OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <windows.h> | 5 #include <windows.h> |
6 | 6 |
7 #define _ATL_NO_EXCEPTIONS | 7 #define _ATL_NO_EXCEPTIONS |
8 #include <atlbase.h> | 8 #include <atlbase.h> |
9 #include <atlsecurity.h> | 9 #include <atlsecurity.h> |
10 | 10 |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
61 event.Close(); | 61 event.Close(); |
62 | 62 |
63 LocalFree(local_sid); | 63 LocalFree(local_sid); |
64 return event.IsValid() ? event.Take() : NULL; | 64 return event.IsValid() ? event.Take() : NULL; |
65 } | 65 } |
66 | 66 |
67 } // namespace | 67 } // namespace |
68 | 68 |
69 namespace sandbox { | 69 namespace sandbox { |
70 | 70 |
71 TEST(AppContainerTest, AllowOpenEvent) { | 71 TEST(AppContainerTest, DenyOpenEvent) { |
72 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 72 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
73 return; | 73 return; |
74 | 74 |
75 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); | 75 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); |
76 | 76 |
77 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; | 77 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; |
78 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); | 78 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); |
79 ASSERT_TRUE(handle.IsValid()); | 79 ASSERT_TRUE(handle.IsValid()); |
80 | 80 |
81 EXPECT_EQ(SBOX_ALL_OK, | 81 EXPECT_EQ(SBOX_ALL_OK, |
82 runner.broker()->InstallAppContainer(kAppContainerSid, | 82 runner.broker()->InstallAppContainer(kAppContainerSid, |
83 kAppContainerName)); | 83 kAppContainerName)); |
84 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability)); | |
85 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 84 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
86 | 85 |
87 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); | 86 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); |
88 | 87 |
89 runner.SetTestState(BEFORE_REVERT); | 88 runner.SetTestState(BEFORE_REVERT); |
90 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); | 89 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); |
91 EXPECT_EQ(SBOX_ALL_OK, | 90 EXPECT_EQ(SBOX_ALL_OK, |
92 runner.broker()->UninstallAppContainer(kAppContainerSid)); | 91 runner.broker()->UninstallAppContainer(kAppContainerSid)); |
93 } | 92 } |
94 | 93 |
95 TEST(AppContainerTest, DenyOpenEvent) { | 94 TEST(AppContainerTest, DenyOpenEventEvenWithCapability) { |
96 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 95 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
97 return; | 96 return; |
98 | 97 |
99 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); | 98 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); |
100 | 99 |
101 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; | 100 const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; |
102 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); | 101 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); |
103 ASSERT_TRUE(handle.IsValid()); | 102 ASSERT_TRUE(handle.IsValid()); |
104 | 103 |
105 EXPECT_EQ(SBOX_ALL_OK, | 104 EXPECT_EQ(SBOX_ALL_OK, |
106 runner.broker()->InstallAppContainer(kAppContainerSid, | 105 runner.broker()->InstallAppContainer(kAppContainerSid, |
107 kAppContainerName)); | 106 kAppContainerName)); |
107 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability)); | |
rvargas (doing something else)
2015/02/27 20:16:34
... And tests that deal with LowBox don't require
| |
108 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 108 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
109 | 109 |
110 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); | 110 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); |
111 | 111 |
112 runner.SetTestState(BEFORE_REVERT); | 112 runner.SetTestState(BEFORE_REVERT); |
113 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); | 113 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); |
114 EXPECT_EQ(SBOX_ALL_OK, | 114 EXPECT_EQ(SBOX_ALL_OK, |
115 runner.broker()->UninstallAppContainer(kAppContainerSid)); | 115 runner.broker()->UninstallAppContainer(kAppContainerSid)); |
116 } | 116 } |
117 | 117 |
118 TEST(AppContainerTest, NoImpersonation) { | 118 TEST(AppContainerTest, NoImpersonation) { |
119 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 119 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
120 return; | 120 return; |
121 | 121 |
122 TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED); | 122 TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED); |
123 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 123 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
124 } | 124 } |
125 | 125 |
126 TEST(AppContainerTest, WantsImpersonation) { | 126 TEST(AppContainerTest, WantsImpersonation) { |
127 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 127 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
128 return; | 128 return; |
129 | 129 |
130 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN); | 130 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN); |
131 EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER, | 131 EXPECT_EQ(SBOX_ALL_OK, |
132 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 132 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
133 } | 133 } |
134 | 134 |
135 TEST(AppContainerTest, RequiresImpersonation) { | 135 TEST(AppContainerTest, RequiresImpersonation) { |
136 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 136 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
137 return; | 137 return; |
138 | 138 |
139 TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED); | 139 TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED); |
140 EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER, | 140 EXPECT_EQ(SBOX_ALL_OK, |
141 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); | 141 runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
142 } | 142 } |
143 | 143 |
144 } // namespace sandbox | 144 } // namespace sandbox |
OLD | NEW |