The Tor Browser / file revision

security/sandbox/win/src/named_pipe_policy_test.cc@6474c204b198

security/sandbox/win/src/named_pipe_policy_test.cc

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.

     2 // Use of this source code is governed by a BSD-style license that can be

     3 // found in the LICENSE file.

     4 

     5 #include "testing/gtest/include/gtest/gtest.h"

     6 #include "sandbox/win/src/sandbox.h"

     7 #include "sandbox/win/src/sandbox_policy.h"

     8 #include "sandbox/win/src/sandbox_factory.h"

     9 #include "sandbox/win/tests/common/controller.h"

    10 

    11 namespace sandbox {

    12 

    13 

    14 SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {

    15   if (argc != 1) {

    16     return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;

    17   }

    18   if ((NULL == argv) || (NULL == argv[0])) {

    19     return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;

    20   }

    21 

    22   HANDLE pipe = ::CreateNamedPipeW(argv[0],

    23                                    PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,

    24                                    PIPE_TYPE_BYTE | PIPE_READMODE_BYTE, 1, 4096,

    25                                    4096, 2000, NULL);

    26   if (INVALID_HANDLE_VALUE == pipe)

    27     return SBOX_TEST_DENIED;

    28 

    29   OVERLAPPED overlapped = {0};

    30   overlapped.hEvent = ::CreateEvent(NULL, TRUE, TRUE, NULL);

    31   BOOL result = ::ConnectNamedPipe(pipe, &overlapped);

    32 

    33   if (!result) {

    34     DWORD error = ::GetLastError();

    35     if (ERROR_PIPE_CONNECTED != error &&

    36         ERROR_IO_PENDING != error) {

    37           return SBOX_TEST_FAILED;

    38     }

    39   }

    40 

    41   if (!::CloseHandle(pipe))

    42     return SBOX_TEST_FAILED;

    43 

    44   ::CloseHandle(overlapped.hEvent);

    45   return SBOX_TEST_SUCCEEDED;

    46 }

    47 

    48 // Tests if we can create a pipe in the sandbox. On XP, the sandbox can create

    49 // a pipe without any help but it fails on Vista, this is why we do not test

    50 // the "denied" case.

    51 TEST(NamedPipePolicyTest, CreatePipe) {

    52   TestRunner runner;

    53   // TODO(nsylvain): This policy is wrong because "*" is a valid char in a

    54   // namedpipe name. Here we apply it like a wildcard. http://b/893603

    55   EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,

    56                              TargetPolicy::NAMEDPIPES_ALLOW_ANY,

    57                               L"\\\\.\\pipe\\test*"));

    58 

    59   EXPECT_EQ(SBOX_TEST_SUCCEEDED,

    60             runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));

    61 }

    62 

    63 // The same test as CreatePipe but this time using strict interceptions.

    64 TEST(NamedPipePolicyTest, CreatePipeStrictInterceptions) {

    65   TestRunner runner;

    66   runner.GetPolicy()->SetStrictInterceptions();

    67 

    68   // TODO(nsylvain): This policy is wrong because "*" is a valid char in a

    69   // namedpipe name. Here we apply it like a wildcard. http://b/893603

    70   EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,

    71                              TargetPolicy::NAMEDPIPES_ALLOW_ANY,

    72                               L"\\\\.\\pipe\\test*"));

    73 

    74   EXPECT_EQ(SBOX_TEST_SUCCEEDED,

    75             runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));

    76 }

    77 

    78 }  // namespace sandbox

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial