| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file contains unit tests for the job object. | 5 // This file contains unit tests for the job object. |
| 6 | 6 |
| 7 #include "base/win/scoped_process_information.h" | 7 #include "base/win/scoped_process_information.h" |
| 8 #include "sandbox/win/src/job.h" | 8 #include "sandbox/win/src/job.h" |
| 9 #include "testing/gtest/include/gtest/gtest.h" | 9 #include "testing/gtest/include/gtest/gtest.h" |
| 10 | 10 |
| 11 namespace sandbox { | 11 namespace sandbox { |
| 12 | 12 |
| 13 // Tests the creation and destruction of the job. | 13 // Tests the creation and destruction of the job. |
| 14 TEST(JobTest, TestCreation) { | 14 TEST(JobTest, TestCreation) { |
| 15 // Scope the creation of Job. | 15 // Scope the creation of Job. |
| 16 { | 16 { |
| 17 // Create the job. | 17 // Create the job. |
| 18 Job job; | 18 Job job; |
| 19 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0)); | 19 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0, 0)); |
| 20 | 20 |
| 21 // check if the job exists. | 21 // check if the job exists. |
| 22 HANDLE job_handle = ::OpenJobObjectW(GENERIC_ALL, FALSE, | 22 HANDLE job_handle = ::OpenJobObjectW(GENERIC_ALL, FALSE, |
| 23 L"my_test_job_name"); | 23 L"my_test_job_name"); |
| 24 ASSERT_TRUE(job_handle != NULL); | 24 ASSERT_TRUE(job_handle != NULL); |
| 25 | 25 |
| 26 if (job_handle) | 26 if (job_handle) |
| 27 CloseHandle(job_handle); | 27 CloseHandle(job_handle); |
| 28 } | 28 } |
| 29 | 29 |
| 30 // Check if the job is destroyed when the object goes out of scope. | 30 // Check if the job is destroyed when the object goes out of scope. |
| 31 HANDLE job_handle = ::OpenJobObjectW(GENERIC_ALL, FALSE, L"my_test_job_name"); | 31 HANDLE job_handle = ::OpenJobObjectW(GENERIC_ALL, FALSE, L"my_test_job_name"); |
| 32 ASSERT_TRUE(job_handle == NULL); | 32 ASSERT_TRUE(job_handle == NULL); |
| 33 ASSERT_EQ(ERROR_FILE_NOT_FOUND, ::GetLastError()); | 33 ASSERT_EQ(ERROR_FILE_NOT_FOUND, ::GetLastError()); |
| 34 } | 34 } |
| 35 | 35 |
| 36 // Tests the method "Detach". | 36 // Tests the method "Detach". |
| 37 TEST(JobTest, TestDetach) { | 37 TEST(JobTest, TestDetach) { |
| 38 HANDLE job_handle; | 38 HANDLE job_handle; |
| 39 // Scope the creation of Job. | 39 // Scope the creation of Job. |
| 40 { | 40 { |
| 41 // Create the job. | 41 // Create the job. |
| 42 Job job; | 42 Job job; |
| 43 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0)); | 43 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0, 0)); |
| 44 | 44 |
| 45 job_handle = job.Detach(); | 45 job_handle = job.Detach(); |
| 46 ASSERT_TRUE(job_handle != NULL); | 46 ASSERT_TRUE(job_handle != NULL); |
| 47 } | 47 } |
| 48 | 48 |
| 49 // Check to be sure that the job is still alive even after the object is gone | 49 // Check to be sure that the job is still alive even after the object is gone |
| 50 // out of scope. | 50 // out of scope. |
| 51 HANDLE job_handle_dup = ::OpenJobObjectW(GENERIC_ALL, FALSE, | 51 HANDLE job_handle_dup = ::OpenJobObjectW(GENERIC_ALL, FALSE, |
| 52 L"my_test_job_name"); | 52 L"my_test_job_name"); |
| 53 ASSERT_TRUE(job_handle_dup != NULL); | 53 ASSERT_TRUE(job_handle_dup != NULL); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 66 } | 66 } |
| 67 | 67 |
| 68 // Tests the ui exceptions | 68 // Tests the ui exceptions |
| 69 TEST(JobTest, TestExceptions) { | 69 TEST(JobTest, TestExceptions) { |
| 70 HANDLE job_handle; | 70 HANDLE job_handle; |
| 71 // Scope the creation of Job. | 71 // Scope the creation of Job. |
| 72 { | 72 { |
| 73 // Create the job. | 73 // Create the job. |
| 74 Job job; | 74 Job job; |
| 75 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", | 75 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", |
| 76 JOB_OBJECT_UILIMIT_READCLIPBOARD)); | 76 JOB_OBJECT_UILIMIT_READCLIPBOARD, 0)); |
| 77 | 77 |
| 78 job_handle = job.Detach(); | 78 job_handle = job.Detach(); |
| 79 ASSERT_TRUE(job_handle != NULL); | 79 ASSERT_TRUE(job_handle != NULL); |
| 80 | 80 |
| 81 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0}; | 81 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0}; |
| 82 DWORD size = sizeof(jbur); | 82 DWORD size = sizeof(jbur); |
| 83 BOOL result = ::QueryInformationJobObject(job_handle, | 83 BOOL result = ::QueryInformationJobObject(job_handle, |
| 84 JobObjectBasicUIRestrictions, | 84 JobObjectBasicUIRestrictions, |
| 85 &jbur, size, &size); | 85 &jbur, size, &size); |
| 86 ASSERT_TRUE(result); | 86 ASSERT_TRUE(result); |
| 87 | 87 |
| 88 ASSERT_EQ(jbur.UIRestrictionsClass & JOB_OBJECT_UILIMIT_READCLIPBOARD, 0); | 88 ASSERT_EQ(jbur.UIRestrictionsClass & JOB_OBJECT_UILIMIT_READCLIPBOARD, 0); |
| 89 ::CloseHandle(job_handle); | 89 ::CloseHandle(job_handle); |
| 90 } | 90 } |
| 91 | 91 |
| 92 // Scope the creation of Job. | 92 // Scope the creation of Job. |
| 93 { | 93 { |
| 94 // Create the job. | 94 // Create the job. |
| 95 Job job; | 95 Job job; |
| 96 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0)); | 96 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0, 0)); |
| 97 | 97 |
| 98 job_handle = job.Detach(); | 98 job_handle = job.Detach(); |
| 99 ASSERT_TRUE(job_handle != NULL); | 99 ASSERT_TRUE(job_handle != NULL); |
| 100 | 100 |
| 101 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0}; | 101 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0}; |
| 102 DWORD size = sizeof(jbur); | 102 DWORD size = sizeof(jbur); |
| 103 BOOL result = ::QueryInformationJobObject(job_handle, | 103 BOOL result = ::QueryInformationJobObject(job_handle, |
| 104 JobObjectBasicUIRestrictions, | 104 JobObjectBasicUIRestrictions, |
| 105 &jbur, size, &size); | 105 &jbur, size, &size); |
| 106 ASSERT_TRUE(result); | 106 ASSERT_TRUE(result); |
| 107 | 107 |
| 108 ASSERT_EQ(jbur.UIRestrictionsClass & JOB_OBJECT_UILIMIT_READCLIPBOARD, | 108 ASSERT_EQ(jbur.UIRestrictionsClass & JOB_OBJECT_UILIMIT_READCLIPBOARD, |
| 109 JOB_OBJECT_UILIMIT_READCLIPBOARD); | 109 JOB_OBJECT_UILIMIT_READCLIPBOARD); |
| 110 ::CloseHandle(job_handle); | 110 ::CloseHandle(job_handle); |
| 111 } | 111 } |
| 112 } | 112 } |
| 113 | 113 |
| 114 // Tests the error case when the job is initialized twice. | 114 // Tests the error case when the job is initialized twice. |
| 115 TEST(JobTest, DoubleInit) { | 115 TEST(JobTest, DoubleInit) { |
| 116 // Create the job. | 116 // Create the job. |
| 117 Job job; | 117 Job job; |
| 118 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0)); | 118 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0, 0)); |
| 119 ASSERT_EQ(ERROR_ALREADY_INITIALIZED, job.Init(JOB_LOCKDOWN, L"test", 0)); | 119 ASSERT_EQ(ERROR_ALREADY_INITIALIZED, job.Init(JOB_LOCKDOWN, L"test", 0, 0)); |
| 120 } | 120 } |
| 121 | 121 |
| 122 // Tests the error case when we use a method and the object is not yet | 122 // Tests the error case when we use a method and the object is not yet |
| 123 // initialized. | 123 // initialized. |
| 124 TEST(JobTest, NoInit) { | 124 TEST(JobTest, NoInit) { |
| 125 Job job; | 125 Job job; |
| 126 ASSERT_EQ(ERROR_NO_DATA, job.UserHandleGrantAccess(NULL)); | 126 ASSERT_EQ(ERROR_NO_DATA, job.UserHandleGrantAccess(NULL)); |
| 127 ASSERT_EQ(ERROR_NO_DATA, job.AssignProcessToJob(NULL)); | 127 ASSERT_EQ(ERROR_NO_DATA, job.AssignProcessToJob(NULL)); |
| 128 ASSERT_TRUE(job.Detach() == NULL); | 128 ASSERT_TRUE(job.Detach() == NULL); |
| 129 } | 129 } |
| 130 | 130 |
| 131 // Tests the initialization of the job with different security level. | 131 // Tests the initialization of the job with different security level. |
| 132 TEST(JobTest, SecurityLevel) { | 132 TEST(JobTest, SecurityLevel) { |
| 133 Job job1; | 133 Job job1; |
| 134 ASSERT_EQ(ERROR_SUCCESS, job1.Init(JOB_LOCKDOWN, L"job1", 0)); | 134 ASSERT_EQ(ERROR_SUCCESS, job1.Init(JOB_LOCKDOWN, L"job1", 0, 0)); |
| 135 | 135 |
| 136 Job job2; | 136 Job job2; |
| 137 ASSERT_EQ(ERROR_SUCCESS, job2.Init(JOB_RESTRICTED, L"job2", 0)); | 137 ASSERT_EQ(ERROR_SUCCESS, job2.Init(JOB_RESTRICTED, L"job2", 0, 0)); |
| 138 | 138 |
| 139 Job job3; | 139 Job job3; |
| 140 ASSERT_EQ(ERROR_SUCCESS, job3.Init(JOB_LIMITED_USER, L"job3", 0)); | 140 ASSERT_EQ(ERROR_SUCCESS, job3.Init(JOB_LIMITED_USER, L"job3", 0, 0)); |
| 141 | 141 |
| 142 Job job4; | 142 Job job4; |
| 143 ASSERT_EQ(ERROR_SUCCESS, job4.Init(JOB_INTERACTIVE, L"job4", 0)); | 143 ASSERT_EQ(ERROR_SUCCESS, job4.Init(JOB_INTERACTIVE, L"job4", 0, 0)); |
| 144 | 144 |
| 145 Job job5; | 145 Job job5; |
| 146 ASSERT_EQ(ERROR_SUCCESS, job5.Init(JOB_UNPROTECTED, L"job5", 0)); | 146 ASSERT_EQ(ERROR_SUCCESS, job5.Init(JOB_UNPROTECTED, L"job5", 0, 0)); |
| 147 | 147 |
| 148 // JOB_NONE means we run without a job object so Init should fail. | 148 // JOB_NONE means we run without a job object so Init should fail. |
| 149 Job job6; | 149 Job job6; |
| 150 ASSERT_EQ(ERROR_BAD_ARGUMENTS, job6.Init(JOB_NONE, L"job6", 0)); | 150 ASSERT_EQ(ERROR_BAD_ARGUMENTS, job6.Init(JOB_NONE, L"job6", 0, 0)); |
| 151 | 151 |
| 152 Job job7; | 152 Job job7; |
| 153 ASSERT_EQ(ERROR_BAD_ARGUMENTS, job7.Init( | 153 ASSERT_EQ(ERROR_BAD_ARGUMENTS, job7.Init( |
| 154 static_cast<JobLevel>(JOB_NONE+1), L"job7", 0)); | 154 static_cast<JobLevel>(JOB_NONE+1), L"job7", 0, 0)); |
| 155 } | 155 } |
| 156 | 156 |
| 157 // Tests the method "AssignProcessToJob". | 157 // Tests the method "AssignProcessToJob". |
| 158 TEST(JobTest, ProcessInJob) { | 158 TEST(JobTest, ProcessInJob) { |
| 159 // Create the job. | 159 // Create the job. |
| 160 Job job; | 160 Job job; |
| 161 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_UNPROTECTED, L"job_test_process", 0)); | 161 ASSERT_EQ(ERROR_SUCCESS, job.Init(JOB_UNPROTECTED, L"job_test_process", 0, |
| 162 0)); |
| 162 | 163 |
| 163 BOOL result = FALSE; | 164 BOOL result = FALSE; |
| 164 | 165 |
| 165 wchar_t notepad[] = L"notepad"; | 166 wchar_t notepad[] = L"notepad"; |
| 166 STARTUPINFO si = { sizeof(si) }; | 167 STARTUPINFO si = { sizeof(si) }; |
| 167 PROCESS_INFORMATION temp_process_info = {}; | 168 PROCESS_INFORMATION temp_process_info = {}; |
| 168 result = ::CreateProcess(NULL, notepad, NULL, NULL, FALSE, 0, NULL, NULL, &si, | 169 result = ::CreateProcess(NULL, notepad, NULL, NULL, FALSE, 0, NULL, NULL, &si, |
| 169 &temp_process_info); | 170 &temp_process_info); |
| 170 ASSERT_TRUE(result); | 171 ASSERT_TRUE(result); |
| 171 base::win::ScopedProcessInformation pi(temp_process_info); | 172 base::win::ScopedProcessInformation pi(temp_process_info); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 185 EXPECT_EQ(1, jbpidl.NumberOfAssignedProcesses); | 186 EXPECT_EQ(1, jbpidl.NumberOfAssignedProcesses); |
| 186 EXPECT_EQ(1, jbpidl.NumberOfProcessIdsInList); | 187 EXPECT_EQ(1, jbpidl.NumberOfProcessIdsInList); |
| 187 EXPECT_EQ(pi.process_id(), jbpidl.ProcessIdList[0]); | 188 EXPECT_EQ(pi.process_id(), jbpidl.ProcessIdList[0]); |
| 188 | 189 |
| 189 EXPECT_TRUE(::TerminateProcess(pi.process_handle(), 0)); | 190 EXPECT_TRUE(::TerminateProcess(pi.process_handle(), 0)); |
| 190 | 191 |
| 191 EXPECT_TRUE(::CloseHandle(job_handle)); | 192 EXPECT_TRUE(::CloseHandle(job_handle)); |
| 192 } | 193 } |
| 193 | 194 |
| 194 } // namespace sandbox | 195 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 319573006:
Add sandbox support for process memory limits (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src