1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/sync_policy_test.cc Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,146 @@
1.4 +// Copyright (c) 2011 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#include "sandbox/win/src/sync_policy_test.h"
1.9 +
1.10 +#include "base/win/scoped_handle.h"
1.11 +#include "sandbox/win/src/sandbox.h"
1.12 +#include "sandbox/win/src/sandbox_policy.h"
1.13 +#include "sandbox/win/src/sandbox_factory.h"
1.14 +#include "sandbox/win/src/nt_internals.h"
1.15 +#include "testing/gtest/include/gtest/gtest.h"
1.16 +
1.17 +namespace sandbox {
1.18 +
1.19 +SBOX_TESTS_COMMAND int Event_Open(int argc, wchar_t **argv) {
1.20 + if (argc != 2)
1.21 + return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
1.22 +
1.23 + DWORD desired_access = SYNCHRONIZE;
1.24 + if (L'f' == argv[0][0])
1.25 + desired_access = EVENT_ALL_ACCESS;
1.26 +
1.27 + base::win::ScopedHandle event_open(::OpenEvent(
1.28 + desired_access, FALSE, argv[1]));
1.29 + DWORD error_open = ::GetLastError();
1.30 +
1.31 + if (event_open.Get())
1.32 + return SBOX_TEST_SUCCEEDED;
1.33 +
1.34 + if (ERROR_ACCESS_DENIED == error_open ||
1.35 + ERROR_BAD_PATHNAME == error_open)
1.36 + return SBOX_TEST_DENIED;
1.37 +
1.38 + return SBOX_TEST_FAILED;
1.39 +}
1.40 +
1.41 +SBOX_TESTS_COMMAND int Event_CreateOpen(int argc, wchar_t **argv) {
1.42 + if (argc < 2 || argc > 3)
1.43 + return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
1.44 +
1.45 + wchar_t *event_name = NULL;
1.46 + if (3 == argc)
1.47 + event_name = argv[2];
1.48 +
1.49 + BOOL manual_reset = FALSE;
1.50 + BOOL initial_state = FALSE;
1.51 + if (L't' == argv[0][0])
1.52 + manual_reset = TRUE;
1.53 + if (L't' == argv[1][0])
1.54 + initial_state = TRUE;
1.55 +
1.56 + base::win::ScopedHandle event_create(::CreateEvent(
1.57 + NULL, manual_reset, initial_state, event_name));
1.58 + DWORD error_create = ::GetLastError();
1.59 + base::win::ScopedHandle event_open;
1.60 + if (event_name)
1.61 + event_open.Set(::OpenEvent(EVENT_ALL_ACCESS, FALSE, event_name));
1.62 +
1.63 + if (event_create.Get()) {
1.64 + DWORD wait = ::WaitForSingleObject(event_create.Get(), 0);
1.65 + if (initial_state && WAIT_OBJECT_0 != wait)
1.66 + return SBOX_TEST_FAILED;
1.67 +
1.68 + if (!initial_state && WAIT_TIMEOUT != wait)
1.69 + return SBOX_TEST_FAILED;
1.70 + }
1.71 +
1.72 + if (event_name) {
1.73 + // Both event_open and event_create have to be valid.
1.74 + if (event_open.Get() && event_create)
1.75 + return SBOX_TEST_SUCCEEDED;
1.76 +
1.77 + if (event_open.Get() && !event_create || !event_open.Get() && event_create)
1.78 + return SBOX_TEST_FAILED;
1.79 + } else {
1.80 + // Only event_create has to be valid.
1.81 + if (event_create.Get())
1.82 + return SBOX_TEST_SUCCEEDED;
1.83 + }
1.84 +
1.85 + if (ERROR_ACCESS_DENIED == error_create ||
1.86 + ERROR_BAD_PATHNAME == error_create)
1.87 + return SBOX_TEST_DENIED;
1.88 +
1.89 + return SBOX_TEST_FAILED;
1.90 +}
1.91 +
1.92 +// Tests the creation of events using all the possible combinations.
1.93 +TEST(SyncPolicyTest, TestEvent) {
1.94 + TestRunner runner;
1.95 + EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC,
1.96 + TargetPolicy::EVENTS_ALLOW_ANY,
1.97 + L"test1"));
1.98 + EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC,
1.99 + TargetPolicy::EVENTS_ALLOW_ANY,
1.100 + L"test2"));
1.101 +
1.102 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen f f"));
1.103 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen t f"));
1.104 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen f t"));
1.105 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen t t"));
1.106 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen f f test1"));
1.107 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen t f test2"));
1.108 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen f t test1"));
1.109 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen t t test2"));
1.110 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_CreateOpen f f test3"));
1.111 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_CreateOpen t f test4"));
1.112 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_CreateOpen f t test3"));
1.113 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_CreateOpen t t test4"));
1.114 +}
1.115 +
1.116 +// Tests opening events with read only access.
1.117 +TEST(SyncPolicyTest, TestEventReadOnly) {
1.118 + TestRunner runner;
1.119 + EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC,
1.120 + TargetPolicy::EVENTS_ALLOW_READONLY,
1.121 + L"test1"));
1.122 + EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC,
1.123 + TargetPolicy::EVENTS_ALLOW_READONLY,
1.124 + L"test2"));
1.125 + EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC,
1.126 + TargetPolicy::EVENTS_ALLOW_READONLY,
1.127 + L"test5"));
1.128 + EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC,
1.129 + TargetPolicy::EVENTS_ALLOW_READONLY,
1.130 + L"test6"));
1.131 +
1.132 + base::win::ScopedHandle handle1(::CreateEvent(NULL, FALSE, FALSE, L"test1"));
1.133 + base::win::ScopedHandle handle2(::CreateEvent(NULL, FALSE, FALSE, L"test2"));
1.134 + base::win::ScopedHandle handle3(::CreateEvent(NULL, FALSE, FALSE, L"test3"));
1.135 + base::win::ScopedHandle handle4(::CreateEvent(NULL, FALSE, FALSE, L"test4"));
1.136 +
1.137 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen f f"));
1.138 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_CreateOpen t f"));
1.139 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test1"));
1.140 + EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open s test2"));
1.141 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test3"));
1.142 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open s test4"));
1.143 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_CreateOpen f f test5"));
1.144 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_CreateOpen t f test6"));
1.145 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_CreateOpen f t test5"));
1.146 + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_CreateOpen t t test6"));
1.147 +}
1.148 +
1.149 +} // namespace sandbox
