| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/memory/shared_memory.h" | 5 #include "base/memory/shared_memory.h" |
| 6 #include "base/strings/string_number_conversions.h" | 6 #include "base/strings/string_number_conversions.h" |
| 7 #include "base/strings/string_piece.h" | 7 #include "base/strings/string_piece.h" |
| 8 #include "base/win/scoped_process_information.h" | 8 #include "base/win/scoped_process_information.h" |
| 9 #include "base/win/windows_version.h" | 9 #include "base/win/windows_version.h" |
| 10 #include "sandbox/win/src/sandbox.h" | 10 #include "sandbox/win/src/sandbox.h" |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 } | 224 } |
| 225 | 225 |
| 226 // Launches the app in the sandbox and ask it to wait in an | 226 // Launches the app in the sandbox and ask it to wait in an |
| 227 // infinite loop. Waits for 2 seconds and then check if the | 227 // infinite loop. Waits for 2 seconds and then check if the |
| 228 // desktop associated with the app thread is not the same as the | 228 // desktop associated with the app thread is not the same as the |
| 229 // current desktop. | 229 // current desktop. |
| 230 TEST(PolicyTargetTest, DesktopPolicy) { | 230 TEST(PolicyTargetTest, DesktopPolicy) { |
| 231 BrokerServices* broker = GetBroker(); | 231 BrokerServices* broker = GetBroker(); |
| 232 | 232 |
| 233 // Precreate the desktop. | 233 // Precreate the desktop. |
| 234 TargetPolicy* temp_policy = broker->CreatePolicy(); | 234 scoped_refptr<TargetPolicy> temp_policy = broker->CreatePolicy(); |
| 235 temp_policy->CreateAlternateDesktop(false); | 235 temp_policy->CreateAlternateDesktop(false); |
| 236 temp_policy->Release(); | 236 temp_policy = nullptr; |
| 237 | 237 |
| 238 ASSERT_TRUE(broker != NULL); | 238 ASSERT_TRUE(broker != NULL); |
| 239 | 239 |
| 240 // Get the path to the sandboxed app. | 240 // Get the path to the sandboxed app. |
| 241 wchar_t prog_name[MAX_PATH]; | 241 wchar_t prog_name[MAX_PATH]; |
| 242 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 242 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 243 | 243 |
| 244 base::string16 arguments(L"\""); | 244 base::string16 arguments(L"\""); |
| 245 arguments += prog_name; | 245 arguments += prog_name; |
| 246 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. | 246 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. |
| 247 | 247 |
| 248 // Launch the app. | 248 // Launch the app. |
| 249 ResultCode result = SBOX_ALL_OK; | 249 ResultCode result = SBOX_ALL_OK; |
| 250 ResultCode warning_result = SBOX_ALL_OK; | 250 ResultCode warning_result = SBOX_ALL_OK; |
| 251 DWORD last_error = ERROR_SUCCESS; | 251 DWORD last_error = ERROR_SUCCESS; |
| 252 base::win::ScopedProcessInformation target; | 252 base::win::ScopedProcessInformation target; |
| 253 | 253 |
| 254 TargetPolicy* policy = broker->CreatePolicy(); | 254 scoped_refptr<TargetPolicy> policy = broker->CreatePolicy(); |
| 255 policy->SetAlternateDesktop(false); | 255 policy->SetAlternateDesktop(false); |
| 256 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 256 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| 257 PROCESS_INFORMATION temp_process_info = {}; | 257 PROCESS_INFORMATION temp_process_info = {}; |
| 258 result = | 258 result = |
| 259 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, | 259 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, |
| 260 &last_error, &temp_process_info); | 260 &last_error, &temp_process_info); |
| 261 base::string16 desktop_name = policy->GetAlternateDesktop(); | 261 base::string16 desktop_name = policy->GetAlternateDesktop(); |
| 262 policy->Release(); | 262 policy = nullptr; |
| 263 | 263 |
| 264 EXPECT_EQ(SBOX_ALL_OK, result); | 264 EXPECT_EQ(SBOX_ALL_OK, result); |
| 265 if (result == SBOX_ALL_OK) | 265 if (result == SBOX_ALL_OK) |
| 266 target.Set(temp_process_info); | 266 target.Set(temp_process_info); |
| 267 | 267 |
| 268 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); | 268 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); |
| 269 | 269 |
| 270 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), | 270 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), |
| 271 ::WaitForSingleObject(target.process_handle(), 2000)); | 271 ::WaitForSingleObject(target.process_handle(), 2000)); |
| 272 | 272 |
| 273 EXPECT_NE(::GetThreadDesktop(target.thread_id()), | 273 EXPECT_NE(::GetThreadDesktop(target.thread_id()), |
| 274 ::GetThreadDesktop(::GetCurrentThreadId())); | 274 ::GetThreadDesktop(::GetCurrentThreadId())); |
| 275 | 275 |
| 276 HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); | 276 HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); |
| 277 EXPECT_TRUE(NULL != desk); | 277 EXPECT_TRUE(NULL != desk); |
| 278 EXPECT_TRUE(::CloseDesktop(desk)); | 278 EXPECT_TRUE(::CloseDesktop(desk)); |
| 279 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); | 279 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); |
| 280 | 280 |
| 281 ::WaitForSingleObject(target.process_handle(), INFINITE); | 281 ::WaitForSingleObject(target.process_handle(), INFINITE); |
| 282 | 282 |
| 283 // Close the desktop handle. | 283 // Close the desktop handle. |
| 284 temp_policy = broker->CreatePolicy(); | 284 temp_policy = broker->CreatePolicy(); |
| 285 temp_policy->DestroyAlternateDesktop(); | 285 temp_policy->DestroyAlternateDesktop(); |
| 286 temp_policy->Release(); | 286 temp_policy = nullptr; |
| 287 | 287 |
| 288 // Make sure the desktop does not exist anymore. | 288 // Make sure the desktop does not exist anymore. |
| 289 desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); | 289 desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); |
| 290 EXPECT_TRUE(NULL == desk); | 290 EXPECT_TRUE(NULL == desk); |
| 291 } | 291 } |
| 292 | 292 |
| 293 // Launches the app in the sandbox and ask it to wait in an | 293 // Launches the app in the sandbox and ask it to wait in an |
| 294 // infinite loop. Waits for 2 seconds and then check if the | 294 // infinite loop. Waits for 2 seconds and then check if the |
| 295 // winstation associated with the app thread is not the same as the | 295 // winstation associated with the app thread is not the same as the |
| 296 // current desktop. | 296 // current desktop. |
| 297 TEST(PolicyTargetTest, WinstaPolicy) { | 297 TEST(PolicyTargetTest, WinstaPolicy) { |
| 298 BrokerServices* broker = GetBroker(); | 298 BrokerServices* broker = GetBroker(); |
| 299 | 299 |
| 300 // Precreate the desktop. | 300 // Precreate the desktop. |
| 301 TargetPolicy* temp_policy = broker->CreatePolicy(); | 301 scoped_refptr<TargetPolicy> temp_policy = broker->CreatePolicy(); |
| 302 temp_policy->CreateAlternateDesktop(true); | 302 temp_policy->CreateAlternateDesktop(true); |
| 303 temp_policy->Release(); | 303 temp_policy = nullptr; |
| 304 | 304 |
| 305 ASSERT_TRUE(broker != NULL); | 305 ASSERT_TRUE(broker != NULL); |
| 306 | 306 |
| 307 // Get the path to the sandboxed app. | 307 // Get the path to the sandboxed app. |
| 308 wchar_t prog_name[MAX_PATH]; | 308 wchar_t prog_name[MAX_PATH]; |
| 309 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 309 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 310 | 310 |
| 311 base::string16 arguments(L"\""); | 311 base::string16 arguments(L"\""); |
| 312 arguments += prog_name; | 312 arguments += prog_name; |
| 313 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. | 313 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. |
| 314 | 314 |
| 315 // Launch the app. | 315 // Launch the app. |
| 316 ResultCode result = SBOX_ALL_OK; | 316 ResultCode result = SBOX_ALL_OK; |
| 317 ResultCode warning_result = SBOX_ALL_OK; | 317 ResultCode warning_result = SBOX_ALL_OK; |
| 318 base::win::ScopedProcessInformation target; | 318 base::win::ScopedProcessInformation target; |
| 319 | 319 |
| 320 TargetPolicy* policy = broker->CreatePolicy(); | 320 scoped_refptr<TargetPolicy> policy = broker->CreatePolicy(); |
| 321 policy->SetAlternateDesktop(true); | 321 policy->SetAlternateDesktop(true); |
| 322 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 322 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| 323 PROCESS_INFORMATION temp_process_info = {}; | 323 PROCESS_INFORMATION temp_process_info = {}; |
| 324 DWORD last_error = ERROR_SUCCESS; | 324 DWORD last_error = ERROR_SUCCESS; |
| 325 result = | 325 result = |
| 326 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, | 326 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, |
| 327 &last_error, &temp_process_info); | 327 &last_error, &temp_process_info); |
| 328 base::string16 desktop_name = policy->GetAlternateDesktop(); | 328 base::string16 desktop_name = policy->GetAlternateDesktop(); |
| 329 policy->Release(); | 329 policy = nullptr; |
| 330 | 330 |
| 331 EXPECT_EQ(SBOX_ALL_OK, result); | 331 EXPECT_EQ(SBOX_ALL_OK, result); |
| 332 if (result == SBOX_ALL_OK) | 332 if (result == SBOX_ALL_OK) |
| 333 target.Set(temp_process_info); | 333 target.Set(temp_process_info); |
| 334 | 334 |
| 335 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); | 335 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); |
| 336 | 336 |
| 337 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), | 337 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), |
| 338 ::WaitForSingleObject(target.process_handle(), 2000)); | 338 ::WaitForSingleObject(target.process_handle(), 2000)); |
| 339 | 339 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 351 HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); | 351 HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); |
| 352 // This should fail if the desktop is really on another window station. | 352 // This should fail if the desktop is really on another window station. |
| 353 EXPECT_FALSE(NULL != desk); | 353 EXPECT_FALSE(NULL != desk); |
| 354 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); | 354 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); |
| 355 | 355 |
| 356 ::WaitForSingleObject(target.process_handle(), INFINITE); | 356 ::WaitForSingleObject(target.process_handle(), INFINITE); |
| 357 | 357 |
| 358 // Close the desktop handle. | 358 // Close the desktop handle. |
| 359 temp_policy = broker->CreatePolicy(); | 359 temp_policy = broker->CreatePolicy(); |
| 360 temp_policy->DestroyAlternateDesktop(); | 360 temp_policy->DestroyAlternateDesktop(); |
| 361 temp_policy->Release(); | 361 temp_policy = nullptr; |
| 362 } | 362 } |
| 363 | 363 |
| 364 // Launches the app in the sandbox and share a handle with it. The app should | 364 // Launches the app in the sandbox and share a handle with it. The app should |
| 365 // be able to use the handle. | 365 // be able to use the handle. |
| 366 TEST(PolicyTargetTest, ShareHandleTest) { | 366 TEST(PolicyTargetTest, ShareHandleTest) { |
| 367 | 367 |
| 368 BrokerServices* broker = GetBroker(); | 368 BrokerServices* broker = GetBroker(); |
| 369 ASSERT_TRUE(broker != NULL); | 369 ASSERT_TRUE(broker != NULL); |
| 370 | 370 |
| 371 base::StringPiece contents = "Hello World"; | 371 base::StringPiece contents = "Hello World"; |
| 372 std::string name = "TestSharedMemory"; | 372 std::string name = "TestSharedMemory"; |
| 373 base::SharedMemoryCreateOptions options; | 373 base::SharedMemoryCreateOptions options; |
| 374 options.size = contents.size(); | 374 options.size = contents.size(); |
| 375 options.share_read_only = true; | 375 options.share_read_only = true; |
| 376 options.name_deprecated = &name; | 376 options.name_deprecated = &name; |
| 377 base::SharedMemory writable_shmem; | 377 base::SharedMemory writable_shmem; |
| 378 ASSERT_TRUE(writable_shmem.Create(options)); | 378 ASSERT_TRUE(writable_shmem.Create(options)); |
| 379 ASSERT_TRUE(writable_shmem.Map(options.size)); | 379 ASSERT_TRUE(writable_shmem.Map(options.size)); |
| 380 memcpy(writable_shmem.memory(), contents.data(), contents.size()); | 380 memcpy(writable_shmem.memory(), contents.data(), contents.size()); |
| 381 | 381 |
| 382 base::SharedMemory read_only_view; | 382 base::SharedMemory read_only_view; |
| 383 ASSERT_TRUE(read_only_view.Open(name, true)); | 383 ASSERT_TRUE(read_only_view.Open(name, true)); |
| 384 | 384 |
| 385 // Get the path to the sandboxed app. | 385 // Get the path to the sandboxed app. |
| 386 wchar_t prog_name[MAX_PATH]; | 386 wchar_t prog_name[MAX_PATH]; |
| 387 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 387 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 388 | 388 |
| 389 TargetPolicy* policy = broker->CreatePolicy(); | 389 scoped_refptr<TargetPolicy> policy = broker->CreatePolicy(); |
| 390 policy->AddHandleToShare(read_only_view.handle().GetHandle()); | 390 policy->AddHandleToShare(read_only_view.handle().GetHandle()); |
| 391 | 391 |
| 392 base::string16 arguments(L"\""); | 392 base::string16 arguments(L"\""); |
| 393 arguments += prog_name; | 393 arguments += prog_name; |
| 394 arguments += L"\" -child 0 shared_memory_handle "; | 394 arguments += L"\" -child 0 shared_memory_handle "; |
| 395 arguments += base::UintToString16( | 395 arguments += base::UintToString16( |
| 396 base::win::HandleToUint32(read_only_view.handle().GetHandle())); | 396 base::win::HandleToUint32(read_only_view.handle().GetHandle())); |
| 397 | 397 |
| 398 // Launch the app. | 398 // Launch the app. |
| 399 ResultCode result = SBOX_ALL_OK; | 399 ResultCode result = SBOX_ALL_OK; |
| 400 ResultCode warning_result = SBOX_ALL_OK; | 400 ResultCode warning_result = SBOX_ALL_OK; |
| 401 base::win::ScopedProcessInformation target; | 401 base::win::ScopedProcessInformation target; |
| 402 | 402 |
| 403 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 403 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| 404 PROCESS_INFORMATION temp_process_info = {}; | 404 PROCESS_INFORMATION temp_process_info = {}; |
| 405 DWORD last_error = ERROR_SUCCESS; | 405 DWORD last_error = ERROR_SUCCESS; |
| 406 result = | 406 result = |
| 407 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, | 407 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, |
| 408 &last_error, &temp_process_info); | 408 &last_error, &temp_process_info); |
| 409 policy->Release(); | 409 policy = nullptr; |
| 410 | 410 |
| 411 EXPECT_EQ(SBOX_ALL_OK, result); | 411 EXPECT_EQ(SBOX_ALL_OK, result); |
| 412 if (result == SBOX_ALL_OK) | 412 if (result == SBOX_ALL_OK) |
| 413 target.Set(temp_process_info); | 413 target.Set(temp_process_info); |
| 414 | 414 |
| 415 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); | 415 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); |
| 416 | 416 |
| 417 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), | 417 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), |
| 418 ::WaitForSingleObject(target.process_handle(), 2000)); | 418 ::WaitForSingleObject(target.process_handle(), 2000)); |
| 419 | 419 |
| 420 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); | 420 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); |
| 421 | 421 |
| 422 ::WaitForSingleObject(target.process_handle(), INFINITE); | 422 ::WaitForSingleObject(target.process_handle(), INFINITE); |
| 423 } | 423 } |
| 424 | 424 |
| 425 } // namespace sandbox | 425 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2646043002:
Reland "Fix sandbox::PolicyBase leak" (Closed)
