| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <windows.h> | 5 #include <windows.h> |
| 6 | 6 |
| 7 #define _ATL_NO_EXCEPTIONS | 7 #define _ATL_NO_EXCEPTIONS |
| 8 #include <atlbase.h> | 8 #include <atlbase.h> |
| 9 #include <atlsecurity.h> | 9 #include <atlsecurity.h> |
| 10 | 10 |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 event.Close(); | 61 event.Close(); |
| 62 | 62 |
| 63 LocalFree(local_sid); | 63 LocalFree(local_sid); |
| 64 return event.IsValid() ? event.Take() : NULL; | 64 return event.IsValid() ? event.Take() : NULL; |
| 65 } | 65 } |
| 66 | 66 |
| 67 } // namespace | 67 } // namespace |
| 68 | 68 |
| 69 namespace sandbox { | 69 namespace sandbox { |
| 70 | 70 |
| 71 TEST(AppContainerTest, AllowOpenEvent) { | 71 TEST(AppContainerTest, DISABLED_AllowOpenEvent) { |
| 72 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 72 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| 73 return; | 73 return; |
| 74 | 74 |
| 75 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); | 75 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); |
| 76 | 76 |
| 77 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; | 77 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; |
| 78 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); | 78 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); |
| 79 ASSERT_TRUE(handle.IsValid()); | 79 ASSERT_TRUE(handle.IsValid()); |
| 80 | 80 |
| 81 EXPECT_EQ(SBOX_ALL_OK, | 81 EXPECT_EQ(SBOX_ALL_OK, |
| 82 runner.broker()->InstallAppContainer(kAppContainerSid, | 82 runner.broker()->InstallAppContainer(kAppContainerSid, |
| 83 kAppContainerName)); | 83 kAppContainerName)); |
| 84 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability)); | 84 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability)); |
| 85 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 85 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| 86 | 86 |
| 87 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); | 87 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); |
| 88 | 88 |
| 89 runner.SetTestState(BEFORE_REVERT); | 89 runner.SetTestState(BEFORE_REVERT); |
| 90 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); | 90 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); |
| 91 EXPECT_EQ(SBOX_ALL_OK, | 91 EXPECT_EQ(SBOX_ALL_OK, |
| 92 runner.broker()->UninstallAppContainer(kAppContainerSid)); | 92 runner.broker()->UninstallAppContainer(kAppContainerSid)); |
| 93 } | 93 } |
| 94 | 94 |
| 95 TEST(AppContainerTest, DenyOpenEvent) { | 95 TEST(AppContainerTest, DISABLED_DenyOpenEvent) { |
| 96 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 96 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| 97 return; | 97 return; |
| 98 | 98 |
| 99 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); | 99 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); |
| 100 | 100 |
| 101 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; | 101 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; |
| 102 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); | 102 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); |
| 103 ASSERT_TRUE(handle.IsValid()); | 103 ASSERT_TRUE(handle.IsValid()); |
| 104 | 104 |
| 105 EXPECT_EQ(SBOX_ALL_OK, | 105 EXPECT_EQ(SBOX_ALL_OK, |
| (...skipping 15 matching lines...) Expand all Loading... |
| 121 | 121 |
| 122 TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED); | 122 TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED); |
| 123 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 123 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| 124 } | 124 } |
| 125 | 125 |
| 126 TEST(AppContainerTest, WantsImpersonation) { | 126 TEST(AppContainerTest, WantsImpersonation) { |
| 127 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 127 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| 128 return; | 128 return; |
| 129 | 129 |
| 130 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN); | 130 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN); |
| 131 EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER, | 131 EXPECT_EQ(SBOX_ALL_OK, |
| 132 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 132 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| 133 } | 133 } |
| 134 | 134 |
| 135 TEST(AppContainerTest, RequiresImpersonation) { | 135 TEST(AppContainerTest, RequiresImpersonation) { |
| 136 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 136 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| 137 return; | 137 return; |
| 138 | 138 |
| 139 TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED); | 139 TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED); |
| 140 EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER, | 140 EXPECT_EQ(SBOX_ALL_OK, |
| 141 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 141 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| 142 } | 142 } |
| 143 | 143 |
| 144 } // namespace sandbox | 144 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 937353002:
Adding method to create process using LowBox token in sandbox code. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master