| Index: sandbox/win/src/restricted_token_test.cc
|
| diff --git a/sandbox/win/src/restricted_token_test.cc b/sandbox/win/src/restricted_token_test.cc
|
| deleted file mode 100644
|
| index d67648dd41d623e0f15dad4cf85cb171d224000d..0000000000000000000000000000000000000000
|
| --- a/sandbox/win/src/restricted_token_test.cc
|
| +++ /dev/null
|
| @@ -1,80 +0,0 @@
|
| -// Copyright 2016 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -// Integration tests for restricted tokens.
|
| -
|
| -#include <stddef.h>
|
| -#include <string>
|
| -
|
| -#include "base/strings/stringprintf.h"
|
| -#include "base/win/scoped_handle.h"
|
| -#include "sandbox/win/src/sandbox.h"
|
| -#include "sandbox/win/src/sandbox_factory.h"
|
| -#include "sandbox/win/src/target_services.h"
|
| -#include "sandbox/win/tests/common/controller.h"
|
| -#include "testing/gtest/include/gtest/gtest.h"
|
| -
|
| -namespace sandbox {
|
| -
|
| -namespace {
|
| -
|
| -int RunOpenProcessTest(bool unsandboxed,
|
| - bool lockdown_dacl,
|
| - DWORD access_mask) {
|
| - TestRunner runner(JOB_NONE, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN);
|
| - runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_UNTRUSTED);
|
| - runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW);
|
| - if (lockdown_dacl)
|
| - runner.GetPolicy()->SetLockdownDefaultDacl();
|
| - runner.SetAsynchronous(true);
|
| - // This spins up a renderer level process, we don't care about the result.
|
| - runner.RunTest(L"IntegrationTestsTest_args 1");
|
| -
|
| - TestRunner runner2(JOB_NONE, USER_RESTRICTED_SAME_ACCESS, USER_LIMITED);
|
| - runner2.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW);
|
| - runner2.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW);
|
| - runner2.SetUnsandboxed(unsandboxed);
|
| - return runner2.RunTest(
|
| - base::StringPrintf(L"RestrictedTokenTest_openprocess %d 0x%08X",
|
| - runner.process_id(), access_mask)
|
| - .c_str());
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -// Opens a process based on a PID and access mask passed on the command line.
|
| -// Returns SBOX_TEST_SUCCEEDED if process opened successfully.
|
| -SBOX_TESTS_COMMAND int RestrictedTokenTest_openprocess(int argc,
|
| - wchar_t** argv) {
|
| - if (argc < 2)
|
| - return SBOX_TEST_NOT_FOUND;
|
| - DWORD pid = _wtoi(argv[0]);
|
| - if (pid == 0)
|
| - return SBOX_TEST_NOT_FOUND;
|
| - DWORD desired_access = wcstoul(argv[1], nullptr, 0);
|
| - base::win::ScopedHandle process_handle(
|
| - ::OpenProcess(desired_access, FALSE, pid));
|
| - if (process_handle.IsValid())
|
| - return SBOX_TEST_SUCCEEDED;
|
| -
|
| - return SBOX_TEST_DENIED;
|
| -}
|
| -
|
| -TEST(RestrictedTokenTest, OpenLowPrivilegedProcess) {
|
| - // Test limited privilege to renderer open.
|
| - ASSERT_EQ(SBOX_TEST_SUCCEEDED,
|
| - RunOpenProcessTest(false, false, GENERIC_READ | GENERIC_WRITE));
|
| - // Test limited privilege to renderer open with lockdowned DACL.
|
| - ASSERT_EQ(SBOX_TEST_DENIED,
|
| - RunOpenProcessTest(false, true, GENERIC_READ | GENERIC_WRITE));
|
| - // Ensure we also can't get any access to the process.
|
| - ASSERT_EQ(SBOX_TEST_DENIED, RunOpenProcessTest(false, true, MAXIMUM_ALLOWED));
|
| - // Also check for explicit owner allowed WRITE_DAC right.
|
| - ASSERT_EQ(SBOX_TEST_DENIED, RunOpenProcessTest(false, true, WRITE_DAC));
|
| - // Ensure unsandboxed process can still open the renderer for all access.
|
| - ASSERT_EQ(SBOX_TEST_SUCCEEDED,
|
| - RunOpenProcessTest(true, true, PROCESS_ALL_ACCESS));
|
| -}
|
| -
|
| -} // namespace sandbox
|
|
|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master