OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include <shlobj.h> | |
6 | |
7 #include "testing/gtest/include/gtest/gtest.h" | |
8 #include "sandbox/win/src/registry_policy.h" | |
9 #include "sandbox/win/src/sandbox.h" | |
10 #include "sandbox/win/src/sandbox_policy.h" | |
11 #include "sandbox/win/src/sandbox_factory.h" | |
12 #include "sandbox/win/src/nt_internals.h" | |
13 #include "sandbox/win/src/win_utils.h" | |
14 #include "sandbox/win/tests/common/controller.h" | |
15 | |
16 namespace { | |
17 | |
18 static const DWORD kAllowedRegFlags = KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | | |
19 KEY_NOTIFY | KEY_READ | GENERIC_READ | | |
20 GENERIC_EXECUTE | READ_CONTROL; | |
21 | |
22 #define BINDNTDLL(name) \ | |
23 name ## Function name = reinterpret_cast<name ## Function>( \ | |
24 ::GetProcAddress(::GetModuleHandle(L"ntdll.dll"), #name)) | |
25 | |
26 bool IsKeyOpenForRead(HKEY handle) { | |
27 BINDNTDLL(NtQueryObject); | |
28 | |
29 OBJECT_BASIC_INFORMATION info = {0}; | |
30 NTSTATUS status = NtQueryObject(handle, ObjectBasicInformation, &info, | |
31 sizeof(info), NULL); | |
32 | |
33 if (!NT_SUCCESS(status)) | |
34 return false; | |
35 | |
36 if ((info.GrantedAccess & (~kAllowedRegFlags)) != 0) | |
37 return false; | |
38 return true; | |
39 } | |
40 | |
41 } | |
42 | |
43 namespace sandbox { | |
44 | |
45 SBOX_TESTS_COMMAND int Reg_OpenKey(int argc, wchar_t **argv) { | |
46 if (argc != 4) | |
47 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | |
48 | |
49 REGSAM desired_access = 0; | |
50 ULONG options = 0; | |
51 if (wcscmp(argv[1], L"read") == 0) { | |
52 desired_access = KEY_READ; | |
53 } else if (wcscmp(argv[1], L"write") == 0) { | |
54 desired_access = KEY_ALL_ACCESS; | |
55 } else if (wcscmp(argv[1], L"link") == 0) { | |
56 options = REG_OPTION_CREATE_LINK; | |
57 desired_access = KEY_ALL_ACCESS; | |
58 } else { | |
59 desired_access = MAXIMUM_ALLOWED; | |
60 } | |
61 | |
62 HKEY root = GetReservedKeyFromName(argv[2]); | |
63 HKEY key; | |
64 LRESULT result = 0; | |
65 | |
66 if (wcscmp(argv[0], L"create") == 0) | |
67 result = ::RegCreateKeyEx(root, argv[3], 0, NULL, options, desired_access, | |
68 NULL, &key, NULL); | |
69 else | |
70 result = ::RegOpenKeyEx(root, argv[3], 0, desired_access, &key); | |
71 | |
72 if (ERROR_SUCCESS == result) { | |
73 if (MAXIMUM_ALLOWED == desired_access) { | |
74 if (!IsKeyOpenForRead(key)) { | |
75 ::RegCloseKey(key); | |
76 return SBOX_TEST_FAILED; | |
77 } | |
78 } | |
79 ::RegCloseKey(key); | |
80 return SBOX_TEST_SUCCEEDED; | |
81 } else if (ERROR_ACCESS_DENIED == result) { | |
82 return SBOX_TEST_DENIED; | |
83 } | |
84 | |
85 return SBOX_TEST_FAILED; | |
86 } | |
87 | |
88 TEST(RegistryPolicyTest, TestKeyAnyAccess) { | |
89 TestRunner runner; | |
90 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
91 TargetPolicy::REG_ALLOW_READONLY, | |
92 L"HKEY_LOCAL_MACHINE")); | |
93 | |
94 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
95 TargetPolicy::REG_ALLOW_ANY, | |
96 L"HKEY_LOCAL_MACHINE\\Software\\Microsoft")); | |
97 | |
98 // Tests read access on key allowed for read-write. | |
99 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest( | |
100 L"Reg_OpenKey create read HKEY_LOCAL_MACHINE software\\microsoft")); | |
101 | |
102 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest( | |
103 L"Reg_OpenKey open read HKEY_LOCAL_MACHINE software\\microsoft")); | |
104 | |
105 if (::IsUserAnAdmin()) { | |
106 // Tests write access on key allowed for read-write. | |
107 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest( | |
108 L"Reg_OpenKey create write HKEY_LOCAL_MACHINE software\\microsoft")); | |
109 | |
110 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest( | |
111 L"Reg_OpenKey open write HKEY_LOCAL_MACHINE software\\microsoft")); | |
112 } | |
113 | |
114 // Tests subdirectory access on keys where we don't have subdirectory acess. | |
115 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Reg_OpenKey create read " | |
116 L"HKEY_LOCAL_MACHINE software\\microsoft\\Windows")); | |
117 | |
118 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Reg_OpenKey open read " | |
119 L"HKEY_LOCAL_MACHINE software\\microsoft\\windows")); | |
120 | |
121 // Tests to see if we can create keys where we dont have subdirectory access. | |
122 // This is denied. | |
123 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Reg_OpenKey create write " | |
124 L"HKEY_LOCAL_MACHINE software\\Microsoft\\google_unit_tests")); | |
125 | |
126 RegDeleteKey(HKEY_LOCAL_MACHINE, L"software\\Microsoft\\google_unit_tests"); | |
127 | |
128 // Tests if we need to handle differently the "\\" at the end. | |
129 // This is denied. We need to add both rules. | |
130 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest( | |
131 L"Reg_OpenKey create read HKEY_LOCAL_MACHINE software\\microsoft\\")); | |
132 | |
133 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest( | |
134 L"Reg_OpenKey open read HKEY_LOCAL_MACHINE software\\microsoft\\")); | |
135 } | |
136 | |
137 TEST(RegistryPolicyTest, TestKeyNoAccess) { | |
138 TestRunner runner; | |
139 | |
140 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
141 TargetPolicy::REG_ALLOW_READONLY, | |
142 L"HKEY_LOCAL_MACHINE")); | |
143 | |
144 // Tests read access where we don't have access at all. | |
145 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest( | |
146 L"Reg_OpenKey create read HKEY_LOCAL_MACHINE software")); | |
147 | |
148 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest( | |
149 L"Reg_OpenKey open read HKEY_LOCAL_MACHINE software")); | |
150 } | |
151 | |
152 TEST(RegistryPolicyTest, TestKeyReadOnlyAccess) { | |
153 TestRunner runner; | |
154 | |
155 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
156 TargetPolicy::REG_ALLOW_READONLY, | |
157 L"HKEY_LOCAL_MACHINE")); | |
158 | |
159 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
160 TargetPolicy::REG_ALLOW_READONLY, | |
161 L"HKEY_LOCAL_MACHINE\\Software\\Policies")); | |
162 | |
163 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
164 TargetPolicy::REG_ALLOW_READONLY, | |
165 L"HKEY_LOCAL_MACHINE\\Software\\Policies\\*")); | |
166 | |
167 // Tests subdirectory acess on keys where we have subdirectory acess. | |
168 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Reg_OpenKey create read " | |
169 L"HKEY_LOCAL_MACHINE software\\Policies\\microsoft")); | |
170 | |
171 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Reg_OpenKey open read " | |
172 L"HKEY_LOCAL_MACHINE software\\Policies\\microsoft")); | |
173 | |
174 // Tests to see if we can create keys where we have subdirectory access. | |
175 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Reg_OpenKey create write " | |
176 L"HKEY_LOCAL_MACHINE software\\Policies\\google_unit_tests")); | |
177 | |
178 RegDeleteKey(HKEY_LOCAL_MACHINE, L"software\\Policies\\google_unit_tests"); | |
179 } | |
180 | |
181 TEST(RegistryPolicyTest, TestKeyAllAccessSubDir) { | |
182 TestRunner runner; | |
183 | |
184 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
185 TargetPolicy::REG_ALLOW_READONLY, | |
186 L"HKEY_LOCAL_MACHINE")); | |
187 | |
188 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
189 TargetPolicy::REG_ALLOW_ANY, | |
190 L"HKEY_LOCAL_MACHINE\\Software\\Policies")); | |
191 | |
192 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
193 TargetPolicy::REG_ALLOW_ANY, | |
194 L"HKEY_LOCAL_MACHINE\\Software\\Policies\\*")); | |
195 | |
196 if (::IsUserAnAdmin()) { | |
197 // Tests to see if we can create keys where we have subdirectory access. | |
198 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Reg_OpenKey create write " | |
199 L"HKEY_LOCAL_MACHINE software\\Policies\\google_unit_tests")); | |
200 | |
201 RegDeleteKey(HKEY_LOCAL_MACHINE, L"software\\Policies\\google_unit_tests"); | |
202 } | |
203 } | |
204 | |
205 TEST(RegistryPolicyTest, TestKeyCreateLink) { | |
206 TestRunner runner; | |
207 | |
208 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
209 TargetPolicy::REG_ALLOW_READONLY, | |
210 L"HKEY_LOCAL_MACHINE")); | |
211 | |
212 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
213 TargetPolicy::REG_ALLOW_ANY, | |
214 L"HKEY_LOCAL_MACHINE\\Software\\Policies")); | |
215 | |
216 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
217 TargetPolicy::REG_ALLOW_ANY, | |
218 L"HKEY_LOCAL_MACHINE\\Software\\Policies\\*")); | |
219 | |
220 // Tests to see if we can create a registry link key. | |
221 // NOTE: In theory here we should make sure to check for SBOX_TEST_DENIED | |
222 // instead of !SBOX_TEST_SUCCEEDED, but unfortunately the result is not | |
223 // access denied. Internally RegCreateKeyEx (At least on Vista 64) tries to | |
224 // create the link, and we return successfully access denied, then, it | |
225 // decides to try to break the path in multiple chunks, and create the links | |
226 // one by one. In this scenario, it tries to create "HKLM\Software" as a | |
227 // link key, which obviously fail with STATUS_OBJECT_NAME_COLLISION, and | |
228 // this is what is returned to the user. | |
229 EXPECT_NE(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Reg_OpenKey create link " | |
230 L"HKEY_LOCAL_MACHINE software\\Policies\\google_unit_tests")); | |
231 | |
232 // In case our code fails, and the call works, we need to delete the new | |
233 // link. There is no api for this, so we need to use the NT call. | |
234 HKEY key = NULL; | |
235 LRESULT result = ::RegOpenKeyEx(HKEY_LOCAL_MACHINE, | |
236 L"software\\Policies\\google_unit_tests", | |
237 REG_OPTION_OPEN_LINK, MAXIMUM_ALLOWED, | |
238 &key); | |
239 | |
240 if (!result) { | |
241 HMODULE ntdll = GetModuleHandle(L"ntdll.dll"); | |
242 NtDeleteKeyFunction NtDeleteKey = | |
243 reinterpret_cast<NtDeleteKeyFunction>(GetProcAddress(ntdll, | |
244 "NtDeleteKey")); | |
245 NtDeleteKey(key); | |
246 } | |
247 } | |
248 | |
249 TEST(RegistryPolicyTest, TestKeyReadOnlyHKCU) { | |
250 TestRunner runner; | |
251 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
252 TargetPolicy::REG_ALLOW_READONLY, | |
253 L"HKEY_CURRENT_USER")); | |
254 | |
255 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
256 TargetPolicy::REG_ALLOW_READONLY, | |
257 L"HKEY_CURRENT_USER\\Software")); | |
258 | |
259 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
260 TargetPolicy::REG_ALLOW_READONLY, | |
261 L"HKEY_USERS\\.default")); | |
262 | |
263 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY, | |
264 TargetPolicy::REG_ALLOW_READONLY, | |
265 L"HKEY_USERS\\.default\\software")); | |
266 | |
267 // Tests read access where we only have read-only access. | |
268 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest( | |
269 L"Reg_OpenKey create read HKEY_CURRENT_USER software")); | |
270 | |
271 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest( | |
272 L"Reg_OpenKey open read HKEY_CURRENT_USER software")); | |
273 | |
274 // Tests write access where we only have read-only acess. | |
275 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest( | |
276 L"Reg_OpenKey create write HKEY_CURRENT_USER software")); | |
277 | |
278 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest( | |
279 L"Reg_OpenKey open write HKEY_CURRENT_USER software")); | |
280 | |
281 // Tests maximum allowed access where we only have read-only access. | |
282 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest( | |
283 L"Reg_OpenKey create maximum_allowed HKEY_CURRENT_USER software")); | |
284 | |
285 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest( | |
286 L"Reg_OpenKey open maximum_allowed HKEY_CURRENT_USER software")); | |
287 } | |
288 | |
289 } // namespace sandbox | |
OLD | NEW |