Index: sandbox/win/src/restricted_token_test.cc |
diff --git a/sandbox/win/src/restricted_token_test.cc b/sandbox/win/src/restricted_token_test.cc |
deleted file mode 100644 |
index d67648dd41d623e0f15dad4cf85cb171d224000d..0000000000000000000000000000000000000000 |
--- a/sandbox/win/src/restricted_token_test.cc |
+++ /dev/null |
@@ -1,80 +0,0 @@ |
-// Copyright 2016 The Chromium Authors. All rights reserved. |
-// Use of this source code is governed by a BSD-style license that can be |
-// found in the LICENSE file. |
- |
-// Integration tests for restricted tokens. |
- |
-#include <stddef.h> |
-#include <string> |
- |
-#include "base/strings/stringprintf.h" |
-#include "base/win/scoped_handle.h" |
-#include "sandbox/win/src/sandbox.h" |
-#include "sandbox/win/src/sandbox_factory.h" |
-#include "sandbox/win/src/target_services.h" |
-#include "sandbox/win/tests/common/controller.h" |
-#include "testing/gtest/include/gtest/gtest.h" |
- |
-namespace sandbox { |
- |
-namespace { |
- |
-int RunOpenProcessTest(bool unsandboxed, |
- bool lockdown_dacl, |
- DWORD access_mask) { |
- TestRunner runner(JOB_NONE, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
- runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_UNTRUSTED); |
- runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); |
- if (lockdown_dacl) |
- runner.GetPolicy()->SetLockdownDefaultDacl(); |
- runner.SetAsynchronous(true); |
- // This spins up a renderer level process, we don't care about the result. |
- runner.RunTest(L"IntegrationTestsTest_args 1"); |
- |
- TestRunner runner2(JOB_NONE, USER_RESTRICTED_SAME_ACCESS, USER_LIMITED); |
- runner2.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW); |
- runner2.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); |
- runner2.SetUnsandboxed(unsandboxed); |
- return runner2.RunTest( |
- base::StringPrintf(L"RestrictedTokenTest_openprocess %d 0x%08X", |
- runner.process_id(), access_mask) |
- .c_str()); |
-} |
- |
-} // namespace |
- |
-// Opens a process based on a PID and access mask passed on the command line. |
-// Returns SBOX_TEST_SUCCEEDED if process opened successfully. |
-SBOX_TESTS_COMMAND int RestrictedTokenTest_openprocess(int argc, |
- wchar_t** argv) { |
- if (argc < 2) |
- return SBOX_TEST_NOT_FOUND; |
- DWORD pid = _wtoi(argv[0]); |
- if (pid == 0) |
- return SBOX_TEST_NOT_FOUND; |
- DWORD desired_access = wcstoul(argv[1], nullptr, 0); |
- base::win::ScopedHandle process_handle( |
- ::OpenProcess(desired_access, FALSE, pid)); |
- if (process_handle.IsValid()) |
- return SBOX_TEST_SUCCEEDED; |
- |
- return SBOX_TEST_DENIED; |
-} |
- |
-TEST(RestrictedTokenTest, OpenLowPrivilegedProcess) { |
- // Test limited privilege to renderer open. |
- ASSERT_EQ(SBOX_TEST_SUCCEEDED, |
- RunOpenProcessTest(false, false, GENERIC_READ | GENERIC_WRITE)); |
- // Test limited privilege to renderer open with lockdowned DACL. |
- ASSERT_EQ(SBOX_TEST_DENIED, |
- RunOpenProcessTest(false, true, GENERIC_READ | GENERIC_WRITE)); |
- // Ensure we also can't get any access to the process. |
- ASSERT_EQ(SBOX_TEST_DENIED, RunOpenProcessTest(false, true, MAXIMUM_ALLOWED)); |
- // Also check for explicit owner allowed WRITE_DAC right. |
- ASSERT_EQ(SBOX_TEST_DENIED, RunOpenProcessTest(false, true, WRITE_DAC)); |
- // Ensure unsandboxed process can still open the renderer for all access. |
- ASSERT_EQ(SBOX_TEST_SUCCEEDED, |
- RunOpenProcessTest(true, true, PROCESS_ALL_ACCESS)); |
-} |
- |
-} // namespace sandbox |