diff options
23 files changed, 1015 insertions, 101 deletions
diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc index c51ac67..9e3feb8 100644 --- a/chrome/app/chrome_dll_main.cc +++ b/chrome/app/chrome_dll_main.cc @@ -732,9 +732,11 @@ int ChromeMain(int argc, char** argv) { #if defined(OS_MACOSX) // On OS X the renderer sandbox needs to be initialized later in the startup - // sequence in RendererMainPlatformDelegate::PlatformInitialize(). + // sequence in RendererMainPlatformDelegate::EnableSandbox(). + // Same goes for NaClLoader, in NaClMainPlatformDelegate::EnableSandbox(). if (process_type != switches::kRendererProcess && - process_type != switches::kExtensionProcess) { + process_type != switches::kExtensionProcess && + process_type != switches::kNaClLoaderProcess) { bool sandbox_initialized_ok = sandbox_wrapper.InitializeSandbox(parsed_command_line, process_type); // Die if the sandbox can't be enabled. diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi index f86d0c6..6bd89ba 100644 --- a/chrome/chrome_tests.gypi +++ b/chrome/chrome_tests.gypi @@ -425,6 +425,118 @@ ], }, { + 'target_name': 'nacl_security_tests', + 'type': 'shared_library', + 'msvs_guid': 'D705E8B8-4750-4F1F-BC8F-A7806872F504', + 'include_dirs': [ + '..' + ], + 'sources': [ + # mostly OS dependent files below... + ], + 'conditions': [ + ['OS=="mac"', { + # only Mac is using gtest for now (linking issues on other plats). + 'dependencies': [ + '../testing/gtest.gyp:gtest' + ], + 'sources': [ + 'test/nacl_security_tests/commands_posix.cc', + 'test/nacl_security_tests/commands_posix.h', + 'test/nacl_security_tests/nacl_security_tests_posix.h', + 'test/nacl_security_tests/nacl_security_tests_mac.cc', + ], + 'xcode_settings': { + 'DYLIB_INSTALL_NAME_BASE': '@executable_path/', + }, + },], + ['OS=="linux"', { + 'sources': [ + 'test/nacl_security_tests/commands_posix.cc', + 'test/nacl_security_tests/commands_posix.h', + 'test/nacl_security_tests/nacl_security_tests_posix.h', + 'test/nacl_security_tests/nacl_security_tests_linux.cc', + ], + },], + ['OS=="win"', { + 'sources': [ + '../sandbox/tests/validation_tests/commands.cc', + '../sandbox/tests/validation_tests/commands.h', + '../sandbox/tests/common/controller.h', + 'test/nacl_security_tests/nacl_security_tests_win.h', + 'test/nacl_security_tests/nacl_security_tests_win.cc', + ], + },], + # set fPIC for linux in case it isn't set. + ['OS=="linux" and (target_arch=="x64" or target_arch=="arm") and linux_fpic!=1', { + 'cflags': ['-fPIC'], + },], + ], + }, + { + 'target_name': 'nacl_sandbox_tests', + 'type': 'executable', + 'msvs_guid': '3087FC25-2C24-44B2-8253-44065EB47ACD', + 'dependencies': [ + 'chrome', + 'browser', + 'debugger', + 'common', + 'chrome_resources', + 'chrome_strings', + 'test_support_ui', + '../base/base.gyp:base', + '../build/temp_gyp/googleurl.gyp:googleurl', + '../net/net.gyp:net', + '../skia/skia.gyp:skia', + '../testing/gtest.gyp:gtest', + '../third_party/icu/icu.gyp:icui18n', + '../third_party/icu/icu.gyp:icuuc', + '../third_party/libxml/libxml.gyp:libxml', + ], + 'include_dirs': [ + '..', + ], + 'sources': [ + 'test/nacl/nacl_test.cc', + 'test/nacl/nacl_sandbox_test.cc' + ], + 'conditions': [ + ['OS=="win"', { + 'dependencies': [ + 'chrome_nacl_win64', + 'crash_service', # run time dependency + 'nacl_security_tests', # run time dependency + 'test_support_common', + '../google_update/google_update.gyp:google_update', + '../views/views.gyp:views', + # run time dependency + '../webkit/webkit.gyp:npapi_test_plugin', + '<(allocator_target)', + ], + 'link_settings': { + 'libraries': [ + '-lOleAcc.lib', + ], + }, + 'configurations': { + 'Debug_Base': { + 'msvs_settings': { + 'VCLinkerTool': { + 'LinkIncremental': '<(msvs_large_module_debug_link_mode)', + }, + }, + }, + }, + }], + ['OS=="mac"', { + 'dependencies': [ + 'nacl_security_tests', # run time dependency + ], + }], + ], + }, + { 'target_name': 'nacl_ui_tests', 'type': 'executable', 'msvs_guid': '43E2004F-CD62-4595-A8A6-31E9BFA1EE5E', @@ -449,6 +561,7 @@ ], 'sources': [ 'test/nacl/nacl_test.cc', + 'test/nacl/nacl_ui_test.cc', ], 'conditions': [ ['OS=="win"', { @@ -2226,6 +2339,26 @@ '../sandbox/tests/validation_tests/commands.h', ], }, + # Extra 64-bit DLL for windows + { + 'target_name': 'nacl_security_tests64', + 'type': 'shared_library', + 'configurations': { + 'Common_Base': { + 'msvs_target_platform': 'x64', + }, + }, + 'include_dirs': [ + '..' + ], + 'sources': [ + '../sandbox/tests/validation_tests/commands.cc', + '../sandbox/tests/validation_tests/commands.h', + '../sandbox/tests/common/controller.h', + 'test/nacl_security_tests/nacl_security_tests_win.h', + 'test/nacl_security_tests/nacl_security_tests_win.cc', + ], + }, { 'target_name': 'selenium_tests', 'type': 'executable', @@ -2460,6 +2593,7 @@ # 'browser_tests', '../ipc/ipc.gyp:ipc_tests', '../media/media.gyp:media_unittests', + 'nacl_sandbox_tests', 'nacl_ui_tests', '../net/net.gyp:net_unittests', '../printing/printing.gyp:printing_unittests', diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index e527bc52..f0e6950 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -882,9 +882,12 @@ const char kSyncUseCacheInvalidation[] = "use-cache-invalidation"; // Pass the name of the current running automated test to Chrome. const char kTestName[] = "test-name"; -// Runs the security test for the sandbox. +// Runs the security test for the renderer sandbox. const char kTestSandbox[] = "test-sandbox"; +// Runs the security test for the NaCl loader sandbox. +const char kTestNaClSandbox[] = "test-nacl-sandbox"; + // Pass the type of the current test harness ("browser" or "ui") const char kTestType[] = "test-type"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 495994d..06429d1 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -251,6 +251,7 @@ extern const char kSyncServer[]; extern const char kSyncServiceURL[]; extern const char kSyncUseSslTcp[]; extern const char kSyncUseCacheInvalidation[]; +extern const char kTestNaClSandbox[]; extern const char kTestName[]; extern const char kTestSandbox[]; extern const char kTestType[]; diff --git a/chrome/common/nacl_cmd_line.cc b/chrome/common/nacl_cmd_line.cc index 2893860..a54f196 100644 --- a/chrome/common/nacl_cmd_line.cc +++ b/chrome/common/nacl_cmd_line.cc @@ -18,7 +18,7 @@ namespace nacl { // TODO(gregoryd): check which flags of those below can be supported. static const char* const switch_names[] = { switches::kNoSandbox, - switches::kTestSandbox, + switches::kTestNaClSandbox, switches::kDisableBreakpad, switches::kFullMemoryCrashReport, switches::kEnableLogging, diff --git a/chrome/nacl.gypi b/chrome/nacl.gypi index b860e0f..d4be912 100644 --- a/chrome/nacl.gypi +++ b/chrome/nacl.gypi @@ -24,6 +24,10 @@ # platforms, including both 32-bit and 64-bit Windows. # Test files are also not included. 'nacl/nacl_main.cc', + 'nacl/nacl_main_platform_delegate.h', + 'nacl/nacl_main_platform_delegate_linux.cc', + 'nacl/nacl_main_platform_delegate_mac.mm', + 'nacl/nacl_main_platform_delegate_win.cc', 'nacl/nacl_thread.cc', 'nacl/nacl_thread.h', 'nacl/sel_main.cc', diff --git a/chrome/nacl/nacl_main.cc b/chrome/nacl/nacl_main.cc index 760eb85..d1cf8e1 100644 --- a/chrome/nacl/nacl_main.cc +++ b/chrome/nacl/nacl_main.cc @@ -25,6 +25,7 @@ #if defined(OS_WIN) #include "chrome/nacl/broker_thread.h" #endif +#include "chrome/nacl/nacl_main_platform_delegate.h" #include "chrome/nacl/nacl_thread.h" #ifdef _WIN64 @@ -86,28 +87,11 @@ static void HandleNaClTestParameters(const CommandLine& command_line) { } } -// Launch the NaCl child process in its own thread. -#if defined (OS_WIN) -static void LaunchNaClChildProcess(bool no_sandbox, - sandbox::TargetServices* target_services) { - ChildProcess nacl_process; - nacl_process.set_main_thread(new NaClThread()); - if (!no_sandbox && target_services) { - // Cause advapi32 to load before the sandbox is turned on. - unsigned int dummy_rand; - rand_s(&dummy_rand); - // Turn the sanbox on. - target_services->LowerToken(); - } - MessageLoop::current()->Run(); -} -#elif defined(OS_MACOSX) || defined(OS_LINUX) static void LaunchNaClChildProcess() { ChildProcess nacl_process; nacl_process.set_main_thread(new NaClThread()); MessageLoop::current()->Run(); } -#endif // main() routine for the NaCl loader process. int NaClMain(const MainFunctionParams& parameters) { @@ -126,33 +110,25 @@ int NaClMain(const MainFunctionParams& parameters) { SystemMonitor system_monitor; HighResolutionTimerManager hi_res_timer_manager; -#if defined(OS_WIN) - sandbox::TargetServices* target_services = - parameters.sandbox_info_.TargetServices(); - - DLOG(INFO) << "Started NaCl loader with " << - parsed_command_line.command_line_string(); +#if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX) + NaClMainPlatformDelegate platform(parameters); - HMODULE sandbox_test_module = NULL; + platform.PlatformInitialize(); bool no_sandbox = parsed_command_line.HasSwitch(switches::kNoSandbox); - if (target_services && !no_sandbox) { - // The command line might specify a test plugin to load. - if (parsed_command_line.HasSwitch(switches::kTestSandbox)) { - std::wstring test_plugin_name = - parsed_command_line.GetSwitchValue(switches::kTestSandbox); - sandbox_test_module = LoadLibrary(test_plugin_name.c_str()); - DCHECK(sandbox_test_module); - } + platform.InitSandboxTests(no_sandbox); + + if (!no_sandbox) { + platform.EnableSandbox(); } - LaunchNaClChildProcess(no_sandbox, target_services); + platform.RunSandboxTests(); -#elif defined(OS_MACOSX) || defined(OS_LINUX) LaunchNaClChildProcess(); #else NOTIMPLEMENTED() << " not implemented startup, plugin startup dialog etc."; #endif + platform.PlatformUninitialize(); return 0; } diff --git a/chrome/nacl/nacl_main_platform_delegate.h b/chrome/nacl/nacl_main_platform_delegate.h new file mode 100644 index 0000000..fe13ae3 --- /dev/null +++ b/chrome/nacl/nacl_main_platform_delegate.h @@ -0,0 +1,47 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_NACL_NACL_MAIN_PLATFORM_DELEGATE_H_ +#define CHROME_NACL_NACL_MAIN_PLATFORM_DELEGATE_H_ + +#include "chrome/common/main_function_params.h" + +typedef bool (*RunNaClLoaderTests)(void); +const char kNaClLoaderTestCall[] = "RunNaClLoaderTests"; + + +class NaClMainPlatformDelegate { + public: + explicit NaClMainPlatformDelegate(const MainFunctionParams& parameters); + ~NaClMainPlatformDelegate(); + + // Called first thing and last thing in the process' lifecycle, i.e. before + // the sandbox is enabled. + void PlatformInitialize(); + void PlatformUninitialize(); + + // Gives us an opportunity to initialize state used for tests before enabling + // the sandbox. + void InitSandboxTests(bool no_sandbox); + + // Initiate Lockdown, returns true on success. + bool EnableSandbox(); + + // Runs the sandbox tests for the NaCl Loader, if tests supplied. + // Cannot run again, after this (resources freed). + void RunSandboxTests(); + + private: + const MainFunctionParams& parameters_; +#if defined(OS_WIN) + HMODULE sandbox_test_module_; + // #elif defined(OS_POSIX) doesn't seem to work on Mac. +#elif defined(OS_LINUX) || defined(OS_MACOSX) + void* sandbox_test_module_; +#endif + + DISALLOW_COPY_AND_ASSIGN(NaClMainPlatformDelegate); +}; + +#endif // CHROME_NACL_NACL_MAIN_PLATFORM_DELEGATE_H_ diff --git a/chrome/nacl/nacl_main_platform_delegate_linux.cc b/chrome/nacl/nacl_main_platform_delegate_linux.cc new file mode 100644 index 0000000..92613a8 --- /dev/null +++ b/chrome/nacl/nacl_main_platform_delegate_linux.cc @@ -0,0 +1,53 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/nacl/nacl_main_platform_delegate.h" + +#include "base/command_line.h" +#include "base/debug_util.h" +#include "sandbox/linux/seccomp/sandbox.h" + +#include "chrome/common/chrome_switches.h" + +NaClMainPlatformDelegate::NaClMainPlatformDelegate( + const MainFunctionParams& parameters) + : parameters_(parameters), sandbox_test_module_(NULL) { +} + +NaClMainPlatformDelegate::~NaClMainPlatformDelegate() { +} + +void NaClMainPlatformDelegate::PlatformInitialize() { +} + +void NaClMainPlatformDelegate::PlatformUninitialize() { +} + +void NaClMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { + // The sandbox is started in the zygote process: zygote_main_linux.cc + // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox + return; +} + +bool NaClMainPlatformDelegate::EnableSandbox() { + // The setuid sandbox is started in the zygote process: zygote_main_linux.cc + // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox + // + // The seccomp sandbox is started in the renderer. + // http://code.google.com/p/seccompsandbox/ +#if defined(ARCH_CPU_X86_FAMILY) && !defined(CHROMIUM_SELINUX) + // N.b. SupportsSeccompSandbox() returns a cached result, as we already + // called it earlier in the zygote. Thus, it is OK for us to not pass in + // a file descriptor for "/proc". + if (switches::SeccompSandboxEnabled() && SupportsSeccompSandbox(-1)) + StartSeccompSandbox(); +#endif + return true; +} + +void NaClMainPlatformDelegate::RunSandboxTests() { + // The sandbox is started in the zygote process: zygote_main_linux.cc + // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox +} + diff --git a/chrome/nacl/nacl_main_platform_delegate_mac.mm b/chrome/nacl/nacl_main_platform_delegate_mac.mm new file mode 100644 index 0000000..61a2ed7 --- /dev/null +++ b/chrome/nacl/nacl_main_platform_delegate_mac.mm @@ -0,0 +1,85 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/nacl/nacl_main_platform_delegate.h" + +#import <Cocoa/Cocoa.h> +#include <dlfcn.h> +#import "base/chrome_application_mac.h" +#include "base/command_line.h" +#include "chrome/common/chrome_switches.h" +#include "chrome/common/sandbox_mac.h" +#include "third_party/WebKit/WebKit/mac/WebCoreSupport/WebSystemInterface.h" + +NaClMainPlatformDelegate::NaClMainPlatformDelegate( + const MainFunctionParams& parameters) + : parameters_(parameters), sandbox_test_module_(NULL) { +} + +NaClMainPlatformDelegate::~NaClMainPlatformDelegate() { +} + +// TODO(jvoung): see if this old comment (from renderer_main_platform...) +// is relevant to the nacl loader. +// TODO(mac-port): Any code needed to initialize a process for purposes of +// running a NaClLoader needs to also be reflected in chrome_dll_main.cc for +// --single-process support. +void NaClMainPlatformDelegate::PlatformInitialize() { +} + +void NaClMainPlatformDelegate::PlatformUninitialize() { +} + +void NaClMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { + const CommandLine& command_line = parameters_.command_line_; + + DLOG(INFO) << "Started NaClLdr with "; + const std::vector<std::string>& argstrings = command_line.argv(); + for (std::vector<std::string>::const_iterator ii = argstrings.begin(); + ii != argstrings.end(); ++ii) { + DLOG(INFO) << *ii; + } + DLOG(INFO) << std::endl; + + // Be sure not to load the sandbox test DLL if the sandbox isn't on. + // Comment-out guard and recompile if you REALLY want to test w/out the SB. + // TODO(jvoung): allow testing without sandbox, but change expected ret vals. + if (!no_sandbox) { + std::string test_dll_name = + command_line.GetSwitchValueASCII(switches::kTestNaClSandbox); + if (!test_dll_name.empty()) { + sandbox_test_module_ = dlopen(test_dll_name.c_str(), RTLD_LAZY); + CHECK(sandbox_test_module_); + } + } + return; +} + +bool NaClMainPlatformDelegate::EnableSandbox() { + CommandLine* parsed_command_line = CommandLine::ForCurrentProcess(); + SandboxInitWrapper sandbox_wrapper; + bool sandbox_initialized_ok = + sandbox_wrapper.InitializeSandbox(*parsed_command_line, + switches::kNaClLoaderProcess); + CHECK(sandbox_initialized_ok) << "Error initializing sandbox for " + << switches::kNaClLoaderProcess; + return sandbox_initialized_ok; +} + + +void NaClMainPlatformDelegate::RunSandboxTests() { + if (sandbox_test_module_) { + RunNaClLoaderTests run_security_tests = + reinterpret_cast<RunNaClLoaderTests>(dlsym(sandbox_test_module_, + kNaClLoaderTestCall)); + + CHECK(run_security_tests); + if (run_security_tests) { + DLOG(INFO) << "Running NaCl Loader security tests"; + CHECK((*run_security_tests)()); + } + dlclose(sandbox_test_module_); + } +} + diff --git a/chrome/nacl/nacl_main_platform_delegate_win.cc b/chrome/nacl/nacl_main_platform_delegate_win.cc new file mode 100644 index 0000000..df01489 --- /dev/null +++ b/chrome/nacl/nacl_main_platform_delegate_win.cc @@ -0,0 +1,85 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/nacl/nacl_main_platform_delegate.h" +#include "base/command_line.h" +#include "chrome/common/chrome_constants.h" +#include "chrome/common/chrome_switches.h" +#include "sandbox/src/sandbox.h" + +NaClMainPlatformDelegate::NaClMainPlatformDelegate( + const MainFunctionParams& parameters) + : parameters_(parameters), sandbox_test_module_(NULL) { +} + +NaClMainPlatformDelegate::~NaClMainPlatformDelegate() { +} + +void NaClMainPlatformDelegate::PlatformInitialize() { + // Be mindful of what resources you acquire here. They can be used by + // malicious code if the renderer gets compromised. +} + +void NaClMainPlatformDelegate::PlatformUninitialize() { +} + +void NaClMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { + const CommandLine& command_line = parameters_.command_line_; + + DLOG(INFO) << "Started NaClLdr with " << command_line.command_line_string(); + + sandbox::TargetServices* target_services = + parameters_.sandbox_info_.TargetServices(); + + if (target_services && !no_sandbox) { + std::wstring test_dll_name = + command_line.GetSwitchValue(switches::kTestNaClSandbox); + if (!test_dll_name.empty()) { + // At this point, hack on the suffix according to with bitness + // of your windows process. +#if defined(_WIN64) + DLOG(INFO) << "Using 64-bit test dll\n"; + test_dll_name.append(L"64.dll"); +#else + DLOG(INFO) << "Using 32-bit test dll\n"; + test_dll_name.append(L".dll"); +#endif + DLOG(INFO) << "Loading test lib " << test_dll_name << "\n"; + sandbox_test_module_ = LoadLibrary(test_dll_name.c_str()); + CHECK(sandbox_test_module_); + LOG(INFO) << "Testing NaCl sandbox\n"; + } + } + return; +} + +bool NaClMainPlatformDelegate::EnableSandbox() { + sandbox::TargetServices* target_services = + parameters_.sandbox_info_.TargetServices(); + + if (target_services) { + // Cause advapi32 to load before the sandbox is turned on. + unsigned int dummy_rand; + rand_s(&dummy_rand); + // Turn the sandbox on. + target_services->LowerToken(); + return true; + } + return false; +} + +void NaClMainPlatformDelegate::RunSandboxTests() { + if (sandbox_test_module_) { + RunNaClLoaderTests run_security_tests = reinterpret_cast<RunNaClLoaderTests> + (GetProcAddress(sandbox_test_module_, kNaClLoaderTestCall)); + + CHECK(run_security_tests); + if (run_security_tests) { + DLOG(INFO) << "Running NaCl Loader security tests"; + CHECK((*run_security_tests)()); + } + FreeLibrary(sandbox_test_module_); + } +} + diff --git a/chrome/test/nacl/nacl_sandbox_test.cc b/chrome/test/nacl/nacl_sandbox_test.cc new file mode 100644 index 0000000..1e1b856 --- /dev/null +++ b/chrome/test/nacl/nacl_sandbox_test.cc @@ -0,0 +1,44 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/test/nacl/nacl_sandbox_test.h" + +#include "base/file_util.h" +#include "base/path_service.h" +#include "chrome/common/chrome_switches.h" + +namespace { + +// Base url is specified in nacl_test. +const FilePath::CharType kSrpcHwHtmlFileName[] = + FILE_PATH_LITERAL("srpc_hw.html"); + +} // anonymous namespace + +NaClSandboxTest::NaClSandboxTest() : NaClTest() { + // Append the --test-nacl-sandbox=$TESTDLL flag before launching. + FilePath dylibDir; + PathService::Get(base::DIR_EXE, &dylibDir); +#if defined(OS_MACOSX) + dylibDir = dylibDir.AppendASCII("libnacl_security_tests.dylib"); + launch_arguments_.AppendSwitchWithValue(switches::kTestNaClSandbox, + dylibDir.value()); +#elif defined(OS_WIN) + // Let the NaCl process detect if it is 64-bit or not and hack on + // the appropriate suffix to this dll. + dylibDir = dylibDir.AppendASCII("nacl_security_tests"); + launch_arguments_.AppendSwitchWithValue(switches::kTestNaClSandbox, + dylibDir.value()); +#elif defined(OS_LINUX) + // We currently do not test the Chrome Linux SUID or seccomp sandboxes. +#endif +} + +NaClSandboxTest::~NaClSandboxTest() {} + +TEST_F(NaClSandboxTest, NaClOuterSBTest) { + // Load a helloworld .nexe to trigger the nacl loader test. + FilePath test_file(kSrpcHwHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} diff --git a/chrome/test/nacl/nacl_sandbox_test.h b/chrome/test/nacl/nacl_sandbox_test.h new file mode 100644 index 0000000..578535a --- /dev/null +++ b/chrome/test/nacl/nacl_sandbox_test.h @@ -0,0 +1,24 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_TEST_NACL_NACL_SANDBOX_TEST_H_ +#define CHROME_TEST_NACL_NACL_SANDBOX_TEST_H_ + +#include "chrome/test/nacl/nacl_test.h" + +class FilePath; + +// This class implements integration tests for Native Client. +// Specifically, this tests that the sandbox is active by the time a +// NaCl module is loaded. To force a NaCl module to be loaded, +// it will navigate to a page containing a simple NaCl module. +// The NaCl module itself won't exercise the sandbox, but a DLL will be +// loaded into the same process that does exercise the sandbox. +class NaClSandboxTest : public NaClTest { + protected: + NaClSandboxTest(); + virtual ~NaClSandboxTest(); +}; + +#endif // CHROME_TEST_NACL_NACL_SANDBOX_TEST_H_ diff --git a/chrome/test/nacl/nacl_test.cc b/chrome/test/nacl/nacl_test.cc index 4f67bf5..5a249c3 100644 --- a/chrome/test/nacl/nacl_test.cc +++ b/chrome/test/nacl/nacl_test.cc @@ -21,29 +21,6 @@ const char kTestCompleteSuccess[] = "OK"; const FilePath::CharType kBaseUrl[] = FILE_PATH_LITERAL("http://localhost:5103/tests/prebuilt"); -const FilePath::CharType kSrpcHwHtmlFileName[] = - FILE_PATH_LITERAL("srpc_hw.html"); - -const FilePath::CharType kSrpcBasicHtmlFileName[] = - FILE_PATH_LITERAL("srpc_basic.html"); - -const FilePath::CharType kSrpcSockAddrHtmlFileName[] = - FILE_PATH_LITERAL("srpc_sockaddr.html"); - -const FilePath::CharType kSrpcShmHtmlFileName[] = - FILE_PATH_LITERAL("srpc_shm.html"); - -const FilePath::CharType kSrpcPluginHtmlFileName[] = - FILE_PATH_LITERAL("srpc_plugin.html"); - -const FilePath::CharType kSrpcNrdXferHtmlFileName[] = - FILE_PATH_LITERAL("srpc_nrd_xfer.html"); - -const FilePath::CharType kServerHtmlFileName[] = - FILE_PATH_LITERAL("server_test.html"); - -const FilePath::CharType kNpapiHwHtmlFileName[] = - FILE_PATH_LITERAL("npapi_hw.html"); } // anonymous namespace NaClTest::NaClTest() @@ -117,43 +94,3 @@ void NaClTest::TearDown() { StopHttpServer(); UITest::TearDown(); } - -TEST_F(NaClTest, ServerTest) { - FilePath test_file(kServerHtmlFileName); - RunTest(test_file, action_max_timeout_ms()); -} - -TEST_F(NaClTest, SrpcHelloWorld) { - FilePath test_file(kSrpcHwHtmlFileName); - RunTest(test_file, action_max_timeout_ms()); -} - -TEST_F(NaClTest, SrpcBasicTest) { - FilePath test_file(kSrpcBasicHtmlFileName); - RunTest(test_file, action_max_timeout_ms()); -} - -TEST_F(NaClTest, SrpcSockAddrTest) { - FilePath test_file(kSrpcSockAddrHtmlFileName); - RunTest(test_file, action_max_timeout_ms()); -} - -TEST_F(NaClTest, SrpcShmTest) { - FilePath test_file(kSrpcShmHtmlFileName); - RunTest(test_file, action_max_timeout_ms()); -} - -TEST_F(NaClTest, FLAKY_SrpcPluginTest) { - FilePath test_file(kSrpcPluginHtmlFileName); - RunTest(test_file, action_max_timeout_ms()); -} - -TEST_F(NaClTest, SrpcNrdXferTest) { - FilePath test_file(kSrpcNrdXferHtmlFileName); - RunTest(test_file, action_max_timeout_ms()); -} - -TEST_F(NaClTest, NpapiHwTest) { - FilePath test_file(kNpapiHwHtmlFileName); - RunTest(test_file, action_max_timeout_ms()); -} diff --git a/chrome/test/nacl/nacl_ui_test.cc b/chrome/test/nacl/nacl_ui_test.cc new file mode 100644 index 0000000..10af909 --- /dev/null +++ b/chrome/test/nacl/nacl_ui_test.cc @@ -0,0 +1,85 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/test/nacl/nacl_ui_test.h" + +// TODO(jvoung) see what includes we really need. +#include "base/file_util.h" +#include "base/path_service.h" +#include "chrome/common/chrome_paths.h" + +namespace { + + // base url specified in nacl_test + +const FilePath::CharType kSrpcHwHtmlFileName[] = + FILE_PATH_LITERAL("srpc_hw.html"); + +const FilePath::CharType kSrpcBasicHtmlFileName[] = + FILE_PATH_LITERAL("srpc_basic.html"); + +const FilePath::CharType kSrpcSockAddrHtmlFileName[] = + FILE_PATH_LITERAL("srpc_sockaddr.html"); + +const FilePath::CharType kSrpcShmHtmlFileName[] = + FILE_PATH_LITERAL("srpc_shm.html"); + +const FilePath::CharType kSrpcPluginHtmlFileName[] = + FILE_PATH_LITERAL("srpc_plugin.html"); + +const FilePath::CharType kSrpcNrdXferHtmlFileName[] = + FILE_PATH_LITERAL("srpc_nrd_xfer.html"); + +const FilePath::CharType kServerHtmlFileName[] = + FILE_PATH_LITERAL("server_test.html"); + +const FilePath::CharType kNpapiHwHtmlFileName[] = + FILE_PATH_LITERAL("npapi_hw.html"); +} // anonymous namespace + +NaClUITest::NaClUITest() : NaClTest() { + // NaClTest has all we need. +} + +NaClUITest::~NaClUITest() {} + +TEST_F(NaClUITest, ServerTest) { + FilePath test_file(kServerHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} + +TEST_F(NaClUITest, SrpcHelloWorld) { + FilePath test_file(kSrpcHwHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} + +TEST_F(NaClUITest, SrpcBasicTest) { + FilePath test_file(kSrpcBasicHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} + +TEST_F(NaClUITest, SrpcSockAddrTest) { + FilePath test_file(kSrpcSockAddrHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} + +TEST_F(NaClUITest, SrpcShmTest) { + FilePath test_file(kSrpcShmHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} + +TEST_F(NaClUITest, FLAKY_SrpcPluginTest) { + FilePath test_file(kSrpcPluginHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} + +TEST_F(NaClUITest, SrpcNrdXferTest) { + FilePath test_file(kSrpcNrdXferHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} + +TEST_F(NaClUITest, NpapiHwTest) { + FilePath test_file(kNpapiHwHtmlFileName); + RunTest(test_file, action_max_timeout_ms()); +} diff --git a/chrome/test/nacl/nacl_ui_test.h b/chrome/test/nacl/nacl_ui_test.h new file mode 100644 index 0000000..1b82c12 --- /dev/null +++ b/chrome/test/nacl/nacl_ui_test.h @@ -0,0 +1,18 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_TEST_NACL_NACL_UI_TEST_H_ +#define CHROME_TEST_NACL_NACL_UI_TEST_H_ + +#include "chrome/test/nacl/nacl_test.h" + +// The actual NaCl ui tests are hooked onto this, so that the base class +// can be reused without running tests that require loading a NaCl module. +class NaClUITest : public NaClTest { + protected: + NaClUITest(); + virtual ~NaClUITest(); +}; + +#endif // CHROME_TEST_NACL_NACL_UI_TEST_H_ diff --git a/chrome/test/nacl_security_tests/commands_posix.cc b/chrome/test/nacl_security_tests/commands_posix.cc new file mode 100644 index 0000000..85196e3 --- /dev/null +++ b/chrome/test/nacl_security_tests/commands_posix.cc @@ -0,0 +1,112 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "./commands_posix.h" + +#include <fcntl.h> +#include <netdb.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <unistd.h> + +#include <string> + +// Sandbox access tests (mimic'ing "sandbox/tests/validation_tests/commands.h") + +namespace sandbox { + +SboxTestResult TestOpenReadFile(const char *path) { + int fd = open(path, O_RDONLY | O_CREAT); + if (-1 == fd) { + return SBOX_TEST_DENIED; + } else { + fprintf(stderr, "OOPS: Opened file for read %s %d\n", path, fd); + close(fd); + return SBOX_TEST_SUCCEEDED; + } +} + +SboxTestResult TestOpenWriteFile(const char *path) { + int fd = open(path, O_WRONLY | O_CREAT); + if (-1 == fd) { + return SBOX_TEST_DENIED; + } else { + fprintf(stderr, "OOPS: Opened file for write %s %d\n", path, fd); + close(fd); + return SBOX_TEST_SUCCEEDED; + } +} + +SboxTestResult TestCreateProcess(const char *path) { + pid_t pid; + int exec_res; + int child_stat; + + pid = fork(); + if (0 == pid) { + exec_res = execl(path, path, NULL); + if (exec_res) { + return SBOX_TEST_DENIED; + } else { + return SBOX_TEST_SUCCEEDED; + } + return SBOX_TEST_SUCCEEDED; + } else if (0 < pid) { + fprintf(stderr, "PARENT: Oops, forked child!\n"); + waitpid(pid, &child_stat, WNOHANG); + return SBOX_TEST_SUCCEEDED; + } else { + return SBOX_TEST_DENIED; + } +} + +SboxTestResult TestConnect(const char *url) { + int conn_sock; + struct addrinfo hints, *servinfo, *p; + int rv; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + rv = getaddrinfo(url, "http", &hints, &servinfo); + if (0 != rv) { + fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv)); + return SBOX_TEST_DENIED; + } + + p = servinfo; + // Just try the first entry. + conn_sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol); + if (-1 == conn_sock) { + perror("socket"); + freeaddrinfo(servinfo); + fprintf(stderr, "Error at socket()\n"); + return SBOX_TEST_DENIED; + } + + if (-1 == connect(conn_sock, p->ai_addr, p->ai_addrlen)) { + close(conn_sock); + freeaddrinfo(servinfo); + return SBOX_TEST_DENIED; + } + + fprintf(stderr, "Connected to server.\n"); + shutdown(conn_sock, SHUT_RDWR); + close(conn_sock); + freeaddrinfo(servinfo); + return SBOX_TEST_SUCCEEDED; +} + +// TODO(jvoung): test more: e.g., bind and accept. +// chmod, unlink, symlink, ... if guaranteed a test file that would normally +// allow us to do such things (i.e., we want the test operations to be +// context-independent, yet leave no traces). + +SboxTestResult TestDummyFails() { + fprintf(stderr, "Running dummy sandbox test, which should fail\n"); + return SBOX_TEST_SUCCEEDED; +} + +} // namespace sandbox diff --git a/chrome/test/nacl_security_tests/commands_posix.h b/chrome/test/nacl_security_tests/commands_posix.h new file mode 100644 index 0000000..95d5647 --- /dev/null +++ b/chrome/test/nacl_security_tests/commands_posix.h @@ -0,0 +1,53 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_TEST_NACL_SECURITY_TESTS_COMMANDS_POSIX_H_ +#define CHROME_TEST_NACL_SECURITY_TESTS_COMMANDS_POSIX_H_ + +// TODO(jvoung): factor out the SboxTestResult from +// sandbox/tests/common/controller.h +// to make it OS independent. + +namespace sandbox { + +#define SEVERITY_INFO_FLAGS 0x40000000 +#define SEVERITY_ERROR_FLAGS 0xC0000000 +#define CUSTOMER_CODE 0x20000000 +#define SBOX_TESTS_FACILITY 0x05B10000 + +enum SboxTestResult { + SBOX_TEST_FIRST_RESULT = 8998, + SBOX_TEST_SUCCEEDED, + SBOX_TEST_PING_OK, + SBOX_TEST_FIRST_INFO = SBOX_TEST_FIRST_RESULT | SEVERITY_INFO_FLAGS, + SBOX_TEST_DENIED, // Access was denied. + SBOX_TEST_NOT_FOUND, // The resource was not found. + SBOX_TEST_FIRST_ERROR = SBOX_TEST_FIRST_RESULT | SEVERITY_ERROR_FLAGS, + SBOX_TEST_INVALID_PARAMETER, + SBOX_TEST_FAILED_TO_RUN_TEST, + SBOX_TEST_FAILED_TO_EXECUTE_COMMAND, + SBOX_TEST_TIMED_OUT, + SBOX_TEST_FAILED, + SBOX_TEST_LAST_RESULT +}; + +// Sandbox access tests for Mac and Linux +// (mimic'ing "sandbox/tests/validation_tests/commands.h") + +SboxTestResult TestOpenReadFile(const char* path); + +SboxTestResult TestOpenWriteFile(const char* path); + +SboxTestResult TestCreateProcess(const char* path); + +SboxTestResult TestConnect(const char* url); + +// Dummy test that returns SBOX_TEST_SUCCEEDED +// (so it fails, because everything should be denied). +SboxTestResult TestDummyFails(); + +} // namespace sandbox + +#endif // CHROME_TEST_NACL_SECURITY_TESTS_COMMANDS_POSIX_H_ + diff --git a/chrome/test/nacl_security_tests/nacl_security_tests_linux.cc b/chrome/test/nacl_security_tests/nacl_security_tests_linux.cc new file mode 100644 index 0000000..768aa55 --- /dev/null +++ b/chrome/test/nacl_security_tests/nacl_security_tests_linux.cc @@ -0,0 +1,36 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/test/nacl_security_tests/nacl_security_tests_posix.h" +#include <string> +#include "chrome/test/nacl_security_tests/commands_posix.h" + +#define RETURN_IF_NOT_DENIED(x) \ + if (sandbox::SBOX_TEST_DENIED != x) { \ + return false; \ + } + +// Runs the security tests of sandbox for the nacl loader process. +extern "C" bool RunNaClLoaderTests(void) { + // Need to check if the system supports CLONE_NEWPID before testing + // the filesystem accesses (otherwise the sandbox is not enabled). + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile("/etc")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile("/tmp")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile("$HOME")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile("/etc")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile("/etc/passwd")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile("/bin")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile("/usr/bin")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile("/usr/bin/bash")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile("/usr/bin/login")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile("/usr/sbin")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile("$HOME")); + + // Linux (suid) sandbox doesn't block connect, etc... + RETURN_IF_NOT_DENIED(sandbox::TestCreateProcess("/usr/bin/env")); + RETURN_IF_NOT_DENIED(sandbox::TestConnect("www.archive.org")); + + return true; +} + diff --git a/chrome/test/nacl_security_tests/nacl_security_tests_mac.cc b/chrome/test/nacl_security_tests/nacl_security_tests_mac.cc new file mode 100644 index 0000000..12f7583 --- /dev/null +++ b/chrome/test/nacl_security_tests/nacl_security_tests_mac.cc @@ -0,0 +1,46 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + + +#include "chrome/test/nacl_security_tests/nacl_security_tests_posix.h" +#include <string> +#include "testing/gtest/include/gtest/gtest.h" +#include "chrome/test/nacl_security_tests/commands_posix.h" + +__attribute__((constructor)) +static void initializer(void) { +} + +__attribute__((destructor)) +static void finalizer(void) { +} + +namespace { +void CheckDenied(sandbox::SboxTestResult x) { + EXPECT_EQ(sandbox::SBOX_TEST_DENIED, x); +} +} // anon namespace + +extern "C" +__attribute__((visibility("default"))) +bool RunNaClLoaderTests(void) { + CheckDenied(sandbox::TestOpenReadFile("/etc")); + CheckDenied(sandbox::TestOpenReadFile("/tmp")); + CheckDenied(sandbox::TestOpenReadFile("$HOME")); + CheckDenied(sandbox::TestOpenWriteFile("/etc")); + CheckDenied(sandbox::TestOpenWriteFile("/etc/passwd")); + CheckDenied(sandbox::TestOpenWriteFile("/bin")); + CheckDenied(sandbox::TestOpenWriteFile("/usr/bin")); + CheckDenied(sandbox::TestOpenWriteFile("/usr/bin/bash")); + CheckDenied(sandbox::TestOpenWriteFile("/usr/bin/login")); + CheckDenied(sandbox::TestOpenWriteFile("/usr/sbin")); + CheckDenied(sandbox::TestOpenWriteFile("$HOME")); + + CheckDenied(sandbox::TestCreateProcess("/usr/bin/env")); + CheckDenied(sandbox::TestConnect("www.archive.org")); + + return !(testing::Test::HasFatalFailure() || + testing::Test::HasNonfatalFailure()); +} + diff --git a/chrome/test/nacl_security_tests/nacl_security_tests_posix.h b/chrome/test/nacl_security_tests/nacl_security_tests_posix.h new file mode 100644 index 0000000..251e3f0 --- /dev/null +++ b/chrome/test/nacl_security_tests/nacl_security_tests_posix.h @@ -0,0 +1,12 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_TEST_NACL_SECURITY_TESTS_NACL_SECURITY_TESTS_POSIX_H_ +#define CHROME_TEST_NACL_SECURITY_TESTS_NACL_SECURITY_TESTS_POSIX_H_ + +// Runs security tests against the outer sandbox of the nacl loader process. +extern "C" bool RunNaClLoaderTests(void); + +#endif // CHROME_TEST_NACL_SECURITY_TESTS_NACL_SECURITY_TESTS_POSIX_H_ + diff --git a/chrome/test/nacl_security_tests/nacl_security_tests_win.cc b/chrome/test/nacl_security_tests/nacl_security_tests_win.cc new file mode 100644 index 0000000..e95e17f --- /dev/null +++ b/chrome/test/nacl_security_tests/nacl_security_tests_win.cc @@ -0,0 +1,145 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/test/nacl_security_tests/nacl_security_tests_win.h" +#include <winsock2.h> +#include <ws2tcpip.h> +#include <windows.h> +#include <string> + +// TODO(jvoung): factor out the enum SboxTestResult from +// "sandbox/tests/common/controller.h" to make it OS independent + +#include "sandbox/tests/common/controller.h" +#include "sandbox/tests/validation_tests/commands.h" + +BOOL APIENTRY DllMain(HMODULE module, DWORD ul_reason_for_call, + LPVOID lpReserved) { + return TRUE; +} + +#define RETURN_IF_NOT_DENIED(x) \ + if (sandbox::SBOX_TEST_DENIED != x) { \ + return false; \ + } + +//////////////////////////////////////////////////////////// +// Additional sandbox access tests +// (not in "sandbox/tests/validation_tests/commands.h") +//////////////////////////////////////////////////////////// + +namespace sandbox { + +SboxTestResult TestCreateProcess(const wchar_t *path_str, wchar_t *cmd_str) { + STARTUPINFO si; + PROCESS_INFORMATION pi; + + ZeroMemory(&si, sizeof(si)); + ZeroMemory(&pi, sizeof(pi)); + if (!::CreateProcess(path_str, cmd_str, NULL, NULL, FALSE, 0, + NULL, NULL, &si, &pi)) { + if (ERROR_ACCESS_DENIED == ::GetLastError()) { + fprintf(stderr, "Create process denied\n"); + return SBOX_TEST_DENIED; + } else { + fprintf(stderr, "Created process denied for misc reason: %ld\n", + ::GetLastError()); + return SBOX_TEST_DENIED; + } + } else { + fprintf(stderr, "Created process\n"); + return SBOX_TEST_SUCCEEDED; + } +} + +SboxTestResult TestConnect(const char* url) { + WSADATA wsaData; + int iResult = WSAStartup(MAKEWORD(2, 2), &wsaData); + if (NO_ERROR != iResult) { + fprintf(stderr, "Error at WSAStartup()\n"); + } + + struct addrinfo hints, *servinfo, *p; + DWORD dwRet; + ZeroMemory(&hints, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + dwRet = getaddrinfo(url, "80", &hints, &servinfo); + if (0 != dwRet) { + fprintf(stderr, "getaddrinfo failed with %d\n", dwRet); + WSACleanup(); + return SBOX_TEST_DENIED; + } + + p = servinfo; + // Just try the first entry. + SOCKET sock; + sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol); + if (INVALID_SOCKET == sock) { + fprintf(stderr, "Error at socket(): %ld\n", WSAGetLastError()); + freeaddrinfo(servinfo); + WSACleanup(); + return SBOX_TEST_DENIED; + } + + if (SOCKET_ERROR == connect(sock, p->ai_addr, + static_cast<int>(p->ai_addrlen))) { + fprintf(stderr, "Failed to connect\n"); + freeaddrinfo(servinfo); + closesocket(sock); + WSACleanup(); + return SBOX_TEST_DENIED; + } + + fprintf(stderr, "OOPS: Connected to server.\n"); + freeaddrinfo(servinfo); + closesocket(sock); + WSACleanup(); + return SBOX_TEST_SUCCEEDED; +} + +} // namespace sandbox + +//////////////////////////////////////////////////////////// + + +// Runs the security tests of sandbox for the nacl loader process. +// If a test fails, the return value is FALSE and test_count contains the +// number of tests executed, including the failing test. +extern "C" bool __declspec(dllexport) RunNaClLoaderTests(void) { + // Filesystem and Registry tests borrowed from renderer security_tests.dll + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile(L"%SystemDrive%")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile(L"%SystemRoot%")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile(L"%ProgramFiles%")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile(L"%SystemRoot%\\System32")); + RETURN_IF_NOT_DENIED( + sandbox::TestOpenReadFile(L"%SystemRoot%\\explorer.exe")); + RETURN_IF_NOT_DENIED( + sandbox::TestOpenReadFile(L"%SystemRoot%\\Cursors\\arrow_i.cur")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile(L"%SystemRoot%")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile(L"%ProgramFiles%")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenWriteFile(L"%SystemRoot%\\System32")); + RETURN_IF_NOT_DENIED( + sandbox::TestOpenWriteFile(L"%SystemRoot%\\explorer.exe")); + RETURN_IF_NOT_DENIED( + sandbox::TestOpenWriteFile(L"%SystemRoot%\\Cursors\\arrow_i.cur")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile(L"%AllUsersProfile%")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile(L"%Temp%")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenReadFile(L"%AppData%")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenKey(HKEY_LOCAL_MACHINE, L"")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenKey(HKEY_CURRENT_USER, L"")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenKey(HKEY_USERS, L"")); + RETURN_IF_NOT_DENIED(sandbox::TestOpenKey(HKEY_LOCAL_MACHINE, + L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon")); + + RETURN_IF_NOT_DENIED(sandbox::TestConnect("www.archive.org")); + RETURN_IF_NOT_DENIED(sandbox::TestConnect("www.google.com")); + + RETURN_IF_NOT_DENIED(sandbox::TestCreateProcess(L"%SystemRoot%\\explorer.exe", + L"%SystemRoot%\\explorer.exe")); + + return true; +} diff --git a/chrome/test/nacl_security_tests/nacl_security_tests_win.h b/chrome/test/nacl_security_tests/nacl_security_tests_win.h new file mode 100644 index 0000000..5e3bda6 --- /dev/null +++ b/chrome/test/nacl_security_tests/nacl_security_tests_win.h @@ -0,0 +1,12 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_TEST_NACL_SECURITY_TESTS_NACL_SECURITY_TESTS_WIN_H_ +#define CHROME_TEST_NACL_SECURITY_TESTS_NACL_SECURITY_TESTS_WIN_H_ + +// Runs security tests against the outer sandbox of the nacl loader process. +extern "C" bool __declspec(dllexport) RunNaClLoaderTests(void); + +#endif // CHROME_TEST_NACL_SECURITY_TESTS_NACL_SECURITY_TESTS_WIN_H_ + |