| Index: sandbox/win/src/restricted_token_unittest.cc
|
| diff --git a/sandbox/win/src/restricted_token_unittest.cc b/sandbox/win/src/restricted_token_unittest.cc
|
| index df35f1c4354ea509ef9258b472614f723e8ae7b6..978c5d4313e2d396e419c8ce0e48c1f1d8381dc4 100644
|
| --- a/sandbox/win/src/restricted_token_unittest.cc
|
| +++ b/sandbox/win/src/restricted_token_unittest.cc
|
| @@ -292,6 +292,44 @@ TEST(RestrictedTokenTest, DenyOwnerSid) {
|
| }
|
| }
|
|
|
| +// Tests test method AddOwnerSidForDenyOnly with a custom effective token.
|
| +TEST(RestrictedTokenTest, DenyOwnerSidCustom) {
|
| + // Get the current process token.
|
| + HANDLE token_handle = INVALID_HANDLE_VALUE;
|
| + ASSERT_TRUE(::OpenProcessToken(::GetCurrentProcess(), TOKEN_ALL_ACCESS,
|
| + &token_handle));
|
| +
|
| + ASSERT_NE(INVALID_HANDLE_VALUE, token_handle);
|
| +
|
| + ATL::CAccessToken access_token;
|
| + access_token.Attach(token_handle);
|
| +
|
| + RestrictedToken token;
|
| + ASSERT_EQ(ERROR_SUCCESS, token.Init(access_token.GetHandle()));
|
| + ASSERT_EQ(ERROR_SUCCESS, token.AddUserSidForDenyOnly());
|
| + ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle));
|
| +
|
| + ATL::CAccessToken restricted_token;
|
| + restricted_token.Attach(token_handle);
|
| +
|
| + ATL::CTokenGroups groups;
|
| + ASSERT_TRUE(restricted_token.GetGroups(&groups));
|
| +
|
| + ATL::CSid::CSidArray sids;
|
| + ATL::CAtlArray<DWORD> attributes;
|
| + groups.GetSidsAndAttributes(&sids, &attributes);
|
| +
|
| + ATL::CSid user_sid;
|
| + ASSERT_TRUE(restricted_token.GetUser(&user_sid));
|
| +
|
| + for (unsigned int i = 0; i < sids.GetCount(); ++i) {
|
| + if (user_sid == sids[i]) {
|
| + ASSERT_EQ(SE_GROUP_USE_FOR_DENY_ONLY,
|
| + attributes[i] & SE_GROUP_USE_FOR_DENY_ONLY);
|
| + }
|
| + }
|
| +}
|
| +
|
| // Tests the method DeleteAllPrivileges.
|
| TEST(RestrictedTokenTest, DeleteAllPrivileges) {
|
| RestrictedToken token;
|
| @@ -433,6 +471,31 @@ TEST(RestrictedTokenTest, AddRestrictingSidCurrentUser) {
|
| CheckRestrictingSid(restricted_token, user, 1);
|
| }
|
|
|
| +// Tests the method AddRestrictingSidCurrentUser with a custom effective token.
|
| +TEST(RestrictedTokenTest, AddRestrictingSidCurrentUserCustom) {
|
| + // Get the current process token.
|
| + HANDLE token_handle = INVALID_HANDLE_VALUE;
|
| + ASSERT_TRUE(::OpenProcessToken(::GetCurrentProcess(), TOKEN_ALL_ACCESS,
|
| + &token_handle));
|
| +
|
| + ASSERT_NE(INVALID_HANDLE_VALUE, token_handle);
|
| +
|
| + ATL::CAccessToken access_token;
|
| + access_token.Attach(token_handle);
|
| +
|
| + RestrictedToken token;
|
| + ASSERT_EQ(ERROR_SUCCESS, token.Init(access_token.GetHandle()));
|
| + ASSERT_EQ(ERROR_SUCCESS, token.AddRestrictingSidCurrentUser());
|
| + ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle));
|
| +
|
| + ATL::CAccessToken restricted_token;
|
| + restricted_token.Attach(token_handle);
|
| + ATL::CSid user;
|
| + restricted_token.GetUser(&user);
|
| +
|
| + CheckRestrictingSid(restricted_token, user, 1);
|
| +}
|
| +
|
| // Tests the method AddRestrictingSidLogonSession.
|
| TEST(RestrictedTokenTest, AddRestrictingSidLogonSession) {
|
| RestrictedToken token;
|
|
|
Chromium Code Reviews
Issue 10844003:
Fixing a couple of issues in sandbox::RestrictedToken: (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src