[chrome_elf] NTRegistry - added wow64 redirection support.

chrome_elf/nt_registry/test/nt_registry_test.cc

Index: chrome_elf/nt_registry/test/nt_registry_test.cc
diff --git a/chrome_elf/nt_registry/test/nt_registry_test.cc b/chrome_elf/nt_registry/test/nt_registry_test.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d88e4131180a229aafd84fdf725b8182152f7ff1
--- /dev/null
+++ b/chrome_elf/nt_registry/test/nt_registry_test.cc
@@ -0,0 +1,369 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+
+#include "base/strings/string16.h"
+#include "base/test/test_reg_util_win.h"
+#include "chrome_elf/nt_registry/nt_registry.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+void RegTestingRedirect(nt::ROOT_KEY key,
+                        registry_util::RegistryOverrideManager& rom) {
+  base::string16 temp;
+
+  if (key == nt::HKCU) {
+    rom.OverrideRegistry(HKEY_CURRENT_USER, &temp);
+    ::wcsncpy(nt::HKCU_override, temp.c_str(), nt::g_kRegMaxPathLen - 1);
+  } else if (key == nt::HKLM) {
+    rom.OverrideRegistry(HKEY_LOCAL_MACHINE, &temp);
+    ::wcsncpy(nt::HKLM_override, temp.c_str(), nt::g_kRegMaxPathLen - 1);
+  }
+  // nt::AUTO should not be passed into this function.
+}
+
+void CancelRegTestingRedirect(nt::ROOT_KEY key) {
+  if (key == nt::HKCU) {
+    ::wcsncpy(nt::HKCU_override, L"", nt::g_kRegMaxPathLen - 1);
+  } else if (key == nt::HKLM) {
+    ::wcsncpy(nt::HKLM_override, L"", nt::g_kRegMaxPathLen - 1);
+  }
+  // nt::AUTO should not be passed into this function.
+}
+
+//------------------------------------------------------------------------------
+// NT registry API tests
+//------------------------------------------------------------------------------
+
+TEST(NtRegistryTest, API) {
+  HANDLE key_handle;
+  const wchar_t* dword_val_name = L"DwordTestValue";
+  DWORD dword_val = 1234;
+  const wchar_t* sz_val_name = L"SzTestValue";
+  base::string16 sz_val = L"blah de blah de blahhhhh.";
+  const wchar_t* sz_val_name2 = L"SzTestValueEmpty";
+  base::string16 sz_val2 = L"";
+  const wchar_t* multisz_val_name = L"SzmultiTestValue";
+  std::vector<base::string16> multisz_val;
+  base::string16 multi1 = L"one";
+  base::string16 multi2 = L"two";
+  base::string16 multi3 = L"three";
+  const wchar_t* multisz_val_name2 = L"SzmultiTestValueBad";
+  base::string16 multi_empty = L"";
+  const wchar_t* sz_new_key_1 = L"test\\new\\subkey";
+  const wchar_t* sz_new_key_2 = L"test\\new\\subkey\\blah\\";
+  const wchar_t* sz_new_key_3 = L"\\test\\new\\subkey\\\\blah2";
+
+  // Set up registry override for this test.
+  registry_util::RegistryOverrideManager override_manager;
+  RegTestingRedirect(nt::HKCU, override_manager);
+
+  // Create a temp key to play under.
+  ASSERT_TRUE(nt::CreateRegKey(nt::HKCU,
+                               L"SOFTWARE\\Testing\\Chrome\\NTRegistry",
+                               KEY_ALL_ACCESS, &key_handle));
+
+  // Exercise the supported getter & setter functions.
+  EXPECT_TRUE(nt::SetRegValueDWORD(key_handle, dword_val_name, dword_val));
+  EXPECT_TRUE(nt::SetRegValueSZ(key_handle, sz_val_name, sz_val));
+  EXPECT_TRUE(nt::SetRegValueSZ(key_handle, sz_val_name2, sz_val2));
+
+  DWORD get_dword = 0;
+  base::string16 get_sz;
+  EXPECT_TRUE(nt::QueryRegValueDWORD(key_handle, dword_val_name, &get_dword) &&
+              get_dword == dword_val);
+  EXPECT_TRUE(nt::QueryRegValueSZ(key_handle, sz_val_name, &get_sz) &&
+              get_sz.compare(sz_val) == 0);
+  EXPECT_TRUE(nt::QueryRegValueSZ(key_handle, sz_val_name2, &get_sz) &&
+              get_sz.compare(sz_val2) == 0);
+
+  multisz_val.push_back(multi1);
+  multisz_val.push_back(multi2);
+  multisz_val.push_back(multi3);
+  EXPECT_TRUE(
+      nt::SetRegValueMULTISZ(key_handle, multisz_val_name, multisz_val));
+  multisz_val.clear();
+  multisz_val.push_back(multi_empty);
+  EXPECT_TRUE(
+      nt::SetRegValueMULTISZ(key_handle, multisz_val_name2, multisz_val));
+  multisz_val.clear();
+
+  EXPECT_TRUE(
+      nt::QueryRegValueMULTISZ(key_handle, multisz_val_name, &multisz_val));
+  if (multisz_val.size() == 3) {
+    EXPECT_TRUE(multi1.compare(multisz_val.at(0)) == 0);
+    EXPECT_TRUE(multi2.compare(multisz_val.at(1)) == 0);
+    EXPECT_TRUE(multi3.compare(multisz_val.at(2)) == 0);
+  } else {
+    EXPECT_TRUE(false);
+  }
+  multisz_val.clear();
+
+  EXPECT_TRUE(
+      nt::QueryRegValueMULTISZ(key_handle, multisz_val_name2, &multisz_val));
+  if (multisz_val.size() == 1) {
+    EXPECT_TRUE(multi_empty.compare(multisz_val.at(0)) == 0);
+  } else {
+    EXPECT_TRUE(false);
+  }
+  multisz_val.clear();
+
+  // Clean up
+  EXPECT_TRUE(nt::DeleteRegKey(key_handle));
+  nt::CloseRegKey(key_handle);
+
+  // More tests for CreateRegKey recursion.
+  ASSERT_TRUE(
+      nt::CreateRegKey(nt::HKCU, sz_new_key_1, KEY_ALL_ACCESS, nullptr));
+  EXPECT_TRUE(nt::OpenRegKey(nt::HKCU, sz_new_key_1, KEY_ALL_ACCESS,
+                             &key_handle, nullptr));
+  EXPECT_TRUE(nt::DeleteRegKey(key_handle));
+  nt::CloseRegKey(key_handle);
+
+  ASSERT_TRUE(
+      nt::CreateRegKey(nt::HKCU, sz_new_key_2, KEY_ALL_ACCESS, nullptr));
+  EXPECT_TRUE(nt::OpenRegKey(nt::HKCU, sz_new_key_2, KEY_ALL_ACCESS,
+                             &key_handle, nullptr));
+  EXPECT_TRUE(nt::DeleteRegKey(key_handle));
+  nt::CloseRegKey(key_handle);
+
+  ASSERT_TRUE(
+      nt::CreateRegKey(nt::HKCU, sz_new_key_3, KEY_ALL_ACCESS, nullptr));
+  EXPECT_TRUE(nt::OpenRegKey(nt::HKCU, L"test\\new\\subkey\\blah2",
+                             KEY_ALL_ACCESS, &key_handle, nullptr));
+  EXPECT_TRUE(nt::DeleteRegKey(key_handle));
+  nt::CloseRegKey(key_handle);
+
+  ASSERT_TRUE(nt::CreateRegKey(nt::HKCU, nullptr, KEY_ALL_ACCESS, &key_handle));
+  nt::CloseRegKey(key_handle);
+
+  // Cancel registry override for this test.
+  CancelRegTestingRedirect(nt::HKCU);
+}
+
+//------------------------------------------------------------------------------
+// WOW64 redirection tests
+//
+// - Only HKCU will be tested on the auto (try) bots.
+//   HKLM will be kept separate (and manual) for local testing only.
+//
+// NOTE: Currently no real WOW64 context testing, as building x86 projects
+//       during x64 builds is not currently supported for performance reasons.
+// https://cs.chromium.org/chromium/src/build/toolchain/win/BUILD.gn?sq%3Dpackage:chromium&l=314
+//------------------------------------------------------------------------------
+
+// Utility function for the WOW64 redirection test suites.
+// Note: Testing redirection through ADVAPI32 here as well, to get notice if
+//       expected behaviour changes!
+// If |redirected_path| == nullptr, no redirection is expected in any case.
+void DoRedirectTest(nt::ROOT_KEY nt_root_key,
+                    const wchar_t* path,
+                    const wchar_t* redirected_path OPTIONAL) {
+  HANDLE handle = INVALID_HANDLE_VALUE;
+  ACCESS_MASK access = KEY_WRITE | DELETE;
+  HKEY root_key =
+      (nt_root_key == nt::HKCU) ? HKEY_CURRENT_USER : HKEY_LOCAL_MACHINE;
+
+  // Make sure clean before starting.
+  nt::DeleteRegKey(nt_root_key, nt::NONE, path);
+  if (redirected_path)
+    nt::DeleteRegKey(nt_root_key, nt::NONE, redirected_path);
+
+  //----------------------------------------------------------------------------
+  // No redirection through ADVAPI32 on straight x86 or x64.
+  base::win::RegKey key;
+  ASSERT_EQ(ERROR_SUCCESS, key.Create(root_key, path, access));
+  ASSERT_TRUE(nt::OpenRegKey(nt_root_key, path, access, &handle, nullptr));
+  ASSERT_TRUE(nt::DeleteRegKey(handle));
+  nt::CloseRegKey(handle);
+
+#ifdef _WIN64
+  //----------------------------------------------------------------------------
+  // Try forcing WOW64 redirection on x64 through ADVAPI32.
+  base::win::RegKey wow64_key;
+  ASSERT_EQ(ERROR_SUCCESS,
+            wow64_key.Create(root_key, path, access | KEY_WOW64_32KEY));
+  // Check path:
+  if (nt::OpenRegKey(nt_root_key, path, access, &handle, nullptr)) {
+    if (redirected_path)
+      ADD_FAILURE();
+    ASSERT_TRUE(nt::DeleteRegKey(handle));
+    nt::CloseRegKey(handle);
+  } else if (!redirected_path) {
+    // Should have succeeded.
+    ADD_FAILURE();
+  }
+  if (redirected_path) {
+    // Check redirected path:
+    if (nt::OpenRegKey(nt_root_key, redirected_path, access, &handle,
+                       nullptr)) {
+      if (!redirected_path)
+        ADD_FAILURE();
+      ASSERT_TRUE(nt::DeleteRegKey(handle));
+      nt::CloseRegKey(handle);
+    } else {
+      // Should have succeeded.
+      ADD_FAILURE();
+    }
+  }
+
+  //----------------------------------------------------------------------------
+  // Try forcing WOW64 redirection on x64 through NTDLL.
+  ASSERT_TRUE(
+      nt::CreateRegKey(nt_root_key, path, access | KEY_WOW64_32KEY, nullptr));
+  // Check path:
+  if (nt::OpenRegKey(nt_root_key, path, access, &handle, nullptr)) {
+    if (redirected_path)
+      ADD_FAILURE();
+    ASSERT_TRUE(nt::DeleteRegKey(handle));
+    nt::CloseRegKey(handle);
+  } else if (!redirected_path) {
+    // Should have succeeded.
+    ADD_FAILURE();
+  }
+  if (redirected_path) {
+    // Check redirected path:
+    if (nt::OpenRegKey(nt_root_key, redirected_path, access, &handle,
+                       nullptr)) {
+      if (!redirected_path)
+        ADD_FAILURE();
+      ASSERT_TRUE(nt::DeleteRegKey(handle));
+      nt::CloseRegKey(handle);
+    } else {
+      // Should have succeeded.
+      ADD_FAILURE();
+    }
+  }
+#endif  // _WIN64
+}
+
+// Hard-coding array size to match nt_registry.cc.  Easier to catch missing
+// elements.
+const wchar_t* classes_redirects[10] = {
+    L"SOFTWARE\\Classes\\CLSID\\chrome_testing",
+    L"SOFTWARE\\Classes\\WOW6432Node\\CLSID\\chrome_testing",
+    L"SOFTWARE\\Classes\\DirectShow\\chrome_testing",
+    L"SOFTWARE\\Classes\\WOW6432Node\\DirectShow\\chrome_testing",
+    L"SOFTWARE\\Classes\\Interface\\chrome_testing",
+    L"SOFTWARE\\Classes\\WOW6432Node\\Interface\\chrome_testing",
+    L"SOFTWARE\\Classes\\Media Type\\chrome_testing",
+    L"SOFTWARE\\Classes\\WOW6432Node\\Media Type\\chrome_testing",
+    L"SOFTWARE\\Classes\\MediaFoundation\\chrome_testing",
+    L"SOFTWARE\\Classes\\WOW6432Node\\MediaFoundation\\chrome_testing"};
+
+// This test does not use a testing registry_util::RegistryOverrideManager.
+// It requires Windows WOW64 redirection to take place, which would not
+// happen with a testing redirection layer.
+TEST(NtRegistryTest, Wow64RedirectionHKCU) {
+  size_t index = 0;
+  size_t array_size = sizeof(classes_redirects) / sizeof(classes_redirects[0]);
+
+  // Using two elements for each loop.
+  while (index < array_size) {
+    DoRedirectTest(nt::HKCU, classes_redirects[index],
+                   classes_redirects[index + 1]);
+    index += 2;
+  }
+}
+
+// Hard-coding array size to match nt_registry.cc.  Easier to catch missing
+// elements.
+const wchar_t* hklm_no_redirects[49] = {
+    L"SOFTWARE\\Classes\\chrome_testing", L"SOFTWARE\\Clients\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\COM3\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Cryptography\\Calais\\Current\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Cryptography\\Calais\\Readers\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Cryptography\\Services\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\CTF\\SystemShared\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\CTF\\TIP\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\DFS\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Driver Signing\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\EnterpriseCertificates\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\EventSystem\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\MSMQ\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Non-Driver Signing\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Notepad\\DefaultFonts\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\OLE\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\RAS\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\RPC\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\SOFTWARE\\Microsoft\\Shared "
+    L"Tools\\MSInfo\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\SystemCertificates\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\TermServLicensing\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Transaction Server\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control "
+    L"Panel\\Cursors\\Schemes\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers"
+    L"\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\chrom"
+    L"e_testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\chrome_"
+    L"testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group "
+    L"Policy\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PreviewHandlers\\chrome_"
+    L"testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Telephony\\Locations\\chrom"
+    L"e_testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Console\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontDpi\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows "
+    L"NT\\CurrentVersion\\FontLink\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows "
+    L"NT\\CurrentVersion\\FontMapper\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\chrome_"
+    L"testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Gre_initialize\\chrome_"
+    L"testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution "
+    L"Options\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows "
+    L"NT\\CurrentVersion\\LanguagePack\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards\\chrome_"
+    L"testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Ports\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\chrome_testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\chrome_"
+    L"testing",
+    L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time "
+    L"Zones\\chrome_testing",
+    L"SOFTWARE\\Policies\\chrome_testing",
+    L"SOFTWARE\\RegisteredApplications\\chrome_testing"};
+
+// Run from administrator command prompt!
+// Note: Disabled for automated testing (HKLM protection).  Local testing only.

[grt (UTC plus 2), 2016/09/20 10:39:55]

the bots run tests as admin. can the HKLM tests run on the bots knowing that?

if the test is only valid from an elevated prompt, please keep it enabled and do
something like
https://cs.chromium.org/chromium/src/chrome/installer/util/advanced_firewall_...
to have the test early-exit if it's not running elevated.

[penny, 2016/09/23 23:50:59]

So I've previously been informed that we shouldn't be touching HKLM on try bots,
and in fact that any registry manipulation should have the
registry_util::RegistryOverrideManager engaged so that we're only touching a
temporary subkey.

Now, I'm not using the OverrideManager for my NTRegistry tests at all, because
otherwise wow64 registry redirection will never happen.

But this has been an issue for some of our newer sandbox tests as well - that
require changing HKLM - so they were disabled to be run manually only.

I don't think this will be good enough moving forward - especially with more
low-level security testing.  I think we'll need to come up with a way (or a
specific bot) to allow automated try testing that could impact the machine OS
image.  But that's for another day.

+TEST(NtRegistryTest, DISABLED_Wow64RedirectionHKLM) {
+  // 1) SOFTWARE is redirected.
+  DoRedirectTest(nt::HKLM, L"SOFTWARE\\chrome_testing",
+                 L"SOFTWARE\\WOW6432Node\\chrome_testing");
+
+  // 2) Except some subkeys are not.
+  size_t index = 0;
+  size_t array_size = sizeof(hklm_no_redirects) / sizeof(hklm_no_redirects[0]);
+  while (index < array_size) {
+    DoRedirectTest(nt::HKLM, hklm_no_redirects[index], nullptr);
+    index++;
+  }
+
+  // 3) But then some Classes subkeys are redirected.
+  index = 0;
+  array_size = sizeof(classes_redirects) / sizeof(classes_redirects[0]);
+
+  // Using two elements for each loop.
+  while (index < array_size) {
+    DoRedirectTest(nt::HKLM, classes_redirects[index],
+                   classes_redirects[index + 1]);
+    index += 2;
+  }
+}
+
+//----------------------------------------------------------------------------
+}  // namespace