security/sandbox/win/src/policy_low_level_unittest.cc@6474c204b198
security/sandbox/win/src/policy_low_level_unittest.cc
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/policy_engine_params.h"
6 #include "sandbox/win/src/policy_engine_processor.h"
7 #include "sandbox/win/src/policy_low_level.h"
8 #include "testing/gtest/include/gtest/gtest.h"
10 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = {
11 #define POLPARAM(p) sandbox::ParamPickerMake(p),
12 #define POLPARAMS_END }
14 namespace sandbox {
16 bool SetupNtdllImports();
18 // Testing that we allow opcode generation on valid string patterns.
19 TEST(PolicyEngineTest, StringPatternsOK) {
20 SetupNtdllImports();
21 PolicyRule pr(ASK_BROKER);
22 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\adobe\\ver??\\", CASE_SENSITIVE));
23 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"*.tmp", CASE_SENSITIVE));
24 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\*.doc", CASE_SENSITIVE));
25 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\windows\\*", CASE_SENSITIVE));
26 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"d:\\adobe\\acrobat.exe",
27 CASE_SENSITIVE));
28 }
30 // Testing that we signal invalid string patterns.
31 TEST(PolicyEngineTest, StringPatternsBAD) {
32 SetupNtdllImports();
33 PolicyRule pr(ASK_BROKER);
34 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"one**two", CASE_SENSITIVE));
35 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"**three", CASE_SENSITIVE));
36 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"five?six*?seven", CASE_SENSITIVE));
37 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"eight?*nine", CASE_SENSITIVE));
38 }
40 // Helper function to allocate space (on the heap) for policy.
41 PolicyGlobal* MakePolicyMemory() {
42 const size_t kTotalPolicySz = 4096*8;
43 char* mem = new char[kTotalPolicySz];
44 memset(mem, 0, kTotalPolicySz);
45 PolicyGlobal* policy = reinterpret_cast<PolicyGlobal*>(mem);
46 policy->data_size = kTotalPolicySz - sizeof(PolicyGlobal);
47 return policy;
48 }
50 // The simplest test using LowLevelPolicy it should test a single opcode which
51 // does a exact string comparison.
52 TEST(PolicyEngineTest, SimpleStrMatch) {
53 SetupNtdllImports();
54 PolicyRule pr(ASK_BROKER);
55 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"z:\\Directory\\domo.txt",
56 CASE_INSENSITIVE));
58 PolicyGlobal* policy = MakePolicyMemory();
59 const uint32 kFakeService = 2;
61 LowLevelPolicy policyGen(policy);
62 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
63 EXPECT_TRUE(policyGen.Done());
65 wchar_t* filename = L"Z:\\Directory\\domo.txt";
67 POLPARAMS_BEGIN(eval_params)
68 POLPARAM(filename) // Argument 0
69 POLPARAMS_END;
71 PolicyResult result;
72 PolicyProcessor pol_ev(policy->entry[kFakeService]);
74 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
75 EXPECT_EQ(POLICY_MATCH, result);
76 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
78 filename = L"Z:\\Directory\\domo.txt.tmp";
79 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
80 EXPECT_EQ(NO_POLICY_MATCH, result);
82 delete [] reinterpret_cast<char*>(policy);
83 }
85 TEST(PolicyEngineTest, SimpleIfNotStrMatch) {
86 SetupNtdllImports();
87 PolicyRule pr(ASK_BROKER);
88 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\",
89 CASE_SENSITIVE));
91 PolicyGlobal* policy = MakePolicyMemory();
92 const uint32 kFakeService = 2;
93 LowLevelPolicy policyGen(policy);
95 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
96 EXPECT_TRUE(policyGen.Done());
98 wchar_t* filename = NULL;
99 POLPARAMS_BEGIN(eval_params)
100 POLPARAM(filename) // Argument 0
101 POLPARAMS_END;
103 PolicyResult result;
104 PolicyProcessor pol_ev(policy->entry[kFakeService]);
106 filename = L"c:\\Microsoft\\";
107 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
108 EXPECT_EQ(NO_POLICY_MATCH, result);
110 filename = L"c:\\MicroNerd\\";
111 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
112 EXPECT_EQ(POLICY_MATCH, result);
113 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
115 filename = L"c:\\Microsoft\\domo.txt";
116 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
117 EXPECT_EQ(POLICY_MATCH, result);
118 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
120 delete [] reinterpret_cast<char*>(policy);
121 }
123 TEST(PolicyEngineTest, SimpleIfNotStrMatchWild1) {
124 SetupNtdllImports();
125 PolicyRule pr(ASK_BROKER);
126 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*",
127 CASE_SENSITIVE));
129 PolicyGlobal* policy = MakePolicyMemory();
130 const uint32 kFakeService = 3;
131 LowLevelPolicy policyGen(policy);
133 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
134 EXPECT_TRUE(policyGen.Done());
136 wchar_t* filename = NULL;
137 POLPARAMS_BEGIN(eval_params)
138 POLPARAM(filename) // Argument 0
139 POLPARAMS_END;
141 PolicyResult result;
142 PolicyProcessor pol_ev(policy->entry[kFakeService]);
144 filename = L"c:\\Microsoft\\domo.txt";
145 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
146 EXPECT_EQ(NO_POLICY_MATCH, result);
148 filename = L"c:\\MicroNerd\\domo.txt";
149 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
150 EXPECT_EQ(POLICY_MATCH, result);
151 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
153 delete [] reinterpret_cast<char*>(policy);
154 }
156 TEST(PolicyEngineTest, SimpleIfNotStrMatchWild2) {
157 SetupNtdllImports();
158 PolicyRule pr(ASK_BROKER);
159 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*.txt",
160 CASE_SENSITIVE));
162 PolicyGlobal* policy = MakePolicyMemory();
163 const uint32 kFakeService = 3;
164 LowLevelPolicy policyGen(policy);
166 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
167 EXPECT_TRUE(policyGen.Done());
169 wchar_t* filename = NULL;
170 POLPARAMS_BEGIN(eval_params)
171 POLPARAM(filename) // Argument 0
172 POLPARAMS_END;
174 PolicyResult result;
175 PolicyProcessor pol_ev(policy->entry[kFakeService]);
177 filename = L"c:\\Microsoft\\domo.txt";
178 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
179 EXPECT_EQ(NO_POLICY_MATCH, result);
181 filename = L"c:\\MicroNerd\\domo.txt";
182 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
183 EXPECT_EQ(POLICY_MATCH, result);
184 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
186 filename = L"c:\\Microsoft\\domo.bmp";
187 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
188 EXPECT_EQ(POLICY_MATCH, result);
189 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
191 delete [] reinterpret_cast<char*>(policy);
192 }
194 TEST(PolicyEngineTest, IfNotStrMatchTwoRulesWild1) {
195 SetupNtdllImports();
196 PolicyRule pr(ASK_BROKER);
197 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*",
198 CASE_SENSITIVE));
199 EXPECT_TRUE(pr.AddNumberMatch(IF, 1, 24, EQUAL));
201 PolicyGlobal* policy = MakePolicyMemory();
202 const uint32 kFakeService = 3;
203 LowLevelPolicy policyGen(policy);
205 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
206 EXPECT_TRUE(policyGen.Done());
208 wchar_t* filename = NULL;
209 unsigned long access = 0;
210 POLPARAMS_BEGIN(eval_params)
211 POLPARAM(filename) // Argument 0
212 POLPARAM(access) // Argument 1
213 POLPARAMS_END;
215 PolicyResult result;
216 PolicyProcessor pol_ev(policy->entry[kFakeService]);
218 filename = L"c:\\Microsoft\\domo.txt";
219 access = 24;
220 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
221 EXPECT_EQ(NO_POLICY_MATCH, result);
223 filename = L"c:\\Microsoft\\domo.txt";
224 access = 42;
225 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
226 EXPECT_EQ(NO_POLICY_MATCH, result);
228 filename = L"c:\\MicroNerd\\domo.txt";
229 access = 24;
230 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
231 EXPECT_EQ(POLICY_MATCH, result);
232 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
234 filename = L"c:\\Micronesia\\domo.txt";
235 access = 42;
236 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
237 EXPECT_EQ(NO_POLICY_MATCH, result);
239 delete [] reinterpret_cast<char*>(policy);
240 }
242 TEST(PolicyEngineTest, IfNotStrMatchTwoRulesWild2) {
243 SetupNtdllImports();
244 PolicyRule pr(ASK_BROKER);
245 EXPECT_TRUE(pr.AddNumberMatch(IF, 1, 24, EQUAL));
246 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\GoogleV?\\*.txt",
247 CASE_SENSITIVE));
248 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, 66, EQUAL));
250 PolicyGlobal* policy = MakePolicyMemory();
251 const uint32 kFakeService = 3;
252 LowLevelPolicy policyGen(policy);
254 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
255 EXPECT_TRUE(policyGen.Done());
257 wchar_t* filename = NULL;
258 unsigned long access = 0;
259 unsigned long sharing = 66;
261 POLPARAMS_BEGIN(eval_params)
262 POLPARAM(filename) // Argument 0
263 POLPARAM(access) // Argument 1
264 POLPARAM(sharing) // Argument 2
265 POLPARAMS_END;
267 PolicyResult result;
268 PolicyProcessor pol_ev(policy->entry[kFakeService]);
270 filename = L"c:\\GoogleV2\\domo.txt";
271 access = 24;
272 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
273 EXPECT_EQ(NO_POLICY_MATCH, result);
275 filename = L"c:\\GoogleV2\\domo.bmp";
276 access = 24;
277 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
278 EXPECT_EQ(POLICY_MATCH, result);
279 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
281 filename = L"c:\\GoogleV23\\domo.txt";
282 access = 24;
283 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
284 EXPECT_EQ(POLICY_MATCH, result);
285 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
288 filename = L"c:\\GoogleV2\\domo.txt";
289 access = 42;
290 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
291 EXPECT_EQ(NO_POLICY_MATCH, result);
293 filename = L"c:\\Google\\domo.txt";
294 access = 24;
295 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
296 EXPECT_EQ(POLICY_MATCH, result);
297 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
299 filename = L"c:\\Micronesia\\domo.txt";
300 access = 42;
301 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
302 EXPECT_EQ(NO_POLICY_MATCH, result);
304 filename = L"c:\\GoogleV2\\domo.bmp";
305 access = 24;
306 sharing = 0;
307 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
308 EXPECT_EQ(NO_POLICY_MATCH, result);
310 delete [] reinterpret_cast<char*>(policy);
311 }
313 // Testing one single rule in one single service. The service is made to
314 // resemble NtCreateFile.
315 TEST(PolicyEngineTest, OneRuleTest) {
316 SetupNtdllImports();
317 PolicyRule pr(ASK_BROKER);
318 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\*Microsoft*\\*.txt",
319 CASE_SENSITIVE));
320 EXPECT_TRUE(pr.AddNumberMatch(IF_NOT, 1, CREATE_ALWAYS, EQUAL));
321 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
323 PolicyGlobal* policy = MakePolicyMemory();
325 const uint32 kNtFakeCreateFile = 7;
327 LowLevelPolicy policyGen(policy);
328 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr));
329 EXPECT_TRUE(policyGen.Done());
331 wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt";
332 unsigned long creation_mode = OPEN_EXISTING;
333 unsigned long flags = FILE_ATTRIBUTE_NORMAL;
334 void* security_descriptor = NULL;
336 POLPARAMS_BEGIN(eval_params)
337 POLPARAM(filename) // Argument 0
338 POLPARAM(creation_mode) // Argument 1
339 POLPARAM(flags) // Argument 2
340 POLPARAM(security_descriptor)
341 POLPARAMS_END;
343 PolicyResult result;
344 PolicyProcessor pol_ev(policy->entry[kNtFakeCreateFile]);
346 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
347 EXPECT_EQ(POLICY_MATCH, result);
348 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
350 creation_mode = CREATE_ALWAYS;
351 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
352 EXPECT_EQ(NO_POLICY_MATCH, result);
354 creation_mode = OPEN_EXISTING;
355 filename = L"c:\\Other\\Path\\Microsoft\\Another file.txt";
356 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
357 EXPECT_EQ(POLICY_MATCH, result);
358 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
360 filename = L"c:\\Other\\Path\\Microsoft\\Another file.txt.tmp";
361 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
362 EXPECT_EQ(NO_POLICY_MATCH, result);
364 flags = FILE_ATTRIBUTE_DEVICE;
365 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
366 EXPECT_EQ(NO_POLICY_MATCH, result);
368 filename = L"c:\\Other\\Macrosoft\\Another file.txt";
369 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
370 EXPECT_EQ(NO_POLICY_MATCH, result);
372 filename = L"c:\\Microsoft\\1.txt";
373 flags = FILE_ATTRIBUTE_NORMAL;
374 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
375 EXPECT_EQ(POLICY_MATCH, result);
376 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
378 filename = L"c:\\Microsoft\\1.ttt";
379 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
380 EXPECT_EQ(NO_POLICY_MATCH, result);
382 delete [] reinterpret_cast<char*>(policy);
383 }
385 // Testing 3 rules in 3 services. Two of the services resemble File services.
386 TEST(PolicyEngineTest, ThreeRulesTest) {
387 SetupNtdllImports();
388 PolicyRule pr_pipe(FAKE_SUCCESS);
389 EXPECT_TRUE(pr_pipe.AddStringMatch(IF, 0, L"\\\\/?/?\\Pipe\\Chrome.*",
390 CASE_INSENSITIVE));
391 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 1, OPEN_EXISTING, EQUAL));
392 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
394 size_t opc1 = pr_pipe.GetOpcodeCount();
395 EXPECT_EQ(3, opc1);
397 PolicyRule pr_dump(ASK_BROKER);
398 EXPECT_TRUE(pr_dump.AddStringMatch(IF, 0, L"\\\\/?/?\\*\\Crash Reports\\*",
399 CASE_INSENSITIVE));
400 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 1, CREATE_ALWAYS, EQUAL));
401 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
403 size_t opc2 = pr_dump.GetOpcodeCount();
404 EXPECT_EQ(4, opc2);
406 PolicyRule pr_winexe(SIGNAL_ALARM);
407 EXPECT_TRUE(pr_winexe.AddStringMatch(IF, 0, L"\\\\/?/?\\C:\\Windows\\*.exe",
408 CASE_INSENSITIVE));
409 EXPECT_TRUE(pr_winexe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
411 size_t opc3 = pr_winexe.GetOpcodeCount();
412 EXPECT_EQ(3, opc3);
414 PolicyRule pr_adobe(GIVE_CACHED);
415 EXPECT_TRUE(pr_adobe.AddStringMatch(IF, 0, L"c:\\adobe\\ver?.?\\",
416 CASE_SENSITIVE));
417 EXPECT_TRUE(pr_adobe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
419 size_t opc4 = pr_adobe.GetOpcodeCount();
420 EXPECT_EQ(4, opc4);
422 PolicyRule pr_none(GIVE_FIRST);
423 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_READONLY, AND));
424 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_SYSTEM, AND));
426 size_t opc5 = pr_none.GetOpcodeCount();
427 EXPECT_EQ(2, opc5);
429 PolicyGlobal* policy = MakePolicyMemory();
431 const uint32 kNtFakeNone = 4;
432 const uint32 kNtFakeCreateFile = 5;
433 const uint32 kNtFakeOpenFile = 6;
435 LowLevelPolicy policyGen(policy);
436 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_pipe));
437 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_dump));
438 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_winexe));
440 EXPECT_TRUE(policyGen.AddRule(kNtFakeOpenFile, &pr_adobe));
441 EXPECT_TRUE(policyGen.AddRule(kNtFakeOpenFile, &pr_pipe));
443 EXPECT_TRUE(policyGen.AddRule(kNtFakeNone, &pr_none));
445 EXPECT_TRUE(policyGen.Done());
447 // Inspect the policy structure manually.
448 EXPECT_TRUE(NULL == policy->entry[0]);
449 EXPECT_TRUE(NULL == policy->entry[1]);
450 EXPECT_TRUE(NULL == policy->entry[2]);
451 EXPECT_TRUE(NULL == policy->entry[3]);
452 EXPECT_TRUE(NULL != policy->entry[4]); // kNtFakeNone.
453 EXPECT_TRUE(NULL != policy->entry[5]); // kNtFakeCreateFile.
454 EXPECT_TRUE(NULL != policy->entry[6]); // kNtFakeOpenFile.
455 EXPECT_TRUE(NULL == policy->entry[7]);
457 // The total per service opcode counts now must take in account one
458 // extra opcode (action opcode) per rule.
459 ++opc1;
460 ++opc2;
461 ++opc3;
462 ++opc4;
463 ++opc5;
465 size_t tc1 = policy->entry[kNtFakeNone]->opcode_count;
466 size_t tc2 = policy->entry[kNtFakeCreateFile]->opcode_count;
467 size_t tc3 = policy->entry[kNtFakeOpenFile]->opcode_count;
469 EXPECT_EQ(opc5, tc1);
470 EXPECT_EQ((opc1 + opc2 + opc3), tc2);
471 EXPECT_EQ((opc1 + opc4), tc3);
473 // Check the type of the first and last opcode of each service.
475 EXPECT_EQ(OP_ULONG_AND_MATCH, policy->entry[kNtFakeNone]->opcodes[0].GetID());
476 EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeNone]->opcodes[tc1-1].GetID());
477 EXPECT_EQ(OP_WSTRING_MATCH,
478 policy->entry[kNtFakeCreateFile]->opcodes[0].GetID());
479 EXPECT_EQ(OP_ACTION,
480 policy->entry[kNtFakeCreateFile]->opcodes[tc2-1].GetID());
481 EXPECT_EQ(OP_WSTRING_MATCH,
482 policy->entry[kNtFakeOpenFile]->opcodes[0].GetID());
483 EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeOpenFile]->opcodes[tc3-1].GetID());
485 // Test the policy evaluation.
487 wchar_t* filename = L"";
488 unsigned long creation_mode = OPEN_EXISTING;
489 unsigned long flags = FILE_ATTRIBUTE_NORMAL;
490 void* security_descriptor = NULL;
492 POLPARAMS_BEGIN(params)
493 POLPARAM(filename) // Argument 0
494 POLPARAM(creation_mode) // Argument 1
495 POLPARAM(flags) // Argument 2
496 POLPARAM(security_descriptor)
497 POLPARAMS_END;
499 PolicyResult result;
500 PolicyProcessor eval_CreateFile(policy->entry[kNtFakeCreateFile]);
501 PolicyProcessor eval_OpenFile(policy->entry[kNtFakeOpenFile]);
502 PolicyProcessor eval_None(policy->entry[kNtFakeNone]);
504 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
505 EXPECT_EQ(NO_POLICY_MATCH, result);
506 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
507 EXPECT_EQ(NO_POLICY_MATCH, result);
508 result = eval_None.Evaluate(kShortEval, params, _countof(params));
509 EXPECT_EQ(NO_POLICY_MATCH, result);
511 filename = L"\\\\??\\c:\\Windows\\System32\\calc.exe";
512 flags = FILE_ATTRIBUTE_SYSTEM;
513 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
514 EXPECT_EQ(NO_POLICY_MATCH, result);
515 result = eval_None.Evaluate(kShortEval, params, _countof(params));
516 EXPECT_EQ(NO_POLICY_MATCH, result);
517 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
518 EXPECT_EQ(NO_POLICY_MATCH, result);
520 flags += FILE_ATTRIBUTE_READONLY;
521 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
522 EXPECT_EQ(NO_POLICY_MATCH, result);
523 result = eval_None.Evaluate(kShortEval, params, _countof(params));
524 EXPECT_EQ(POLICY_MATCH, result);
525 EXPECT_EQ(GIVE_FIRST, eval_None.GetAction());
526 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
527 EXPECT_EQ(NO_POLICY_MATCH, result);
529 flags = FILE_ATTRIBUTE_NORMAL;
530 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
531 EXPECT_EQ(POLICY_MATCH, result);
532 EXPECT_EQ(SIGNAL_ALARM, eval_CreateFile.GetAction());
533 result = eval_None.Evaluate(kShortEval, params, _countof(params));
534 EXPECT_EQ(NO_POLICY_MATCH, result);
535 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
536 EXPECT_EQ(NO_POLICY_MATCH, result);
538 filename = L"c:\\adobe\\ver3.2\\temp";
539 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
540 EXPECT_EQ(NO_POLICY_MATCH, result);
541 result = eval_None.Evaluate(kShortEval, params, _countof(params));
542 EXPECT_EQ(NO_POLICY_MATCH, result);
543 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
544 EXPECT_EQ(POLICY_MATCH, result);
545 EXPECT_EQ(GIVE_CACHED, eval_OpenFile.GetAction());
547 filename = L"c:\\adobe\\ver3.22\\temp";
548 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
549 EXPECT_EQ(NO_POLICY_MATCH, result);
551 filename = L"\\\\??\\c:\\some path\\other path\\crash reports\\some path";
552 creation_mode = CREATE_ALWAYS;
553 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
554 EXPECT_EQ(POLICY_MATCH, result);
555 EXPECT_EQ(ASK_BROKER, eval_CreateFile.GetAction());
556 result = eval_None.Evaluate(kShortEval, params, _countof(params));
557 EXPECT_EQ(NO_POLICY_MATCH, result);
558 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
559 EXPECT_EQ(NO_POLICY_MATCH, result);
561 filename = L"\\\\??\\Pipe\\Chrome.12345";
562 creation_mode = OPEN_EXISTING;
563 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
564 EXPECT_EQ(POLICY_MATCH, result);
565 EXPECT_EQ(FAKE_SUCCESS, eval_CreateFile.GetAction());
566 result = eval_None.Evaluate(kShortEval, params, _countof(params));
567 EXPECT_EQ(NO_POLICY_MATCH, result);
568 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
569 EXPECT_EQ(POLICY_MATCH, result);
570 EXPECT_EQ(FAKE_SUCCESS, eval_OpenFile.GetAction());
572 delete [] reinterpret_cast<char*>(policy);
573 }
575 TEST(PolicyEngineTest, PolicyRuleCopyConstructorTwoStrings) {
576 SetupNtdllImports();
577 // Both pr_orig and pr_copy should allow hello.* but not *.txt files.
578 PolicyRule pr_orig(ASK_BROKER);
579 EXPECT_TRUE(pr_orig.AddStringMatch(IF, 0, L"hello.*", CASE_SENSITIVE));
581 PolicyRule pr_copy(pr_orig);
582 EXPECT_TRUE(pr_orig.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE));
583 EXPECT_TRUE(pr_copy.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE));
585 PolicyGlobal* policy = MakePolicyMemory();
586 LowLevelPolicy policyGen(policy);
587 EXPECT_TRUE(policyGen.AddRule(1, &pr_orig));
588 EXPECT_TRUE(policyGen.AddRule(2, &pr_copy));
589 EXPECT_TRUE(policyGen.Done());
591 wchar_t* name = NULL;
592 POLPARAMS_BEGIN(eval_params)
593 POLPARAM(name)
594 POLPARAMS_END;
596 PolicyResult result;
597 PolicyProcessor pol_ev_orig(policy->entry[1]);
598 name = L"domo.txt";
599 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params));
600 EXPECT_EQ(NO_POLICY_MATCH, result);
602 name = L"hello.bmp";
603 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params));
604 EXPECT_EQ(POLICY_MATCH, result);
605 EXPECT_EQ(ASK_BROKER, pol_ev_orig.GetAction());
607 PolicyProcessor pol_ev_copy(policy->entry[2]);
608 name = L"domo.txt";
609 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params));
610 EXPECT_EQ(NO_POLICY_MATCH, result);
612 name = L"hello.bmp";
613 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params));
614 EXPECT_EQ(POLICY_MATCH, result);
615 EXPECT_EQ(ASK_BROKER, pol_ev_copy.GetAction());
616 }
617 } // namespace sandbox
