Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(205)

Unified Diff: sandbox/win/src/app_container_test.cc

Issue 1851213002: Remove sandbox on Windows. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix nacl compile issues Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/app_container.cc ('k') | sandbox/win/src/app_container_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/app_container_test.cc
diff --git a/sandbox/win/src/app_container_test.cc b/sandbox/win/src/app_container_test.cc
deleted file mode 100644
index ced5cbde7c1e92cae047b34cb52078ef88dadcca..0000000000000000000000000000000000000000
--- a/sandbox/win/src/app_container_test.cc
+++ /dev/null
@@ -1,161 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <windows.h>
-
-#define _ATL_NO_EXCEPTIONS
-#include <atlbase.h>
-#include <atlsecurity.h>
-
-#include "base/strings/string16.h"
-#include "base/win/scoped_handle.h"
-#include "base/win/windows_version.h"
-#include "sandbox/win/src/sync_policy_test.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-namespace {
-
-const wchar_t kAppContainerName[] = L"sbox_test";
-const wchar_t kAppContainerSid[] =
- L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
- L"924012148-2839372144";
-
-const ULONG kSharing = FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_DELETE;
-
-HANDLE CreateTaggedEvent(const base::string16& name,
- const base::string16& sid) {
- base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, name.c_str()));
- if (!event.IsValid())
- return NULL;
-
- wchar_t file_name[MAX_PATH] = {};
- wchar_t temp_directory[MAX_PATH] = {};
- GetTempPath(MAX_PATH, temp_directory);
- GetTempFileName(temp_directory, L"test", 0, file_name);
-
- base::win::ScopedHandle file;
- file.Set(CreateFile(file_name, GENERIC_READ | STANDARD_RIGHTS_READ, kSharing,
- NULL, OPEN_EXISTING, 0, NULL));
- DeleteFile(file_name);
- if (!file.IsValid())
- return NULL;
-
- CSecurityDesc sd;
- if (!AtlGetSecurityDescriptor(file.Get(), SE_FILE_OBJECT, &sd,
- OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION)) {
- return NULL;
- }
-
- PSID local_sid;
- if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
- return NULL;
-
- CDacl new_dacl;
- sd.GetDacl(&new_dacl);
- CSid csid(reinterpret_cast<SID*>(local_sid));
- new_dacl.AddAllowedAce(csid, EVENT_ALL_ACCESS);
- if (!AtlSetDacl(event.Get(), SE_KERNEL_OBJECT, new_dacl))
- event.Close();
-
- LocalFree(local_sid);
- return event.IsValid() ? event.Take() : NULL;
-}
-
-} // namespace
-
-namespace sandbox {
-
-TEST(AppContainerTest, AllowOpenEvent) {
- if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
- return;
-
- TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
-
- const wchar_t capability[] = L"S-1-15-3-12345678-87654321";
- base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));
- ASSERT_TRUE(handle.IsValid());
-
- EXPECT_EQ(SBOX_ALL_OK,
- runner.broker()->InstallAppContainer(kAppContainerSid,
- kAppContainerName));
- EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability));
- EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-
- EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test"));
-
- runner.SetTestState(BEFORE_REVERT);
- EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test"));
- EXPECT_EQ(SBOX_ALL_OK,
- runner.broker()->UninstallAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, DenyOpenEvent) {
- if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
- return;
-
- TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
-
- const wchar_t capability[] = L"S-1-15-3-12345678-87654321";
- base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));
- ASSERT_TRUE(handle.IsValid());
-
- EXPECT_EQ(SBOX_ALL_OK,
- runner.broker()->InstallAppContainer(kAppContainerSid,
- kAppContainerName));
- EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-
- EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
-
- runner.SetTestState(BEFORE_REVERT);
- EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
- EXPECT_EQ(SBOX_ALL_OK,
- runner.broker()->UninstallAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, NoImpersonation) {
- if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
- return;
-
- TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED);
- EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, WantsImpersonation) {
- if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
- return;
-
- TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN);
- EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER,
- runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, RequiresImpersonation) {
- if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
- return;
-
- TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED);
- EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER,
- runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, DenyOpenEventForLowBox) {
- if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
- return;
-
- TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
-
- base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, L"test"));
- ASSERT_TRUE(event.IsValid());
-
- EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetLowBox(kAppContainerSid));
-
- EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
-}
-
-// TODO(shrikant): Please add some tests to prove usage of lowbox token like
-// socket connection to local server in lock down mode.
-
-} // namespace sandbox
« no previous file with comments | « sandbox/win/src/app_container.cc ('k') | sandbox/win/src/app_container_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698