Revert 127820 - Revert 127795 - Make sandbox explicitly block opening broker and sandboxed processes

sandbox/tests/validation_tests/suite.cc

Index: sandbox/tests/validation_tests/suite.cc
===================================================================
--- sandbox/tests/validation_tests/suite.cc	(revision 127834)
+++ sandbox/tests/validation_tests/suite.cc	(working copy)
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -105,6 +105,19 @@
   EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
 }
 
+// Tests that sandboxed processes are explicitly denied access to the broker
+// (and, transitively, each other).
+TEST(ValidationSuite, TestProcessDenyAces) {
+  TestRunner runner;
+  wchar_t command[1024] = {0};
+
+  runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_INTERACTIVE);
+  runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_MEDIUM);
+
+  wsprintf(command, L"OpenProcessCmd %d", ::GetCurrentProcessId());
+  EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
+}
+
 // Tests if the threads are correctly protected by the sandbox.
 TEST(ValidationSuite, TestThread) {
   TestRunner runner;