| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/string16.h" |
| 8 #include "base/sys_string_conversions.h" | 9 #include "base/sys_string_conversions.h" |
| 9 #include "base/win/scoped_handle.h" | 10 #include "base/win/scoped_handle.h" |
| 10 #include "base/win/scoped_process_information.h" | 11 #include "base/win/scoped_process_information.h" |
| 12 #include "base/win/windows_version.h" |
| 11 #include "sandbox/win/src/sandbox.h" | 13 #include "sandbox/win/src/sandbox.h" |
| 12 #include "sandbox/win/src/sandbox_policy.h" | 14 #include "sandbox/win/src/sandbox_policy.h" |
| 13 #include "sandbox/win/src/sandbox_factory.h" | 15 #include "sandbox/win/src/sandbox_factory.h" |
| 14 #include "sandbox/win/tests/common/controller.h" | 16 #include "sandbox/win/tests/common/controller.h" |
| 15 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
| 16 | 18 |
| 17 namespace { | 19 namespace { |
| 18 | 20 |
| 19 // While the shell API provides better calls than this home brew function | 21 // While the shell API provides better calls than this home brew function |
| 20 // we use GetSystemWindowsDirectoryW which does not query the registry so | 22 // we use GetSystemWindowsDirectoryW which does not query the registry so |
| 21 // it is safe to use after revert. | 23 // it is safe to use after revert. |
| 22 std::wstring MakeFullPathToSystem32(const wchar_t* name) { | 24 string16 MakeFullPathToSystem32(const wchar_t* name) { |
| 23 wchar_t windows_path[MAX_PATH] = {0}; | 25 wchar_t windows_path[MAX_PATH] = {0}; |
| 24 ::GetSystemWindowsDirectoryW(windows_path, MAX_PATH); | 26 ::GetSystemWindowsDirectoryW(windows_path, MAX_PATH); |
| 25 std::wstring full_path(windows_path); | 27 string16 full_path(windows_path); |
| 26 if (full_path.empty()) { | 28 if (full_path.empty()) { |
| 27 return full_path; | 29 return full_path; |
| 28 } | 30 } |
| 29 full_path += L"\\system32\\"; | 31 full_path += L"\\system32\\"; |
| 30 full_path += name; | 32 full_path += name; |
| 31 return full_path; | 33 return full_path; |
| 32 } | 34 } |
| 33 | 35 |
| 34 // Creates a process with the |exe| and |command| parameter using the | 36 // Creates a process with the |exe| and |command| parameter using the |
| 35 // unicode and ascii version of the api. | 37 // unicode and ascii version of the api. |
| 36 sandbox::SboxTestResult CreateProcessHelper(const std::wstring &exe, | 38 sandbox::SboxTestResult CreateProcessHelper(const string16& exe, |
| 37 const std::wstring &command) { | 39 const string16& command) { |
| 38 base::win::ScopedProcessInformation pi; | 40 base::win::ScopedProcessInformation pi; |
| 39 STARTUPINFOW si = {sizeof(si)}; | 41 STARTUPINFOW si = {sizeof(si)}; |
| 40 | 42 |
| 41 const wchar_t *exe_name = NULL; | 43 const wchar_t *exe_name = NULL; |
| 42 if (!exe.empty()) | 44 if (!exe.empty()) |
| 43 exe_name = exe.c_str(); | 45 exe_name = exe.c_str(); |
| 44 | 46 |
| 45 const wchar_t *cmd_line = NULL; | 47 const wchar_t *cmd_line = NULL; |
| 46 if (!command.empty()) | 48 if (!command.empty()) |
| 47 cmd_line = command.c_str(); | 49 cmd_line = command.c_str(); |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 90 if (ret1 == ret2) | 92 if (ret1 == ret2) |
| 91 return ret1; | 93 return ret1; |
| 92 | 94 |
| 93 return sandbox::SBOX_TEST_FAILED; | 95 return sandbox::SBOX_TEST_FAILED; |
| 94 } | 96 } |
| 95 | 97 |
| 96 } // namespace | 98 } // namespace |
| 97 | 99 |
| 98 namespace sandbox { | 100 namespace sandbox { |
| 99 | 101 |
| 100 // Tries to create the process in argv[0] using 7 different ways. | 102 SBOX_TESTS_COMMAND int Process_RunApp1(int argc, wchar_t **argv) { |
| 101 // Since we also try the Ansi and Unicode version of the CreateProcess API, | |
| 102 // The process referenced by argv[0] will be spawned 14 times. | |
| 103 SBOX_TESTS_COMMAND int Process_RunApp(int argc, wchar_t **argv) { | |
| 104 if (argc != 1) { | 103 if (argc != 1) { |
| 105 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | 104 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 106 } | 105 } |
| 107 if ((NULL == argv) || (NULL == argv[0])) { | 106 if ((NULL == argv) || (NULL == argv[0])) { |
| 108 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | 107 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 109 } | 108 } |
| 110 std::wstring path = MakeFullPathToSystem32(argv[0]); | 109 string16 path = MakeFullPathToSystem32(argv[0]); |
| 111 | 110 |
| 112 // TEST 1: Try with the path in the app_name. | 111 // TEST 1: Try with the path in the app_name. |
| 113 int result1 = CreateProcessHelper(path, std::wstring()); | 112 return CreateProcessHelper(path, string16()); |
| 113 } |
| 114 |
| 115 SBOX_TESTS_COMMAND int Process_RunApp2(int argc, wchar_t **argv) { |
| 116 if (argc != 1) { |
| 117 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 118 } |
| 119 if ((NULL == argv) || (NULL == argv[0])) { |
| 120 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 121 } |
| 122 string16 path = MakeFullPathToSystem32(argv[0]); |
| 114 | 123 |
| 115 // TEST 2: Try with the path in the cmd_line. | 124 // TEST 2: Try with the path in the cmd_line. |
| 116 std::wstring cmd_line = L"\""; | 125 string16 cmd_line = L"\""; |
| 117 cmd_line += path; | 126 cmd_line += path; |
| 118 cmd_line += L"\""; | 127 cmd_line += L"\""; |
| 119 int result2 = CreateProcessHelper(std::wstring(), cmd_line); | 128 return CreateProcessHelper(string16(), cmd_line); |
| 129 } |
| 130 |
| 131 SBOX_TESTS_COMMAND int Process_RunApp3(int argc, wchar_t **argv) { |
| 132 if (argc != 1) { |
| 133 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 134 } |
| 135 if ((NULL == argv) || (NULL == argv[0])) { |
| 136 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 137 } |
| 120 | 138 |
| 121 // TEST 3: Try file name in the cmd_line. | 139 // TEST 3: Try file name in the cmd_line. |
| 122 int result3 = CreateProcessHelper(std::wstring(), argv[0]); | 140 return CreateProcessHelper(string16(), argv[0]); |
| 141 } |
| 142 |
| 143 SBOX_TESTS_COMMAND int Process_RunApp4(int argc, wchar_t **argv) { |
| 144 if (argc != 1) { |
| 145 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 146 } |
| 147 if ((NULL == argv) || (NULL == argv[0])) { |
| 148 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 149 } |
| 123 | 150 |
| 124 // TEST 4: Try file name in the app_name and current directory sets correctly. | 151 // TEST 4: Try file name in the app_name and current directory sets correctly. |
| 125 std::wstring system32 = MakeFullPathToSystem32(L""); | 152 string16 system32 = MakeFullPathToSystem32(L""); |
| 126 wchar_t current_directory[MAX_PATH + 1]; | 153 wchar_t current_directory[MAX_PATH + 1]; |
| 127 int result4; | 154 int result4; |
| 128 bool test_succeeded = false; | 155 bool test_succeeded = false; |
| 129 DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory); | 156 DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory); |
| 130 if (0 != ret && ret < MAX_PATH) { | 157 if (!ret) |
| 158 return SBOX_TEST_FIRST_ERROR; |
| 159 |
| 160 if (ret < MAX_PATH) { |
| 131 current_directory[ret] = L'\\'; | 161 current_directory[ret] = L'\\'; |
| 132 current_directory[ret+1] = L'\0'; | 162 current_directory[ret+1] = L'\0'; |
| 133 if (::SetCurrentDirectory(system32.c_str())) { | 163 if (::SetCurrentDirectory(system32.c_str())) { |
| 134 result4 = CreateProcessHelper(argv[0], std::wstring()); | 164 result4 = CreateProcessHelper(argv[0], string16()); |
| 135 if (::SetCurrentDirectory(current_directory)) { | 165 if (::SetCurrentDirectory(current_directory)) { |
| 136 test_succeeded = true; | 166 test_succeeded = true; |
| 137 } | 167 } |
| 168 } else { |
| 169 return SBOX_TEST_SECOND_ERROR; |
| 138 } | 170 } |
| 139 } | 171 } |
| 140 if (!test_succeeded) | 172 if (!test_succeeded) |
| 141 result4 = SBOX_TEST_FAILED; | 173 result4 = SBOX_TEST_FAILED; |
| 142 | 174 |
| 175 return result4; |
| 176 } |
| 177 |
| 178 SBOX_TESTS_COMMAND int Process_RunApp5(int argc, wchar_t **argv) { |
| 179 if (argc != 1) { |
| 180 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 181 } |
| 182 if ((NULL == argv) || (NULL == argv[0])) { |
| 183 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 184 } |
| 185 string16 path = MakeFullPathToSystem32(argv[0]); |
| 186 |
| 143 // TEST 5: Try with the path in the cmd_line and arguments. | 187 // TEST 5: Try with the path in the cmd_line and arguments. |
| 144 cmd_line = L"\""; | 188 string16 cmd_line = L"\""; |
| 145 cmd_line += path; | 189 cmd_line += path; |
| 146 cmd_line += L"\" /INSERT"; | 190 cmd_line += L"\" /I"; |
| 147 int result5 = CreateProcessHelper(std::wstring(), cmd_line); | 191 return CreateProcessHelper(string16(), cmd_line); |
| 192 } |
| 193 |
| 194 SBOX_TESTS_COMMAND int Process_RunApp6(int argc, wchar_t **argv) { |
| 195 if (argc != 1) { |
| 196 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 197 } |
| 198 if ((NULL == argv) || (NULL == argv[0])) { |
| 199 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 200 } |
| 148 | 201 |
| 149 // TEST 6: Try with the file_name in the cmd_line and arguments. | 202 // TEST 6: Try with the file_name in the cmd_line and arguments. |
| 150 cmd_line = argv[0]; | 203 string16 cmd_line = argv[0]; |
| 151 cmd_line += L" /INSERT"; | 204 cmd_line += L" /I"; |
| 152 int result6 = CreateProcessHelper(std::wstring(), cmd_line); | 205 return CreateProcessHelper(string16(), cmd_line); |
| 153 | |
| 154 // TEST 7: Try with the path without the drive. | |
| 155 cmd_line = path.substr(path.find(L'\\')); | |
| 156 int result7 = CreateProcessHelper(std::wstring(), cmd_line); | |
| 157 | |
| 158 // Check if they all returned the same thing. | |
| 159 if ((result1 == result2) && (result2 == result3) && (result3 == result4) && | |
| 160 (result4 == result5) && (result5 == result6) && (result6 == result7)) | |
| 161 return result1; | |
| 162 | |
| 163 return SBOX_TEST_FAILED; | |
| 164 } | 206 } |
| 165 | 207 |
| 166 // Creates a process and checks if it's possible to get a handle to it's token. | 208 // Creates a process and checks if it's possible to get a handle to it's token. |
| 167 SBOX_TESTS_COMMAND int Process_GetChildProcessToken(int argc, wchar_t **argv) { | 209 SBOX_TESTS_COMMAND int Process_GetChildProcessToken(int argc, wchar_t **argv) { |
| 168 if (argc != 1) | 210 if (argc != 1) |
| 169 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | 211 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 170 | 212 |
| 171 if ((NULL == argv) || (NULL == argv[0])) | 213 if ((NULL == argv) || (NULL == argv[0])) |
| 172 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | 214 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 173 | 215 |
| 174 std::wstring path = MakeFullPathToSystem32(argv[0]); | 216 string16 path = MakeFullPathToSystem32(argv[0]); |
| 175 | 217 |
| 176 base::win::ScopedProcessInformation pi; | 218 base::win::ScopedProcessInformation pi; |
| 177 STARTUPINFOW si = {sizeof(si)}; | 219 STARTUPINFOW si = {sizeof(si)}; |
| 178 | 220 |
| 179 if (!::CreateProcessW(path.c_str(), NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, | 221 if (!::CreateProcessW(path.c_str(), NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, |
| 180 NULL, NULL, &si, pi.Receive())) { | 222 NULL, NULL, &si, pi.Receive())) { |
| 181 return SBOX_TEST_FAILED; | 223 return SBOX_TEST_FAILED; |
| 182 } | 224 } |
| 183 | 225 |
| 184 HANDLE token = NULL; | 226 HANDLE token = NULL; |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 229 | 271 |
| 230 // Check the working case. | 272 // Check the working case. |
| 231 runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_INTERACTIVE); | 273 runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_INTERACTIVE); |
| 232 | 274 |
| 233 EXPECT_EQ(SBOX_ALL_OK, | 275 EXPECT_EQ(SBOX_ALL_OK, |
| 234 runner.GetPolicy()->AddRule(TargetPolicy::SUBSYS_PROCESS, | 276 runner.GetPolicy()->AddRule(TargetPolicy::SUBSYS_PROCESS, |
| 235 TargetPolicy::PROCESS_ALL_EXEC, | 277 TargetPolicy::PROCESS_ALL_EXEC, |
| 236 L"this is not important")); | 278 L"this is not important")); |
| 237 } | 279 } |
| 238 | 280 |
| 239 // This test is disabled. See bug 1305476. | 281 TEST(ProcessPolicyTest, CreateProcessAW) { |
| 240 TEST(ProcessPolicyTest, DISABLED_RunFindstrExe) { | |
| 241 TestRunner runner; | 282 TestRunner runner; |
| 242 std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe"); | 283 string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| 243 std::wstring system32 = MakeFullPathToSystem32(L""); | 284 string16 system32 = MakeFullPathToSystem32(L""); |
| 244 ASSERT_TRUE(!exe_path.empty()); | 285 ASSERT_TRUE(!exe_path.empty()); |
| 245 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, | 286 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| 246 TargetPolicy::PROCESS_MIN_EXEC, | 287 TargetPolicy::PROCESS_MIN_EXEC, |
| 247 exe_path.c_str())); | 288 exe_path.c_str())); |
| 248 | 289 |
| 249 // Need to add directory rules for the directories that we use in | 290 // Need to add directory rules for the directories that we use in |
| 250 // SetCurrentDirectory. | 291 // SetCurrentDirectory. |
| 251 EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY, | 292 EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY, |
| 252 system32.c_str())); | 293 system32.c_str())); |
| 253 | 294 |
| 254 wchar_t current_directory[MAX_PATH]; | 295 wchar_t current_directory[MAX_PATH]; |
| 255 DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory); | 296 DWORD ret = ::GetCurrentDirectory(MAX_PATH, current_directory); |
| 256 ASSERT_TRUE(0 != ret && ret < MAX_PATH); | 297 ASSERT_TRUE(0 != ret && ret < MAX_PATH); |
| 257 | 298 |
| 258 wcscat_s(current_directory, MAX_PATH, L"\\"); | 299 wcscat_s(current_directory, MAX_PATH, L"\\"); |
| 259 EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY, | 300 EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_DIR_ANY, |
| 260 current_directory)); | 301 current_directory)); |
| 261 | 302 |
| 262 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_RunApp findstr.exe")); | 303 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp1 calc.exe")); |
| 263 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp calc.exe")); | 304 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp2 calc.exe")); |
| 305 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp3 calc.exe")); |
| 306 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp5 calc.exe")); |
| 307 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"Process_RunApp6 calc.exe")); |
| 308 |
| 309 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 310 runner.RunTest(L"Process_RunApp1 findstr.exe")); |
| 311 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 312 runner.RunTest(L"Process_RunApp2 findstr.exe")); |
| 313 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 314 runner.RunTest(L"Process_RunApp3 findstr.exe")); |
| 315 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 316 runner.RunTest(L"Process_RunApp5 findstr.exe")); |
| 317 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 318 runner.RunTest(L"Process_RunApp6 findstr.exe")); |
| 319 |
| 320 if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { |
| 321 // WinXP results are not reliable. |
| 322 EXPECT_EQ(SBOX_TEST_SECOND_ERROR, |
| 323 runner.RunTest(L"Process_RunApp4 calc.exe")); |
| 324 EXPECT_EQ(SBOX_TEST_SECOND_ERROR, |
| 325 runner.RunTest(L"Process_RunApp4 findstr.exe")); |
| 326 } |
| 264 } | 327 } |
| 265 | 328 |
| 266 TEST(ProcessPolicyTest, OpenToken) { | 329 TEST(ProcessPolicyTest, OpenToken) { |
| 267 TestRunner runner; | 330 TestRunner runner; |
| 268 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_OpenToken")); | 331 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"Process_OpenToken")); |
| 269 } | 332 } |
| 270 | 333 |
| 271 TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) { | 334 TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) { |
| 272 TestRunner runner; | 335 TestRunner runner; |
| 273 std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe"); | 336 string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| 274 ASSERT_TRUE(!exe_path.empty()); | 337 ASSERT_TRUE(!exe_path.empty()); |
| 275 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, | 338 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| 276 TargetPolicy::PROCESS_MIN_EXEC, | 339 TargetPolicy::PROCESS_MIN_EXEC, |
| 277 exe_path.c_str())); | 340 exe_path.c_str())); |
| 278 | 341 |
| 279 EXPECT_EQ(SBOX_TEST_DENIED, | 342 EXPECT_EQ(SBOX_TEST_DENIED, |
| 280 runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); | 343 runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); |
| 281 } | 344 } |
| 282 | 345 |
| 283 TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccess) { | 346 TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccess) { |
| 284 TestRunner runner(JOB_UNPROTECTED, USER_INTERACTIVE, USER_INTERACTIVE); | 347 TestRunner runner(JOB_UNPROTECTED, USER_INTERACTIVE, USER_INTERACTIVE); |
| 285 std::wstring exe_path = MakeFullPathToSystem32(L"findstr.exe"); | 348 string16 exe_path = MakeFullPathToSystem32(L"findstr.exe"); |
| 286 ASSERT_TRUE(!exe_path.empty()); | 349 ASSERT_TRUE(!exe_path.empty()); |
| 287 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, | 350 EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS, |
| 288 TargetPolicy::PROCESS_ALL_EXEC, | 351 TargetPolicy::PROCESS_ALL_EXEC, |
| 289 exe_path.c_str())); | 352 exe_path.c_str())); |
| 290 | 353 |
| 291 EXPECT_EQ(SBOX_TEST_SUCCEEDED, | 354 EXPECT_EQ(SBOX_TEST_SUCCEEDED, |
| 292 runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); | 355 runner.RunTest(L"Process_GetChildProcessToken findstr.exe")); |
| 293 } | 356 } |
| 294 | 357 |
| 295 } // namespace sandbox | 358 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10837151:
Sandbox: Fix CreateProcess policy tests. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/