1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/integrity_level_test.cc Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,90 @@
1.4 +// Copyright (c) 2011 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#include <windows.h>
1.9 +#include <atlsecurity.h>
1.10 +
1.11 +#include "base/win/windows_version.h"
1.12 +#include "testing/gtest/include/gtest/gtest.h"
1.13 +#include "sandbox/win/src/sandbox.h"
1.14 +#include "sandbox/win/src/sandbox_policy.h"
1.15 +#include "sandbox/win/src/sandbox_factory.h"
1.16 +#include "sandbox/win/tests/common/controller.h"
1.17 +
1.18 +namespace sandbox {
1.19 +
1.20 +
1.21 +SBOX_TESTS_COMMAND int CheckIntegrityLevel(int argc, wchar_t **argv) {
1.22 + ATL::CAccessToken token;
1.23 + if (!token.GetEffectiveToken(TOKEN_READ))
1.24 + return SBOX_TEST_FAILED;
1.25 +
1.26 + char* buffer[100];
1.27 + DWORD buf_size = 100;
1.28 + if (!::GetTokenInformation(token.GetHandle(), TokenIntegrityLevel,
1.29 + reinterpret_cast<void*>(buffer), buf_size,
1.30 + &buf_size))
1.31 + return SBOX_TEST_FAILED;
1.32 +
1.33 + TOKEN_MANDATORY_LABEL* label =
1.34 + reinterpret_cast<TOKEN_MANDATORY_LABEL*>(buffer);
1.35 +
1.36 + PSID sid_low = NULL;
1.37 + if (!::ConvertStringSidToSid(L"S-1-16-4096", &sid_low))
1.38 + return SBOX_TEST_FAILED;
1.39 +
1.40 + BOOL is_low_sid = ::EqualSid(label->Label.Sid, sid_low);
1.41 +
1.42 + ::LocalFree(sid_low);
1.43 +
1.44 + if (is_low_sid)
1.45 + return SBOX_TEST_SUCCEEDED;
1.46 +
1.47 + return SBOX_TEST_DENIED;
1.48 +}
1.49 +
1.50 +TEST(IntegrityLevelTest, TestLowILReal) {
1.51 + if (base::win::GetVersion() != base::win::VERSION_VISTA)
1.52 + return;
1.53 +
1.54 + TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE);
1.55 +
1.56 + runner.SetTimeout(INFINITE);
1.57 +
1.58 + runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW);
1.59 +
1.60 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel"));
1.61 +
1.62 + runner.SetTestState(BEFORE_REVERT);
1.63 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel"));
1.64 +}
1.65 +
1.66 +TEST(DelayedIntegrityLevelTest, TestLowILDelayed) {
1.67 + if (base::win::GetVersion() != base::win::VERSION_VISTA)
1.68 + return;
1.69 +
1.70 + TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE);
1.71 +
1.72 + runner.SetTimeout(INFINITE);
1.73 +
1.74 + runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW);
1.75 +
1.76 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel"));
1.77 +
1.78 + runner.SetTestState(BEFORE_REVERT);
1.79 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"CheckIntegrityLevel"));
1.80 +}
1.81 +
1.82 +TEST(IntegrityLevelTest, TestNoILChange) {
1.83 + if (base::win::GetVersion() != base::win::VERSION_VISTA)
1.84 + return;
1.85 +
1.86 + TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE);
1.87 +
1.88 + runner.SetTimeout(INFINITE);
1.89 +
1.90 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"CheckIntegrityLevel"));
1.91 +}
1.92 +
1.93 +} // namespace sandbox
