OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include <stddef.h> | |
6 #include <stdint.h> | |
7 | |
8 #include "sandbox/win/src/policy_engine_params.h" | |
9 #include "sandbox/win/src/policy_engine_processor.h" | |
10 #include "sandbox/win/src/policy_low_level.h" | |
11 #include "testing/gtest/include/gtest/gtest.h" | |
12 | |
13 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = { | |
14 #define POLPARAM(p) sandbox::ParamPickerMake(p), | |
15 #define POLPARAMS_END } | |
16 | |
17 namespace sandbox { | |
18 | |
19 bool SetupNtdllImports(); | |
20 | |
21 // Testing that we allow opcode generation on valid string patterns. | |
22 TEST(PolicyEngineTest, StringPatternsOK) { | |
23 SetupNtdllImports(); | |
24 PolicyRule pr(ASK_BROKER); | |
25 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\adobe\\ver??\\", CASE_SENSITIVE)); | |
26 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"*.tmp", CASE_SENSITIVE)); | |
27 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\*.doc", CASE_SENSITIVE)); | |
28 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\windows\\*", CASE_SENSITIVE)); | |
29 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"d:\\adobe\\acrobat.exe", | |
30 CASE_SENSITIVE)); | |
31 } | |
32 | |
33 // Testing that we signal invalid string patterns. | |
34 TEST(PolicyEngineTest, StringPatternsBAD) { | |
35 SetupNtdllImports(); | |
36 PolicyRule pr(ASK_BROKER); | |
37 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"one**two", CASE_SENSITIVE)); | |
38 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"**three", CASE_SENSITIVE)); | |
39 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"five?six*?seven", CASE_SENSITIVE)); | |
40 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"eight?*nine", CASE_SENSITIVE)); | |
41 } | |
42 | |
43 // Helper function to allocate space (on the heap) for policy. | |
44 PolicyGlobal* MakePolicyMemory() { | |
45 const size_t kTotalPolicySz = 4096*8; | |
46 char* mem = new char[kTotalPolicySz]; | |
47 memset(mem, 0, kTotalPolicySz); | |
48 PolicyGlobal* policy = reinterpret_cast<PolicyGlobal*>(mem); | |
49 policy->data_size = kTotalPolicySz - sizeof(PolicyGlobal); | |
50 return policy; | |
51 } | |
52 | |
53 // The simplest test using LowLevelPolicy it should test a single opcode which | |
54 // does a exact string comparison. | |
55 TEST(PolicyEngineTest, SimpleStrMatch) { | |
56 SetupNtdllImports(); | |
57 PolicyRule pr(ASK_BROKER); | |
58 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"z:\\Directory\\domo.txt", | |
59 CASE_INSENSITIVE)); | |
60 | |
61 PolicyGlobal* policy = MakePolicyMemory(); | |
62 const uint32_t kFakeService = 2; | |
63 | |
64 LowLevelPolicy policyGen(policy); | |
65 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | |
66 EXPECT_TRUE(policyGen.Done()); | |
67 | |
68 const wchar_t* filename = L"Z:\\Directory\\domo.txt"; | |
69 | |
70 POLPARAMS_BEGIN(eval_params) | |
71 POLPARAM(filename) // Argument 0 | |
72 POLPARAMS_END; | |
73 | |
74 PolicyResult result; | |
75 PolicyProcessor pol_ev(policy->entry[kFakeService]); | |
76 | |
77 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
78 EXPECT_EQ(POLICY_MATCH, result); | |
79 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
80 | |
81 filename = L"Z:\\Directory\\domo.txt.tmp"; | |
82 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
83 EXPECT_EQ(NO_POLICY_MATCH, result); | |
84 | |
85 delete [] reinterpret_cast<char*>(policy); | |
86 } | |
87 | |
88 TEST(PolicyEngineTest, SimpleIfNotStrMatch) { | |
89 SetupNtdllImports(); | |
90 PolicyRule pr(ASK_BROKER); | |
91 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\", | |
92 CASE_SENSITIVE)); | |
93 | |
94 PolicyGlobal* policy = MakePolicyMemory(); | |
95 const uint32_t kFakeService = 2; | |
96 LowLevelPolicy policyGen(policy); | |
97 | |
98 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | |
99 EXPECT_TRUE(policyGen.Done()); | |
100 | |
101 const wchar_t* filename = NULL; | |
102 POLPARAMS_BEGIN(eval_params) | |
103 POLPARAM(filename) // Argument 0 | |
104 POLPARAMS_END; | |
105 | |
106 PolicyResult result; | |
107 PolicyProcessor pol_ev(policy->entry[kFakeService]); | |
108 | |
109 filename = L"c:\\Microsoft\\"; | |
110 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
111 EXPECT_EQ(NO_POLICY_MATCH, result); | |
112 | |
113 filename = L"c:\\MicroNerd\\"; | |
114 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
115 EXPECT_EQ(POLICY_MATCH, result); | |
116 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
117 | |
118 filename = L"c:\\Microsoft\\domo.txt"; | |
119 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
120 EXPECT_EQ(POLICY_MATCH, result); | |
121 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
122 | |
123 delete [] reinterpret_cast<char*>(policy); | |
124 } | |
125 | |
126 TEST(PolicyEngineTest, SimpleIfNotStrMatchWild1) { | |
127 SetupNtdllImports(); | |
128 PolicyRule pr(ASK_BROKER); | |
129 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*", | |
130 CASE_SENSITIVE)); | |
131 | |
132 PolicyGlobal* policy = MakePolicyMemory(); | |
133 const uint32_t kFakeService = 3; | |
134 LowLevelPolicy policyGen(policy); | |
135 | |
136 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | |
137 EXPECT_TRUE(policyGen.Done()); | |
138 | |
139 const wchar_t* filename = NULL; | |
140 POLPARAMS_BEGIN(eval_params) | |
141 POLPARAM(filename) // Argument 0 | |
142 POLPARAMS_END; | |
143 | |
144 PolicyResult result; | |
145 PolicyProcessor pol_ev(policy->entry[kFakeService]); | |
146 | |
147 filename = L"c:\\Microsoft\\domo.txt"; | |
148 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
149 EXPECT_EQ(NO_POLICY_MATCH, result); | |
150 | |
151 filename = L"c:\\MicroNerd\\domo.txt"; | |
152 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
153 EXPECT_EQ(POLICY_MATCH, result); | |
154 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
155 | |
156 delete [] reinterpret_cast<char*>(policy); | |
157 } | |
158 | |
159 TEST(PolicyEngineTest, SimpleIfNotStrMatchWild2) { | |
160 SetupNtdllImports(); | |
161 PolicyRule pr(ASK_BROKER); | |
162 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*.txt", | |
163 CASE_SENSITIVE)); | |
164 | |
165 PolicyGlobal* policy = MakePolicyMemory(); | |
166 const uint32_t kFakeService = 3; | |
167 LowLevelPolicy policyGen(policy); | |
168 | |
169 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | |
170 EXPECT_TRUE(policyGen.Done()); | |
171 | |
172 const wchar_t* filename = NULL; | |
173 POLPARAMS_BEGIN(eval_params) | |
174 POLPARAM(filename) // Argument 0 | |
175 POLPARAMS_END; | |
176 | |
177 PolicyResult result; | |
178 PolicyProcessor pol_ev(policy->entry[kFakeService]); | |
179 | |
180 filename = L"c:\\Microsoft\\domo.txt"; | |
181 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
182 EXPECT_EQ(NO_POLICY_MATCH, result); | |
183 | |
184 filename = L"c:\\MicroNerd\\domo.txt"; | |
185 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
186 EXPECT_EQ(POLICY_MATCH, result); | |
187 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
188 | |
189 filename = L"c:\\Microsoft\\domo.bmp"; | |
190 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
191 EXPECT_EQ(POLICY_MATCH, result); | |
192 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
193 | |
194 delete [] reinterpret_cast<char*>(policy); | |
195 } | |
196 | |
197 TEST(PolicyEngineTest, IfNotStrMatchTwoRulesWild1) { | |
198 SetupNtdllImports(); | |
199 PolicyRule pr(ASK_BROKER); | |
200 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*", | |
201 CASE_SENSITIVE)); | |
202 EXPECT_TRUE(pr.AddNumberMatch(IF, 1, 24, EQUAL)); | |
203 | |
204 PolicyGlobal* policy = MakePolicyMemory(); | |
205 const uint32_t kFakeService = 3; | |
206 LowLevelPolicy policyGen(policy); | |
207 | |
208 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | |
209 EXPECT_TRUE(policyGen.Done()); | |
210 | |
211 const wchar_t* filename = NULL; | |
212 uint32_t access = 0; | |
213 POLPARAMS_BEGIN(eval_params) | |
214 POLPARAM(filename) // Argument 0 | |
215 POLPARAM(access) // Argument 1 | |
216 POLPARAMS_END; | |
217 | |
218 PolicyResult result; | |
219 PolicyProcessor pol_ev(policy->entry[kFakeService]); | |
220 | |
221 filename = L"c:\\Microsoft\\domo.txt"; | |
222 access = 24; | |
223 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
224 EXPECT_EQ(NO_POLICY_MATCH, result); | |
225 | |
226 filename = L"c:\\Microsoft\\domo.txt"; | |
227 access = 42; | |
228 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
229 EXPECT_EQ(NO_POLICY_MATCH, result); | |
230 | |
231 filename = L"c:\\MicroNerd\\domo.txt"; | |
232 access = 24; | |
233 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
234 EXPECT_EQ(POLICY_MATCH, result); | |
235 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
236 | |
237 filename = L"c:\\Micronesia\\domo.txt"; | |
238 access = 42; | |
239 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
240 EXPECT_EQ(NO_POLICY_MATCH, result); | |
241 | |
242 delete [] reinterpret_cast<char*>(policy); | |
243 } | |
244 | |
245 TEST(PolicyEngineTest, IfNotStrMatchTwoRulesWild2) { | |
246 SetupNtdllImports(); | |
247 PolicyRule pr(ASK_BROKER); | |
248 EXPECT_TRUE(pr.AddNumberMatch(IF, 1, 24, EQUAL)); | |
249 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\GoogleV?\\*.txt", | |
250 CASE_SENSITIVE)); | |
251 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, 66, EQUAL)); | |
252 | |
253 PolicyGlobal* policy = MakePolicyMemory(); | |
254 const uint32_t kFakeService = 3; | |
255 LowLevelPolicy policyGen(policy); | |
256 | |
257 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | |
258 EXPECT_TRUE(policyGen.Done()); | |
259 | |
260 const wchar_t* filename = NULL; | |
261 uint32_t access = 0; | |
262 uint32_t sharing = 66; | |
263 | |
264 POLPARAMS_BEGIN(eval_params) | |
265 POLPARAM(filename) // Argument 0 | |
266 POLPARAM(access) // Argument 1 | |
267 POLPARAM(sharing) // Argument 2 | |
268 POLPARAMS_END; | |
269 | |
270 PolicyResult result; | |
271 PolicyProcessor pol_ev(policy->entry[kFakeService]); | |
272 | |
273 filename = L"c:\\GoogleV2\\domo.txt"; | |
274 access = 24; | |
275 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
276 EXPECT_EQ(NO_POLICY_MATCH, result); | |
277 | |
278 filename = L"c:\\GoogleV2\\domo.bmp"; | |
279 access = 24; | |
280 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
281 EXPECT_EQ(POLICY_MATCH, result); | |
282 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
283 | |
284 filename = L"c:\\GoogleV23\\domo.txt"; | |
285 access = 24; | |
286 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
287 EXPECT_EQ(POLICY_MATCH, result); | |
288 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
289 | |
290 | |
291 filename = L"c:\\GoogleV2\\domo.txt"; | |
292 access = 42; | |
293 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
294 EXPECT_EQ(NO_POLICY_MATCH, result); | |
295 | |
296 filename = L"c:\\Google\\domo.txt"; | |
297 access = 24; | |
298 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
299 EXPECT_EQ(POLICY_MATCH, result); | |
300 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
301 | |
302 filename = L"c:\\Micronesia\\domo.txt"; | |
303 access = 42; | |
304 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
305 EXPECT_EQ(NO_POLICY_MATCH, result); | |
306 | |
307 filename = L"c:\\GoogleV2\\domo.bmp"; | |
308 access = 24; | |
309 sharing = 0; | |
310 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
311 EXPECT_EQ(NO_POLICY_MATCH, result); | |
312 | |
313 delete [] reinterpret_cast<char*>(policy); | |
314 } | |
315 | |
316 // Testing one single rule in one single service. The service is made to | |
317 // resemble NtCreateFile. | |
318 TEST(PolicyEngineTest, OneRuleTest) { | |
319 SetupNtdllImports(); | |
320 PolicyRule pr(ASK_BROKER); | |
321 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\*Microsoft*\\*.txt", | |
322 CASE_SENSITIVE)); | |
323 EXPECT_TRUE(pr.AddNumberMatch(IF_NOT, 1, CREATE_ALWAYS, EQUAL)); | |
324 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | |
325 | |
326 PolicyGlobal* policy = MakePolicyMemory(); | |
327 | |
328 const uint32_t kNtFakeCreateFile = 7; | |
329 | |
330 LowLevelPolicy policyGen(policy); | |
331 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr)); | |
332 EXPECT_TRUE(policyGen.Done()); | |
333 | |
334 const wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt"; | |
335 uint32_t creation_mode = OPEN_EXISTING; | |
336 uint32_t flags = FILE_ATTRIBUTE_NORMAL; | |
337 void* security_descriptor = NULL; | |
338 | |
339 POLPARAMS_BEGIN(eval_params) | |
340 POLPARAM(filename) // Argument 0 | |
341 POLPARAM(creation_mode) // Argument 1 | |
342 POLPARAM(flags) // Argument 2 | |
343 POLPARAM(security_descriptor) | |
344 POLPARAMS_END; | |
345 | |
346 PolicyResult result; | |
347 PolicyProcessor pol_ev(policy->entry[kNtFakeCreateFile]); | |
348 | |
349 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
350 EXPECT_EQ(POLICY_MATCH, result); | |
351 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
352 | |
353 creation_mode = CREATE_ALWAYS; | |
354 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
355 EXPECT_EQ(NO_POLICY_MATCH, result); | |
356 | |
357 creation_mode = OPEN_EXISTING; | |
358 filename = L"c:\\Other\\Path\\Microsoft\\Another file.txt"; | |
359 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
360 EXPECT_EQ(POLICY_MATCH, result); | |
361 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
362 | |
363 filename = L"c:\\Other\\Path\\Microsoft\\Another file.txt.tmp"; | |
364 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
365 EXPECT_EQ(NO_POLICY_MATCH, result); | |
366 | |
367 flags = FILE_ATTRIBUTE_DEVICE; | |
368 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
369 EXPECT_EQ(NO_POLICY_MATCH, result); | |
370 | |
371 filename = L"c:\\Other\\Macrosoft\\Another file.txt"; | |
372 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
373 EXPECT_EQ(NO_POLICY_MATCH, result); | |
374 | |
375 filename = L"c:\\Microsoft\\1.txt"; | |
376 flags = FILE_ATTRIBUTE_NORMAL; | |
377 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
378 EXPECT_EQ(POLICY_MATCH, result); | |
379 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); | |
380 | |
381 filename = L"c:\\Microsoft\\1.ttt"; | |
382 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
383 EXPECT_EQ(NO_POLICY_MATCH, result); | |
384 | |
385 delete [] reinterpret_cast<char*>(policy); | |
386 } | |
387 | |
388 // Testing 3 rules in 3 services. Two of the services resemble File services. | |
389 TEST(PolicyEngineTest, ThreeRulesTest) { | |
390 SetupNtdllImports(); | |
391 PolicyRule pr_pipe(FAKE_SUCCESS); | |
392 EXPECT_TRUE(pr_pipe.AddStringMatch(IF, 0, L"\\\\/?/?\\Pipe\\Chrome.*", | |
393 CASE_INSENSITIVE)); | |
394 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 1, OPEN_EXISTING, EQUAL)); | |
395 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | |
396 | |
397 size_t opc1 = pr_pipe.GetOpcodeCount(); | |
398 EXPECT_EQ(3u, opc1); | |
399 | |
400 PolicyRule pr_dump(ASK_BROKER); | |
401 EXPECT_TRUE(pr_dump.AddStringMatch(IF, 0, L"\\\\/?/?\\*\\Crash Reports\\*", | |
402 CASE_INSENSITIVE)); | |
403 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 1, CREATE_ALWAYS, EQUAL)); | |
404 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | |
405 | |
406 size_t opc2 = pr_dump.GetOpcodeCount(); | |
407 EXPECT_EQ(4u, opc2); | |
408 | |
409 PolicyRule pr_winexe(SIGNAL_ALARM); | |
410 EXPECT_TRUE(pr_winexe.AddStringMatch(IF, 0, L"\\\\/?/?\\C:\\Windows\\*.exe", | |
411 CASE_INSENSITIVE)); | |
412 EXPECT_TRUE(pr_winexe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | |
413 | |
414 size_t opc3 = pr_winexe.GetOpcodeCount(); | |
415 EXPECT_EQ(3u, opc3); | |
416 | |
417 PolicyRule pr_adobe(GIVE_CACHED); | |
418 EXPECT_TRUE(pr_adobe.AddStringMatch(IF, 0, L"c:\\adobe\\ver?.?\\", | |
419 CASE_SENSITIVE)); | |
420 EXPECT_TRUE(pr_adobe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | |
421 | |
422 size_t opc4 = pr_adobe.GetOpcodeCount(); | |
423 EXPECT_EQ(4u, opc4); | |
424 | |
425 PolicyRule pr_none(GIVE_FIRST); | |
426 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_READONLY, AND)); | |
427 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_SYSTEM, AND)); | |
428 | |
429 size_t opc5 = pr_none.GetOpcodeCount(); | |
430 EXPECT_EQ(2u, opc5); | |
431 | |
432 PolicyGlobal* policy = MakePolicyMemory(); | |
433 | |
434 const uint32_t kNtFakeNone = 4; | |
435 const uint32_t kNtFakeCreateFile = 5; | |
436 const uint32_t kNtFakeOpenFile = 6; | |
437 | |
438 LowLevelPolicy policyGen(policy); | |
439 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_pipe)); | |
440 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_dump)); | |
441 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_winexe)); | |
442 | |
443 EXPECT_TRUE(policyGen.AddRule(kNtFakeOpenFile, &pr_adobe)); | |
444 EXPECT_TRUE(policyGen.AddRule(kNtFakeOpenFile, &pr_pipe)); | |
445 | |
446 EXPECT_TRUE(policyGen.AddRule(kNtFakeNone, &pr_none)); | |
447 | |
448 EXPECT_TRUE(policyGen.Done()); | |
449 | |
450 // Inspect the policy structure manually. | |
451 EXPECT_TRUE(NULL == policy->entry[0]); | |
452 EXPECT_TRUE(NULL == policy->entry[1]); | |
453 EXPECT_TRUE(NULL == policy->entry[2]); | |
454 EXPECT_TRUE(NULL == policy->entry[3]); | |
455 EXPECT_TRUE(NULL != policy->entry[4]); // kNtFakeNone. | |
456 EXPECT_TRUE(NULL != policy->entry[5]); // kNtFakeCreateFile. | |
457 EXPECT_TRUE(NULL != policy->entry[6]); // kNtFakeOpenFile. | |
458 EXPECT_TRUE(NULL == policy->entry[7]); | |
459 | |
460 // The total per service opcode counts now must take in account one | |
461 // extra opcode (action opcode) per rule. | |
462 ++opc1; | |
463 ++opc2; | |
464 ++opc3; | |
465 ++opc4; | |
466 ++opc5; | |
467 | |
468 size_t tc1 = policy->entry[kNtFakeNone]->opcode_count; | |
469 size_t tc2 = policy->entry[kNtFakeCreateFile]->opcode_count; | |
470 size_t tc3 = policy->entry[kNtFakeOpenFile]->opcode_count; | |
471 | |
472 EXPECT_EQ(opc5, tc1); | |
473 EXPECT_EQ((opc1 + opc2 + opc3), tc2); | |
474 EXPECT_EQ((opc1 + opc4), tc3); | |
475 | |
476 // Check the type of the first and last opcode of each service. | |
477 | |
478 EXPECT_EQ(OP_NUMBER_AND_MATCH, | |
479 policy->entry[kNtFakeNone]->opcodes[0].GetID()); | |
480 EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeNone]->opcodes[tc1-1].GetID()); | |
481 EXPECT_EQ(OP_WSTRING_MATCH, | |
482 policy->entry[kNtFakeCreateFile]->opcodes[0].GetID()); | |
483 EXPECT_EQ(OP_ACTION, | |
484 policy->entry[kNtFakeCreateFile]->opcodes[tc2-1].GetID()); | |
485 EXPECT_EQ(OP_WSTRING_MATCH, | |
486 policy->entry[kNtFakeOpenFile]->opcodes[0].GetID()); | |
487 EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeOpenFile]->opcodes[tc3-1].GetID()); | |
488 | |
489 // Test the policy evaluation. | |
490 | |
491 const wchar_t* filename = L""; | |
492 uint32_t creation_mode = OPEN_EXISTING; | |
493 uint32_t flags = FILE_ATTRIBUTE_NORMAL; | |
494 void* security_descriptor = NULL; | |
495 | |
496 POLPARAMS_BEGIN(params) | |
497 POLPARAM(filename) // Argument 0 | |
498 POLPARAM(creation_mode) // Argument 1 | |
499 POLPARAM(flags) // Argument 2 | |
500 POLPARAM(security_descriptor) | |
501 POLPARAMS_END; | |
502 | |
503 PolicyResult result; | |
504 PolicyProcessor eval_CreateFile(policy->entry[kNtFakeCreateFile]); | |
505 PolicyProcessor eval_OpenFile(policy->entry[kNtFakeOpenFile]); | |
506 PolicyProcessor eval_None(policy->entry[kNtFakeNone]); | |
507 | |
508 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params)); | |
509 EXPECT_EQ(NO_POLICY_MATCH, result); | |
510 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params)); | |
511 EXPECT_EQ(NO_POLICY_MATCH, result); | |
512 result = eval_None.Evaluate(kShortEval, params, _countof(params)); | |
513 EXPECT_EQ(NO_POLICY_MATCH, result); | |
514 | |
515 filename = L"\\\\??\\c:\\Windows\\System32\\calc.exe"; | |
516 flags = FILE_ATTRIBUTE_SYSTEM; | |
517 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params)); | |
518 EXPECT_EQ(NO_POLICY_MATCH, result); | |
519 result = eval_None.Evaluate(kShortEval, params, _countof(params)); | |
520 EXPECT_EQ(NO_POLICY_MATCH, result); | |
521 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params)); | |
522 EXPECT_EQ(NO_POLICY_MATCH, result); | |
523 | |
524 flags += FILE_ATTRIBUTE_READONLY; | |
525 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params)); | |
526 EXPECT_EQ(NO_POLICY_MATCH, result); | |
527 result = eval_None.Evaluate(kShortEval, params, _countof(params)); | |
528 EXPECT_EQ(POLICY_MATCH, result); | |
529 EXPECT_EQ(GIVE_FIRST, eval_None.GetAction()); | |
530 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params)); | |
531 EXPECT_EQ(NO_POLICY_MATCH, result); | |
532 | |
533 flags = FILE_ATTRIBUTE_NORMAL; | |
534 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params)); | |
535 EXPECT_EQ(POLICY_MATCH, result); | |
536 EXPECT_EQ(SIGNAL_ALARM, eval_CreateFile.GetAction()); | |
537 result = eval_None.Evaluate(kShortEval, params, _countof(params)); | |
538 EXPECT_EQ(NO_POLICY_MATCH, result); | |
539 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params)); | |
540 EXPECT_EQ(NO_POLICY_MATCH, result); | |
541 | |
542 filename = L"c:\\adobe\\ver3.2\\temp"; | |
543 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params)); | |
544 EXPECT_EQ(NO_POLICY_MATCH, result); | |
545 result = eval_None.Evaluate(kShortEval, params, _countof(params)); | |
546 EXPECT_EQ(NO_POLICY_MATCH, result); | |
547 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params)); | |
548 EXPECT_EQ(POLICY_MATCH, result); | |
549 EXPECT_EQ(GIVE_CACHED, eval_OpenFile.GetAction()); | |
550 | |
551 filename = L"c:\\adobe\\ver3.22\\temp"; | |
552 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params)); | |
553 EXPECT_EQ(NO_POLICY_MATCH, result); | |
554 | |
555 filename = L"\\\\??\\c:\\some path\\other path\\crash reports\\some path"; | |
556 creation_mode = CREATE_ALWAYS; | |
557 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params)); | |
558 EXPECT_EQ(POLICY_MATCH, result); | |
559 EXPECT_EQ(ASK_BROKER, eval_CreateFile.GetAction()); | |
560 result = eval_None.Evaluate(kShortEval, params, _countof(params)); | |
561 EXPECT_EQ(NO_POLICY_MATCH, result); | |
562 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params)); | |
563 EXPECT_EQ(NO_POLICY_MATCH, result); | |
564 | |
565 filename = L"\\\\??\\Pipe\\Chrome.12345"; | |
566 creation_mode = OPEN_EXISTING; | |
567 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params)); | |
568 EXPECT_EQ(POLICY_MATCH, result); | |
569 EXPECT_EQ(FAKE_SUCCESS, eval_CreateFile.GetAction()); | |
570 result = eval_None.Evaluate(kShortEval, params, _countof(params)); | |
571 EXPECT_EQ(NO_POLICY_MATCH, result); | |
572 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params)); | |
573 EXPECT_EQ(POLICY_MATCH, result); | |
574 EXPECT_EQ(FAKE_SUCCESS, eval_OpenFile.GetAction()); | |
575 | |
576 delete [] reinterpret_cast<char*>(policy); | |
577 } | |
578 | |
579 TEST(PolicyEngineTest, PolicyRuleCopyConstructorTwoStrings) { | |
580 SetupNtdllImports(); | |
581 // Both pr_orig and pr_copy should allow hello.* but not *.txt files. | |
582 PolicyRule pr_orig(ASK_BROKER); | |
583 EXPECT_TRUE(pr_orig.AddStringMatch(IF, 0, L"hello.*", CASE_SENSITIVE)); | |
584 | |
585 PolicyRule pr_copy(pr_orig); | |
586 EXPECT_TRUE(pr_orig.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE)); | |
587 EXPECT_TRUE(pr_copy.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE)); | |
588 | |
589 PolicyGlobal* policy = MakePolicyMemory(); | |
590 LowLevelPolicy policyGen(policy); | |
591 EXPECT_TRUE(policyGen.AddRule(1, &pr_orig)); | |
592 EXPECT_TRUE(policyGen.AddRule(2, &pr_copy)); | |
593 EXPECT_TRUE(policyGen.Done()); | |
594 | |
595 const wchar_t* name = NULL; | |
596 POLPARAMS_BEGIN(eval_params) | |
597 POLPARAM(name) | |
598 POLPARAMS_END; | |
599 | |
600 PolicyResult result; | |
601 PolicyProcessor pol_ev_orig(policy->entry[1]); | |
602 name = L"domo.txt"; | |
603 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
604 EXPECT_EQ(NO_POLICY_MATCH, result); | |
605 | |
606 name = L"hello.bmp"; | |
607 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
608 EXPECT_EQ(POLICY_MATCH, result); | |
609 EXPECT_EQ(ASK_BROKER, pol_ev_orig.GetAction()); | |
610 | |
611 PolicyProcessor pol_ev_copy(policy->entry[2]); | |
612 name = L"domo.txt"; | |
613 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
614 EXPECT_EQ(NO_POLICY_MATCH, result); | |
615 | |
616 name = L"hello.bmp"; | |
617 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); | |
618 EXPECT_EQ(POLICY_MATCH, result); | |
619 EXPECT_EQ(ASK_BROKER, pol_ev_copy.GetAction()); | |
620 } | |
621 } // namespace sandbox | |
OLD | NEW |