| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/policy_engine_params.h" | 5 #include "sandbox/win/src/policy_engine_params.h" |
| 6 #include "sandbox/win/src/policy_engine_processor.h" | 6 #include "sandbox/win/src/policy_engine_processor.h" |
| 7 #include "sandbox/win/src/policy_low_level.h" | 7 #include "sandbox/win/src/policy_low_level.h" |
| 8 #include "testing/gtest/include/gtest/gtest.h" | 8 #include "testing/gtest/include/gtest/gtest.h" |
| 9 | 9 |
| 10 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = { | 10 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = { |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 55 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"z:\\Directory\\domo.txt", | 55 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"z:\\Directory\\domo.txt", |
| 56 CASE_INSENSITIVE)); | 56 CASE_INSENSITIVE)); |
| 57 | 57 |
| 58 PolicyGlobal* policy = MakePolicyMemory(); | 58 PolicyGlobal* policy = MakePolicyMemory(); |
| 59 const uint32 kFakeService = 2; | 59 const uint32 kFakeService = 2; |
| 60 | 60 |
| 61 LowLevelPolicy policyGen(policy); | 61 LowLevelPolicy policyGen(policy); |
| 62 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | 62 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); |
| 63 EXPECT_TRUE(policyGen.Done()); | 63 EXPECT_TRUE(policyGen.Done()); |
| 64 | 64 |
| 65 wchar_t* filename = L"Z:\\Directory\\domo.txt"; | 65 const wchar_t* filename = L"Z:\\Directory\\domo.txt"; |
| 66 | 66 |
| 67 POLPARAMS_BEGIN(eval_params) | 67 POLPARAMS_BEGIN(eval_params) |
| 68 POLPARAM(filename) // Argument 0 | 68 POLPARAM(filename) // Argument 0 |
| 69 POLPARAMS_END; | 69 POLPARAMS_END; |
| 70 | 70 |
| 71 PolicyResult result; | 71 PolicyResult result; |
| 72 PolicyProcessor pol_ev(policy->entry[kFakeService]); | 72 PolicyProcessor pol_ev(policy->entry[kFakeService]); |
| 73 | 73 |
| 74 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 74 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
| 75 EXPECT_EQ(POLICY_MATCH, result); | 75 EXPECT_EQ(POLICY_MATCH, result); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 88 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\", | 88 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\", |
| 89 CASE_SENSITIVE)); | 89 CASE_SENSITIVE)); |
| 90 | 90 |
| 91 PolicyGlobal* policy = MakePolicyMemory(); | 91 PolicyGlobal* policy = MakePolicyMemory(); |
| 92 const uint32 kFakeService = 2; | 92 const uint32 kFakeService = 2; |
| 93 LowLevelPolicy policyGen(policy); | 93 LowLevelPolicy policyGen(policy); |
| 94 | 94 |
| 95 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | 95 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); |
| 96 EXPECT_TRUE(policyGen.Done()); | 96 EXPECT_TRUE(policyGen.Done()); |
| 97 | 97 |
| 98 wchar_t* filename = NULL; | 98 const wchar_t* filename = NULL; |
| 99 POLPARAMS_BEGIN(eval_params) | 99 POLPARAMS_BEGIN(eval_params) |
| 100 POLPARAM(filename) // Argument 0 | 100 POLPARAM(filename) // Argument 0 |
| 101 POLPARAMS_END; | 101 POLPARAMS_END; |
| 102 | 102 |
| 103 PolicyResult result; | 103 PolicyResult result; |
| 104 PolicyProcessor pol_ev(policy->entry[kFakeService]); | 104 PolicyProcessor pol_ev(policy->entry[kFakeService]); |
| 105 | 105 |
| 106 filename = L"c:\\Microsoft\\"; | 106 filename = L"c:\\Microsoft\\"; |
| 107 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 107 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
| 108 EXPECT_EQ(NO_POLICY_MATCH, result); | 108 EXPECT_EQ(NO_POLICY_MATCH, result); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 126 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*", | 126 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*", |
| 127 CASE_SENSITIVE)); | 127 CASE_SENSITIVE)); |
| 128 | 128 |
| 129 PolicyGlobal* policy = MakePolicyMemory(); | 129 PolicyGlobal* policy = MakePolicyMemory(); |
| 130 const uint32 kFakeService = 3; | 130 const uint32 kFakeService = 3; |
| 131 LowLevelPolicy policyGen(policy); | 131 LowLevelPolicy policyGen(policy); |
| 132 | 132 |
| 133 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | 133 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); |
| 134 EXPECT_TRUE(policyGen.Done()); | 134 EXPECT_TRUE(policyGen.Done()); |
| 135 | 135 |
| 136 wchar_t* filename = NULL; | 136 const wchar_t* filename = NULL; |
| 137 POLPARAMS_BEGIN(eval_params) | 137 POLPARAMS_BEGIN(eval_params) |
| 138 POLPARAM(filename) // Argument 0 | 138 POLPARAM(filename) // Argument 0 |
| 139 POLPARAMS_END; | 139 POLPARAMS_END; |
| 140 | 140 |
| 141 PolicyResult result; | 141 PolicyResult result; |
| 142 PolicyProcessor pol_ev(policy->entry[kFakeService]); | 142 PolicyProcessor pol_ev(policy->entry[kFakeService]); |
| 143 | 143 |
| 144 filename = L"c:\\Microsoft\\domo.txt"; | 144 filename = L"c:\\Microsoft\\domo.txt"; |
| 145 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 145 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
| 146 EXPECT_EQ(NO_POLICY_MATCH, result); | 146 EXPECT_EQ(NO_POLICY_MATCH, result); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 159 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*.txt", | 159 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*.txt", |
| 160 CASE_SENSITIVE)); | 160 CASE_SENSITIVE)); |
| 161 | 161 |
| 162 PolicyGlobal* policy = MakePolicyMemory(); | 162 PolicyGlobal* policy = MakePolicyMemory(); |
| 163 const uint32 kFakeService = 3; | 163 const uint32 kFakeService = 3; |
| 164 LowLevelPolicy policyGen(policy); | 164 LowLevelPolicy policyGen(policy); |
| 165 | 165 |
| 166 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | 166 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); |
| 167 EXPECT_TRUE(policyGen.Done()); | 167 EXPECT_TRUE(policyGen.Done()); |
| 168 | 168 |
| 169 wchar_t* filename = NULL; | 169 const wchar_t* filename = NULL; |
| 170 POLPARAMS_BEGIN(eval_params) | 170 POLPARAMS_BEGIN(eval_params) |
| 171 POLPARAM(filename) // Argument 0 | 171 POLPARAM(filename) // Argument 0 |
| 172 POLPARAMS_END; | 172 POLPARAMS_END; |
| 173 | 173 |
| 174 PolicyResult result; | 174 PolicyResult result; |
| 175 PolicyProcessor pol_ev(policy->entry[kFakeService]); | 175 PolicyProcessor pol_ev(policy->entry[kFakeService]); |
| 176 | 176 |
| 177 filename = L"c:\\Microsoft\\domo.txt"; | 177 filename = L"c:\\Microsoft\\domo.txt"; |
| 178 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 178 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
| 179 EXPECT_EQ(NO_POLICY_MATCH, result); | 179 EXPECT_EQ(NO_POLICY_MATCH, result); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 198 CASE_SENSITIVE)); | 198 CASE_SENSITIVE)); |
| 199 EXPECT_TRUE(pr.AddNumberMatch(IF, 1, 24, EQUAL)); | 199 EXPECT_TRUE(pr.AddNumberMatch(IF, 1, 24, EQUAL)); |
| 200 | 200 |
| 201 PolicyGlobal* policy = MakePolicyMemory(); | 201 PolicyGlobal* policy = MakePolicyMemory(); |
| 202 const uint32 kFakeService = 3; | 202 const uint32 kFakeService = 3; |
| 203 LowLevelPolicy policyGen(policy); | 203 LowLevelPolicy policyGen(policy); |
| 204 | 204 |
| 205 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | 205 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); |
| 206 EXPECT_TRUE(policyGen.Done()); | 206 EXPECT_TRUE(policyGen.Done()); |
| 207 | 207 |
| 208 wchar_t* filename = NULL; | 208 const wchar_t* filename = NULL; |
| 209 unsigned long access = 0; | 209 unsigned long access = 0; |
| 210 POLPARAMS_BEGIN(eval_params) | 210 POLPARAMS_BEGIN(eval_params) |
| 211 POLPARAM(filename) // Argument 0 | 211 POLPARAM(filename) // Argument 0 |
| 212 POLPARAM(access) // Argument 1 | 212 POLPARAM(access) // Argument 1 |
| 213 POLPARAMS_END; | 213 POLPARAMS_END; |
| 214 | 214 |
| 215 PolicyResult result; | 215 PolicyResult result; |
| 216 PolicyProcessor pol_ev(policy->entry[kFakeService]); | 216 PolicyProcessor pol_ev(policy->entry[kFakeService]); |
| 217 | 217 |
| 218 filename = L"c:\\Microsoft\\domo.txt"; | 218 filename = L"c:\\Microsoft\\domo.txt"; |
| (...skipping 28 matching lines...) Expand all Loading... |
| 247 CASE_SENSITIVE)); | 247 CASE_SENSITIVE)); |
| 248 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, 66, EQUAL)); | 248 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, 66, EQUAL)); |
| 249 | 249 |
| 250 PolicyGlobal* policy = MakePolicyMemory(); | 250 PolicyGlobal* policy = MakePolicyMemory(); |
| 251 const uint32 kFakeService = 3; | 251 const uint32 kFakeService = 3; |
| 252 LowLevelPolicy policyGen(policy); | 252 LowLevelPolicy policyGen(policy); |
| 253 | 253 |
| 254 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); | 254 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr)); |
| 255 EXPECT_TRUE(policyGen.Done()); | 255 EXPECT_TRUE(policyGen.Done()); |
| 256 | 256 |
| 257 wchar_t* filename = NULL; | 257 const wchar_t* filename = NULL; |
| 258 unsigned long access = 0; | 258 unsigned long access = 0; |
| 259 unsigned long sharing = 66; | 259 unsigned long sharing = 66; |
| 260 | 260 |
| 261 POLPARAMS_BEGIN(eval_params) | 261 POLPARAMS_BEGIN(eval_params) |
| 262 POLPARAM(filename) // Argument 0 | 262 POLPARAM(filename) // Argument 0 |
| 263 POLPARAM(access) // Argument 1 | 263 POLPARAM(access) // Argument 1 |
| 264 POLPARAM(sharing) // Argument 2 | 264 POLPARAM(sharing) // Argument 2 |
| 265 POLPARAMS_END; | 265 POLPARAMS_END; |
| 266 | 266 |
| 267 PolicyResult result; | 267 PolicyResult result; |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 321 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); | 321 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL)); |
| 322 | 322 |
| 323 PolicyGlobal* policy = MakePolicyMemory(); | 323 PolicyGlobal* policy = MakePolicyMemory(); |
| 324 | 324 |
| 325 const uint32 kNtFakeCreateFile = 7; | 325 const uint32 kNtFakeCreateFile = 7; |
| 326 | 326 |
| 327 LowLevelPolicy policyGen(policy); | 327 LowLevelPolicy policyGen(policy); |
| 328 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr)); | 328 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr)); |
| 329 EXPECT_TRUE(policyGen.Done()); | 329 EXPECT_TRUE(policyGen.Done()); |
| 330 | 330 |
| 331 wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt"; | 331 const wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt"; |
| 332 unsigned long creation_mode = OPEN_EXISTING; | 332 unsigned long creation_mode = OPEN_EXISTING; |
| 333 unsigned long flags = FILE_ATTRIBUTE_NORMAL; | 333 unsigned long flags = FILE_ATTRIBUTE_NORMAL; |
| 334 void* security_descriptor = NULL; | 334 void* security_descriptor = NULL; |
| 335 | 335 |
| 336 POLPARAMS_BEGIN(eval_params) | 336 POLPARAMS_BEGIN(eval_params) |
| 337 POLPARAM(filename) // Argument 0 | 337 POLPARAM(filename) // Argument 0 |
| 338 POLPARAM(creation_mode) // Argument 1 | 338 POLPARAM(creation_mode) // Argument 1 |
| 339 POLPARAM(flags) // Argument 2 | 339 POLPARAM(flags) // Argument 2 |
| 340 POLPARAM(security_descriptor) | 340 POLPARAM(security_descriptor) |
| 341 POLPARAMS_END; | 341 POLPARAMS_END; |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 477 EXPECT_EQ(OP_WSTRING_MATCH, | 477 EXPECT_EQ(OP_WSTRING_MATCH, |
| 478 policy->entry[kNtFakeCreateFile]->opcodes[0].GetID()); | 478 policy->entry[kNtFakeCreateFile]->opcodes[0].GetID()); |
| 479 EXPECT_EQ(OP_ACTION, | 479 EXPECT_EQ(OP_ACTION, |
| 480 policy->entry[kNtFakeCreateFile]->opcodes[tc2-1].GetID()); | 480 policy->entry[kNtFakeCreateFile]->opcodes[tc2-1].GetID()); |
| 481 EXPECT_EQ(OP_WSTRING_MATCH, | 481 EXPECT_EQ(OP_WSTRING_MATCH, |
| 482 policy->entry[kNtFakeOpenFile]->opcodes[0].GetID()); | 482 policy->entry[kNtFakeOpenFile]->opcodes[0].GetID()); |
| 483 EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeOpenFile]->opcodes[tc3-1].GetID()); | 483 EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeOpenFile]->opcodes[tc3-1].GetID()); |
| 484 | 484 |
| 485 // Test the policy evaluation. | 485 // Test the policy evaluation. |
| 486 | 486 |
| 487 wchar_t* filename = L""; | 487 const wchar_t* filename = L""; |
| 488 unsigned long creation_mode = OPEN_EXISTING; | 488 unsigned long creation_mode = OPEN_EXISTING; |
| 489 unsigned long flags = FILE_ATTRIBUTE_NORMAL; | 489 unsigned long flags = FILE_ATTRIBUTE_NORMAL; |
| 490 void* security_descriptor = NULL; | 490 void* security_descriptor = NULL; |
| 491 | 491 |
| 492 POLPARAMS_BEGIN(params) | 492 POLPARAMS_BEGIN(params) |
| 493 POLPARAM(filename) // Argument 0 | 493 POLPARAM(filename) // Argument 0 |
| 494 POLPARAM(creation_mode) // Argument 1 | 494 POLPARAM(creation_mode) // Argument 1 |
| 495 POLPARAM(flags) // Argument 2 | 495 POLPARAM(flags) // Argument 2 |
| 496 POLPARAM(security_descriptor) | 496 POLPARAM(security_descriptor) |
| 497 POLPARAMS_END; | 497 POLPARAMS_END; |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 581 PolicyRule pr_copy(pr_orig); | 581 PolicyRule pr_copy(pr_orig); |
| 582 EXPECT_TRUE(pr_orig.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE)); | 582 EXPECT_TRUE(pr_orig.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE)); |
| 583 EXPECT_TRUE(pr_copy.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE)); | 583 EXPECT_TRUE(pr_copy.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE)); |
| 584 | 584 |
| 585 PolicyGlobal* policy = MakePolicyMemory(); | 585 PolicyGlobal* policy = MakePolicyMemory(); |
| 586 LowLevelPolicy policyGen(policy); | 586 LowLevelPolicy policyGen(policy); |
| 587 EXPECT_TRUE(policyGen.AddRule(1, &pr_orig)); | 587 EXPECT_TRUE(policyGen.AddRule(1, &pr_orig)); |
| 588 EXPECT_TRUE(policyGen.AddRule(2, &pr_copy)); | 588 EXPECT_TRUE(policyGen.AddRule(2, &pr_copy)); |
| 589 EXPECT_TRUE(policyGen.Done()); | 589 EXPECT_TRUE(policyGen.Done()); |
| 590 | 590 |
| 591 wchar_t* name = NULL; | 591 const wchar_t* name = NULL; |
| 592 POLPARAMS_BEGIN(eval_params) | 592 POLPARAMS_BEGIN(eval_params) |
| 593 POLPARAM(name) | 593 POLPARAM(name) |
| 594 POLPARAMS_END; | 594 POLPARAMS_END; |
| 595 | 595 |
| 596 PolicyResult result; | 596 PolicyResult result; |
| 597 PolicyProcessor pol_ev_orig(policy->entry[1]); | 597 PolicyProcessor pol_ev_orig(policy->entry[1]); |
| 598 name = L"domo.txt"; | 598 name = L"domo.txt"; |
| 599 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 599 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
| 600 EXPECT_EQ(NO_POLICY_MATCH, result); | 600 EXPECT_EQ(NO_POLICY_MATCH, result); |
| 601 | 601 |
| 602 name = L"hello.bmp"; | 602 name = L"hello.bmp"; |
| 603 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 603 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
| 604 EXPECT_EQ(POLICY_MATCH, result); | 604 EXPECT_EQ(POLICY_MATCH, result); |
| 605 EXPECT_EQ(ASK_BROKER, pol_ev_orig.GetAction()); | 605 EXPECT_EQ(ASK_BROKER, pol_ev_orig.GetAction()); |
| 606 | 606 |
| 607 PolicyProcessor pol_ev_copy(policy->entry[2]); | 607 PolicyProcessor pol_ev_copy(policy->entry[2]); |
| 608 name = L"domo.txt"; | 608 name = L"domo.txt"; |
| 609 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 609 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
| 610 EXPECT_EQ(NO_POLICY_MATCH, result); | 610 EXPECT_EQ(NO_POLICY_MATCH, result); |
| 611 | 611 |
| 612 name = L"hello.bmp"; | 612 name = L"hello.bmp"; |
| 613 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); | 613 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params)); |
| 614 EXPECT_EQ(POLICY_MATCH, result); | 614 EXPECT_EQ(POLICY_MATCH, result); |
| 615 EXPECT_EQ(ASK_BROKER, pol_ev_copy.GetAction()); | 615 EXPECT_EQ(ASK_BROKER, pol_ev_copy.GetAction()); |
| 616 } | 616 } |
| 617 } // namespace sandbox | 617 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 294753003:
Fix clang -Wwritable-strings warnings in the Windows sandbox (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src