The Tor Browser: security/sandbox/win/src/app_container

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

     2 // Use of this source code is governed by a BSD-style license that can be

     3 // found in the LICENSE file.

     5 #include <windows.h>

     7 #define _ATL_NO_EXCEPTIONS

     8 #include <atlbase.h>

     9 #include <atlsecurity.h>

    11 #include "base/strings/string16.h"

    12 #include "base/win/scoped_handle.h"

    13 #include "base/win/windows_version.h"

    14 #include "sandbox/win/src/sync_policy_test.h"

    15 #include "testing/gtest/include/gtest/gtest.h"

    17 namespace {

    19 const wchar_t kAppContainerName[] = L"sbox_test";

    20 const wchar_t kAppContainerSid[] =

    21     L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"

    22     L"924012148-2839372144";

    24 const ULONG kSharing = FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_DELETE;

    26 HANDLE CreateTaggedEvent(const string16& name, const string16& sid) {

    27   base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, name.c_str()));

    28   if (!event.IsValid())

    29     return NULL;

    31   wchar_t file_name[MAX_PATH] = {};

    32   wchar_t temp_directory[MAX_PATH] = {};

    33   GetTempPath(MAX_PATH, temp_directory);

    34   GetTempFileName(temp_directory, L"test", 0, file_name);

    36   base::win::ScopedHandle file;

    37   file.Set(CreateFile(file_name, GENERIC_READ | STANDARD_RIGHTS_READ, kSharing,

    38                       NULL, OPEN_EXISTING, 0, NULL));

    39   DeleteFile(file_name);

    40   if (!file.IsValid())

    41     return NULL;

    43   CSecurityDesc sd;

    44   if (!AtlGetSecurityDescriptor(file.Get(), SE_FILE_OBJECT, &sd,

    45                                 OWNER_SECURITY_INFORMATION |

    46                                     GROUP_SECURITY_INFORMATION |

    47                                     DACL_SECURITY_INFORMATION)) {

    48     return NULL;

    49   }

    51   PSID local_sid;

    52   if (!ConvertStringSidToSid(sid.c_str(), &local_sid))

    53     return NULL;

    55   CDacl new_dacl;

    56   sd.GetDacl(&new_dacl);

    57   CSid csid(reinterpret_cast<SID*>(local_sid));

    58   new_dacl.AddAllowedAce(csid, EVENT_ALL_ACCESS);

    59   if (!AtlSetDacl(event.Get(), SE_KERNEL_OBJECT, new_dacl))

    60     event.Close();

    62   LocalFree(local_sid);

    63   return event.IsValid() ? event.Take() : NULL;

    64 }

    66 }  // namespace

    68 namespace sandbox {

    70 TEST(AppContainerTest, AllowOpenEvent) {

    71   if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)

    72     return;

    74   TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);

    76   const wchar_t capability[] = L"S-1-15-3-12345678-87654321";

    77   base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));

    78   ASSERT_TRUE(handle.IsValid());

    80   EXPECT_EQ(SBOX_ALL_OK,

    81             runner.broker()->InstallAppContainer(kAppContainerSid,

    82                                                  kAppContainerName));

    83   EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability));

    84   EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));

    86   EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test"));

    88   runner.SetTestState(BEFORE_REVERT);

    89   EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test"));

    90   EXPECT_EQ(SBOX_ALL_OK,

    91             runner.broker()->UninstallAppContainer(kAppContainerSid));

    92 }

    94 TEST(AppContainerTest, DenyOpenEvent) {

    95   if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)

    96     return;

    98   TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);

   100   const wchar_t capability[] = L"S-1-15-3-12345678-87654321";

   101   base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));

   102   ASSERT_TRUE(handle.IsValid());

   104   EXPECT_EQ(SBOX_ALL_OK,

   105             runner.broker()->InstallAppContainer(kAppContainerSid,

   106                                                  kAppContainerName));

   107   EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));

   109   EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));

   111   runner.SetTestState(BEFORE_REVERT);

   112   EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));

   113   EXPECT_EQ(SBOX_ALL_OK,

   114             runner.broker()->UninstallAppContainer(kAppContainerSid));

   115 }

   117 TEST(AppContainerTest, NoImpersonation) {

   118   if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)

   119     return;

   121   TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED);

   122   EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));

   123 }

   125 TEST(AppContainerTest, WantsImpersonation) {

   126   if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)

   127     return;

   129   TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN);

   130   EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER,

   131             runner.GetPolicy()->SetAppContainer(kAppContainerSid));

   132 }

   134 TEST(AppContainerTest, RequiresImpersonation) {

   135   if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)

   136     return;

   138   TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED);

   139   EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER,

   140             runner.GetPolicy()->SetAppContainer(kAppContainerSid));

   141 }

   143 }  // namespace sandbox

The Tor Browser / file revision