, sid_low); | |
38 | |
39 ::LocalFree(sid_low); | |
40 | |
41 if (is_low_sid) | |
42 return SBOX_TEST_SUCCEEDED; | |
43 | |
44 return SBOX_TEST_DENIED; | |
45 } | |
46 | |
47 TEST(IntegrityLevelTest, TestLowILReal) { | |
48 | |
49 TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE); | |
50 | |
51 runner.SetTimeout(INFINITE); | |
52 | |
53 runner.GetPolicy()->SetAlternateDesktop(true); | |
54 runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); | |
55 | |
56 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel")); | |
57 | |
58 runner.SetTestState(BEFORE_REVERT); | |
59 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel")); | |
60 } | |
61 | |
62 TEST(DelayedIntegrityLevelTest, TestLowILDelayed) { | |
63 | |
64 TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE); | |
65 | |
66 runner.SetTimeout(INFINITE); | |
67 | |
68 runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW); | |
69 | |
70 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel")); | |
71 | |
72 runner.SetTestState(BEFORE_REVERT); | |
73 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"CheckIntegrityLevel")); | |
74 } | |
75 | |
76 TEST(IntegrityLevelTest, TestNoILChange) { | |
77 | |
78 TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE); | |
79 | |
80 runner.SetTimeout(INFINITE); | |
81 | |
82 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"CheckIntegrityLevel")); | |
83 } | |
84 | |
85 } // namespace sandbox | |
OLD | NEW |