Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(804)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/lpc_policy_test.cc

Issue 2726733003: CSRSS lockdown: destroy CSRSS heap (Closed)
Patch Set: refactor heap code to heap_helper, add some explicit tests of these heap_helper functions Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/win/src/heap_helper.cc ('K') | « sandbox/win/src/heap_helper.cc ('k') | sandbox/win/src/target_services.cc » ('j') | sandbox/win/src/target_services.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/lpc_policy_test.cc
diff --git a/sandbox/win/src/lpc_policy_test.cc b/sandbox/win/src/lpc_policy_test.cc
index 51931c665e831ebe2e11ae3e9b2a501a8ffca42c..1806cccb521b4fde4a299e6c2ee2e9071a6b87c0 100644
--- a/sandbox/win/src/lpc_policy_test.cc
+++ b/sandbox/win/src/lpc_policy_test.cc
@@ -12,6 +12,7 @@
#include <winioctl.h>
#include "base/win/windows_version.h"
+#include "sandbox/win/src/heap_helper.h"
#include "sandbox/win/src/sandbox.h"
#include "sandbox/win/src/sandbox_factory.h"
#include "sandbox/win/src/sandbox_policy.h"
@@ -149,4 +150,57 @@ TEST(LpcPolicyTest, GetUserDefaultLocaleName) {
EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(cmd.c_str()));
}
+// Closing ALPC port can invalidate its heap.
+// Test that all heaps are valid.
+SBOX_TESTS_COMMAND int Lpc_TestValidProcessHeaps(int argc, wchar_t** argv) {
+ if (argc != 0)
+ return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
+ // Retrieves the number of heaps in the current process.
+ DWORD number_of_heaps = ::GetProcessHeaps(0, NULL);
+ // Try to retrieve a handle to all the heaps owned by this process. Returns
+ // false if the number of heaps has changed.
+ //
+ // This is inherently racy as is, but it's not something that we observe a lot
+ // in Chrome, the heaps tend to be created at startup only.
+ std::unique_ptr<HANDLE[]> all_heaps(new HANDLE[number_of_heaps]);
+ if (::GetProcessHeaps(number_of_heaps, all_heaps.get()) != number_of_heaps)
+ return SBOX_TEST_FAILED;
+
+ for (size_t i = 0; i < number_of_heaps; ++i) {
+ HANDLE handle = all_heaps[i];
+ if (!HeapLock(handle)) {
+ return SBOX_TEST_FAILED;
+ }
+
+ if (!HeapUnlock(handle)) {
+ return SBOX_TEST_FAILED;
+ }
+ }
+ return SBOX_TEST_SUCCEEDED;
+}
+
+TEST(LpcPolicyTest, TestValidProcessHeaps) {
+ TestRunner runner;
+ EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Lpc_TestValidProcessHeaps"));
+}
+
+// All processes should have a shared heap with csrss.exe. This test ensures
+// that this heap can be found.
+TEST(LpcPolicyTest, TestCanFindCsrPortHeap) {
+ HANDLE csr_port_handle = sandbox::FindCsrPortHeap();
+ EXPECT_NE(nullptr, csr_port_handle);
+}
+
+TEST(LpcPolicyTest, TestHeapFlags) {
Will Harris 2017/03/22 19:21:49 nice test!
liamjm (20p) 2017/04/14 17:27:20 Acknowledged.
+ // Windows does not support callers supplying arbritary flag values. So we
+ // write some non-trivial value to reduce the chance we match this in random
+ // data.
+ DWORD flags = 0x41007;
+ HANDLE heap = HeapCreate(flags, 0, 0);
+ EXPECT_NE(nullptr, heap);
+ DWORD actual_flags = sandbox::HeapFlags(heap);
+ EXPECT_EQ(flags, actual_flags);
+ EXPECT_TRUE(HeapDestroy(heap));
+}
+
} // namespace sandbox
« sandbox/win/src/heap_helper.cc ('K') | « sandbox/win/src/heap_helper.cc ('k') | sandbox/win/src/target_services.cc » ('j') | sandbox/win/src/target_services.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698