security/sandbox/win/src/process_policy_test.cc@6474c204b198 (annotated)
security/sandbox/win/src/process_policy_test.cc
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| michael@0 | 2 | // Use of this source code is governed by a BSD-style license that can be |
| michael@0 | 3 | // found in the LICENSE file. |
| michael@0 | 4 | |
| michael@0 | 5 | #include <memory> |
| michael@0 | 6 | #include <string> |
| michael@0 | 7 | |
| michael@0 | 8 | #include "base/strings/string16.h" |
| michael@0 | 9 | #include "base/strings/sys_string_conversions.h" |
| michael@0 | 10 | #include "base/win/scoped_handle.h" |
| michael@0 | 11 | #include "base/win/scoped_process_information.h" |
| michael@0 | 12 | #include "base/win/windows_version.h" |
| michael@0 | 13 | #include "sandbox/win/src/sandbox.h" |
| michael@0 | 14 | #include "sandbox/win/src/sandbox_factory.h" |
| michael@0 | 15 | #include "sandbox/win/src/sandbox_policy.h" |
| michael@0 | 16 | #include "sandbox/win/tests/common/controller.h" |
| michael@0 | 17 | #include "testing/gtest/include/gtest/gtest.h" |
| michael@0 | 18 | |
| michael@0 | 19 | namespace { |
| michael@0 | 20 | |
| michael@0 | 21 | // While the shell API provides better calls than this home brew function |
| michael@0 | 22 | // we use GetSystemWindowsDirectoryW which does not query the registry so |
| michael@0 | 23 | // it is safe to use after revert. |
| michael@0 | 24 | string16 MakeFullPathToSystem32(const wchar_t* name) { |
| michael@0 | 25 | wchar_t windows_path[MAX_PATH] = {0}; |
| michael@0 | 26 | ::GetSystemWindowsDirectoryW(windows_path, MAX_PATH); |
| michael@0 | 27 | string16 full_path(windows_path); |
| michael@0 | 28 | if (full_path.empty()) { |
| michael@0 | 29 | return full_path; |
| michael@0 | 30 | } |
| michael@0 | 31 | full_path += L"\\system32\\"; |
| michael@0 | 32 | full_path += name; |
| michael@0 | 33 | return full_path; |
| michael@0 | 34 | } |
| michael@0 | 35 | |
| michael@0 | 36 | // Creates a process with the |exe| and |command| parameter using the |
| michael@0 | 37 | // unicode and ascii version of the api. |
| michael@0 | 38 | sandbox::SboxTestResult CreateProcessHelper(const string16& exe, |
| michael@0 | 39 | const string16& command) { |
| michael@0 | 40 | base::win::ScopedProcessInformation pi; |
| michael@0 | 41 | STARTUPINFOW si = {sizeof(si)}; |
| michael@0 | 42 | |
| michael@0 | 43 | const wchar_t *exe_name = NULL; |
| michael@0 | 44 | if (!exe.empty()) |
| michael@0 | 45 | exe_name = exe.c_str(); |
| michael@0 | 46 | |
| michael@0 | 47 | const wchar_t *cmd_line = NULL; |
| michael@0 | 48 | if (!command.empty()) |
| michael@0 | 49 | cmd_line = command.c_str(); |
| michael@0 | 50 | |
| michael@0 | 51 | // Create the process with the unicode version of the API. |
| michael@0 | 52 | sandbox::SboxTestResult ret1 = sandbox::SBOX_TEST_FAILED; |
| michael@0 | 53 | if (!::CreateProcessW(exe_name, const_cast<wchar_t*>(cmd_line), NULL, NULL, |
| michael@0 | 54 | FALSE, 0, NULL, NULL, &si, pi.Receive())) { |
| michael@0 | 55 | DWORD last_error = GetLastError(); |
| michael@0 | 56 | if ((ERROR_NOT_ENOUGH_QUOTA == last_error) || |
| michael@0 | 57 | (ERROR_ACCESS_DENIED == last_error) || |
| michael@0 | 58 | (ERROR_FILE_NOT_FOUND == last_error)) { |
| michael@0 | 59 | ret1 = sandbox::SBOX_TEST_DENIED; |
| michael@0 | 60 | } else { |
| michael@0 | 61 | ret1 = sandbox::SBOX_TEST_FAILED; |
| michael@0 | 62 | } |
| michael@0 | 63 | } else { |
| michael@0 | 64 | ret1 = sandbox::SBOX_TEST_SUCCEEDED; |
| michael@0 | 65 | } |
| michael@0 | 66 | |
| michael@0 | 67 | pi.Close(); |
| michael@0 | 68 | |
| michael@0 | 69 | // Do the same with the ansi version of the api |
| michael@0 | 70 | STARTUPINFOA sia = {sizeof(sia)}; |
| michael@0 | 71 | sandbox::SboxTestResult ret2 = sandbox::SBOX_TEST_FAILED; |
| michael@0 | 72 | |
| michael@0 | 73 | std::string narrow_cmd_line; |
| michael@0 | 74 | if (cmd_line) |
| michael@0 | 75 | narrow_cmd_line = base::SysWideToMultiByte(cmd_line, CP_UTF8); |
| michael@0 | 76 | if (!::CreateProcessA( |
| michael@0 | 77 | exe_name ? base::SysWideToMultiByte(exe_name, CP_UTF8).c_str() : NULL, |
| michael@0 | 78 | cmd_line ? const_cast<char*>(narrow_cmd_line.c_str()) : NULL, |
| michael@0 | 79 | NULL, NULL, FALSE, 0, NULL, NULL, &sia, pi.Receive())) { |
| michael@0 | 80 | DWORD last_error = GetLastError(); |
| michael@0 | 81 | if ((ERROR_NOT_ENOUGH_QUOTA == last_error) || |
| michael@0 | 82 | (ERROR_ACCESS_DENIED == last_error) || |
| michael@0 | 83 | (ERROR_FILE_NOT_FOUND == last_error)) { |
| michael@0 | 84 | ret2 = sandbox::SBOX_TEST_DENIED; |
| michael@0 | 85 | } else { |
| michael@0 | 86 | ret2 = sandbox::SBOX_TEST_FAILED; |
| michael@0 | 87 | } |
| michael@0 | 88 | } else { |
| michael@0 | 89 | ret2 = sandbox::SBOX_TEST_SUCCEEDED; |
| michael@0 | 90 | } |
| michael@0 | 91 | |
| michael@0 | 92 | if (ret1 == ret2) |
| michael@0 | 93 | return ret1; |
| michael@0 | 94 | |
| michael@0 | 95 | return sandbox::SBOX_TEST_FAILED; |
| michael@0 | 96 | } |
| michael@0 | 97 | |
| michael@0 | 98 | } // namespace |
| michael@0 | 99 | |
| michael@0 | 100 | namespace sandbox { |
| michael@0 | 101 | |
| michael@0 | 102 | SBOX_TESTS_COMMAND int Process_RunApp1(int argc, wchar_t **argv) { |
| michael@0 | 103 | if (argc != 1) { |
| michael@0 | 104 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 105 | } |
| michael@0 | 106 | if ((NULL == argv) || (NULL == argv[0])) { |
| michael@0 | 107 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 108 | } |
| michael@0 | 109 | string16 path = MakeFullPathToSystem32(argv[0]); |
| michael@0 | 110 | |
| michael@0 | 111 | // TEST 1: Try with the path in the app_name. |
| michael@0 | 112 | return CreateProcessHelper(path, string16()); |
| michael@0 | 113 | } |
| michael@0 | 114 | |
| michael@0 | 115 | SBOX_TESTS_COMMAND int Process_RunApp2(int argc, wchar_t **argv) { |
| michael@0 | 116 | if (argc != 1) { |
| michael@0 | 117 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 118 | } |
| michael@0 | 119 | if ((NULL == argv) || (NULL == argv[0])) { |
| michael@0 | 120 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 121 | } |
| michael@0 | 122 | string16 path = MakeFullPathToSystem32(argv[0]); |
| michael@0 | 123 | |
| michael@0 | 124 | // TEST 2: Try with the path in the cmd_line. |
| michael@0 | 125 | string16 cmd_line = L"\""; |
| michael@0 | 126 | cmd_line += path; |
| michael@0 | 127 | cmd_line += L"\""; |
| michael@0 | 128 | return CreateProcessHelper(string16(), cmd_line); |
| michael@0 | 129 | } |
| michael@0 | 130 | |
| michael@0 | 131 | SBOX_TESTS_COMMAND int Process_RunApp3(int argc, wchar_t **argv) { |
| michael@0 | 132 | if (argc != 1) { |
| michael@0 | 133 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 134 | } |
| michael@0 | 135 | if ((NULL == argv) || (NULL == argv[0])) { |
| michael@0 | 136 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 137 | } |
| michael@0 | 138 | |
| michael@0 | 139 | // TEST 3: Try file name in the cmd_line. |
| michael@0 | 140 | return CreateProcessHelper(string16(), argv[0]); |
| michael@0 | 141 | } |
| michael@0 | 142 | |
| michael@0 | 143 | SBOX_TESTS_COMMAND int Process_RunApp4(int argc, wchar_t **argv) { |
| michael@0 | 144 | if (argc != 1) { |
| michael@0 | 145 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 146 | } |
| michael@0 | 147 | if ((NULL == argv) || (NULL == argv[0])) { |
| michael@0 | 148 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 149 | } |
| michael@0 | 150 | |
| michael@0 | 151 | // TEST 4: Try file name in the app_name and current directory sets correctly. |
| michael@0 | 152 | string16 system32 = MakeFullPathToSystem32(L""); |
| michael@0 | 153 | wchar_t current_directory[MAX_PATH + 1]; |
| michael@0 | 154 | int result4; |
| michael@0 | 155 | bool test_succeeded = false; |
| michael@0 | 156 | DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory); |
| michael@0 | 157 | if (!ret) |
| michael@0 | 158 | return SBOX_TEST_FIRST_ERROR; |
| michael@0 | 159 | |
| michael@0 | 160 | if (ret < MAX_PATH) { |
| michael@0 | 161 | current_directory[ret] = L'\\'; |
| michael@0 | 162 | current_directory[ret+1] = L'\0'; |
| michael@0 | 163 | if (::SetCurrentDirectory(system32.c_str())) { |
| michael@0 | 164 | result4 = CreateProcessHelper(argv[0], string16()); |
| michael@0 | 165 | if (::SetCurrentDirectory(current_directory)) { |
| michael@0 | 166 | test_succeeded = true; |
| michael@0 | 167 | } |
| michael@0 | 168 | } else { |
| michael@0 | 169 | return SBOX_TEST_SECOND_ERROR; |
| michael@0 | 170 | } |
| michael@0 | 171 | } |
| michael@0 | 172 | if (!test_succeeded) |
| michael@0 | 173 | result4 = SBOX_TEST_FAILED; |
| michael@0 | 174 | |
| michael@0 | 175 | return result4; |
| michael@0 | 176 | } |
| michael@0 | 177 | |
| michael@0 | 178 | SBOX_TESTS_COMMAND int Process_RunApp5(int argc, wchar_t **argv) { |
| michael@0 | 179 | if (argc != 1) { |
| michael@0 | 180 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 181 | } |
| michael@0 | 182 | if ((NULL == argv) || (NULL == argv[0])) { |
| michael@0 | 183 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 184 | } |
| michael@0 | 185 | string16 path = MakeFullPathToSystem32(argv[0]); |
| michael@0 | 186 | |
| michael@0 | 187 | // TEST 5: Try with the path in the cmd_line and arguments. |
| michael@0 | 188 | string16 cmd_line = L"\""; |
| michael@0 | 189 | cmd_line += path; |
| michael@0 | 190 | cmd_line += L"\" /I"; |
| michael@0 | 191 | return CreateProcessHelper(string16(), cmd_line); |
| michael@0 | 192 | } |
| michael@0 | 193 | |
| michael@0 | 194 | SBOX_TESTS_COMMAND int Process_RunApp6(int argc, wchar_t **argv) { |
| michael@0 | 195 | if (argc != 1) { |
| michael@0 | 196 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 197 | } |
| michael@0 | 198 | if ((NULL == argv) || (NULL == argv[0])) { |
| michael@0 | 199 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 200 | } |
| michael@0 | 201 | |
| michael@0 | 202 | // TEST 6: Try with the file_name in the cmd_line and arguments. |
| michael@0 | 203 | string16 cmd_line = argv[0]; |
| michael@0 | 204 | cmd_line += L" /I"; |
| michael@0 | 205 | return CreateProcessHelper(string16(), cmd_line); |
| michael@0 | 206 | } |
| michael@0 | 207 | |
| michael@0 | 208 | // Creates a process and checks if it's possible to get a handle to it's token. |
| michael@0 | 209 | SBOX_TESTS_COMMAND int Process_GetChildProcessToken(int argc, wchar_t **argv) { |
| michael@0 | 210 | if (argc != 1) |
| michael@0 | 211 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 212 | |
| michael@0 | 213 | if ((NULL == argv) || (NULL == argv[0])) |
| michael@0 | 214 | return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| michael@0 | 215 | |
| michael@0 | 216 | string16 path = MakeFullPathToSystem32(argv[0]); |
| michael@0 | 217 | |
| michael@0 | 218 | base::win::ScopedProcessInformation pi; |
| michael@0 | 219 | STARTUPINFOW si = {sizeof(si)}; |
| michael@0 | 220 | |
| michael@0 | 221 | if (!::CreateProcessW(path.c_str(), NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, |
| michael@0 | 222 | NULL, NULL, &si, pi.Receive())) { |
| michael@0 | 223 | return SBOX_TEST_FAILED; |
| michael@0 | 224 | } |
| michael@0 | 225 | |
| michael@0 | 226 | HANDLE token = NULL; |
| michael@0 | 227 | BOOL result = |
| michael@0 | 228 | ::OpenProcessToken(pi.process_handle(), TOKEN_IMPERSONATE, &token); |
| michael@0 | 229 | DWORD error = ::GetLastError(); |
| michael@0 | 230 | |
| michael@0 | 231 | base::win::ScopedHandle token_handle(token); |
| michael@0 | 232 | |
| michael@0 | 233 | if (!::TerminateProcess(pi.process_handle(), 0)) |
| michael@0 | 234 | return SBOX_TEST_FAILED; |
| michael@0 | 235 | |
| michael@0 | 236 | if (result && token) |
| michael@0 | 237 | return SBOX_TEST_SUCCEEDED; |
| michael@0 | 238 | |
| michael@0 | 239 | if (ERROR_ACCESS_DENIED == error) |
| michael@0 | 240 | return SBOX_TEST_DENIED; |
| michael@0 | 241 | |
| michael@0 | 242 | return SBOX_TEST_FAILED; |
| michael@0 | 243 | } |
| michael@0 | 244 | |
| michael@0 | 245 | |
| michael@0 | 246 | SBOX_TESTS_COMMAND int Process_OpenToken(int argc, wchar_t **argv) { |
| michael@0 | 247 | HANDLE token; |
| michael@0 | 248 | if (!::OpenProcessToken(::GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) { |
| michael@0 | 249 | if (ERROR_ACCESS_DENIED == ::GetLastError()) { |
| michael@0 | 250 | return SBOX_TEST_DENIED; |
| michael@0 | 251 | } |
| michael@0 | 252 | } else { |
| michael@0 | 253 | ::CloseHandle(token); |
| michael@0 | 254 | return SBOX_TEST_SUCCEEDED; |
| michael@0 | 255 | } |
| michael@0 | 256 | |
| michael@0 | 257 | return SBOX_TEST_FAILED; |
| michael@0 | 258 | } |
| michael@0 | 259 | |
| michael@0 | 260 | TEST(ProcessPolicyTest, TestAllAccess) { |
| michael@0 | 261 | // Check if the "all access" rule fails to be added when the token is too |
| michael@0 | 262 | // powerful. |
| michael@0 | 263 | TestRunner runner; |
| michael@0 | 264 | |
| michael@0 | 265 | // Check the failing case. |
| michael@0 | 266 | runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| michael@0 | 267 | EXPECT_EQ(SBOX_ERROR_UNSUPPORTED, |
| michael@0 | 268 | runner.GetPolicy()->AddRule(TargetPolicy::SUBSYS_PROCESS, |
| michael@0 | 269 | TargetPolicy::PROCESS_ALL_EXEC, |
| michael@0 | 270 | L"this is not important")); |
| michael@0 | 271 | |
| michael@0 | 272 | // Check the working case. |
| michael@0 | 273 | runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_INTERACTIVE); |
| michael@0 | 274 | |
| michael@0 | 275 | EXPECT_EQ(SBOX_ALL_OK, |
| michael@0 | 276 | runner.GetPolicy()->AddRule(TargetPolicy::SUBSYS_PROCESS, |
| michael@0 | 277 | TargetPolicy::PROCESS_ALL_EXEC, |
| michael@0 | 278 | L"this is not important")); |
| michael@0 | 279 | } |
| michael@0 | 280 | |
| michael@0 | 281 | TEST(ProcessPolicyTest, CreateProcessAW) { |
| michael@0 | 282 | TestRunner runner; |
| michael@0 | 283 | string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| michael@0 | 284 | string16 system32 = MakeFullPathToSystem32(L""); |
| michael@0 | 285 | ASSERT_TRUE(!exe_path.empty()); |
| michael@0 | 286 | EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| michael@0 | 287 | TargetPolicy::PROCESS_MIN_EXEC, |
| michael@0 | 288 | exe_path.c_str())); |
| michael@0 | 289 | |
| michael@0 | 290 | // Need to add directory rules for the directories that we use in |
| michael@0 | 291 | // SetCurrentDirectory. |
| michael@0 | 292 | EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY, |
| michael@0 | 293 | system32.c_str())); |
| michael@0 | 294 | |
| michael@0 | 295 | wchar_t current_directory[MAX_PATH]; |
| michael@0 | 296 | DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory); |
| michael@0 | 297 | ASSERT_TRUE(0 != ret && ret < MAX_PATH); |
| michael@0 | 298 | |
| michael@0 | 299 | wcscat_s(current_directory, MAX_PATH, L"\\"); |
| michael@0 | 300 | EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY, |
| michael@0 | 301 | current_directory)); |
| michael@0 | 302 | |
| michael@0 | 303 | EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp1 calc.exe")); |
| michael@0 | 304 | EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp2 calc.exe")); |
| michael@0 | 305 | EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp3 calc.exe")); |
| michael@0 | 306 | EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp5 calc.exe")); |
| michael@0 | 307 | EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp6 calc.exe")); |
| michael@0 | 308 | |
| michael@0 | 309 | EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| michael@0 | 310 | runner.RunTest(L"Process_RunApp1 findstr.exe")); |
| michael@0 | 311 | EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| michael@0 | 312 | runner.RunTest(L"Process_RunApp2 findstr.exe")); |
| michael@0 | 313 | EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| michael@0 | 314 | runner.RunTest(L"Process_RunApp3 findstr.exe")); |
| michael@0 | 315 | EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| michael@0 | 316 | runner.RunTest(L"Process_RunApp5 findstr.exe")); |
| michael@0 | 317 | EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| michael@0 | 318 | runner.RunTest(L"Process_RunApp6 findstr.exe")); |
| michael@0 | 319 | |
| michael@0 | 320 | #if !defined(_WIN64) |
| michael@0 | 321 | if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { |
| michael@0 | 322 | // WinXP results are not reliable. |
| michael@0 | 323 | EXPECT_EQ(SBOX_TEST_SECOND_ERROR, |
| michael@0 | 324 | runner.RunTest(L"Process_RunApp4 calc.exe")); |
| michael@0 | 325 | EXPECT_EQ(SBOX_TEST_SECOND_ERROR, |
| michael@0 | 326 | runner.RunTest(L"Process_RunApp4 findstr.exe")); |
| michael@0 | 327 | } |
| michael@0 | 328 | #endif |
| michael@0 | 329 | } |
| michael@0 | 330 | |
| michael@0 | 331 | TEST(ProcessPolicyTest, OpenToken) { |
| michael@0 | 332 | TestRunner runner; |
| michael@0 | 333 | EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_OpenToken")); |
| michael@0 | 334 | } |
| michael@0 | 335 | |
| michael@0 | 336 | TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) { |
| michael@0 | 337 | TestRunner runner; |
| michael@0 | 338 | string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| michael@0 | 339 | ASSERT_TRUE(!exe_path.empty()); |
| michael@0 | 340 | EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| michael@0 | 341 | TargetPolicy::PROCESS_MIN_EXEC, |
| michael@0 | 342 | exe_path.c_str())); |
| michael@0 | 343 | |
| michael@0 | 344 | EXPECT_EQ(SBOX_TEST_DENIED, |
| michael@0 | 345 | runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); |
| michael@0 | 346 | } |
| michael@0 | 347 | |
| michael@0 | 348 | TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccess) { |
| michael@0 | 349 | TestRunner runner(JOB_UNPROTECTED, USER_INTERACTIVE, USER_INTERACTIVE); |
| michael@0 | 350 | string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| michael@0 | 351 | ASSERT_TRUE(!exe_path.empty()); |
| michael@0 | 352 | EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| michael@0 | 353 | TargetPolicy::PROCESS_ALL_EXEC, |
| michael@0 | 354 | exe_path.c_str())); |
| michael@0 | 355 | |
| michael@0 | 356 | EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| michael@0 | 357 | runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); |
| michael@0 | 358 | } |
| michael@0 | 359 | |
| michael@0 | 360 | TEST(ProcessPolicyTest, TestGetProcessTokenMinAccessNoJob) { |
| michael@0 | 361 | TestRunner runner(JOB_NONE, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
| michael@0 | 362 | string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| michael@0 | 363 | ASSERT_TRUE(!exe_path.empty()); |
| michael@0 | 364 | EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| michael@0 | 365 | TargetPolicy::PROCESS_MIN_EXEC, |
| michael@0 | 366 | exe_path.c_str())); |
| michael@0 | 367 | |
| michael@0 | 368 | EXPECT_EQ(SBOX_TEST_DENIED, |
| michael@0 | 369 | runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); |
| michael@0 | 370 | } |
| michael@0 | 371 | |
| michael@0 | 372 | TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccessNoJob) { |
| michael@0 | 373 | TestRunner runner(JOB_NONE, USER_INTERACTIVE, USER_INTERACTIVE); |
| michael@0 | 374 | string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| michael@0 | 375 | ASSERT_TRUE(!exe_path.empty()); |
| michael@0 | 376 | EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| michael@0 | 377 | TargetPolicy::PROCESS_ALL_EXEC, |
| michael@0 | 378 | exe_path.c_str())); |
| michael@0 | 379 | |
| michael@0 | 380 | EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| michael@0 | 381 | runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); |
| michael@0 | 382 | } |
| michael@0 | 383 | |
| michael@0 | 384 | } // namespace sandbox |
