1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file contains the validation tests for the sandbox.
// It includes the tests that need to be performed inside the
// sandbox.
#include <shlwapi.h>
#include "testing/gtest/include/gtest/gtest.h"
#include "sandbox/tests/common/controller.h"
namespace sandbox {
// Returns true if the volume that contains any_path supports ACL security. The
// input path can contain unexpanded environment strings. Returns false on any
// failure or if the file system does not support file security (such as FAT).
bool VolumeSupportsACLs(const wchar_t* any_path) {
wchar_t expand[MAX_PATH +1];
DWORD len =::ExpandEnvironmentStringsW(any_path, expand, _countof(expand));
if (0 == len) return false;
if (len > _countof(expand)) return false;
if (!::PathStripToRootW(expand)) return false;
DWORD fs_flags = 0;
if (!::GetVolumeInformationW(expand, NULL, 0, 0, NULL, &fs_flags, NULL, 0))
return false;
if (fs_flags & FILE_PERSISTENT_ACLS) return true;
return false;
}
// Tests if the suite is working properly.
TEST(ValidationSuite, TestSuite) {
TestRunner runner;
ASSERT_EQ(SBOX_TEST_PING_OK, runner.RunTest(L"ping"));
}
// Tests if the file system is correctly protected by the sandbox.
TEST(ValidationSuite, TestFileSystem) {
// Do not perform the test if the system is using FAT or any other
// file system that does not have file security.
ASSERT_TRUE(VolumeSupportsACLs(L"%SystemDrive%\\"));
ASSERT_TRUE(VolumeSupportsACLs(L"%SystemRoot%\\"));
ASSERT_TRUE(VolumeSupportsACLs(L"%ProgramFiles%\\"));
ASSERT_TRUE(VolumeSupportsACLs(L"%Temp%\\"));
ASSERT_TRUE(VolumeSupportsACLs(L"%AppData%\\"));
TestRunner runner;
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %SystemDrive%"));
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %SystemRoot%"));
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %ProgramFiles%"));
EXPECT_EQ(SBOX_TEST_DENIED,
runner.RunTest(L"OpenFile %SystemRoot%\\System32"));
EXPECT_EQ(SBOX_TEST_DENIED,
runner.RunTest(L"OpenFile %SystemRoot%\\explorer.exe"));
EXPECT_EQ(SBOX_TEST_DENIED,
runner.RunTest(L"OpenFile %SystemRoot%\\Cursors\\arrow_i.cur"));
EXPECT_EQ(SBOX_TEST_DENIED,
runner.RunTest(L"OpenFile %AllUsersProfile%"));
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %Temp%"));
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %AppData%"));
}
// Tests if the registry is correctly protected by the sandbox.
TEST(ValidationSuite, TestRegistry) {
TestRunner runner;
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenKey HKLM"));
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenKey HKCU"));
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenKey HKU"));
EXPECT_EQ(SBOX_TEST_DENIED,
runner.RunTest(
L"OpenKey HKLM "
L"\"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon\""));
}
// Tests that the permissions on the Windowstation does not allow the sandbox
// to get to the interactive desktop or to make the sbox desktop interactive.
TEST(ValidationSuite, TestDesktop) {
TestRunner runner;
runner.GetPolicy()->SetAlternateDesktop(false);
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenInteractiveDesktop NULL"));
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"SwitchToSboxDesktop NULL"));
}
// Tests if the windows are correctly protected by the sandbox.
TEST(ValidationSuite, TestWindows) {
TestRunner runner;
wchar_t command[1024] = {0};
wsprintf(command, L"ValidWindow %d", ::GetDesktopWindow());
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
wsprintf(command, L"ValidWindow %d", ::FindWindow(NULL, NULL));
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
}
// Tests if the processes are correctly protected by the sandbox.
TEST(ValidationSuite, TestProcess) {
TestRunner runner;
wchar_t command[1024] = {0};
wsprintf(command, L"OpenProcessCmd %d", ::GetCurrentProcessId());
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
}
// Tests if the threads are correctly protected by the sandbox.
TEST(ValidationSuite, TestThread) {
TestRunner runner;
wchar_t command[1024] = {0};
wsprintf(command, L"OpenThreadCmd %d", ::GetCurrentThreadId());
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
}
} // namespace sandbox
|
