| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include <windows.h> |
| |
| #define _ATL_NO_EXCEPTIONS |
| #include <atlbase.h> |
| #include <atlsecurity.h> |
| |
| #include "base/strings/string16.h" |
| #include "base/win/scoped_handle.h" |
| #include "base/win/windows_version.h" |
| #include "sandbox/win/src/sync_policy_test.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace { |
| |
| const wchar_t kAppContainerName[] = L"sbox_test"; |
| const wchar_t kAppContainerSid[] = |
| L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-" |
| L"924012148-2839372144"; |
| |
| const ULONG kSharing = FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_DELETE; |
| |
| HANDLE CreateTaggedEvent(const base::string16& name, |
| const base::string16& sid) { |
| base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, name.c_str())); |
| if (!event.IsValid()) |
| return NULL; |
| |
| wchar_t file_name[MAX_PATH] = {}; |
| wchar_t temp_directory[MAX_PATH] = {}; |
| GetTempPath(MAX_PATH, temp_directory); |
| GetTempFileName(temp_directory, L"test", 0, file_name); |
| |
| base::win::ScopedHandle file; |
| file.Set(CreateFile(file_name, GENERIC_READ | STANDARD_RIGHTS_READ, kSharing, |
| NULL, OPEN_EXISTING, 0, NULL)); |
| DeleteFile(file_name); |
| if (!file.IsValid()) |
| return NULL; |
| |
| CSecurityDesc sd; |
| if (!AtlGetSecurityDescriptor(file.Get(), SE_FILE_OBJECT, &sd, |
| OWNER_SECURITY_INFORMATION | |
| GROUP_SECURITY_INFORMATION | |
| DACL_SECURITY_INFORMATION)) { |
| return NULL; |
| } |
| |
| PSID local_sid; |
| if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) |
| return NULL; |
| |
| CDacl new_dacl; |
| sd.GetDacl(&new_dacl); |
| CSid csid(reinterpret_cast<SID*>(local_sid)); |
| new_dacl.AddAllowedAce(csid, EVENT_ALL_ACCESS); |
| if (!AtlSetDacl(event.Get(), SE_KERNEL_OBJECT, new_dacl)) |
| event.Close(); |
| |
| LocalFree(local_sid); |
| return event.IsValid() ? event.Take() : NULL; |
| } |
| |
| } // namespace |
| |
| namespace sandbox { |
| |
| TEST(AppContainerTest, AllowOpenEvent) { |
| if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| return; |
| |
| TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); |
| |
| const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; |
| base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); |
| ASSERT_TRUE(handle.IsValid()); |
| |
| EXPECT_EQ(SBOX_ALL_OK, |
| runner.broker()->InstallAppContainer(kAppContainerSid, |
| kAppContainerName)); |
| EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability)); |
| EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); |
| |
| runner.SetTestState(BEFORE_REVERT); |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test")); |
| EXPECT_EQ(SBOX_ALL_OK, |
| runner.broker()->UninstallAppContainer(kAppContainerSid)); |
| } |
| |
| TEST(AppContainerTest, DenyOpenEvent) { |
| if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| return; |
| |
| TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); |
| |
| const wchar_t capability[] = L"S-1-15-3-12345678-87654321"; |
| base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability)); |
| ASSERT_TRUE(handle.IsValid()); |
| |
| EXPECT_EQ(SBOX_ALL_OK, |
| runner.broker()->InstallAppContainer(kAppContainerSid, |
| kAppContainerName)); |
| EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| |
| EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); |
| |
| runner.SetTestState(BEFORE_REVERT); |
| EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); |
| EXPECT_EQ(SBOX_ALL_OK, |
| runner.broker()->UninstallAppContainer(kAppContainerSid)); |
| } |
| |
| TEST(AppContainerTest, NoImpersonation) { |
| if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| return; |
| |
| TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED); |
| EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| } |
| |
| TEST(AppContainerTest, WantsImpersonation) { |
| if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| return; |
| |
| TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN); |
| EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER, |
| runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| } |
| |
| TEST(AppContainerTest, RequiresImpersonation) { |
| if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| return; |
| |
| TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED); |
| EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER, |
| runner.GetPolicy()->SetAppContainer(kAppContainerSid)); |
| } |
| |
| TEST(AppContainerTest, DenyOpenEventForLowBox) { |
| if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| return; |
| |
| TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED); |
| |
| base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, L"test")); |
| ASSERT_TRUE(event.IsValid()); |
| |
| EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetLowBox(kAppContainerSid)); |
| |
| EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test")); |
| } |
| |
| // TODO(shrikant): Please add some tests to prove usage of lowbox token like |
| // socket connection to local server in lock down mode. |
| |
| } // namespace sandbox |