Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(930)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/process_mitigations_test.cc

Issue 318603003: Sandbox policy and intercepts for the MITIGATION_WIN32K_DISABLE policy for renderer processes. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fixed presubmit warnings Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/ipc_tags.h ('k') | sandbox/win/src/process_mitigations_win32k_dispatcher.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/process_mitigations_test.cc
diff --git a/sandbox/win/src/process_mitigations_test.cc b/sandbox/win/src/process_mitigations_test.cc
index 19e55bac2b91715d0c536ab37bc9dce685e7aebf..e6062564fe0dffcb826c0ad9f366f3f6f5a9d781 100644
--- a/sandbox/win/src/process_mitigations_test.cc
+++ b/sandbox/win/src/process_mitigations_test.cc
@@ -88,7 +88,6 @@ SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t **argv) {
reinterpret_cast<GetProcessMitigationPolicyFunction>(
::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"),
"GetProcessMitigationPolicy"));
-
if (!get_process_mitigation_policy)
return SBOX_TEST_NOT_FOUND;
@@ -103,9 +102,6 @@ SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t **argv) {
if (!CheckWin8StrictHandlePolicy())
return SBOX_TEST_THIRD_ERROR;
- if (!CheckWin8Win32CallPolicy())
- return SBOX_TEST_FOURTH_ERROR;
-
if (!CheckWin8DllExtensionPolicy())
return SBOX_TEST_FIFTH_ERROR;
@@ -201,5 +197,52 @@ TEST(ProcessMitigationsTest, CheckDep) {
}
#endif
+SBOX_TESTS_COMMAND int CheckWin8Lockdown(int argc, wchar_t **argv) {
+ get_process_mitigation_policy =
+ reinterpret_cast<GetProcessMitigationPolicyFunction>(
+ ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"),
+ "GetProcessMitigationPolicy"));
+ if (!get_process_mitigation_policy)
+ return SBOX_TEST_NOT_FOUND;
+
+ if (!CheckWin8Win32CallPolicy())
+ return SBOX_TEST_FIRST_ERROR;
+ return SBOX_TEST_SUCCEEDED;
+}
+
+// This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation on
+// the target process causes the launch to fail in process initialization.
+// The test process itself links against user32/gdi32.
+TEST(ProcessMitigationsTest, CheckWin8Win32KLockDownFailure) {
+ if (base::win::GetVersion() < base::win::VERSION_WIN8)
+ return;
+
+ TestRunner runner;
+ sandbox::TargetPolicy* policy = runner.GetPolicy();
+
+ EXPECT_EQ(policy->SetProcessMitigations(MITIGATION_WIN32K_DISABLE),
+ SBOX_ALL_OK);
+ EXPECT_NE(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8Lockdown"));
+}
+
+// This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation
+// along with the policy to fake user32 and gdi32 initialization successfully
+// launches the target process.
+// The test process itself links against user32/gdi32.
+TEST(ProcessMitigationsTest, CheckWin8Win32KLockDownSuccess) {
+ if (base::win::GetVersion() < base::win::VERSION_WIN8)
+ return;
+
+ TestRunner runner;
+ sandbox::TargetPolicy* policy = runner.GetPolicy();
+
+ EXPECT_EQ(policy->SetProcessMitigations(MITIGATION_WIN32K_DISABLE),
+ SBOX_ALL_OK);
+ EXPECT_EQ(policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
+ sandbox::TargetPolicy::FAKE_USER_GDI_INIT, NULL),
+ sandbox::SBOX_ALL_OK);
+ EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8Lockdown"));
+}
+
} // namespace sandbox
« no previous file with comments | « sandbox/win/src/ipc_tags.h ('k') | sandbox/win/src/process_mitigations_win32k_dispatcher.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698