policy/win/sandbox_test_utils.cc - chromium/src/sandbox - Git at Google

 // Copyright 2021 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "sandbox/policy/win/sandbox_test_utils.h"

 #include "base/strings/strcat.h"
 #include "testing/gtest/include/gtest/gtest.h"

 namespace sandbox {
 namespace policy {

 constexpr wchar_t kBaseSecurityDescriptor[] = L"D:(A;;GA;;;WD)";
 constexpr wchar_t kRegistryRead[] = L"registryRead";
 constexpr wchar_t klpacPnpNotifications[] = L"lpacPnpNotifications";

 std::vector<Sid> GetCapabilitySids(
     const std::initializer_list<std::wstring>& capabilities) {
   std::vector<Sid> sids;
   for (const auto& capability : capabilities) {
     sids.emplace_back(Sid::FromNamedCapability(capability.c_str()));
   }
   return sids;
 }

 std::wstring GetAccessAllowedForCapabilities(
     const std::initializer_list<std::wstring>& capabilities) {
   std::wstring sddl = kBaseSecurityDescriptor;
   for (const auto& capability : GetCapabilitySids(capabilities)) {
     std::wstring sid_string;
     CHECK(capability.ToSddlString(&sid_string));
     base::StrAppend(&sddl, {L"(A;;GRGX;;;", sid_string, L")"});
   }
   return sddl;
 }

 void EqualSidList(const std::vector<Sid>& left, const std::vector<Sid>& right) {
   EXPECT_EQ(left.size(), right.size());
   auto result = std::mismatch(left.cbegin(), left.cend(), right.cbegin(),
                               [](const auto& left_sid, const auto& right_sid) {
                                 return !!::EqualSid(left_sid.GetPSID(),
                                                     right_sid.GetPSID());
                               });
   EXPECT_EQ(result.first, left.cend());
 }

 void CheckCapabilities(
     AppContainerBase* profile,
     const std::initializer_list<std::wstring>& additional_capabilities) {
   auto additional_caps = GetCapabilitySids(additional_capabilities);
   auto impersonation_caps =
       GetCapabilitySids({kChromeInstallFiles, klpacPnpNotifications,
                          kLpacChromeInstallFiles, kRegistryRead});
   auto base_caps = GetCapabilitySids(
       {klpacPnpNotifications, kLpacChromeInstallFiles, kRegistryRead});

   impersonation_caps.insert(impersonation_caps.end(), additional_caps.begin(),
                             additional_caps.end());
   base_caps.insert(base_caps.end(), additional_caps.begin(),
                    additional_caps.end());

   EqualSidList(impersonation_caps, profile->GetImpersonationCapabilities());
   EqualSidList(base_caps, profile->GetCapabilities());
 }
 }  // namespace policy
 }  // namespace sandbox
	// Copyright 2021 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "sandbox/policy/win/sandbox_test_utils.h"

	#include "base/strings/strcat.h"
	#include "testing/gtest/include/gtest/gtest.h"

	namespace sandbox {
	namespace policy {

	constexpr wchar_t kBaseSecurityDescriptor[] = L"D:(A;;GA;;;WD)";
	constexpr wchar_t kRegistryRead[] = L"registryRead";
	constexpr wchar_t klpacPnpNotifications[] = L"lpacPnpNotifications";

	std::vector<Sid> GetCapabilitySids(
	const std::initializer_list<std::wstring>& capabilities) {
	std::vector<Sid> sids;
	for (const auto& capability : capabilities) {
	sids.emplace_back(Sid::FromNamedCapability(capability.c_str()));
	}
	return sids;
	}

	std::wstring GetAccessAllowedForCapabilities(
	const std::initializer_list<std::wstring>& capabilities) {
	std::wstring sddl = kBaseSecurityDescriptor;
	for (const auto& capability : GetCapabilitySids(capabilities)) {
	std::wstring sid_string;
	CHECK(capability.ToSddlString(&sid_string));
	base::StrAppend(&sddl, {L"(A;;GRGX;;;", sid_string, L")"});
	}
	return sddl;
	}

	void EqualSidList(const std::vector<Sid>& left, const std::vector<Sid>& right) {
	EXPECT_EQ(left.size(), right.size());
	auto result = std::mismatch(left.cbegin(), left.cend(), right.cbegin(),
	[](const auto& left_sid, const auto& right_sid) {
	return !!::EqualSid(left_sid.GetPSID(),
	right_sid.GetPSID());
	});
	EXPECT_EQ(result.first, left.cend());
	}

	void CheckCapabilities(
	AppContainerBase* profile,
	const std::initializer_list<std::wstring>& additional_capabilities) {
	auto additional_caps = GetCapabilitySids(additional_capabilities);
	auto impersonation_caps =
	GetCapabilitySids({kChromeInstallFiles, klpacPnpNotifications,
	kLpacChromeInstallFiles, kRegistryRead});
	auto base_caps = GetCapabilitySids(
	{klpacPnpNotifications, kLpacChromeInstallFiles, kRegistryRead});

	impersonation_caps.insert(impersonation_caps.end(), additional_caps.begin(),
	additional_caps.end());
	base_caps.insert(base_caps.end(), additional_caps.begin(),
	additional_caps.end());

	EqualSidList(impersonation_caps, profile->GetImpersonationCapabilities());
	EqualSidList(base_caps, profile->GetCapabilities());
	}
	} // namespace policy
	} // namespace sandbox