| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file contains the validation tests for the sandbox. | 5 // This file contains the validation tests for the sandbox. |
| 6 // It includes the tests that need to be performed inside the | 6 // It includes the tests that need to be performed inside the |
| 7 // sandbox. | 7 // sandbox. |
| 8 | 8 |
| 9 #include <shlwapi.h> | 9 #include <shlwapi.h> |
| 10 | 10 |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 146 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); | 146 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); |
| 147 | 147 |
| 148 wsprintf(command, L"ValidWindow %d", ::FindWindow(NULL, NULL)); | 148 wsprintf(command, L"ValidWindow %d", ::FindWindow(NULL, NULL)); |
| 149 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); | 149 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); |
| 150 } | 150 } |
| 151 | 151 |
| 152 // Tests that a locked-down process cannot open another locked-down process. | 152 // Tests that a locked-down process cannot open another locked-down process. |
| 153 TEST(ValidationSuite, TestProcessDenyLockdown) { | 153 TEST(ValidationSuite, TestProcessDenyLockdown) { |
| 154 TestRunner runner; | 154 TestRunner runner; |
| 155 TestRunner target; | 155 TestRunner target; |
| 156 wchar_t command[1024] = {0}; | |
| 157 | 156 |
| 158 target.SetAsynchronous(true); | 157 target.SetAsynchronous(true); |
| 159 | 158 |
| 160 EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000")); | 159 EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000")); |
| 161 | 160 |
| 162 TestProcessAccess(&runner, target.process_id()); | 161 TestProcessAccess(&runner, target.process_id()); |
| 163 } | 162 } |
| 164 | 163 |
| 165 // Tests that a low-integrity process cannot open a locked-down process (due | 164 // Tests that a low-integrity process cannot open a locked-down process (due |
| 166 // to the integrity label changing after startup via SetDelayedIntegrityLevel). | 165 // to the integrity label changing after startup via SetDelayedIntegrityLevel). |
| 167 TEST(ValidationSuite, TestProcessDenyLowIntegrity) { | 166 TEST(ValidationSuite, TestProcessDenyLowIntegrity) { |
| 168 // This test applies only to Vista and above. | 167 // This test applies only to Vista and above. |
| 169 if (base::win::Version() < base::win::VERSION_VISTA) | 168 if (base::win::Version() < base::win::VERSION_VISTA) |
| 170 return; | 169 return; |
| 171 | 170 |
| 172 TestRunner runner; | 171 TestRunner runner; |
| 173 TestRunner target; | 172 TestRunner target; |
| 174 wchar_t command[1024] = {0}; | |
| 175 | 173 |
| 176 target.SetAsynchronous(true); | 174 target.SetAsynchronous(true); |
| 177 target.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW); | 175 target.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW); |
| 178 | 176 |
| 179 runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); | 177 runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); |
| 180 runner.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, | 178 runner.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, |
| 181 USER_INTERACTIVE); | 179 USER_INTERACTIVE); |
| 182 | 180 |
| 183 EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000")); | 181 EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000")); |
| 184 | 182 |
| 185 TestProcessAccess(&runner, target.process_id()); | 183 TestProcessAccess(&runner, target.process_id()); |
| 186 } | 184 } |
| 187 | 185 |
| 188 // Tests that a locked-down process cannot open a low-integrity process. | 186 // Tests that a locked-down process cannot open a low-integrity process. |
| 189 TEST(ValidationSuite, TestProcessDenyBelowLowIntegrity) { | 187 TEST(ValidationSuite, TestProcessDenyBelowLowIntegrity) { |
| 190 // This test applies only to Vista and above. | 188 // This test applies only to Vista and above. |
| 191 if (base::win::Version() < base::win::VERSION_VISTA) | 189 if (base::win::Version() < base::win::VERSION_VISTA) |
| 192 return; | 190 return; |
| 193 | 191 |
| 194 TestRunner runner; | 192 TestRunner runner; |
| 195 TestRunner target; | 193 TestRunner target; |
| 196 wchar_t command[1024] = {0}; | |
| 197 | 194 |
| 198 target.SetAsynchronous(true); | 195 target.SetAsynchronous(true); |
| 199 target.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); | 196 target.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); |
| 200 target.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, | 197 target.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, |
| 201 USER_INTERACTIVE); | 198 USER_INTERACTIVE); |
| 202 | 199 |
| 203 runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_UNTRUSTED); | 200 runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_UNTRUSTED); |
| 204 runner.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, | 201 runner.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, |
| 205 USER_INTERACTIVE); | 202 USER_INTERACTIVE); |
| 206 | 203 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 233 TEST(ValidationSuite, TestMemoryNoLimit) { | 230 TEST(ValidationSuite, TestMemoryNoLimit) { |
| 234 TestRunner runner; | 231 TestRunner runner; |
| 235 wchar_t command[1024] = {0}; | 232 wchar_t command[1024] = {0}; |
| 236 const int kAllocationSize = 256 * 1024 * 1024; | 233 const int kAllocationSize = 256 * 1024 * 1024; |
| 237 | 234 |
| 238 wsprintf(command, L"AllocateCmd %d", kAllocationSize); | 235 wsprintf(command, L"AllocateCmd %d", kAllocationSize); |
| 239 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(command)); | 236 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(command)); |
| 240 } | 237 } |
| 241 | 238 |
| 242 } // namespace sandbox | 239 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 614813002:
Cleanup sandbox/ in advance of re-enabling some MSVC warnings. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master