summaryrefslogtreecommitdiffstats
path: root/sandbox/tests/validation_tests
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox/tests/validation_tests')
-rw-r--r--sandbox/tests/validation_tests/commands.cc22
-rw-r--r--sandbox/tests/validation_tests/commands.h4
-rw-r--r--sandbox/tests/validation_tests/suite.cc93
3 files changed, 106 insertions, 13 deletions
diff --git a/sandbox/tests/validation_tests/commands.cc b/sandbox/tests/validation_tests/commands.cc
index 4d9eba4..d99451f 100644
--- a/sandbox/tests/validation_tests/commands.cc
+++ b/sandbox/tests/validation_tests/commands.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -88,15 +88,16 @@ int TestValidWindow(HWND window) {
}
SBOX_TESTS_COMMAND int OpenProcessCmd(int argc, wchar_t **argv) {
- if (1 != argc)
+ if (2 != argc)
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
- DWORD process_id = _wtoi(argv[0]);
- return TestOpenProcess(process_id);
+ DWORD process_id = _wtol(argv[0]);
+ DWORD access_mask = _wtol(argv[1]);
+ return TestOpenProcess(process_id, access_mask);
}
-int TestOpenProcess(DWORD process_id) {
- HANDLE process = ::OpenProcess(PROCESS_VM_READ,
+int TestOpenProcess(DWORD process_id, DWORD access_mask) {
+ HANDLE process = ::OpenProcess(access_mask,
FALSE, // Do not inherit handle.
process_id);
if (NULL == process) {
@@ -249,4 +250,13 @@ int TestSwitchDesktop() {
return SBOX_TEST_DENIED;
}
+SBOX_TESTS_COMMAND int SleepCmd(int argc, wchar_t **argv) {
+ if (1 != argc)
+ return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
+
+ ::Sleep(_wtoi(argv[0]));
+ return SBOX_TEST_SUCCEEDED;
+}
+
+
} // namespace sandbox
diff --git a/sandbox/tests/validation_tests/commands.h b/sandbox/tests/validation_tests/commands.h
index 47f7c26..9b797a5 100644
--- a/sandbox/tests/validation_tests/commands.h
+++ b/sandbox/tests/validation_tests/commands.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -11,7 +11,7 @@ namespace sandbox {
int TestValidWindow(HWND window);
// Tries to open the process_id. Returns a SboxTestResult.
-int TestOpenProcess(DWORD process_id);
+int TestOpenProcess(DWORD process_id, DWORD access_mask);
// Tries to open thread_id. Returns a SboxTestResult.
int TestOpenThread(DWORD thread_id);
diff --git a/sandbox/tests/validation_tests/suite.cc b/sandbox/tests/validation_tests/suite.cc
index a5886cd..3147f70 100644
--- a/sandbox/tests/validation_tests/suite.cc
+++ b/sandbox/tests/validation_tests/suite.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -8,11 +8,43 @@
#include <shlwapi.h>
+#include "base/win/windows_version.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "sandbox/tests/common/controller.h"
#pragma comment(lib, "shlwapi.lib")
+namespace {
+
+void TestProcessAccess(sandbox::TestRunner* runner, DWORD target) {
+ const wchar_t *kCommandTemplate = L"OpenProcessCmd %d %d";
+ wchar_t command[1024] = {0};
+
+ // Test all the scary process permissions.
+ wsprintf(command, kCommandTemplate, target, PROCESS_CREATE_THREAD);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, PROCESS_DUP_HANDLE);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, PROCESS_SET_INFORMATION);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, PROCESS_VM_OPERATION);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, PROCESS_VM_READ);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, PROCESS_VM_WRITE);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, PROCESS_QUERY_INFORMATION);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, WRITE_DAC);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, WRITE_OWNER);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+ wsprintf(command, kCommandTemplate, target, READ_CONTROL);
+ EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command));
+}
+
+} // namespace
+
namespace sandbox {
// Returns true if the volume that contains any_path supports ACL security. The
@@ -96,13 +128,64 @@ TEST(ValidationSuite, TestWindows) {
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
}
-// Tests if the processes are correctly protected by the sandbox.
-TEST(ValidationSuite, TestProcess) {
+// Tests that a locked-down process cannot open another locked-down process.
+TEST(ValidationSuite, TestProcessDenyLockdown) {
TestRunner runner;
+ TestRunner target;
wchar_t command[1024] = {0};
- wsprintf(command, L"OpenProcessCmd %d", ::GetCurrentProcessId());
- EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
+ target.SetAsynchronous(true);
+
+ EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000"));
+
+ TestProcessAccess(&runner, target.process_id());
+}
+
+// Tests that a low-integrity process cannot open a locked-down process (due
+// to the integrity label changing after startup via SetDelayedIntegrityLevel).
+TEST(ValidationSuite, TestProcessDenyLowIntegrity) {
+ // This test applies only to Vista and above.
+ if (base::win::Version() < base::win::VERSION_VISTA)
+ return;
+
+ TestRunner runner;
+ TestRunner target;
+ wchar_t command[1024] = {0};
+
+ target.SetAsynchronous(true);
+ target.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW);
+
+ runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW);
+ runner.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS,
+ USER_INTERACTIVE);
+
+ EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000"));
+
+ TestProcessAccess(&runner, target.process_id());
+}
+
+// Tests that a locked-down process cannot open a low-integrity process.
+TEST(ValidationSuite, TestProcessDenyBelowLowIntegrity) {
+ // This test applies only to Vista and above.
+ if (base::win::Version() < base::win::VERSION_VISTA)
+ return;
+
+ TestRunner runner;
+ TestRunner target;
+ wchar_t command[1024] = {0};
+
+ target.SetAsynchronous(true);
+ target.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW);
+ target.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS,
+ USER_INTERACTIVE);
+
+ runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_UNTRUSTED);
+ runner.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS,
+ USER_INTERACTIVE);
+
+ EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000"));
+
+ TestProcessAccess(&runner, target.process_id());
}
// Tests if the threads are correctly protected by the sandbox.
generated by cgit v1.1 at 2025-02-04 22:51:50 +0000