Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(310)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/named_pipe_policy_test.cc

Issue 1851213002: Remove sandbox on Windows. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix nacl compile issues Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/named_pipe_policy.cc ('k') | sandbox/win/src/policy_broker.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/win/windows_version.h"
6 #include "sandbox/win/src/handle_closer.h"
7 #include "sandbox/win/src/sandbox.h"
8 #include "sandbox/win/src/sandbox_policy.h"
9 #include "sandbox/win/src/sandbox_factory.h"
10 #include "sandbox/win/tests/common/controller.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12
13 namespace sandbox {
14
15
16 SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {
17 if (argc < 1 || argc > 2) {
18 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
19 }
20 if ((NULL == argv) || (NULL == argv[0])) {
21 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
22 }
23
24 HANDLE pipe = ::CreateNamedPipeW(argv[0],
25 PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
26 PIPE_TYPE_BYTE | PIPE_READMODE_BYTE, 1, 4096,
27 4096, 2000, NULL);
28 if (INVALID_HANDLE_VALUE == pipe)
29 return SBOX_TEST_DENIED;
30
31 // The second parameter allows us to enforce a whitelist for where the
32 // pipe should be in the object namespace after creation.
33 if (argc == 2) {
34 base::string16 handle_name;
35 if (GetHandleName(pipe, &handle_name)) {
36 if (handle_name.compare(0, wcslen(argv[1]), argv[1]) != 0)
37 return SBOX_TEST_FAILED;
38 } else {
39 return SBOX_TEST_FAILED;
40 }
41 }
42
43 OVERLAPPED overlapped = {0};
44 overlapped.hEvent = ::CreateEvent(NULL, TRUE, TRUE, NULL);
45 BOOL result = ::ConnectNamedPipe(pipe, &overlapped);
46
47 if (!result) {
48 DWORD error = ::GetLastError();
49 if (ERROR_PIPE_CONNECTED != error &&
50 ERROR_IO_PENDING != error) {
51 return SBOX_TEST_FAILED;
52 }
53 }
54
55 if (!::CloseHandle(pipe))
56 return SBOX_TEST_FAILED;
57
58 ::CloseHandle(overlapped.hEvent);
59 return SBOX_TEST_SUCCEEDED;
60 }
61
62 // Tests if we can create a pipe in the sandbox.
63 TEST(NamedPipePolicyTest, CreatePipe) {
64 TestRunner runner;
65 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a
66 // namedpipe name. Here we apply it like a wildcard. http://b/893603
67 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
68 TargetPolicy::NAMEDPIPES_ALLOW_ANY,
69 L"\\\\.\\pipe\\test*"));
70
71 EXPECT_EQ(SBOX_TEST_SUCCEEDED,
72 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
73
74 EXPECT_EQ(SBOX_TEST_DENIED,
75 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh"));
76 }
77
78 // Tests if we can create a pipe with a path traversal in the sandbox.
79 TEST(NamedPipePolicyTest, CreatePipeTraversal) {
80 TestRunner runner;
81 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a
82 // namedpipe name. Here we apply it like a wildcard. http://b/893603
83 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
84 TargetPolicy::NAMEDPIPES_ALLOW_ANY,
85 L"\\\\.\\pipe\\test*"));
86
87 EXPECT_EQ(SBOX_TEST_DENIED,
88 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\..\\bleh"));
89 EXPECT_EQ(SBOX_TEST_DENIED,
90 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/../bleh"));
91 EXPECT_EQ(SBOX_TEST_DENIED,
92 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\../bleh"));
93 EXPECT_EQ(SBOX_TEST_DENIED,
94 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/..\\bleh"));
95 }
96
97 // This tests that path canonicalization is actually disabled if we use \\?\
98 // syntax.
99 TEST(NamedPipePolicyTest, CreatePipeCanonicalization) {
100 // "For file I/O, the "\\?\" prefix to a path string tells the Windows APIs to
101 // disable all string parsing and to send the string that follows it straight
102 // to the file system."
103 // http://msdn.microsoft.com/en-us/library/aa365247(VS.85).aspx
104 const wchar_t* argv[2] = { L"\\\\?\\pipe\\test\\..\\bleh",
105 L"\\Device\\NamedPipe\\test" };
106 EXPECT_EQ(SBOX_TEST_SUCCEEDED,
107 NamedPipe_Create(2, const_cast<wchar_t**>(argv)));
108 }
109
110 // The same test as CreatePipe but this time using strict interceptions.
111 TEST(NamedPipePolicyTest, CreatePipeStrictInterceptions) {
112 TestRunner runner;
113 runner.GetPolicy()->SetStrictInterceptions();
114
115 // TODO(nsylvain): This policy is wrong because "*" is a valid char in a
116 // namedpipe name. Here we apply it like a wildcard. http://b/893603
117 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
118 TargetPolicy::NAMEDPIPES_ALLOW_ANY,
119 L"\\\\.\\pipe\\test*"));
120
121 EXPECT_EQ(SBOX_TEST_SUCCEEDED,
122 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
123
124 EXPECT_EQ(SBOX_TEST_DENIED,
125 runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh"));
126 }
127
128 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/named_pipe_policy.cc ('k') | sandbox/win/src/policy_broker.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698