OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/tests/common/controller.h" | 5 #include "sandbox/tests/common/controller.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/sys_string_conversions.h" | 9 #include "base/sys_string_conversions.h" |
10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
11 #include "sandbox/src/sandbox_factory.h" | 11 #include "sandbox/src/sandbox_factory.h" |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
74 if (SBOX_ALL_OK != broker->Init()) | 74 if (SBOX_ALL_OK != broker->Init()) |
75 return NULL; | 75 return NULL; |
76 | 76 |
77 is_initialized = true; | 77 is_initialized = true; |
78 } | 78 } |
79 | 79 |
80 return broker; | 80 return broker; |
81 } | 81 } |
82 | 82 |
83 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, | 83 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, |
84 TokenLevel main_token) : is_init_(false) { | 84 TokenLevel main_token) |
85 : is_init_(false), is_async_(false), target_process_id_(0) { | |
85 Init(job_level, startup_token, main_token); | 86 Init(job_level, startup_token, main_token); |
86 } | 87 } |
87 | 88 |
88 TestRunner::TestRunner() : is_init_(false) { | 89 TestRunner::TestRunner() |
90 : is_init_(false), is_async_(false), target_process_id_(0) { | |
89 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); | 91 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
90 } | 92 } |
91 | 93 |
92 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, | 94 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, |
93 TokenLevel main_token) { | 95 TokenLevel main_token) { |
94 broker_ = NULL; | 96 broker_ = NULL; |
95 policy_ = NULL; | 97 policy_ = NULL; |
96 timeout_ = kDefaultTimeout; | 98 timeout_ = kDefaultTimeout; |
97 state_ = AFTER_REVERT; | 99 state_ = AFTER_REVERT; |
100 is_async_= false; | |
101 target_process_.Close(); | |
rvargas (doing something else)
2012/03/27 00:35:33
?
jschuh
2012/03/27 01:36:19
Done.
| |
102 target_process_id_ = 0; | |
98 | 103 |
99 broker_ = GetBroker(); | 104 broker_ = GetBroker(); |
100 if (!broker_) | 105 if (!broker_) |
101 return; | 106 return; |
102 | 107 |
103 policy_ = broker_->CreatePolicy(); | 108 policy_ = broker_->CreatePolicy(); |
104 if (!policy_) | 109 if (!policy_) |
105 return; | 110 return; |
106 | 111 |
107 policy_->SetJobLevel(job_level, 0); | 112 policy_->SetJobLevel(job_level, 0); |
108 policy_->SetTokenLevel(startup_token, main_token); | 113 policy_->SetTokenLevel(startup_token, main_token); |
109 | 114 |
110 is_init_ = true; | 115 is_init_ = true; |
111 } | 116 } |
112 | 117 |
113 TargetPolicy* TestRunner::GetPolicy() { | 118 TargetPolicy* TestRunner::GetPolicy() { |
114 return policy_; | 119 return policy_; |
115 } | 120 } |
116 | 121 |
117 TestRunner::~TestRunner() { | 122 TestRunner::~TestRunner() { |
123 if (broker_ && broker_->IsActiveTarget(target_process_id_)) | |
rvargas (doing something else)
2012/03/27 00:35:33
why not always?
jschuh
2012/03/27 01:36:19
The process ID could get reused. Probably just par
rvargas (doing something else)
2012/03/27 02:30:59
But we have a handle, there's no need to worry abo
| |
124 ::TerminateProcess(target_process_, 0); | |
125 | |
118 if (policy_) | 126 if (policy_) |
119 policy_->Release(); | 127 policy_->Release(); |
120 } | 128 } |
121 | 129 |
122 bool TestRunner::AddRule(TargetPolicy::SubSystem subsystem, | 130 bool TestRunner::AddRule(TargetPolicy::SubSystem subsystem, |
123 TargetPolicy::Semantics semantics, | 131 TargetPolicy::Semantics semantics, |
124 const wchar_t* pattern) { | 132 const wchar_t* pattern) { |
125 if (!is_init_) | 133 if (!is_init_) |
126 return false; | 134 return false; |
127 | 135 |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
170 full_command += L" "; | 178 full_command += L" "; |
171 full_command += command; | 179 full_command += command; |
172 | 180 |
173 return InternalRunTest(full_command.c_str()); | 181 return InternalRunTest(full_command.c_str()); |
174 } | 182 } |
175 | 183 |
176 int TestRunner::InternalRunTest(const wchar_t* command) { | 184 int TestRunner::InternalRunTest(const wchar_t* command) { |
177 if (!is_init_) | 185 if (!is_init_) |
178 return SBOX_TEST_FAILED_TO_RUN_TEST; | 186 return SBOX_TEST_FAILED_TO_RUN_TEST; |
179 | 187 |
188 // For simplicity TestRunner supports only one process per instance. | |
189 if (target_process_) { | |
190 if (broker_ && broker_->IsActiveTarget(target_process_id_)) | |
rvargas (doing something else)
2012/03/27 00:35:33
We should be able to do this within this class (wi
jschuh
2012/03/27 01:36:19
I originally had it with GetExitCodeProcess, but t
rvargas (doing something else)
2012/03/27 02:30:59
But this only cares about creating two targets, th
| |
191 return SBOX_TEST_FAILED_TO_RUN_TEST; | |
192 target_process_.Close(); | |
193 target_process_id_ = 0; | |
194 } | |
195 | |
180 // Get the path to the sandboxed process. | 196 // Get the path to the sandboxed process. |
181 wchar_t prog_name[MAX_PATH]; | 197 wchar_t prog_name[MAX_PATH]; |
182 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 198 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
183 | 199 |
184 // Launch the sandboxed process. | 200 // Launch the sandboxed process. |
185 ResultCode result = SBOX_ALL_OK; | 201 ResultCode result = SBOX_ALL_OK; |
186 PROCESS_INFORMATION target = {0}; | 202 PROCESS_INFORMATION target = {0}; |
187 | 203 |
188 std::wstring arguments(L"\""); | 204 std::wstring arguments(L"\""); |
189 arguments += prog_name; | 205 arguments += prog_name; |
190 arguments += L"\" -child "; | 206 arguments += L"\" -child "; |
191 arguments += command; | 207 arguments += command; |
192 | 208 |
193 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, | 209 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, |
194 &target); | 210 &target); |
195 | 211 |
196 if (SBOX_ALL_OK != result) | 212 if (SBOX_ALL_OK != result) |
197 return SBOX_TEST_FAILED_TO_RUN_TEST; | 213 return SBOX_TEST_FAILED_TO_RUN_TEST; |
198 | 214 |
199 ::ResumeThread(target.hThread); | 215 ::ResumeThread(target.hThread); |
200 | 216 |
217 // For an asynchronous run we don't bother waiting. | |
218 if (is_async_) { | |
219 target_process_.Set(target.hProcess); | |
220 target_process_id_ = target.dwProcessId; | |
221 ::CloseHandle(target.hThread); | |
222 return SBOX_TEST_SUCCEEDED; | |
223 } | |
224 | |
201 if (::IsDebuggerPresent()) { | 225 if (::IsDebuggerPresent()) { |
202 // Don't kill the target process on a time-out while we are debugging. | 226 // Don't kill the target process on a time-out while we are debugging. |
203 timeout_ = INFINITE; | 227 timeout_ = INFINITE; |
204 } | 228 } |
205 | 229 |
206 if (WAIT_TIMEOUT == ::WaitForSingleObject(target.hProcess, timeout_)) { | 230 if (WAIT_TIMEOUT == ::WaitForSingleObject(target.hProcess, timeout_)) { |
207 ::TerminateProcess(target.hProcess, SBOX_TEST_TIMED_OUT); | 231 ::TerminateProcess(target.hProcess, SBOX_TEST_TIMED_OUT); |
208 ::CloseHandle(target.hProcess); | 232 ::CloseHandle(target.hProcess); |
209 ::CloseHandle(target.hThread); | 233 ::CloseHandle(target.hThread); |
210 return SBOX_TEST_TIMED_OUT; | 234 return SBOX_TEST_TIMED_OUT; |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
283 if (BEFORE_REVERT == state) | 307 if (BEFORE_REVERT == state) |
284 return command(argc - 4, argv + 4); | 308 return command(argc - 4, argv + 4); |
285 else if (EVERY_STATE == state) | 309 else if (EVERY_STATE == state) |
286 command(argc - 4, argv + 4); | 310 command(argc - 4, argv + 4); |
287 | 311 |
288 target->LowerToken(); | 312 target->LowerToken(); |
289 return command(argc - 4, argv + 4); | 313 return command(argc - 4, argv + 4); |
290 } | 314 } |
291 | 315 |
292 } // namespace sandbox | 316 } // namespace sandbox |
OLD | NEW |