Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(132)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/tests/validation_tests/suite.cc

Issue 9834065: Revert 128016 - Make sandbox explicitly block opening broker and sandboxed processes (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/src/target_process.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file contains the validation tests for the sandbox. 5 // This file contains the validation tests for the sandbox.
6 // It includes the tests that need to be performed inside the 6 // It includes the tests that need to be performed inside the
7 // sandbox. 7 // sandbox.
8 8
9 #include <shlwapi.h> 9 #include <shlwapi.h>
10 10
11 #include "testing/gtest/include/gtest/gtest.h" 11 #include "testing/gtest/include/gtest/gtest.h"
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
98 98
99 // Tests if the processes are correctly protected by the sandbox. 99 // Tests if the processes are correctly protected by the sandbox.
100 TEST(ValidationSuite, TestProcess) { 100 TEST(ValidationSuite, TestProcess) {
101 TestRunner runner; 101 TestRunner runner;
102 wchar_t command[1024] = {0}; 102 wchar_t command[1024] = {0};
103 103
104 wsprintf(command, L"OpenProcessCmd %d", ::GetCurrentProcessId()); 104 wsprintf(command, L"OpenProcessCmd %d", ::GetCurrentProcessId());
105 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); 105 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
106 } 106 }
107 107
108 // Tests that sandboxed processes are explicitly denied access to the broker
109 // (and, transitively, each other).
110 TEST(ValidationSuite, TestProcessDenyAces) {
111 TestRunner runner;
112 wchar_t command[1024] = {0};
113
114 runner.GetPolicy()->SetTokenLevel(USER_INTERACTIVE, USER_INTERACTIVE);
115 runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_MEDIUM);
116
117 wsprintf(command, L"OpenProcessCmd %d", ::GetCurrentProcessId());
118 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
119 }
120
121 // Tests if the threads are correctly protected by the sandbox. 108 // Tests if the threads are correctly protected by the sandbox.
122 TEST(ValidationSuite, TestThread) { 109 TEST(ValidationSuite, TestThread) {
123 TestRunner runner; 110 TestRunner runner;
124 wchar_t command[1024] = {0}; 111 wchar_t command[1024] = {0};
125 112
126 wsprintf(command, L"OpenThreadCmd %d", ::GetCurrentThreadId()); 113 wsprintf(command, L"OpenThreadCmd %d", ::GetCurrentThreadId());
127 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); 114 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
128 } 115 }
129 116
130 } // namespace sandbox 117 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/src/target_process.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698