Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(43)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/app_container_test.cc

Issue 937353002: Adding method to create process using LowBox token in sandbox code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Removed sid.h/.cc Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« sandbox/win/src/app_container.h ('K') | « sandbox/win/src/app_container.cc ('k') | sandbox/win/src/broker_services.cc » ('j') | sandbox/win/src/policy_broker.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <windows.h> 5 #include <windows.h>
6 6
7 #define _ATL_NO_EXCEPTIONS 7 #define _ATL_NO_EXCEPTIONS
8 #include <atlbase.h> 8 #include <atlbase.h>
9 #include <atlsecurity.h> 9 #include <atlsecurity.h>
10 10
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 event.Close(); 61 event.Close();
62 62
63 LocalFree(local_sid); 63 LocalFree(local_sid);
64 return event.IsValid() ? event.Take() : NULL; 64 return event.IsValid() ? event.Take() : NULL;
65 } 65 }
66 66
67 } // namespace 67 } // namespace
68 68
69 namespace sandbox { 69 namespace sandbox {
70 70
71 TEST(AppContainerTest, AllowOpenEvent) { 71 TEST(AppContainerTest, DenyOpenEvent) {
72 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) 72 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
73 return; 73 return;
74 74
75 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); 75 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
76 76
77 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; 77 const wchar_t capability[] = L"S-1-15-3-12345678-87654321";
78 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); 78 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));
79 ASSERT_TRUE(handle.IsValid()); 79 ASSERT_TRUE(handle.IsValid());
80 80
81 EXPECT_EQ(SBOX_ALL_OK, 81 EXPECT_EQ(SBOX_ALL_OK,
82 runner.broker()->InstallAppContainer(kAppContainerSid, 82 runner.broker()->InstallAppContainer(kAppContainerSid,
83 kAppContainerName)); 83 kAppContainerName));
84 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability));
85 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); 84 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
86 85
87 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); 86 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
88 87
89 runner.SetTestState(BEFORE_REVERT); 88 runner.SetTestState(BEFORE_REVERT);
90 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); 89 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
91 EXPECT_EQ(SBOX_ALL_OK, 90 EXPECT_EQ(SBOX_ALL_OK,
92 runner.broker()->UninstallAppContainer(kAppContainerSid)); 91 runner.broker()->UninstallAppContainer(kAppContainerSid));
93 } 92 }
94 93
95 TEST(AppContainerTest, DenyOpenEvent) { 94 TEST(AppContainerTest, DenyOpenEventEvenWithCapability) {
96 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) 95 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
97 return; 96 return;
98 97
99 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); 98 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
100 99
101 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; 100 const wchar_t capability[] = L"S-1-15-3-12345678-87654321";
102 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); 101 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));
103 ASSERT_TRUE(handle.IsValid()); 102 ASSERT_TRUE(handle.IsValid());
104 103
105 EXPECT_EQ(SBOX_ALL_OK, 104 EXPECT_EQ(SBOX_ALL_OK,
106 runner.broker()->InstallAppContainer(kAppContainerSid, 105 runner.broker()->InstallAppContainer(kAppContainerSid,
107 kAppContainerName)); 106 kAppContainerName));
107 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability));
rvargas (doing something else) 2015/02/27 20:16:34 ... And tests that deal with LowBox don't require
108 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); 108 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
109 109
110 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); 110 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
111 111
112 runner.SetTestState(BEFORE_REVERT); 112 runner.SetTestState(BEFORE_REVERT);
113 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); 113 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
114 EXPECT_EQ(SBOX_ALL_OK, 114 EXPECT_EQ(SBOX_ALL_OK,
115 runner.broker()->UninstallAppContainer(kAppContainerSid)); 115 runner.broker()->UninstallAppContainer(kAppContainerSid));
116 } 116 }
117 117
118 TEST(AppContainerTest, NoImpersonation) { 118 TEST(AppContainerTest, NoImpersonation) {
119 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) 119 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
120 return; 120 return;
121 121
122 TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED); 122 TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED);
123 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); 123 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
124 } 124 }
125 125
126 TEST(AppContainerTest, WantsImpersonation) { 126 TEST(AppContainerTest, WantsImpersonation) {
127 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) 127 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
128 return; 128 return;
129 129
130 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN); 130 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN);
131 EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER, 131 EXPECT_EQ(SBOX_ALL_OK,
132 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); 132 runner.GetPolicy()->SetAppContainer(kAppContainerSid));
133 } 133 }
134 134
135 TEST(AppContainerTest, RequiresImpersonation) { 135 TEST(AppContainerTest, RequiresImpersonation) {
136 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) 136 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
137 return; 137 return;
138 138
139 TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED); 139 TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED);
140 EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER, 140 EXPECT_EQ(SBOX_ALL_OK,
141 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); 141 runner.GetPolicy()->SetAppContainer(kAppContainerSid));
142 } 142 }
143 143
144 } // namespace sandbox 144 } // namespace sandbox
OLDNEW
« sandbox/win/src/app_container.h ('K') | « sandbox/win/src/app_container.cc ('k') | sandbox/win/src/broker_services.cc » ('j') | sandbox/win/src/policy_broker.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698