From c4319fff25090b1c7315fb25a85be57c3d40378b Mon Sep 17 00:00:00 2001 From: "cpu@google.com" Date: Wed, 30 Jul 2008 16:53:27 +0000 Subject: Adding validation tests for OpenInputDesktop and SwitchDesktop API calls. They should fail under sbox - There was no test for the winstation handle. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@117 0039d316-1c4b-4281-b951-d872f2087c98 --- sandbox/tests/validation_tests/commands.cc | 66 ++++++++++++++++++++++-------- sandbox/tests/validation_tests/commands.h | 3 ++ sandbox/tests/validation_tests/suite.cc | 9 ++++ 3 files changed, 61 insertions(+), 17 deletions(-) (limited to 'sandbox') diff --git a/sandbox/tests/validation_tests/commands.cc b/sandbox/tests/validation_tests/commands.cc index e2a214a..4dd2864 100644 --- a/sandbox/tests/validation_tests/commands.cc +++ b/sandbox/tests/validation_tests/commands.cc @@ -64,23 +64,6 @@ void trim_quote(std::wstring* string) { (*string) = string->substr(pos1, pos2 + 1); } -// Returns true if the current's thread desktop is the interactive desktop. -// In Vista there is a more direct test but for XP and w2k we need to check -// the object name. -bool IsInteractiveDesktop(bool* is_interactive) { - HDESK current_desk = ::GetThreadDesktop(::GetCurrentThreadId()); - if (NULL == current_desk) { - return false; - } - wchar_t current_desk_name[256] = {0}; - if (!::GetUserObjectInformationW(current_desk, UOI_NAME, current_desk_name, - sizeof(current_desk_name), NULL)) { - return false; - } - *is_interactive = (0 == _wcsicmp(L"default", current_desk_name)); - return true; -} - int TestOpenFile(std::wstring path, bool for_write) { wchar_t path_expanded[MAX_PATH + 1] = {0}; DWORD size = ::ExpandEnvironmentStrings(path.c_str(), path_expanded, @@ -244,4 +227,53 @@ int TestOpenKey(HKEY base_key, std::wstring subkey) { } } +// Returns true if the current's thread desktop is the interactive desktop. +// In Vista there is a more direct test but for XP and w2k we need to check +// the object name. +bool IsInteractiveDesktop(bool* is_interactive) { + HDESK current_desk = ::GetThreadDesktop(::GetCurrentThreadId()); + if (NULL == current_desk) { + return false; + } + wchar_t current_desk_name[256] = {0}; + if (!::GetUserObjectInformationW(current_desk, UOI_NAME, current_desk_name, + sizeof(current_desk_name), NULL)) { + return false; + } + *is_interactive = (0 == _wcsicmp(L"default", current_desk_name)); + return true; +} + +SBOX_TESTS_COMMAND int OpenInteractiveDesktop(int, wchar_t **) { + return TestOpenInputDesktop(); +} + +int TestOpenInputDesktop() { + bool is_interactive = false; + if (IsInteractiveDesktop(&is_interactive) && is_interactive) { + return SBOX_TEST_SUCCEEDED; + } + HDESK desk = ::OpenInputDesktop(0, FALSE, DESKTOP_CREATEWINDOW); + if (desk) { + ::CloseDesktop(desk); + return SBOX_TEST_SUCCEEDED; + } + return SBOX_TEST_DENIED; +} + +SBOX_TESTS_COMMAND int SwitchToSboxDesktop(int, wchar_t **) { + return TestSwitchDesktop(); +} + +int TestSwitchDesktop() { + HDESK sbox_desk = ::GetThreadDesktop(::GetCurrentThreadId()); + if (NULL == sbox_desk) { + return SBOX_TEST_FAILED; + } + if (::SwitchDesktop(sbox_desk)) { + return SBOX_TEST_SUCCEEDED; + } + return SBOX_TEST_DENIED; +} + } // namespace sandbox diff --git a/sandbox/tests/validation_tests/commands.h b/sandbox/tests/validation_tests/commands.h index 0297dee..da34c99 100644 --- a/sandbox/tests/validation_tests/commands.h +++ b/sandbox/tests/validation_tests/commands.h @@ -54,6 +54,9 @@ int TestOpenKey(HKEY base_key, std::wstring subkey); // current desktop is not the interactive one. Returns a SboxTestResult. int TestOpenInputDesktop(); +// Tries to switch the interactive desktop. Returns a SboxTestResult. +int TestSwitchDesktop(); + } // namespace sandbox #endif // SANDBOX_TESTS_VALIDATION_TESTS_COMMANDS_H__ diff --git a/sandbox/tests/validation_tests/suite.cc b/sandbox/tests/validation_tests/suite.cc index 1d494b3..d3af074 100644 --- a/sandbox/tests/validation_tests/suite.cc +++ b/sandbox/tests/validation_tests/suite.cc @@ -98,6 +98,15 @@ TEST(ValidationSuite, TestRegistry) { L"\"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon\"")); } +// Tests that the permissions on the Windowstation does not allow the sandbox +// to get to the interactive desktop or to make the sbox desktop interactive. +TEST(ValidationSuite, TestDesktop) { + TestRunner runner; + runner.GetPolicy()->SetDesktop(L"sbox_validation_desktop"); + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenInteractiveDesktop NULL")); + EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"SwitchToSboxDesktop NULL")); +} + // Tests if the windows are correctly protected by the sandbox. TEST(ValidationSuite, TestWindows) { TestRunner runner; -- cgit v1.1