michael@0: // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
michael@0: // Use of this source code is governed by a BSD-style license that can be
michael@0: // found in the LICENSE file.
michael@0: 
michael@0: #include "testing/gtest/include/gtest/gtest.h"
michael@0: #include "sandbox/win/src/sandbox.h"
michael@0: #include "sandbox/win/src/sandbox_policy.h"
michael@0: #include "sandbox/win/src/sandbox_factory.h"
michael@0: #include "sandbox/win/tests/common/controller.h"
michael@0: 
michael@0: namespace sandbox {
michael@0: 
michael@0: 
michael@0: SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {
michael@0:   if (argc != 1) {
michael@0:     return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
michael@0:   }
michael@0:   if ((NULL == argv) || (NULL == argv[0])) {
michael@0:     return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
michael@0:   }
michael@0: 
michael@0:   HANDLE pipe = ::CreateNamedPipeW(argv[0],
michael@0:                                    PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
michael@0:                                    PIPE_TYPE_BYTE | PIPE_READMODE_BYTE, 1, 4096,
michael@0:                                    4096, 2000, NULL);
michael@0:   if (INVALID_HANDLE_VALUE == pipe)
michael@0:     return SBOX_TEST_DENIED;
michael@0: 
michael@0:   OVERLAPPED overlapped = {0};
michael@0:   overlapped.hEvent = ::CreateEvent(NULL, TRUE, TRUE, NULL);
michael@0:   BOOL result = ::ConnectNamedPipe(pipe, &overlapped);
michael@0: 
michael@0:   if (!result) {
michael@0:     DWORD error = ::GetLastError();
michael@0:     if (ERROR_PIPE_CONNECTED != error &&
michael@0:         ERROR_IO_PENDING != error) {
michael@0:           return SBOX_TEST_FAILED;
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   if (!::CloseHandle(pipe))
michael@0:     return SBOX_TEST_FAILED;
michael@0: 
michael@0:   ::CloseHandle(overlapped.hEvent);
michael@0:   return SBOX_TEST_SUCCEEDED;
michael@0: }
michael@0: 
michael@0: // Tests if we can create a pipe in the sandbox. On XP, the sandbox can create
michael@0: // a pipe without any help but it fails on Vista, this is why we do not test
michael@0: // the "denied" case.
michael@0: TEST(NamedPipePolicyTest, CreatePipe) {
michael@0:   TestRunner runner;
michael@0:   // TODO(nsylvain): This policy is wrong because "*" is a valid char in a
michael@0:   // namedpipe name. Here we apply it like a wildcard. http://b/893603
michael@0:   EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
michael@0:                              TargetPolicy::NAMEDPIPES_ALLOW_ANY,
michael@0:                               L"\\\\.\\pipe\\test*"));
michael@0: 
michael@0:   EXPECT_EQ(SBOX_TEST_SUCCEEDED,
michael@0:             runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
michael@0: }
michael@0: 
michael@0: // The same test as CreatePipe but this time using strict interceptions.
michael@0: TEST(NamedPipePolicyTest, CreatePipeStrictInterceptions) {
michael@0:   TestRunner runner;
michael@0:   runner.GetPolicy()->SetStrictInterceptions();
michael@0: 
michael@0:   // TODO(nsylvain): This policy is wrong because "*" is a valid char in a
michael@0:   // namedpipe name. Here we apply it like a wildcard. http://b/893603
michael@0:   EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
michael@0:                              TargetPolicy::NAMEDPIPES_ALLOW_ANY,
michael@0:                               L"\\\\.\\pipe\\test*"));
michael@0: 
michael@0:   EXPECT_EQ(SBOX_TEST_SUCCEEDED,
michael@0:             runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
michael@0: }
michael@0: 
michael@0: }  // namespace sandbox