summaryrefslogtreecommitdiffstats
path: root/sandbox
diff options
context:
space:
mode:
authorcpu@google.com <cpu@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2008-07-30 16:53:27 +0000
committercpu@google.com <cpu@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2008-07-30 16:53:27 +0000
commitc4319fff25090b1c7315fb25a85be57c3d40378b (patch)
tree0a2cc553dba442ade223420748bb0dd8f0efa21a /sandbox
parenta9bb6f69b32018c245e05a79011114653fe8f5e0 (diff)
downloadchromium_src-c4319fff25090b1c7315fb25a85be57c3d40378b.zip
chromium_src-c4319fff25090b1c7315fb25a85be57c3d40378b.tar.gz
chromium_src-c4319fff25090b1c7315fb25a85be57c3d40378b.tar.bz2
Adding validation tests for OpenInputDesktop and SwitchDesktop API calls. They should fail under sbox
- There was no test for the winstation handle. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@117 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r--sandbox/tests/validation_tests/commands.cc66
-rw-r--r--sandbox/tests/validation_tests/commands.h3
-rw-r--r--sandbox/tests/validation_tests/suite.cc9
3 files changed, 61 insertions, 17 deletions
diff --git a/sandbox/tests/validation_tests/commands.cc b/sandbox/tests/validation_tests/commands.cc
index e2a214a..4dd2864 100644
--- a/sandbox/tests/validation_tests/commands.cc
+++ b/sandbox/tests/validation_tests/commands.cc
@@ -64,23 +64,6 @@ void trim_quote(std::wstring* string) {
(*string) = string->substr(pos1, pos2 + 1);
}
-// Returns true if the current's thread desktop is the interactive desktop.
-// In Vista there is a more direct test but for XP and w2k we need to check
-// the object name.
-bool IsInteractiveDesktop(bool* is_interactive) {
- HDESK current_desk = ::GetThreadDesktop(::GetCurrentThreadId());
- if (NULL == current_desk) {
- return false;
- }
- wchar_t current_desk_name[256] = {0};
- if (!::GetUserObjectInformationW(current_desk, UOI_NAME, current_desk_name,
- sizeof(current_desk_name), NULL)) {
- return false;
- }
- *is_interactive = (0 == _wcsicmp(L"default", current_desk_name));
- return true;
-}
-
int TestOpenFile(std::wstring path, bool for_write) {
wchar_t path_expanded[MAX_PATH + 1] = {0};
DWORD size = ::ExpandEnvironmentStrings(path.c_str(), path_expanded,
@@ -244,4 +227,53 @@ int TestOpenKey(HKEY base_key, std::wstring subkey) {
}
}
+// Returns true if the current's thread desktop is the interactive desktop.
+// In Vista there is a more direct test but for XP and w2k we need to check
+// the object name.
+bool IsInteractiveDesktop(bool* is_interactive) {
+ HDESK current_desk = ::GetThreadDesktop(::GetCurrentThreadId());
+ if (NULL == current_desk) {
+ return false;
+ }
+ wchar_t current_desk_name[256] = {0};
+ if (!::GetUserObjectInformationW(current_desk, UOI_NAME, current_desk_name,
+ sizeof(current_desk_name), NULL)) {
+ return false;
+ }
+ *is_interactive = (0 == _wcsicmp(L"default", current_desk_name));
+ return true;
+}
+
+SBOX_TESTS_COMMAND int OpenInteractiveDesktop(int, wchar_t **) {
+ return TestOpenInputDesktop();
+}
+
+int TestOpenInputDesktop() {
+ bool is_interactive = false;
+ if (IsInteractiveDesktop(&is_interactive) && is_interactive) {
+ return SBOX_TEST_SUCCEEDED;
+ }
+ HDESK desk = ::OpenInputDesktop(0, FALSE, DESKTOP_CREATEWINDOW);
+ if (desk) {
+ ::CloseDesktop(desk);
+ return SBOX_TEST_SUCCEEDED;
+ }
+ return SBOX_TEST_DENIED;
+}
+
+SBOX_TESTS_COMMAND int SwitchToSboxDesktop(int, wchar_t **) {
+ return TestSwitchDesktop();
+}
+
+int TestSwitchDesktop() {
+ HDESK sbox_desk = ::GetThreadDesktop(::GetCurrentThreadId());
+ if (NULL == sbox_desk) {
+ return SBOX_TEST_FAILED;
+ }
+ if (::SwitchDesktop(sbox_desk)) {
+ return SBOX_TEST_SUCCEEDED;
+ }
+ return SBOX_TEST_DENIED;
+}
+
} // namespace sandbox
diff --git a/sandbox/tests/validation_tests/commands.h b/sandbox/tests/validation_tests/commands.h
index 0297dee..da34c99 100644
--- a/sandbox/tests/validation_tests/commands.h
+++ b/sandbox/tests/validation_tests/commands.h
@@ -54,6 +54,9 @@ int TestOpenKey(HKEY base_key, std::wstring subkey);
// current desktop is not the interactive one. Returns a SboxTestResult.
int TestOpenInputDesktop();
+// Tries to switch the interactive desktop. Returns a SboxTestResult.
+int TestSwitchDesktop();
+
} // namespace sandbox
#endif // SANDBOX_TESTS_VALIDATION_TESTS_COMMANDS_H__
diff --git a/sandbox/tests/validation_tests/suite.cc b/sandbox/tests/validation_tests/suite.cc
index 1d494b3..d3af074 100644
--- a/sandbox/tests/validation_tests/suite.cc
+++ b/sandbox/tests/validation_tests/suite.cc
@@ -98,6 +98,15 @@ TEST(ValidationSuite, TestRegistry) {
L"\"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon\""));
}
+// Tests that the permissions on the Windowstation does not allow the sandbox
+// to get to the interactive desktop or to make the sbox desktop interactive.
+TEST(ValidationSuite, TestDesktop) {
+ TestRunner runner;
+ runner.GetPolicy()->SetDesktop(L"sbox_validation_desktop");
+ EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenInteractiveDesktop NULL"));
+ EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"SwitchToSboxDesktop NULL"));
+}
+
// Tests if the windows are correctly protected by the sandbox.
TEST(ValidationSuite, TestWindows) {
TestRunner runner;