Revert 150423 - Sandbox: Fix CreateProcess policy tests.

BUG=6944
TEST=sbox_integration_tests
Review URL: https://chromiumcodereview.appspot.com/10831160

TBR=rvargas@google.com
Review URL: https://chromiumcodereview.appspot.com/10831200

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150429 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 45 insertions, 111 deletions

diff --git a/sandbox/win/src/process_policy_test.cc b/sandbox/win/src/process_policy_test.cc
index 720c613..5e78a8a 100644
--- a/sandbox/win/src/process_policy_test.cc
+++ b/sandbox/win/src/process_policy_test.cc
@@ -5,11 +5,9 @@
 #include <memory>
 #include <string>
 
-#include "base/string16.h"
 #include "base/sys_string_conversions.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
-#include "base/win/windows_version.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_policy.h"
 #include "sandbox/win/src/sandbox_factory.h"
@@ -21,10 +19,10 @@ namespace {
 // While the shell API provides better calls than this home brew function
 // we use GetSystemWindowsDirectoryW which does not query the registry so
 // it is safe to use after revert.
-string16 MakeFullPathToSystem32(const wchar_t* name) {
+std::wstring MakeFullPathToSystem32(const wchar_t* name) {
   wchar_t windows_path[MAX_PATH] = {0};
   ::GetSystemWindowsDirectoryW(windows_path, MAX_PATH);
-  string16 full_path(windows_path);
+  std::wstring full_path(windows_path);
   if (full_path.empty()) {
     return full_path;
   }
@@ -35,8 +33,8 @@ string16 MakeFullPathToSystem32(const wchar_t* name) {
 
 // Creates a process with the |exe| and |command| parameter using the
 // unicode and ascii version of the api.
-sandbox::SboxTestResult CreateProcessHelper(const string16& exe,
-                                            const string16& command) {
+sandbox::SboxTestResult CreateProcessHelper(const std::wstring &exe,
+                                            const std::wstring &command) {
   base::win::ScopedProcessInformation pi;
   STARTUPINFOW si = {sizeof(si)};
 
@@ -99,110 +97,70 @@ sandbox::SboxTestResult CreateProcessHelper(const string16& exe,
 
 namespace sandbox {
 
-SBOX_TESTS_COMMAND int Process_RunApp1(int argc, wchar_t **argv) {
+// Tries to create the process in argv[0] using 7 different ways.
+// Since we also try the Ansi and Unicode version of the CreateProcess API,
+// The process referenced by argv[0] will be spawned 14 times.
+SBOX_TESTS_COMMAND int Process_RunApp(int argc, wchar_t **argv) {
   if (argc != 1) {
     return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
   }
   if ((NULL == argv) || (NULL == argv[0])) {
     return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
   }
-  string16 path = MakeFullPathToSystem32(argv[0]);
+  std::wstring path = MakeFullPathToSystem32(argv[0]);
 
   // TEST 1: Try with the path in the app_name.
-  return CreateProcessHelper(path, string16());
-}
-
-SBOX_TESTS_COMMAND int Process_RunApp2(int argc, wchar_t **argv) {
-  if (argc != 1) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
-  if ((NULL == argv) || (NULL == argv[0])) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
-  string16 path = MakeFullPathToSystem32(argv[0]);
+  int result1 = CreateProcessHelper(path, std::wstring());
 
   // TEST 2: Try with the path in the cmd_line.
-  string16 cmd_line = L"\"";
+  std::wstring cmd_line = L"\"";
   cmd_line += path;
   cmd_line += L"\"";
-  return CreateProcessHelper(string16(), cmd_line);
-}
-
-SBOX_TESTS_COMMAND int Process_RunApp3(int argc, wchar_t **argv) {
-  if (argc != 1) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
-  if ((NULL == argv) || (NULL == argv[0])) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
+  int result2 = CreateProcessHelper(std::wstring(), cmd_line);
 
   // TEST 3: Try file name in the cmd_line.
-  return CreateProcessHelper(string16(), argv[0]);
-}
-
-SBOX_TESTS_COMMAND int Process_RunApp4(int argc, wchar_t **argv) {
-  if (argc != 1) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
-  if ((NULL == argv) || (NULL == argv[0])) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
+  int result3 = CreateProcessHelper(std::wstring(), argv[0]);
 
   // TEST 4: Try file name in the app_name and current directory sets correctly.
-  string16 system32 = MakeFullPathToSystem32(L"");
+  std::wstring system32 = MakeFullPathToSystem32(L"");
   wchar_t current_directory[MAX_PATH + 1];
   int result4;
   bool test_succeeded = false;
   DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory);
-  if (!ret)
-    return SBOX_TEST_FIRST_ERROR;
-
-  if (ret < MAX_PATH) {
+  if (0 != ret && ret < MAX_PATH) {
     current_directory[ret] = L'\\';
     current_directory[ret+1] = L'\0';
     if (::SetCurrentDirectory(system32.c_str())) {
-      result4 = CreateProcessHelper(argv[0], string16());
+      result4 = CreateProcessHelper(argv[0], std::wstring());
       if (::SetCurrentDirectory(current_directory)) {
         test_succeeded = true;
       }
-    } else {
-      return SBOX_TEST_SECOND_ERROR;
     }
   }
   if (!test_succeeded)
     result4 = SBOX_TEST_FAILED;
 
-  return result4;
-}
-
-SBOX_TESTS_COMMAND int Process_RunApp5(int argc, wchar_t **argv) {
-  if (argc != 1) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
-  if ((NULL == argv) || (NULL == argv[0])) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
-  string16 path = MakeFullPathToSystem32(argv[0]);
-
   // TEST 5: Try with the path in the cmd_line and arguments.
-  string16 cmd_line = L"\"";
+  cmd_line = L"\"";
   cmd_line += path;
-  cmd_line += L"\" /I";
-  return CreateProcessHelper(string16(), cmd_line);
-}
-
-SBOX_TESTS_COMMAND int Process_RunApp6(int argc, wchar_t **argv) {
-  if (argc != 1) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
-  if ((NULL == argv) || (NULL == argv[0])) {
-    return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
-  }
+  cmd_line += L"\" /INSERT";
+  int result5 = CreateProcessHelper(std::wstring(), cmd_line);
 
   // TEST 6: Try with the file_name in the cmd_line and arguments.
-  string16 cmd_line = argv[0];
-  cmd_line += L" /I";
-  return CreateProcessHelper(string16(), cmd_line);
+  cmd_line = argv[0];
+  cmd_line += L" /INSERT";
+  int result6 = CreateProcessHelper(std::wstring(), cmd_line);
+
+  // TEST 7: Try with the path without the drive.
+  cmd_line = path.substr(path.find(L'\\'));
+  int result7 = CreateProcessHelper(std::wstring(), cmd_line);
+
+  // Check if they all returned the same thing.
+  if ((result1 == result2) && (result2 == result3) && (result3 == result4) &&
+      (result4 == result5) && (result5 == result6) && (result6 == result7))
+    return result1;
+
+  return SBOX_TEST_FAILED;
 }
 
 // Creates a process and checks if it's possible to get a handle to it's token.
@@ -213,7 +171,7 @@ SBOX_TESTS_COMMAND int Process_GetChildProcessToken(int argc, wchar_t **argv) {
   if ((NULL == argv) || (NULL == argv[0]))
     return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
 
-  string16 path = MakeFullPathToSystem32(argv[0]);
+  std::wstring path = MakeFullPathToSystem32(argv[0]);
 
   base::win::ScopedProcessInformation pi;
   STARTUPINFOW si = {sizeof(si)};
@@ -278,10 +236,11 @@ TEST(ProcessPolicyTest, TestAllAccess) {
                                         L"this is not important"));
 }
 
-TEST(ProcessPolicyTest, CreateProcessAW) {
+// This test is disabled.  See bug 1305476.
+TEST(ProcessPolicyTest, DISABLED_RunFindstrExe) {
   TestRunner runner;
-  string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
-  string16 system32 = MakeFullPathToSystem32(L"");
+  std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe");
+  std::wstring system32 = MakeFullPathToSystem32(L"");
   ASSERT_TRUE(!exe_path.empty());
   EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
                              TargetPolicy::PROCESS_MIN_EXEC,
@@ -300,31 +259,8 @@ TEST(ProcessPolicyTest, CreateProcessAW) {
   EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY,
                                current_directory));
 
-  SboxTestResult expected = SBOX_TEST_SECOND_ERROR;
-  if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_VISTA)
-    expected = SBOX_TEST_DENIED;
-
-  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp1 calc.exe"));
-  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp2 calc.exe"));
-  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp3 calc.exe"));
-  EXPECT_EQ(expected, runner.RunTest(L"Process_RunApp4 calc.exe"));
-  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp5 calc.exe"));
-  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp6 calc.exe"));
-
-  if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_VISTA)
-    expected = SBOX_TEST_SUCCEEDED;
-
-  EXPECT_EQ(SBOX_TEST_SUCCEEDED,
-            runner.RunTest(L"Process_RunApp1 findstr.exe"));
-  EXPECT_EQ(SBOX_TEST_SUCCEEDED,
-            runner.RunTest(L"Process_RunApp2 findstr.exe"));
-  EXPECT_EQ(SBOX_TEST_SUCCEEDED,
-            runner.RunTest(L"Process_RunApp3 findstr.exe"));
-  EXPECT_EQ(expected, runner.RunTest(L"Process_RunApp4 findstr.exe"));
-  EXPECT_EQ(SBOX_TEST_SUCCEEDED,
-            runner.RunTest(L"Process_RunApp5 findstr.exe"));
-  EXPECT_EQ(SBOX_TEST_SUCCEEDED,
-            runner.RunTest(L"Process_RunApp6 findstr.exe"));
+  EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_RunApp findstr.exe"));
+  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp calc.exe"));
 }
 
 TEST(ProcessPolicyTest, OpenToken) {
@@ -334,7 +270,7 @@ TEST(ProcessPolicyTest, OpenToken) {
 
 TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) {
   TestRunner runner;
-  string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
+  std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe");
   ASSERT_TRUE(!exe_path.empty());
   EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
                              TargetPolicy::PROCESS_MIN_EXEC,
@@ -346,7 +282,7 @@ TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) {
 
 TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccess) {
   TestRunner runner(JOB_UNPROTECTED, USER_INTERACTIVE, USER_INTERACTIVE);
-  string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
+  std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe");
   ASSERT_TRUE(!exe_path.empty());
   EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
                              TargetPolicy::PROCESS_ALL_EXEC,
diff --git a/sandbox/win/tests/common/controller.h b/sandbox/win/tests/common/controller.h
index b8be2a2..42a6671 100644
--- a/sandbox/win/tests/common/controller.h
+++ b/sandbox/win/tests/common/controller.h
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_
-#define SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_
+#ifndef SANDBOX_TESTS_COMMON_CONTROLLER_H_
+#define SANDBOX_TESTS_COMMON_CONTROLLER_H__
 
 #include <windows.h>
 #include <string>
@@ -29,8 +29,6 @@ enum SboxTestResult {
   SBOX_TEST_DENIED,     // Access was denied.
   SBOX_TEST_NOT_FOUND,  // The resource was not found.
   SBOX_TEST_FIRST_ERROR = SBOX_TEST_FIRST_RESULT | SEVERITY_ERROR_FLAGS,
-  SBOX_TEST_SECOND_ERROR,
-  SBOX_TEST_THIRD_ERROR,
   SBOX_TEST_INVALID_PARAMETER,
   SBOX_TEST_FAILED_TO_RUN_TEST,
   SBOX_TEST_FAILED_TO_EXECUTE_COMMAND,
@@ -144,4 +142,4 @@ int DispatchCall(int argc, wchar_t **argv);
 
 }  // namespace sandbox
 
-#endif  // SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_
+#endif  // SANDBOX_TESTS_COMMON_CONTROLLER_H_