Sandbox policy and intercepts for the MITIGATION_WIN32K_DISABLE policy for renderer processes.

sandbox/win/src/process_mitigations_test.cc

Index: sandbox/win/src/process_mitigations_test.cc
diff --git a/sandbox/win/src/process_mitigations_test.cc b/sandbox/win/src/process_mitigations_test.cc
index 19e55bac2b91715d0c536ab37bc9dce685e7aebf..e2750e92b5a9f5e7335da4c350540587da73a48e 100644
--- a/sandbox/win/src/process_mitigations_test.cc
+++ b/sandbox/win/src/process_mitigations_test.cc
@@ -88,7 +88,6 @@ SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t **argv) {
       reinterpret_cast<GetProcessMitigationPolicyFunction>(
           ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"),
                            "GetProcessMitigationPolicy"));
-
   if (!get_process_mitigation_policy)
     return SBOX_TEST_NOT_FOUND;
 
@@ -103,9 +102,6 @@ SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t **argv) {
   if (!CheckWin8StrictHandlePolicy())
     return SBOX_TEST_THIRD_ERROR;
 
-  if (!CheckWin8Win32CallPolicy())

[rvargas (doing something else), 2014/06/10 03:11:17]

Why is this not failing? Do we have win8 bots?

[ananta, 2014/06/10 21:48:06]

Sadly no. This regressed in my previous patch to add the win32k lockdown
mitigation based on a command line.

-    return SBOX_TEST_FOURTH_ERROR;
-
   if (!CheckWin8DllExtensionPolicy())
     return SBOX_TEST_FIFTH_ERROR;
 
@@ -201,5 +197,48 @@ TEST(ProcessMitigationsTest, CheckDep) {
 }
 #endif
 
+SBOX_TESTS_COMMAND int CheckWin8Lockdown(int argc, wchar_t **argv) {
+  get_process_mitigation_policy =
+      reinterpret_cast<GetProcessMitigationPolicyFunction>(
+          ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"),
+                           "GetProcessMitigationPolicy"));
+  if (!get_process_mitigation_policy)
+    return SBOX_TEST_NOT_FOUND;
+
+  if (!CheckWin8Win32CallPolicy())
+    return SBOX_TEST_FIRST_ERROR;
+  return SBOX_TEST_SUCCEEDED;
+}
+
+// This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation on
+// the target process causes the launch to fail in process initialization.

[rvargas (doing something else), 2014/06/10 03:11:17]

Nit: add "The test process itself links against user/gdi"

[ananta, 2014/06/10 21:48:06]

Done.

+TEST(ProcessMitigationsTest, CheckWin8Win32KLockDownFailure) {
+  if (base::win::GetVersion() < base::win::VERSION_WIN8)
+    return;
+
+  TestRunner runner;
+  sandbox::TargetPolicy* policy = runner.GetPolicy();
+
+  EXPECT_EQ(policy->SetProcessMitigations(MITIGATION_WIN32K_DISABLE), SBOX_ALL_OK);

[rvargas (doing something else), 2014/06/10 03:11:17]

80 columns

[ananta, 2014/06/10 21:48:06]

Done.

+  EXPECT_NE(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8Lockdown"));
+}
+
+// This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation 
+// along with the policy to fake user32 and gdi32 initialization successfully
+// launches the target process.
+TEST(ProcessMitigationsTest, CheckWin8Win32KLockDownSuccess) {
+  if (base::win::GetVersion() < base::win::VERSION_WIN8)
+    return;
+
+  TestRunner runner;
+  sandbox::TargetPolicy* policy = runner.GetPolicy();
+
+  EXPECT_EQ(policy->SetProcessMitigations(MITIGATION_WIN32K_DISABLE), SBOX_ALL_OK);

[rvargas (doing something else), 2014/06/10 03:11:17]

80 cols

[ananta, 2014/06/10 21:48:06]

Done.

+  EXPECT_EQ(policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
+                            sandbox::TargetPolicy::FAKE_USER32_GDI32_INIT,
+                            L"FakeUserGdiInit"), sandbox::SBOX_ALL_OK);

[rvargas (doing something else), 2014/06/10 03:11:17]

NULL str?

[ananta, 2014/06/10 21:48:06]

Done.

+  EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8Lockdown"));
+}
+
 }  // namespace sandbox