Removed old AppContainer support.

sandbox/win/src/app_container_test.cc

Index: sandbox/win/src/app_container_test.cc
diff --git a/sandbox/win/src/app_container_test.cc b/sandbox/win/src/app_container_test.cc
index ced5cbde7c1e92cae047b34cb52078ef88dadcca..af13bb7ac72775e54b0cd47081ca523ccae08276 100644
--- a/sandbox/win/src/app_container_test.cc
+++ b/sandbox/win/src/app_container_test.cc
@@ -4,10 +4,6 @@
 
 #include <windows.h>
 
-#define _ATL_NO_EXCEPTIONS
-#include <atlbase.h>
-#include <atlsecurity.h>
-
 #include "base/strings/string16.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/windows_version.h"
@@ -16,141 +12,31 @@
 
 namespace {
 
-const wchar_t kAppContainerName[] = L"sbox_test";
 const wchar_t kAppContainerSid[] =
     L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
     L"924012148-2839372144";
 
-const ULONG kSharing = FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_DELETE;
-
-HANDLE CreateTaggedEvent(const base::string16& name,
-                         const base::string16& sid) {
-  base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, name.c_str()));
-  if (!event.IsValid())
-    return NULL;
-
-  wchar_t file_name[MAX_PATH] = {};
-  wchar_t temp_directory[MAX_PATH] = {};
-  GetTempPath(MAX_PATH, temp_directory);
-  GetTempFileName(temp_directory, L"test", 0, file_name);
-
-  base::win::ScopedHandle file;
-  file.Set(CreateFile(file_name, GENERIC_READ | STANDARD_RIGHTS_READ, kSharing,
-                      NULL, OPEN_EXISTING, 0, NULL));
-  DeleteFile(file_name);
-  if (!file.IsValid())
-    return NULL;
-
-  CSecurityDesc sd;
-  if (!AtlGetSecurityDescriptor(file.Get(), SE_FILE_OBJECT, &sd,
-                                OWNER_SECURITY_INFORMATION |
-                                    GROUP_SECURITY_INFORMATION |
-                                    DACL_SECURITY_INFORMATION)) {
-    return NULL;
-  }
-
-  PSID local_sid;
-  if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
-    return NULL;
-
-  CDacl new_dacl;
-  sd.GetDacl(&new_dacl);
-  CSid csid(reinterpret_cast<SID*>(local_sid));
-  new_dacl.AddAllowedAce(csid, EVENT_ALL_ACCESS);
-  if (!AtlSetDacl(event.Get(), SE_KERNEL_OBJECT, new_dacl))
-    event.Close();
-
-  LocalFree(local_sid);
-  return event.IsValid() ? event.Take() : NULL;
-}
-
 }  // namespace
 
 namespace sandbox {
 
-TEST(AppContainerTest, AllowOpenEvent) {
-  if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
-    return;
-
-  TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
-
-  const wchar_t capability[] = L"S-1-15-3-12345678-87654321";
-  base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));
-  ASSERT_TRUE(handle.IsValid());
-
-  EXPECT_EQ(SBOX_ALL_OK,
-            runner.broker()->InstallAppContainer(kAppContainerSid,
-                                                 kAppContainerName));
-  EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability));
-  EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-
-  EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test"));
-
-  runner.SetTestState(BEFORE_REVERT);
-  EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test"));
-  EXPECT_EQ(SBOX_ALL_OK,
-            runner.broker()->UninstallAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, DenyOpenEvent) {
-  if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
-    return;
-
-  TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
-
-  const wchar_t capability[] = L"S-1-15-3-12345678-87654321";
-  base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));
-  ASSERT_TRUE(handle.IsValid());
-
-  EXPECT_EQ(SBOX_ALL_OK,
-            runner.broker()->InstallAppContainer(kAppContainerSid,
-                                                 kAppContainerName));
-  EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-
-  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
-
-  runner.SetTestState(BEFORE_REVERT);
-  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
-  EXPECT_EQ(SBOX_ALL_OK,
-            runner.broker()->UninstallAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, NoImpersonation) {
-  if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
-    return;
-
-  TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED);
-  EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, WantsImpersonation) {
-  if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
-    return;
-
-  TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN);
-  EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER,
-            runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-}
-
-TEST(AppContainerTest, RequiresImpersonation) {
-  if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
-    return;
-
-  TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED);
-  EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER,
-            runner.GetPolicy()->SetAppContainer(kAppContainerSid));
-}
-
 TEST(AppContainerTest, DenyOpenEventForLowBox) {
   if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
     return;
 
   TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
 
-  base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, L"test"));
-  ASSERT_TRUE(event.IsValid());
-
   EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetLowBox(kAppContainerSid));
+  // Run test once, this ensures the app container directory exists, we
+  // ignore the result.
+  runner.RunTest(L"Event_Open f test");
+  base::string16 event_name = L"AppContainerNamedObjects\\";
+  event_name += kAppContainerSid;
+  event_name += L"\\test";
+
+  base::win::ScopedHandle event(
+      ::CreateEvent(NULL, FALSE, FALSE, event_name.c_str()));
+  ASSERT_TRUE(event.IsValid());
 
   EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
 }