| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/win/scoped_process_information.h" | |
| 6 #include "base/win/windows_version.h" | 5 #include "base/win/windows_version.h" |
| 7 #include "sandbox/src/sandbox.h" | 6 #include "sandbox/src/sandbox.h" |
| 8 #include "sandbox/src/sandbox_factory.h" | 7 #include "sandbox/src/sandbox_factory.h" |
| 9 #include "sandbox/src/sandbox_utils.h" | 8 #include "sandbox/src/sandbox_utils.h" |
| 10 #include "sandbox/src/target_services.h" | 9 #include "sandbox/src/target_services.h" |
| 11 #include "sandbox/tests/common/controller.h" | 10 #include "sandbox/tests/common/controller.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" | 11 #include "testing/gtest/include/gtest/gtest.h" |
| 13 | 12 |
| 14 namespace sandbox { | 13 namespace sandbox { |
| 15 | 14 |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 143 return ::GetLastError(); | 142 return ::GetLastError(); |
| 144 | 143 |
| 145 return SBOX_TEST_SUCCEEDED; | 144 return SBOX_TEST_SUCCEEDED; |
| 146 } | 145 } |
| 147 | 146 |
| 148 // Tests that we can call CreateProcess. | 147 // Tests that we can call CreateProcess. |
| 149 SBOX_TESTS_COMMAND int PolicyTargetTest_process(int argc, wchar_t **argv) { | 148 SBOX_TESTS_COMMAND int PolicyTargetTest_process(int argc, wchar_t **argv) { |
| 150 // Use default values to create a new process. | 149 // Use default values to create a new process. |
| 151 STARTUPINFO startup_info = {0}; | 150 STARTUPINFO startup_info = {0}; |
| 152 startup_info.cb = sizeof(startup_info); | 151 startup_info.cb = sizeof(startup_info); |
| 153 base::win::ScopedProcessInformation process_info; | 152 PROCESS_INFORMATION process_info; |
| 154 if (!::CreateProcessW(L"foo.exe", L"foo.exe", NULL, NULL, FALSE, 0, | 153 if (!::CreateProcessW(L"foo.exe", L"foo.exe", NULL, NULL, FALSE, 0, |
| 155 NULL, NULL, &startup_info, process_info.Receive())) | 154 NULL, NULL, &startup_info, &process_info)) |
| 156 return SBOX_TEST_SUCCEEDED; | 155 return SBOX_TEST_SUCCEEDED; |
| 157 return SBOX_TEST_FAILED; | 156 return SBOX_TEST_FAILED; |
| 158 } | 157 } |
| 159 | 158 |
| 160 TEST(PolicyTargetTest, SetInformationThread) { | 159 TEST(PolicyTargetTest, SetInformationThread) { |
| 161 TestRunner runner; | 160 TestRunner runner; |
| 162 if (base::win::GetVersion() >= base::win::VERSION_XP) { | 161 if (base::win::GetVersion() >= base::win::VERSION_XP) { |
| 163 runner.SetTestState(BEFORE_REVERT); | 162 runner.SetTestState(BEFORE_REVERT); |
| 164 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"PolicyTargetTest_token")); | 163 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"PolicyTargetTest_token")); |
| 165 } | 164 } |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 227 // Get the path to the sandboxed app. | 226 // Get the path to the sandboxed app. |
| 228 wchar_t prog_name[MAX_PATH]; | 227 wchar_t prog_name[MAX_PATH]; |
| 229 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 228 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 230 | 229 |
| 231 std::wstring arguments(L"\""); | 230 std::wstring arguments(L"\""); |
| 232 arguments += prog_name; | 231 arguments += prog_name; |
| 233 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. | 232 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. |
| 234 | 233 |
| 235 // Launch the app. | 234 // Launch the app. |
| 236 ResultCode result = SBOX_ALL_OK; | 235 ResultCode result = SBOX_ALL_OK; |
| 237 base::win::ScopedProcessInformation target; | 236 PROCESS_INFORMATION target = {0}; |
| 238 | 237 |
| 239 TargetPolicy* policy = broker->CreatePolicy(); | 238 TargetPolicy* policy = broker->CreatePolicy(); |
| 240 policy->SetAlternateDesktop(false); | 239 policy->SetAlternateDesktop(false); |
| 241 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 240 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| 242 result = broker->SpawnTarget( | 241 result = broker->SpawnTarget(prog_name, arguments.c_str(), policy, &target); |
| 243 prog_name, arguments.c_str(), policy, target.Receive()); | |
| 244 policy->Release(); | 242 policy->Release(); |
| 245 | 243 |
| 246 EXPECT_EQ(SBOX_ALL_OK, result); | 244 EXPECT_EQ(SBOX_ALL_OK, result); |
| 247 | 245 |
| 248 EXPECT_EQ(1, ::ResumeThread(target.thread_handle())); | 246 EXPECT_EQ(1, ::ResumeThread(target.hThread)); |
| 249 | 247 |
| 250 EXPECT_EQ(WAIT_TIMEOUT, ::WaitForSingleObject(target.process_handle(), 2000)); | 248 EXPECT_EQ(WAIT_TIMEOUT, ::WaitForSingleObject(target.hProcess, 2000)); |
| 251 | 249 |
| 252 EXPECT_NE(::GetThreadDesktop(target.thread_id()), | 250 EXPECT_NE(::GetThreadDesktop(target.dwThreadId), |
| 253 ::GetThreadDesktop(::GetCurrentThreadId())); | 251 ::GetThreadDesktop(::GetCurrentThreadId())); |
| 254 | 252 |
| 255 std::wstring desktop_name = policy->GetAlternateDesktop(); | 253 std::wstring desktop_name = policy->GetAlternateDesktop(); |
| 256 HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); | 254 HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); |
| 257 EXPECT_TRUE(NULL != desk); | 255 EXPECT_TRUE(NULL != desk); |
| 258 EXPECT_TRUE(::CloseDesktop(desk)); | 256 EXPECT_TRUE(::CloseDesktop(desk)); |
| 259 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); | 257 EXPECT_TRUE(::TerminateProcess(target.hProcess, 0)); |
| 260 | 258 |
| 261 ::WaitForSingleObject(target.process_handle(), INFINITE); | 259 ::WaitForSingleObject(target.hProcess, INFINITE); |
| 260 |
| 261 EXPECT_TRUE(::CloseHandle(target.hProcess)); |
| 262 EXPECT_TRUE(::CloseHandle(target.hThread)); |
| 262 | 263 |
| 263 // Close the desktop handle. | 264 // Close the desktop handle. |
| 264 temp_policy = broker->CreatePolicy(); | 265 temp_policy = broker->CreatePolicy(); |
| 265 temp_policy->DestroyAlternateDesktop(); | 266 temp_policy->DestroyAlternateDesktop(); |
| 266 temp_policy->Release(); | 267 temp_policy->Release(); |
| 267 | 268 |
| 268 // Make sure the desktop does not exist anymore. | 269 // Make sure the desktop does not exist anymore. |
| 269 desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); | 270 desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); |
| 270 EXPECT_TRUE(NULL == desk); | 271 EXPECT_TRUE(NULL == desk); |
| 271 } | 272 } |
| (...skipping 15 matching lines...) Expand all Loading... |
| 287 // Get the path to the sandboxed app. | 288 // Get the path to the sandboxed app. |
| 288 wchar_t prog_name[MAX_PATH]; | 289 wchar_t prog_name[MAX_PATH]; |
| 289 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 290 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 290 | 291 |
| 291 std::wstring arguments(L"\""); | 292 std::wstring arguments(L"\""); |
| 292 arguments += prog_name; | 293 arguments += prog_name; |
| 293 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. | 294 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. |
| 294 | 295 |
| 295 // Launch the app. | 296 // Launch the app. |
| 296 ResultCode result = SBOX_ALL_OK; | 297 ResultCode result = SBOX_ALL_OK; |
| 297 base::win::ScopedProcessInformation target; | 298 PROCESS_INFORMATION target = {0}; |
| 298 | 299 |
| 299 TargetPolicy* policy = broker->CreatePolicy(); | 300 TargetPolicy* policy = broker->CreatePolicy(); |
| 300 policy->SetAlternateDesktop(true); | 301 policy->SetAlternateDesktop(true); |
| 301 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 302 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| 302 result = broker->SpawnTarget( | 303 result = broker->SpawnTarget(prog_name, arguments.c_str(), policy, &target); |
| 303 prog_name, arguments.c_str(), policy, target.Receive()); | |
| 304 policy->Release(); | 304 policy->Release(); |
| 305 | 305 |
| 306 EXPECT_EQ(SBOX_ALL_OK, result); | 306 EXPECT_EQ(SBOX_ALL_OK, result); |
| 307 | 307 |
| 308 EXPECT_EQ(1, ::ResumeThread(target.thread_handle())); | 308 EXPECT_EQ(1, ::ResumeThread(target.hThread)); |
| 309 | 309 |
| 310 EXPECT_EQ(WAIT_TIMEOUT, ::WaitForSingleObject(target.process_handle(), 2000)); | 310 EXPECT_EQ(WAIT_TIMEOUT, ::WaitForSingleObject(target.hProcess, 2000)); |
| 311 | 311 |
| 312 EXPECT_NE(::GetThreadDesktop(target.thread_id()), | 312 EXPECT_NE(::GetThreadDesktop(target.dwThreadId), |
| 313 ::GetThreadDesktop(::GetCurrentThreadId())); | 313 ::GetThreadDesktop(::GetCurrentThreadId())); |
| 314 | 314 |
| 315 std::wstring desktop_name = policy->GetAlternateDesktop(); | 315 std::wstring desktop_name = policy->GetAlternateDesktop(); |
| 316 ASSERT_FALSE(desktop_name.empty()); | 316 ASSERT_FALSE(desktop_name.empty()); |
| 317 | 317 |
| 318 // Make sure there is a backslash, for the window station name. | 318 // Make sure there is a backslash, for the window station name. |
| 319 EXPECT_NE(desktop_name.find_first_of(L'\\'), std::wstring::npos); | 319 EXPECT_NE(desktop_name.find_first_of(L'\\'), std::wstring::npos); |
| 320 | 320 |
| 321 // Isolate the desktop name. | 321 // Isolate the desktop name. |
| 322 desktop_name = desktop_name.substr(desktop_name.find_first_of(L'\\') + 1); | 322 desktop_name = desktop_name.substr(desktop_name.find_first_of(L'\\') + 1); |
| 323 | 323 |
| 324 HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); | 324 HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE); |
| 325 // This should fail if the desktop is really on another window station. | 325 // This should fail if the desktop is really on another window station. |
| 326 EXPECT_FALSE(NULL != desk); | 326 EXPECT_FALSE(NULL != desk); |
| 327 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); | 327 EXPECT_TRUE(::TerminateProcess(target.hProcess, 0)); |
| 328 | 328 |
| 329 ::WaitForSingleObject(target.process_handle(), INFINITE); | 329 ::WaitForSingleObject(target.hProcess, INFINITE); |
| 330 |
| 331 EXPECT_TRUE(::CloseHandle(target.hProcess)); |
| 332 EXPECT_TRUE(::CloseHandle(target.hThread)); |
| 330 | 333 |
| 331 // Close the desktop handle. | 334 // Close the desktop handle. |
| 332 temp_policy = broker->CreatePolicy(); | 335 temp_policy = broker->CreatePolicy(); |
| 333 temp_policy->DestroyAlternateDesktop(); | 336 temp_policy->DestroyAlternateDesktop(); |
| 334 temp_policy->Release(); | 337 temp_policy->Release(); |
| 335 } | 338 } |
| 336 | 339 |
| 337 } // namespace sandbox | 340 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10493002:
Revert 130716 - Use ScopedProcessInformation and other RAII types in sandbox. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/