Roll src/third_party/WebKit e0eac24:489c548 (svn 193311:193320)
[chromium-blink-merge.git] / sandbox / win / src / policy_engine_unittest.cc
blob325a101dac56bdacc236460f9911e973d0cab3cf
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/policy_engine_params.h"
6 #include "sandbox/win/src/policy_engine_processor.h"
7 #include "testing/gtest/include/gtest/gtest.h"
9 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = {
10 #define POLPARAM(p) sandbox::ParamPickerMake(p),
11 #define POLPARAMS_END }
13 namespace sandbox {
15 bool SetupNtdllImports();
17 TEST(PolicyEngineTest, Rules1) {
18 SetupNtdllImports();
20 // Construct two policy rules that say:
22 // #1
23 // If the path is c:\\documents and settings\\* AND
24 // If the creation mode is 'open existing' AND
25 // If the security descriptor is null THEN
26 // Ask the broker.
28 // #2
29 // If the security descriptor is null AND
30 // If the path ends with *.txt AND
31 // If the creation mode is not 'create new' THEN
32 // return Access Denied.
34 enum FileCreateArgs {
35 FileNameArg,
36 CreationDispositionArg,
37 FlagsAndAttributesArg,
38 SecurityAttributes
41 const size_t policy_sz = 1024;
42 PolicyBuffer* policy = reinterpret_cast<PolicyBuffer*>(new char[policy_sz]);
43 OpcodeFactory opcode_maker(policy, policy_sz - 0x40);
45 // Add rule set #1
46 opcode_maker.MakeOpWStringMatch(FileNameArg,
47 L"c:\\documents and settings\\",
48 0, CASE_INSENSITIVE, kPolNone);
49 opcode_maker.MakeOpNumberMatch(CreationDispositionArg, OPEN_EXISTING,
50 kPolNone);
51 opcode_maker.MakeOpVoidPtrMatch(SecurityAttributes, (void*)NULL,
52 kPolNone);
53 opcode_maker.MakeOpAction(ASK_BROKER, kPolNone);
55 // Add rule set #2
56 opcode_maker.MakeOpWStringMatch(FileNameArg, L".TXT",
57 kSeekToEnd, CASE_INSENSITIVE, kPolNone);
58 opcode_maker.MakeOpNumberMatch(CreationDispositionArg, CREATE_NEW,
59 kPolNegateEval);
60 opcode_maker.MakeOpAction(FAKE_ACCESS_DENIED, kPolNone);
61 policy->opcode_count = 7;
63 const wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt";
64 uint32 creation_mode = OPEN_EXISTING;
65 uint32 flags = FILE_ATTRIBUTE_NORMAL;
66 void* security_descriptor = NULL;
68 POLPARAMS_BEGIN(eval_params)
69 POLPARAM(filename)
70 POLPARAM(creation_mode)
71 POLPARAM(flags)
72 POLPARAM(security_descriptor)
73 POLPARAMS_END;
75 PolicyResult pr;
76 PolicyProcessor pol_ev(policy);
78 // Test should match the first rule set.
79 pr = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
80 EXPECT_EQ(POLICY_MATCH, pr);
81 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
83 // Test should still match the first rule set.
84 pr = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
85 EXPECT_EQ(POLICY_MATCH, pr);
86 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
88 // Changing creation_mode such that evaluation should not match any rule.
89 creation_mode = CREATE_NEW;
90 pr = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
91 EXPECT_EQ(NO_POLICY_MATCH, pr);
93 // Changing creation_mode such that evaluation should match rule #2.
94 creation_mode = OPEN_ALWAYS;
95 pr = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
96 EXPECT_EQ(POLICY_MATCH, pr);
97 EXPECT_EQ(FAKE_ACCESS_DENIED, pol_ev.GetAction());
99 delete [] reinterpret_cast<char*>(policy);
102 } // namespace sandbox