1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <windows.h>
6
7 #define _ATL_NO_EXCEPTIONS
8 #include <atlbase.h>
9 #include <atlsecurity.h>
10
11 #include "base/strings/string16.h"
12 #include "base/win/scoped_handle.h"
13 #include "base/win/windows_version.h"
14 #include "sandbox/win/src/sync_policy_test.h"
15 #include "testing/gtest/include/gtest/gtest.h"
16
17 namespace {
18
19 const wchar_t kAppContainerName[] = L"sbox_test";
20 const wchar_t kAppContainerSid[] =
21 L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
22 L"924012148-2839372144";
23
24 const ULONG kSharing = FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_DELETE;
25
CreateTaggedEvent(const base::string16 & name,const base::string16 & sid)26 HANDLE CreateTaggedEvent(const base::string16& name,
27 const base::string16& sid) {
28 base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, name.c_str()));
29 if (!event.IsValid())
30 return NULL;
31
32 wchar_t file_name[MAX_PATH] = {};
33 wchar_t temp_directory[MAX_PATH] = {};
34 GetTempPath(MAX_PATH, temp_directory);
35 GetTempFileName(temp_directory, L"test", 0, file_name);
36
37 base::win::ScopedHandle file;
38 file.Set(CreateFile(file_name, GENERIC_READ | STANDARD_RIGHTS_READ, kSharing,
39 NULL, OPEN_EXISTING, 0, NULL));
40 DeleteFile(file_name);
41 if (!file.IsValid())
42 return NULL;
43
44 CSecurityDesc sd;
45 if (!AtlGetSecurityDescriptor(file.Get(), SE_FILE_OBJECT, &sd,
46 OWNER_SECURITY_INFORMATION |
47 GROUP_SECURITY_INFORMATION |
48 DACL_SECURITY_INFORMATION)) {
49 return NULL;
50 }
51
52 PSID local_sid;
53 if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
54 return NULL;
55
56 CDacl new_dacl;
57 sd.GetDacl(&new_dacl);
58 CSid csid(reinterpret_cast<SID*>(local_sid));
59 new_dacl.AddAllowedAce(csid, EVENT_ALL_ACCESS);
60 if (!AtlSetDacl(event.Get(), SE_KERNEL_OBJECT, new_dacl))
61 event.Close();
62
63 LocalFree(local_sid);
64 return event.IsValid() ? event.Take() : NULL;
65 }
66
67 } // namespace
68
69 namespace sandbox {
70
TEST(AppContainerTest,AllowOpenEvent)71 TEST(AppContainerTest, AllowOpenEvent) {
72 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
73 return;
74
75 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
76
77 const wchar_t capability[] = L"S-1-15-3-12345678-87654321";
78 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));
79 ASSERT_TRUE(handle.IsValid());
80
81 EXPECT_EQ(SBOX_ALL_OK,
82 runner.broker()->InstallAppContainer(kAppContainerSid,
83 kAppContainerName));
84 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetCapability(capability));
85 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
86
87 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test"));
88
89 runner.SetTestState(BEFORE_REVERT);
90 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Event_Open f test"));
91 EXPECT_EQ(SBOX_ALL_OK,
92 runner.broker()->UninstallAppContainer(kAppContainerSid));
93 }
94
TEST(AppContainerTest,DenyOpenEvent)95 TEST(AppContainerTest, DenyOpenEvent) {
96 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
97 return;
98
99 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_UNPROTECTED);
100
101 const wchar_t capability[] = L"S-1-15-3-12345678-87654321";
102 base::win::ScopedHandle handle(CreateTaggedEvent(L"test", capability));
103 ASSERT_TRUE(handle.IsValid());
104
105 EXPECT_EQ(SBOX_ALL_OK,
106 runner.broker()->InstallAppContainer(kAppContainerSid,
107 kAppContainerName));
108 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
109
110 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
111
112 runner.SetTestState(BEFORE_REVERT);
113 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Event_Open f test"));
114 EXPECT_EQ(SBOX_ALL_OK,
115 runner.broker()->UninstallAppContainer(kAppContainerSid));
116 }
117
TEST(AppContainerTest,NoImpersonation)118 TEST(AppContainerTest, NoImpersonation) {
119 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
120 return;
121
122 TestRunner runner(JOB_UNPROTECTED, USER_LIMITED, USER_LIMITED);
123 EXPECT_EQ(SBOX_ALL_OK, runner.GetPolicy()->SetAppContainer(kAppContainerSid));
124 }
125
TEST(AppContainerTest,WantsImpersonation)126 TEST(AppContainerTest, WantsImpersonation) {
127 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
128 return;
129
130 TestRunner runner(JOB_UNPROTECTED, USER_UNPROTECTED, USER_NON_ADMIN);
131 EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER,
132 runner.GetPolicy()->SetAppContainer(kAppContainerSid));
133 }
134
TEST(AppContainerTest,RequiresImpersonation)135 TEST(AppContainerTest, RequiresImpersonation) {
136 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
137 return;
138
139 TestRunner runner(JOB_UNPROTECTED, USER_RESTRICTED, USER_RESTRICTED);
140 EXPECT_EQ(SBOX_ERROR_CANNOT_INIT_APPCONTAINER,
141 runner.GetPolicy()->SetAppContainer(kAppContainerSid));
142 }
143
144 } // namespace sandbox
145