Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4322)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/installer/util/scoped_token_privilege_unittest.cc

Issue 2925383002: Move ScopedTokenPrivilege to chrome/installer/util (Closed)
Patch Set: Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/installer/util/scoped_token_privilege.h ('K') | « chrome/installer/util/scoped_token_privilege.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/installer/util/scoped_token_privilege_unittest.cc
diff --git a/chrome/installer/util/scoped_token_privilege_unittest.cc b/chrome/installer/util/scoped_token_privilege_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..51f5279fe0d7ef547a9a580b72696032d03021ac
--- /dev/null
+++ b/chrome/installer/util/scoped_token_privilege_unittest.cc
@@ -0,0 +1,108 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/installer/util/scoped_token_privilege.h"
+
+#include <shlobj.h>
+#include <memory>
+
+#include "testing/gtest/include/gtest/gtest.h"
+
grt (UTC plus 2) 2017/06/09 08:35:28 wrap this whole file in "namespace installer {"
alito 2017/06/09 17:20:50 Done.
+namespace {
+
+// The privilege tested in ScopeTokenPrivilege tests below.
+// Use SE_RESTORE_NAME as it is one of the many privileges that is available,
+// but not enabled by default on processes running at high integrity.
+static const wchar_t kTestedPrivilege[] = SE_RESTORE_NAME;
grt (UTC plus 2) 2017/06/09 08:35:28 no "static" in the unnamed namespace. please use "
alito 2017/06/09 17:20:51 Done.
+
+// Returns true if the current process' token has privilege |privilege_name|
+// enabled.
+bool CurrentProcessHasPrivilege(const wchar_t* privilege_name) {
+ HANDLE temp_handle;
+ if (!::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &temp_handle)) {
+ ADD_FAILURE();
+ return false;
+ }
+
+ base::win::ScopedHandle token(temp_handle);
+
+ // First get the size of the buffer needed for |privileges| below.
+ DWORD size;
+ EXPECT_FALSE(
+ ::GetTokenInformation(token.Get(), TokenPrivileges, NULL, 0, &size));
+
+ std::unique_ptr<BYTE[]> privileges_bytes(new BYTE[size]);
+ TOKEN_PRIVILEGES* privileges =
+ reinterpret_cast<TOKEN_PRIVILEGES*>(privileges_bytes.get());
+
+ if (!::GetTokenInformation(token.Get(), TokenPrivileges, privileges, size,
+ &size)) {
+ ADD_FAILURE();
+ return false;
+ }
+
+ // There is no point getting a buffer to store more than |privilege_name|\0 as
+ // anything longer will obviously not be equal to |privilege_name|.
+ const DWORD desired_size = static_cast<DWORD>(wcslen(privilege_name));
+ const DWORD buffer_size = desired_size + 1;
+ std::unique_ptr<wchar_t[]> name_buffer(new wchar_t[buffer_size]);
+ for (int i = privileges->PrivilegeCount - 1; i >= 0; --i) {
+ LUID_AND_ATTRIBUTES& luid_and_att = privileges->Privileges[i];
+ DWORD size = buffer_size;
+ ::LookupPrivilegeName(NULL, &luid_and_att.Luid, name_buffer.get(), &size);
+ if (size == desired_size &&
+ wcscmp(name_buffer.get(), privilege_name) == 0) {
+ return luid_and_att.Attributes == SE_PRIVILEGE_ENABLED;
+ }
+ }
+ return false;
+}
+
grt (UTC plus 2) 2017/06/09 08:35:28 nit: close the unnamed namespace here -- i prefer
alito 2017/06/09 17:20:51 Done.
+// Note: This test is only valid when run at high integrity (i.e. it will fail
+// at medium integrity).
+TEST(ScopedTokenPrivilegeTest, Basic) {
+ ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));
+
+ if (!::IsUserAnAdmin()) {
+ LOG(WARNING) << "Skipping SetupUtilTest.ScopedTokenPrivilegeBasic due to "
+ "not running as admin.";
+ return;
+ }
+
+ {
+ ScopedTokenPrivilege test_scoped_privilege(kTestedPrivilege);
+ ASSERT_TRUE(test_scoped_privilege.is_enabled());
+ ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));
+ }
+
+ ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));
+}
+
+// Note: This test is only valid when run at high integrity (i.e. it will fail
+// at medium integrity).
+TEST(ScopedTokenPrivilegeTest, AlreadyEnabled) {
+ ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));
+
+ if (!::IsUserAnAdmin()) {
+ LOG(WARNING) << "Skipping SetupUtilTest.ScopedTokenPrivilegeAlreadyEnabled "
+ "due to not running as admin.";
+ return;
+ }
+
+ {
+ ScopedTokenPrivilege test_scoped_privilege(kTestedPrivilege);
+ ASSERT_TRUE(test_scoped_privilege.is_enabled());
+ ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));
+ {
+ ScopedTokenPrivilege dup_scoped_privilege(kTestedPrivilege);
+ ASSERT_TRUE(dup_scoped_privilege.is_enabled());
+ ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));
+ }
+ ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));
+ }
+
+ ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));
+}
+
+} // namespace
« chrome/installer/util/scoped_token_privilege.h ('K') | « chrome/installer/util/scoped_token_privilege.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698