Move ScopedTokenPrivilege to chrome/installer/util

chrome/installer/util/scoped_token_privilege_unittest.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/installer/util/scoped_token_privilege.h"
+
+#include <shlobj.h>
+#include <memory>
+
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace installer {
+namespace {
+
+// The privilege tested in ScopeTokenPrivilege tests below.
+// Use SE_RESTORE_NAME as it is one of the many privileges that is available,
+// but not enabled by default on processes running at high integrity.
+constexpr wchar_t kTestedPrivilege[] = SE_RESTORE_NAME;
+
+// Returns true if the current process' token has privilege |privilege_name|
+// enabled.
+bool CurrentProcessHasPrivilege(const wchar_t* privilege_name) {
+  HANDLE temp_handle;
+  if (!::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &temp_handle)) {
+    ADD_FAILURE();
+    return false;
+  }
+
+  base::win::ScopedHandle token(temp_handle);
+
+  // First get the size of the buffer needed for |privileges| below.
+  DWORD size;
+  EXPECT_FALSE(
+      ::GetTokenInformation(token.Get(), TokenPrivileges, NULL, 0, &size));
+
+  std::unique_ptr<BYTE[]> privileges_bytes(new BYTE[size]);
+  TOKEN_PRIVILEGES* privileges =
+      reinterpret_cast<TOKEN_PRIVILEGES*>(privileges_bytes.get());
+
+  if (!::GetTokenInformation(token.Get(), TokenPrivileges, privileges, size,
+                             &size)) {
+    ADD_FAILURE();
+    return false;
+  }
+
+  // There is no point getting a buffer to store more than |privilege_name|\0 as
+  // anything longer will obviously not be equal to |privilege_name|.
+  const DWORD desired_size = static_cast<DWORD>(wcslen(privilege_name));
+  const DWORD buffer_size = desired_size + 1;
+  std::unique_ptr<wchar_t[]> name_buffer(new wchar_t[buffer_size]);
+  for (int i = privileges->PrivilegeCount - 1; i >= 0; --i) {
+    LUID_AND_ATTRIBUTES& luid_and_att = privileges->Privileges[i];
+    DWORD size = buffer_size;
+    ::LookupPrivilegeName(NULL, &luid_and_att.Luid, name_buffer.get(), &size);
+    if (size == desired_size &&
+        wcscmp(name_buffer.get(), privilege_name) == 0) {
+      return luid_and_att.Attributes == SE_PRIVILEGE_ENABLED;
+    }
+  }
+  return false;
+}
+
+}  // namespace
+
+// Note: This test is only valid when run at high integrity (i.e. it will fail
+// at medium integrity).
+TEST(ScopedTokenPrivilegeTest, Basic) {
+  ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));
+
+  if (!::IsUserAnAdmin()) {
+    LOG(WARNING) << "Skipping SetupUtilTest.ScopedTokenPrivilegeBasic due to "
+                    "not running as admin.";
+    return;
+  }
+
+  {
+    ScopedTokenPrivilege test_scoped_privilege(kTestedPrivilege);
+    ASSERT_TRUE(test_scoped_privilege.is_enabled());
+    ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));
+  }
+
+  ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));
+}
+
+// Note: This test is only valid when run at high integrity (i.e. it will fail
+// at medium integrity).
+TEST(ScopedTokenPrivilegeTest, AlreadyEnabled) {
+  ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));
+
+  if (!::IsUserAnAdmin()) {
+    LOG(WARNING) << "Skipping SetupUtilTest.ScopedTokenPrivilegeAlreadyEnabled "
+                    "due to not running as admin.";
+    return;
+  }
+
+  {
+    ScopedTokenPrivilege test_scoped_privilege(kTestedPrivilege);
+    ASSERT_TRUE(test_scoped_privilege.is_enabled());
+    ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));
+    {
+      ScopedTokenPrivilege dup_scoped_privilege(kTestedPrivilege);
+      ASSERT_TRUE(dup_scoped_privilege.is_enabled());
+      ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));
+    }
+    ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));
+  }
+
+  ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));
+}
+
+}  // namespace installer