• file
• revisions
• annotate
• diff
• comparison
• raw

security/sandbox/win/src/registry_policy_test.cc@6474c204b198 (annotated)

security/sandbox/win/src/registry_policy_test.cc

Wed, 31 Dec 2014 06:09:35 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Wed, 31 Dec 2014 06:09:35 +0100

changeset 0

6474c204b198

permissions

-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0	1	// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
michael@0	2	// Use of this source code is governed by a BSD-style license that can be
michael@0	3	// found in the LICENSE file.
michael@0	4
michael@0	5	#include <shlobj.h>
michael@0	6
michael@0	7	#include "testing/gtest/include/gtest/gtest.h"
michael@0	8	#include "sandbox/win/src/registry_policy.h"
michael@0	9	#include "sandbox/win/src/sandbox.h"
michael@0	10	#include "sandbox/win/src/sandbox_policy.h"
michael@0	11	#include "sandbox/win/src/sandbox_factory.h"
michael@0	12	#include "sandbox/win/src/nt_internals.h"
michael@0	13	#include "sandbox/win/src/win_utils.h"
michael@0	14	#include "sandbox/win/tests/common/controller.h"
michael@0	15
michael@0	16	namespace {
michael@0	17
michael@0	18	static const DWORD kAllowedRegFlags = KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS |
michael@0	19	KEY_NOTIFY | KEY_READ | GENERIC_READ |
michael@0	20	GENERIC_EXECUTE | READ_CONTROL;
michael@0	21
michael@0	22	#define BINDNTDLL(name) \
michael@0	23	name ## Function name = reinterpret_cast<name ## Function>( \
michael@0	24	::GetProcAddress(::GetModuleHandle(L"ntdll.dll"), #name))
michael@0	25
michael@0	26	bool IsKeyOpenForRead(HKEY handle) {
michael@0	27	BINDNTDLL(NtQueryObject);
michael@0	28
michael@0	29	OBJECT_BASIC_INFORMATION info = {0};
michael@0	30	NTSTATUS status = NtQueryObject(handle, ObjectBasicInformation, &info,
michael@0	31	sizeof(info), NULL);
michael@0	32
michael@0	33	if (!NT_SUCCESS(status))
michael@0	34	return false;
michael@0	35
michael@0	36	if ((info.GrantedAccess & (~kAllowedRegFlags)) != 0)
michael@0	37	return false;
michael@0	38	return true;
michael@0	39	}
michael@0	40
michael@0	41	}
michael@0	42
michael@0	43	namespace sandbox {
michael@0	44
michael@0	45	SBOX_TESTS_COMMAND int Reg_OpenKey(int argc, wchar_t **argv) {
michael@0	46	if (argc != 4)
michael@0	47	return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
michael@0	48
michael@0	49	REGSAM desired_access = 0;
michael@0	50	ULONG options = 0;
michael@0	51	if (wcscmp(argv[1], L"read") == 0) {
michael@0	52	desired_access = KEY_READ;
michael@0	53	} else if (wcscmp(argv[1], L"write") == 0) {
michael@0	54	desired_access = KEY_ALL_ACCESS;
michael@0	55	} else if (wcscmp(argv[1], L"link") == 0) {
michael@0	56	options = REG_OPTION_CREATE_LINK;
michael@0	57	desired_access = KEY_ALL_ACCESS;
michael@0	58	} else {
michael@0	59	desired_access = MAXIMUM_ALLOWED;
michael@0	60	}
michael@0	61
michael@0	62	HKEY root = GetReservedKeyFromName(argv[2]);
michael@0	63	HKEY key;
michael@0	64	LRESULT result = 0;
michael@0	65
michael@0	66	if (wcscmp(argv[0], L"create") == 0)
michael@0	67	result = ::RegCreateKeyEx(root, argv[3], 0, NULL, options, desired_access,
michael@0	68	NULL, &key, NULL);
michael@0	69	else
michael@0	70	result = ::RegOpenKeyEx(root, argv[3], 0, desired_access, &key);
michael@0	71
michael@0	72	if (ERROR_SUCCESS == result) {
michael@0	73	if (MAXIMUM_ALLOWED == desired_access) {
michael@0	74	if (!IsKeyOpenForRead(key)) {
michael@0	75	::RegCloseKey(key);
michael@0	76	return SBOX_TEST_FAILED;
michael@0	77	}
michael@0	78	}
michael@0	79	::RegCloseKey(key);
michael@0	80	return SBOX_TEST_SUCCEEDED;
michael@0	81	} else if (ERROR_ACCESS_DENIED == result) {
michael@0	82	return SBOX_TEST_DENIED;
michael@0	83	}
michael@0	84
michael@0	85	return SBOX_TEST_FAILED;
michael@0	86	}
michael@0	87
michael@0	88	TEST(RegistryPolicyTest, TestKeyAnyAccess) {
michael@0	89	TestRunner runner;
michael@0	90	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	91	TargetPolicy::REG_ALLOW_READONLY,
michael@0	92	L"HKEY_LOCAL_MACHINE"));
michael@0	93
michael@0	94	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	95	TargetPolicy::REG_ALLOW_ANY,
michael@0	96	L"HKEY_LOCAL_MACHINE\\Software\\Microsoft"));
michael@0	97
michael@0	98	// Tests read access on key allowed for read-write.
michael@0	99	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(
michael@0	100	L"Reg_OpenKey create read HKEY_LOCAL_MACHINE software\\microsoft"));
michael@0	101
michael@0	102	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(
michael@0	103	L"Reg_OpenKey open read HKEY_LOCAL_MACHINE software\\microsoft"));
michael@0	104
michael@0	105	if (::IsUserAnAdmin()) {
michael@0	106	// Tests write access on key allowed for read-write.
michael@0	107	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(
michael@0	108	L"Reg_OpenKey create write HKEY_LOCAL_MACHINE software\\microsoft"));
michael@0	109
michael@0	110	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(
michael@0	111	L"Reg_OpenKey open write HKEY_LOCAL_MACHINE software\\microsoft"));
michael@0	112	}
michael@0	113
michael@0	114	// Tests subdirectory access on keys where we don't have subdirectory acess.
michael@0	115	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Reg_OpenKey create read "
michael@0	116	L"HKEY_LOCAL_MACHINE software\\microsoft\\Windows"));
michael@0	117
michael@0	118	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Reg_OpenKey open read "
michael@0	119	L"HKEY_LOCAL_MACHINE software\\microsoft\\windows"));
michael@0	120
michael@0	121	// Tests to see if we can create keys where we dont have subdirectory access.
michael@0	122	// This is denied.
michael@0	123	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Reg_OpenKey create write "
michael@0	124	L"HKEY_LOCAL_MACHINE software\\Microsoft\\google_unit_tests"));
michael@0	125
michael@0	126	RegDeleteKey(HKEY_LOCAL_MACHINE, L"software\\Microsoft\\google_unit_tests");
michael@0	127
michael@0	128	// Tests if we need to handle differently the "\\" at the end.
michael@0	129	// This is denied. We need to add both rules.
michael@0	130	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(
michael@0	131	L"Reg_OpenKey create read HKEY_LOCAL_MACHINE software\\microsoft\\"));
michael@0	132
michael@0	133	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(
michael@0	134	L"Reg_OpenKey open read HKEY_LOCAL_MACHINE software\\microsoft\\"));
michael@0	135	}
michael@0	136
michael@0	137	TEST(RegistryPolicyTest, TestKeyNoAccess) {
michael@0	138	TestRunner runner;
michael@0	139
michael@0	140	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	141	TargetPolicy::REG_ALLOW_READONLY,
michael@0	142	L"HKEY_LOCAL_MACHINE"));
michael@0	143
michael@0	144	// Tests read access where we don't have access at all.
michael@0	145	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(
michael@0	146	L"Reg_OpenKey create read HKEY_LOCAL_MACHINE software"));
michael@0	147
michael@0	148	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(
michael@0	149	L"Reg_OpenKey open read HKEY_LOCAL_MACHINE software"));
michael@0	150	}
michael@0	151
michael@0	152	TEST(RegistryPolicyTest, TestKeyReadOnlyAccess) {
michael@0	153	TestRunner runner;
michael@0	154
michael@0	155	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	156	TargetPolicy::REG_ALLOW_READONLY,
michael@0	157	L"HKEY_LOCAL_MACHINE"));
michael@0	158
michael@0	159	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	160	TargetPolicy::REG_ALLOW_READONLY,
michael@0	161	L"HKEY_LOCAL_MACHINE\\Software\\Policies"));
michael@0	162
michael@0	163	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	164	TargetPolicy::REG_ALLOW_READONLY,
michael@0	165	L"HKEY_LOCAL_MACHINE\\Software\\Policies\\*"));
michael@0	166
michael@0	167	// Tests subdirectory acess on keys where we have subdirectory acess.
michael@0	168	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Reg_OpenKey create read "
michael@0	169	L"HKEY_LOCAL_MACHINE software\\Policies\\microsoft"));
michael@0	170
michael@0	171	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Reg_OpenKey open read "
michael@0	172	L"HKEY_LOCAL_MACHINE software\\Policies\\microsoft"));
michael@0	173
michael@0	174	// Tests to see if we can create keys where we have subdirectory access.
michael@0	175	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Reg_OpenKey create write "
michael@0	176	L"HKEY_LOCAL_MACHINE software\\Policies\\google_unit_tests"));
michael@0	177
michael@0	178	RegDeleteKey(HKEY_LOCAL_MACHINE, L"software\\Policies\\google_unit_tests");
michael@0	179	}
michael@0	180
michael@0	181	TEST(RegistryPolicyTest, TestKeyAllAccessSubDir) {
michael@0	182	TestRunner runner;
michael@0	183
michael@0	184	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	185	TargetPolicy::REG_ALLOW_READONLY,
michael@0	186	L"HKEY_LOCAL_MACHINE"));
michael@0	187
michael@0	188	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	189	TargetPolicy::REG_ALLOW_ANY,
michael@0	190	L"HKEY_LOCAL_MACHINE\\Software\\Policies"));
michael@0	191
michael@0	192	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	193	TargetPolicy::REG_ALLOW_ANY,
michael@0	194	L"HKEY_LOCAL_MACHINE\\Software\\Policies\\*"));
michael@0	195
michael@0	196	if (::IsUserAnAdmin()) {
michael@0	197	// Tests to see if we can create keys where we have subdirectory access.
michael@0	198	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Reg_OpenKey create write "
michael@0	199	L"HKEY_LOCAL_MACHINE software\\Policies\\google_unit_tests"));
michael@0	200
michael@0	201	RegDeleteKey(HKEY_LOCAL_MACHINE, L"software\\Policies\\google_unit_tests");
michael@0	202	}
michael@0	203	}
michael@0	204
michael@0	205	TEST(RegistryPolicyTest, TestKeyCreateLink) {
michael@0	206	TestRunner runner;
michael@0	207
michael@0	208	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	209	TargetPolicy::REG_ALLOW_READONLY,
michael@0	210	L"HKEY_LOCAL_MACHINE"));
michael@0	211
michael@0	212	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	213	TargetPolicy::REG_ALLOW_ANY,
michael@0	214	L"HKEY_LOCAL_MACHINE\\Software\\Policies"));
michael@0	215
michael@0	216	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	217	TargetPolicy::REG_ALLOW_ANY,
michael@0	218	L"HKEY_LOCAL_MACHINE\\Software\\Policies\\*"));
michael@0	219
michael@0	220	// Tests to see if we can create a registry link key.
michael@0	221	// NOTE: In theory here we should make sure to check for SBOX_TEST_DENIED
michael@0	222	// instead of !SBOX_TEST_SUCCEEDED, but unfortunately the result is not
michael@0	223	// access denied. Internally RegCreateKeyEx (At least on Vista 64) tries to
michael@0	224	// create the link, and we return successfully access denied, then, it
michael@0	225	// decides to try to break the path in multiple chunks, and create the links
michael@0	226	// one by one. In this scenario, it tries to create "HKLM\Software" as a
michael@0	227	// link key, which obviously fail with STATUS_OBJECT_NAME_COLLISION, and
michael@0	228	// this is what is returned to the user.
michael@0	229	EXPECT_NE(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Reg_OpenKey create link "
michael@0	230	L"HKEY_LOCAL_MACHINE software\\Policies\\google_unit_tests"));
michael@0	231
michael@0	232	// In case our code fails, and the call works, we need to delete the new
michael@0	233	// link. There is no api for this, so we need to use the NT call.
michael@0	234	HKEY key = NULL;
michael@0	235	LRESULT result = ::RegOpenKeyEx(HKEY_LOCAL_MACHINE,
michael@0	236	L"software\\Policies\\google_unit_tests",
michael@0	237	REG_OPTION_OPEN_LINK, MAXIMUM_ALLOWED,
michael@0	238	&key);
michael@0	239
michael@0	240	if (!result) {
michael@0	241	HMODULE ntdll = GetModuleHandle(L"ntdll.dll");
michael@0	242	NtDeleteKeyFunction NtDeleteKey =
michael@0	243	reinterpret_cast<NtDeleteKeyFunction>(GetProcAddress(ntdll,
michael@0	244	"NtDeleteKey"));
michael@0	245	NtDeleteKey(key);
michael@0	246	}
michael@0	247	}
michael@0	248
michael@0	249	TEST(RegistryPolicyTest, TestKeyReadOnlyHKCU) {
michael@0	250	TestRunner runner;
michael@0	251	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	252	TargetPolicy::REG_ALLOW_READONLY,
michael@0	253	L"HKEY_CURRENT_USER"));
michael@0	254
michael@0	255	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	256	TargetPolicy::REG_ALLOW_READONLY,
michael@0	257	L"HKEY_CURRENT_USER\\Software"));
michael@0	258
michael@0	259	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	260	TargetPolicy::REG_ALLOW_READONLY,
michael@0	261	L"HKEY_USERS\\.default"));
michael@0	262
michael@0	263	EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_REGISTRY,
michael@0	264	TargetPolicy::REG_ALLOW_READONLY,
michael@0	265	L"HKEY_USERS\\.default\\software"));
michael@0	266
michael@0	267	// Tests read access where we only have read-only access.
michael@0	268	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(
michael@0	269	L"Reg_OpenKey create read HKEY_CURRENT_USER software"));
michael@0	270
michael@0	271	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(
michael@0	272	L"Reg_OpenKey open read HKEY_CURRENT_USER software"));
michael@0	273
michael@0	274	// Tests write access where we only have read-only acess.
michael@0	275	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(
michael@0	276	L"Reg_OpenKey create write HKEY_CURRENT_USER software"));
michael@0	277
michael@0	278	EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(
michael@0	279	L"Reg_OpenKey open write HKEY_CURRENT_USER software"));
michael@0	280
michael@0	281	// Tests maximum allowed access where we only have read-only access.
michael@0	282	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(
michael@0	283	L"Reg_OpenKey create maximum_allowed HKEY_CURRENT_USER software"));
michael@0	284
michael@0	285	EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(
michael@0	286	L"Reg_OpenKey open maximum_allowed HKEY_CURRENT_USER software"));
michael@0	287	}
michael@0	288
michael@0	289	} // namespace sandbox