Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1032)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/file_policy_test.cc

Issue 909373004: Sandbox: Add support for file system policies that use implied device paths. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | sandbox/win/src/filesystem_policy.cc » ('j') | sandbox/win/src/win_utils.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/file_policy_test.cc
diff --git a/sandbox/win/src/file_policy_test.cc b/sandbox/win/src/file_policy_test.cc
index 199dd4c68d5928cdb0d04ab9872951a37ea510bc..8b5236251f5ef2cb204a32aa233485d41e9078f0 100644
--- a/sandbox/win/src/file_policy_test.cc
+++ b/sandbox/win/src/file_policy_test.cc
@@ -9,6 +9,7 @@
#include <winioctl.h>
#include "base/win/scoped_handle.h"
+#include "base/win/windows_version.h"
#include "sandbox/win/src/filesystem_policy.h"
#include "sandbox/win/src/nt_internals.h"
#include "sandbox/win/src/sandbox.h"
@@ -109,7 +110,7 @@ SBOX_TESTS_COMMAND int File_CreateSys32(int argc, wchar_t **argv) {
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
base::string16 file(argv[0]);
- if (0 != _wcsnicmp(file.c_str(), kNTObjManPrefix, kNTObjManPrefixLen))
+ if (0 != _wcsnicmp(file.c_str(), kNTDevicePrefix, kNTDevicePrefixLen))
file = MakePathToSys(argv[0], true);
UNICODE_STRING object_name;
@@ -279,6 +280,9 @@ TEST(FilePolicyTest, AllowNtCreateCalc) {
}
TEST(FilePolicyTest, AllowNtCreateWithNativePath) {
+ if (base::win::GetVersion() < base::win::VERSION_WIN7)
+ return;
+
base::string16 calc = MakePathToSys(L"calc.exe", false);
base::string16 nt_path;
ASSERT_TRUE(GetNtPathFromWin32Path(calc, &nt_path));
@@ -330,6 +334,34 @@ TEST(FilePolicyTest, AllowReadOnly) {
DeleteFile(temp_file_name);
}
+// Tests support of "\\\\.\\DeviceName" kind of paths.
+TEST(FilePolicyTest, AllowImplicitDeviceName) {
+ if (base::win::GetVersion() < base::win::VERSION_WIN7)
+ return;
+
+ TestRunner runner;
+
+ wchar_t temp_directory[MAX_PATH];
+ wchar_t temp_file_name[MAX_PATH];
+ ASSERT_NE(::GetTempPath(MAX_PATH, temp_directory), 0u);
+ ASSERT_NE(::GetTempFileName(temp_directory, L"test", 0, temp_file_name), 0u);
+
+ std::wstring path;
+ EXPECT_TRUE(ConvertToLongPath(temp_file_name, &path));
+ EXPECT_TRUE(GetNtPathFromWin32Path(path, &path));
+ path = path.substr(sandbox::kNTDevicePrefixLen);
+
+ wchar_t command[MAX_PATH + 20] = {0};
+ wsprintf(command, L"File_Create Read \"\\\\.\\%ls\"", path.c_str());
+ path = std::wstring(kNTPrefix) + path;
+
+ EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
+ EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_ANY, path.c_str()));
+ EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(command));
+
+ DeleteFile(temp_file_name);
+}
+
TEST(FilePolicyTest, AllowWildcard) {
TestRunner runner;
« no previous file with comments | « no previous file | sandbox/win/src/filesystem_policy.cc » ('j') | sandbox/win/src/win_utils.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698