Restructure sandbox code to reduce dependencies pulled in by intercept code.

sandbox/win/src/service_resolver_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file contains unit tests for ServiceResolverThunk.
 
 #include "base/basictypes.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/win/windows_version.h"
 #include "sandbox/win/src/resolver.h"
@@ skipping 26 matching lines @@
                         const void* interceptor_entry_point,
                         void* thunk_storage,
                         size_t storage_bytes) {
     NTSTATUS ret = STATUS_SUCCESS;
     ret = ResolverThunk::Init(target_module, interceptor_module, target_name,
                               interceptor_name, interceptor_entry_point,
                               thunk_storage, storage_bytes);
     EXPECT_EQ(STATUS_SUCCESS, ret);
 
     target_ = fake_target_;
-    ntdll_base_ = ::GetModuleHandle(L"ntdll.dll");
+
     return ret;
   };
 
  private:
   // Holds the address of the fake target.
   void* fake_target_;
 
   DISALLOW_COPY_AND_ASSIGN(ResolverThunkTest);
 };
 
@@ skipping 43 matching lines @@
   memcpy(service, target, sizeof(service));
 
   static_cast<WinXpResolverTest*>(resolver)->set_target(service);
 
   // Any pointer will do as an interception_entry_point
   void* function_entry = resolver;
   size_t thunk_size = resolver->GetThunkSize();
   scoped_ptr<char[]> thunk(new char[thunk_size]);
   size_t used;
 
+  resolver->AllowLocalPatches();
+
   NTSTATUS ret = resolver->Setup(ntdll_base, NULL, function, NULL,
                                  function_entry, thunk.get(), thunk_size,
                                  &used);
   if (NT_SUCCESS(ret)) {
     EXPECT_EQ(thunk_size, used);
     EXPECT_NE(0, memcmp(service, target, sizeof(service)));
     EXPECT_NE(kJump32, service[0]);
 
     if (relaxed) {
       // It's already patched, let's patch again, and simulate a direct patch.
@@ skipping 96 matching lines @@
   EXPECT_EQ(STATUS_SUCCESS, ret) << "NtCreateMutant, last error: " <<
     ::GetLastError();
 
   ret = PatchNtdllWithResolver("NtMapViewOfSection", true, resolver);
   EXPECT_EQ(STATUS_SUCCESS, ret) << "NtMapViewOfSection, last error: " <<
     ::GetLastError();
   delete resolver;
 #endif
 }
 
+TEST(ServiceResolverTest, LocalPatchesAllowed) {
+  sandbox::ServiceResolverThunk* resolver = GetTestResolver(true);
+
+  HMODULE ntdll_base = ::GetModuleHandle(L"ntdll.dll");
+  ASSERT_TRUE(NULL != ntdll_base);
+
+  const char kFunctionName[] = "NtClose";
+
+  void* target = ::GetProcAddress(ntdll_base, kFunctionName);
+  ASSERT_TRUE(NULL != target);
+
+  BYTE service[50];
+  memcpy(service, target, sizeof(service));
+  static_cast<WinXpResolverTest*>(resolver)->set_target(service);
+
+  // Any pointer will do as an interception_entry_point
+  void* function_entry = resolver;
+  size_t thunk_size = resolver->GetThunkSize();
+  scoped_ptr<char[]> thunk(new char[thunk_size]);
+  size_t used;
+
+  NTSTATUS ret = STATUS_UNSUCCESSFUL;
+
+  // First try patching without having allowed local patches.
+  ret = resolver->Setup(ntdll_base, NULL, kFunctionName, NULL,
+                        function_entry, thunk.get(), thunk_size,
+                        &used);
+  EXPECT_FALSE(NT_SUCCESS(ret));
+
+  // Now allow local patches and check that things work.
+  resolver->AllowLocalPatches();
+  ret = resolver->Setup(ntdll_base, NULL, kFunctionName, NULL,
+                        function_entry, thunk.get(), thunk_size,
+                        &used);
+  EXPECT_EQ(STATUS_SUCCESS, ret);
+}
+
 }  // namespace