| // Copyright 2012 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include <memory> |
| #include <string> |
| |
| #include "base/memory/free_deleter.h" |
| #include "base/strings/sys_string_conversions.h" |
| #include "base/win/scoped_handle.h" |
| #include "base/win/scoped_process_information.h" |
| #include "base/win/security_util.h" |
| #include "build/build_config.h" |
| #include "sandbox/win/src/process_thread_interception.h" |
| #include "sandbox/win/src/sandbox.h" |
| #include "sandbox/win/src/sandbox_factory.h" |
| #include "sandbox/win/src/sandbox_policy.h" |
| #include "sandbox/win/tests/common/controller.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace sandbox { |
| |
| namespace { |
| |
| bool TestOpenProcess(DWORD desired_access, DWORD expected_access) { |
| base::win::ScopedHandle process( |
| ::OpenProcess(desired_access, FALSE, ::GetCurrentProcessId())); |
| if (!process.is_valid() || |
| ::GetProcessId(process.get()) != ::GetCurrentProcessId()) { |
| return false; |
| } |
| return base::win::GetGrantedAccess(process.get()) == expected_access; |
| } |
| |
| bool TestOpenThread(DWORD thread_id, |
| DWORD desired_access, |
| DWORD expected_access) { |
| base::win::ScopedHandle thread( |
| ::OpenThread(desired_access, FALSE, thread_id)); |
| if (!thread.is_valid() || ::GetThreadId(thread.get()) != thread_id) { |
| return false; |
| } |
| return base::win::GetGrantedAccess(thread.get()) == expected_access; |
| } |
| |
| } // namespace |
| |
| SBOX_TESTS_COMMAND int Process_OpenToken(int argc, wchar_t** argv) { |
| HANDLE token; |
| if (!::OpenProcessToken(::GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) { |
| if (ERROR_ACCESS_DENIED == ::GetLastError()) { |
| return SBOX_TEST_DENIED; |
| } |
| } else { |
| ::CloseHandle(token); |
| return SBOX_TEST_SUCCEEDED; |
| } |
| |
| return SBOX_TEST_FAILED; |
| } |
| |
| SBOX_TESTS_COMMAND int Process_OpenProcess(int argc, wchar_t** argv) { |
| if (!TestOpenProcess(PROCESS_ALL_ACCESS, PROCESS_ALL_ACCESS)) { |
| return SBOX_TEST_FIRST_ERROR; |
| } |
| if (!TestOpenProcess(MAXIMUM_ALLOWED, PROCESS_ALL_ACCESS)) { |
| return SBOX_TEST_SECOND_ERROR; |
| } |
| |
| return SBOX_TEST_SUCCEEDED; |
| } |
| |
| DWORD CALLBACK DummyThread(LPVOID) { |
| return 0; |
| } |
| |
| SBOX_TESTS_COMMAND int Process_OpenThread(int argc, wchar_t** argv) { |
| DWORD thread_id = ::GetCurrentThreadId(); |
| if (!TestOpenThread(thread_id, THREAD_ALL_ACCESS, THREAD_ALL_ACCESS)) { |
| return SBOX_TEST_FIRST_ERROR; |
| } |
| if (!TestOpenThread(thread_id, MAXIMUM_ALLOWED, THREAD_ALL_ACCESS)) { |
| return SBOX_TEST_SECOND_ERROR; |
| } |
| base::win::ScopedHandle thread(::CreateThread( |
| nullptr, 0, DummyThread, nullptr, CREATE_SUSPENDED, &thread_id)); |
| if (!thread.is_valid() || !::TerminateThread(thread.get(), 0)) { |
| return SBOX_TEST_THIRD_ERROR; |
| } |
| if (!TestOpenThread(thread_id, THREAD_ALL_ACCESS, THREAD_ALL_ACCESS)) { |
| return SBOX_TEST_FOURTH_ERROR; |
| } |
| if (!TestOpenThread(thread_id, MAXIMUM_ALLOWED, THREAD_ALL_ACCESS)) { |
| return SBOX_TEST_FIFTH_ERROR; |
| } |
| |
| return SBOX_TEST_SUCCEEDED; |
| } |
| |
| SBOX_TESTS_COMMAND int Process_Crash(int argc, wchar_t** argv) { |
| __debugbreak(); |
| return SBOX_TEST_FAILED; |
| } |
| // Generate a event name, used to test thread creation. |
| std::wstring GenerateEventName(DWORD pid) { |
| wchar_t buff[30] = {0}; |
| int res = swprintf_s(buff, sizeof(buff) / sizeof(buff[0]), |
| L"ProcessPolicyTest_%08x", pid); |
| if (-1 != res) { |
| return std::wstring(buff); |
| } |
| return std::wstring(); |
| } |
| |
| // This is the function that is called when testing thread creation. |
| // It is expected to set an event that the caller is waiting on. |
| DWORD WINAPI TestThreadFunc(LPVOID lpdwThreadParam) { |
| std::wstring event_name = GenerateEventName( |
| static_cast<DWORD>(reinterpret_cast<uintptr_t>(lpdwThreadParam))); |
| if (!event_name.length()) |
| return 1; |
| HANDLE event = ::OpenEvent(EVENT_ALL_ACCESS | EVENT_MODIFY_STATE, false, |
| event_name.c_str()); |
| if (!event) |
| return 1; |
| if (!SetEvent(event)) |
| return 1; |
| return 0; |
| } |
| |
| SBOX_TESTS_COMMAND int Process_CreateThread(int argc, wchar_t** argv) { |
| DWORD pid = ::GetCurrentProcessId(); |
| std::wstring event_name = GenerateEventName(pid); |
| if (!event_name.length()) |
| return SBOX_TEST_FIRST_ERROR; |
| HANDLE event = ::CreateEvent(nullptr, true, false, event_name.c_str()); |
| if (!event) |
| return SBOX_TEST_SECOND_ERROR; |
| |
| DWORD thread_id = 0; |
| HANDLE thread = nullptr; |
| thread = ::CreateThread(nullptr, 0, &TestThreadFunc, |
| reinterpret_cast<LPVOID>(static_cast<uintptr_t>(pid)), |
| 0, &thread_id); |
| |
| if (!thread) |
| return SBOX_TEST_THIRD_ERROR; |
| if (!thread_id) |
| return SBOX_TEST_FOURTH_ERROR; |
| if (WaitForSingleObject(thread, INFINITE) != WAIT_OBJECT_0) |
| return SBOX_TEST_FIFTH_ERROR; |
| DWORD exit_code = 0; |
| if (!GetExitCodeThread(thread, &exit_code)) |
| return SBOX_TEST_SIXTH_ERROR; |
| if (exit_code) |
| return SBOX_TEST_SEVENTH_ERROR; |
| if (WaitForSingleObject(event, INFINITE) != WAIT_OBJECT_0) |
| return SBOX_TEST_FAILED; |
| return SBOX_TEST_SUCCEEDED; |
| } |
| |
| // Tests that the broker correctly handles a process crashing within the job. |
| // Fails on Windows ARM64: https://crbug.com/905526 |
| #if defined(ARCH_CPU_ARM64) |
| #define MAYBE_CreateProcessCrashy DISABLED_CreateProcessCrashy |
| #else |
| #define MAYBE_CreateProcessCrashy CreateProcessCrashy |
| #endif |
| TEST(ProcessPolicyTest, MAYBE_CreateProcessCrashy) { |
| TestRunner runner; |
| EXPECT_EQ(static_cast<int>(STATUS_BREAKPOINT), |
| runner.RunTest(L"Process_Crash")); |
| } |
| |
| TEST(ProcessPolicyTest, OpenToken) { |
| TestRunner runner; |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_OpenToken")); |
| } |
| |
| TEST(ProcessPolicyTest, OpenProcess) { |
| TestRunner runner; |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_OpenProcess")); |
| } |
| |
| TEST(ProcessPolicyTest, OpenThread) { |
| TestRunner runner; |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_OpenThread")); |
| } |
| |
| // This tests that the CreateThread works with CSRSS not locked down. |
| // In other words, that the interception passes through OK. |
| TEST(ProcessPolicyTest, TestCreateThreadWithCsrss) { |
| TestRunner runner(JobLevel::kUnprotected, USER_INTERACTIVE, USER_INTERACTIVE); |
| runner.SetDisableCsrss(false); |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_CreateThread")); |
| } |
| |
| // This tests that the CreateThread works with CSRSS locked down. |
| // In other words, that the interception correctly works. |
| TEST(ProcessPolicyTest, TestCreateThreadWithoutCsrss) { |
| TestRunner runner(JobLevel::kUnprotected, USER_INTERACTIVE, USER_INTERACTIVE); |
| EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_CreateThread")); |
| } |
| |
| // This tests that our CreateThread interceptors works when called directly. |
| TEST(ProcessPolicyTest, TestCreateThreadOutsideSandbox) { |
| DWORD pid = ::GetCurrentProcessId(); |
| std::wstring event_name = GenerateEventName(pid); |
| ASSERT_STRNE(nullptr, event_name.c_str()); |
| HANDLE event = ::CreateEvent(nullptr, true, false, event_name.c_str()); |
| EXPECT_NE(static_cast<HANDLE>(nullptr), event); |
| |
| DWORD thread_id = 0; |
| HANDLE thread = nullptr; |
| thread = TargetCreateThread( |
| ::CreateThread, nullptr, 0, &TestThreadFunc, |
| reinterpret_cast<LPVOID>(static_cast<uintptr_t>(pid)), 0, &thread_id); |
| EXPECT_NE(static_cast<HANDLE>(nullptr), thread); |
| EXPECT_EQ(WAIT_OBJECT_0, WaitForSingleObject(thread, INFINITE)); |
| EXPECT_EQ(WAIT_OBJECT_0, WaitForSingleObject(event, INFINITE)); |
| } |
| |
| } // namespace sandbox |