1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/policy_engine_params.h"
6 #include "sandbox/win/src/policy_engine_processor.h"
7 #include "sandbox/win/src/policy_low_level.h"
8 #include "testing/gtest/include/gtest/gtest.h"
10 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = {
11 #define POLPARAM(p) sandbox::ParamPickerMake(p),
12 #define POLPARAMS_END }
16 bool SetupNtdllImports();
18 // Testing that we allow opcode generation on valid string patterns.
19 TEST(PolicyEngineTest
, StringPatternsOK
) {
21 PolicyRule
pr(ASK_BROKER
);
22 EXPECT_TRUE(pr
.AddStringMatch(IF
, 0, L
"c:\\adobe\\ver??\\", CASE_SENSITIVE
));
23 EXPECT_TRUE(pr
.AddStringMatch(IF
, 0, L
"*.tmp", CASE_SENSITIVE
));
24 EXPECT_TRUE(pr
.AddStringMatch(IF
, 0, L
"c:\\*.doc", CASE_SENSITIVE
));
25 EXPECT_TRUE(pr
.AddStringMatch(IF
, 0, L
"c:\\windows\\*", CASE_SENSITIVE
));
26 EXPECT_TRUE(pr
.AddStringMatch(IF
, 0, L
"d:\\adobe\\acrobat.exe",
30 // Testing that we signal invalid string patterns.
31 TEST(PolicyEngineTest
, StringPatternsBAD
) {
33 PolicyRule
pr(ASK_BROKER
);
34 EXPECT_FALSE(pr
.AddStringMatch(IF
, 0, L
"one**two", CASE_SENSITIVE
));
35 EXPECT_FALSE(pr
.AddStringMatch(IF
, 0, L
"**three", CASE_SENSITIVE
));
36 EXPECT_FALSE(pr
.AddStringMatch(IF
, 0, L
"five?six*?seven", CASE_SENSITIVE
));
37 EXPECT_FALSE(pr
.AddStringMatch(IF
, 0, L
"eight?*nine", CASE_SENSITIVE
));
40 // Helper function to allocate space (on the heap) for policy.
41 PolicyGlobal
* MakePolicyMemory() {
42 const size_t kTotalPolicySz
= 4096*8;
43 char* mem
= new char[kTotalPolicySz
];
44 memset(mem
, 0, kTotalPolicySz
);
45 PolicyGlobal
* policy
= reinterpret_cast<PolicyGlobal
*>(mem
);
46 policy
->data_size
= kTotalPolicySz
- sizeof(PolicyGlobal
);
50 // The simplest test using LowLevelPolicy it should test a single opcode which
51 // does a exact string comparison.
52 TEST(PolicyEngineTest
, SimpleStrMatch
) {
54 PolicyRule
pr(ASK_BROKER
);
55 EXPECT_TRUE(pr
.AddStringMatch(IF
, 0, L
"z:\\Directory\\domo.txt",
58 PolicyGlobal
* policy
= MakePolicyMemory();
59 const uint32 kFakeService
= 2;
61 LowLevelPolicy
policyGen(policy
);
62 EXPECT_TRUE(policyGen
.AddRule(kFakeService
, &pr
));
63 EXPECT_TRUE(policyGen
.Done());
65 wchar_t* filename
= L
"Z:\\Directory\\domo.txt";
67 POLPARAMS_BEGIN(eval_params
)
68 POLPARAM(filename
) // Argument 0
72 PolicyProcessor
pol_ev(policy
->entry
[kFakeService
]);
74 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
75 EXPECT_EQ(POLICY_MATCH
, result
);
76 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
78 filename
= L
"Z:\\Directory\\domo.txt.tmp";
79 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
80 EXPECT_EQ(NO_POLICY_MATCH
, result
);
82 delete [] reinterpret_cast<char*>(policy
);
85 TEST(PolicyEngineTest
, SimpleIfNotStrMatch
) {
87 PolicyRule
pr(ASK_BROKER
);
88 EXPECT_TRUE(pr
.AddStringMatch(IF_NOT
, 0, L
"c:\\Microsoft\\",
91 PolicyGlobal
* policy
= MakePolicyMemory();
92 const uint32 kFakeService
= 2;
93 LowLevelPolicy
policyGen(policy
);
95 EXPECT_TRUE(policyGen
.AddRule(kFakeService
, &pr
));
96 EXPECT_TRUE(policyGen
.Done());
98 wchar_t* filename
= NULL
;
99 POLPARAMS_BEGIN(eval_params
)
100 POLPARAM(filename
) // Argument 0
104 PolicyProcessor
pol_ev(policy
->entry
[kFakeService
]);
106 filename
= L
"c:\\Microsoft\\";
107 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
108 EXPECT_EQ(NO_POLICY_MATCH
, result
);
110 filename
= L
"c:\\MicroNerd\\";
111 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
112 EXPECT_EQ(POLICY_MATCH
, result
);
113 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
115 filename
= L
"c:\\Microsoft\\domo.txt";
116 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
117 EXPECT_EQ(POLICY_MATCH
, result
);
118 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
120 delete [] reinterpret_cast<char*>(policy
);
123 TEST(PolicyEngineTest
, SimpleIfNotStrMatchWild1
) {
125 PolicyRule
pr(ASK_BROKER
);
126 EXPECT_TRUE(pr
.AddStringMatch(IF_NOT
, 0, L
"c:\\Microsoft\\*",
129 PolicyGlobal
* policy
= MakePolicyMemory();
130 const uint32 kFakeService
= 3;
131 LowLevelPolicy
policyGen(policy
);
133 EXPECT_TRUE(policyGen
.AddRule(kFakeService
, &pr
));
134 EXPECT_TRUE(policyGen
.Done());
136 wchar_t* filename
= NULL
;
137 POLPARAMS_BEGIN(eval_params
)
138 POLPARAM(filename
) // Argument 0
142 PolicyProcessor
pol_ev(policy
->entry
[kFakeService
]);
144 filename
= L
"c:\\Microsoft\\domo.txt";
145 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
146 EXPECT_EQ(NO_POLICY_MATCH
, result
);
148 filename
= L
"c:\\MicroNerd\\domo.txt";
149 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
150 EXPECT_EQ(POLICY_MATCH
, result
);
151 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
153 delete [] reinterpret_cast<char*>(policy
);
156 TEST(PolicyEngineTest
, SimpleIfNotStrMatchWild2
) {
158 PolicyRule
pr(ASK_BROKER
);
159 EXPECT_TRUE(pr
.AddStringMatch(IF_NOT
, 0, L
"c:\\Microsoft\\*.txt",
162 PolicyGlobal
* policy
= MakePolicyMemory();
163 const uint32 kFakeService
= 3;
164 LowLevelPolicy
policyGen(policy
);
166 EXPECT_TRUE(policyGen
.AddRule(kFakeService
, &pr
));
167 EXPECT_TRUE(policyGen
.Done());
169 wchar_t* filename
= NULL
;
170 POLPARAMS_BEGIN(eval_params
)
171 POLPARAM(filename
) // Argument 0
175 PolicyProcessor
pol_ev(policy
->entry
[kFakeService
]);
177 filename
= L
"c:\\Microsoft\\domo.txt";
178 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
179 EXPECT_EQ(NO_POLICY_MATCH
, result
);
181 filename
= L
"c:\\MicroNerd\\domo.txt";
182 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
183 EXPECT_EQ(POLICY_MATCH
, result
);
184 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
186 filename
= L
"c:\\Microsoft\\domo.bmp";
187 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
188 EXPECT_EQ(POLICY_MATCH
, result
);
189 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
191 delete [] reinterpret_cast<char*>(policy
);
194 TEST(PolicyEngineTest
, IfNotStrMatchTwoRulesWild1
) {
196 PolicyRule
pr(ASK_BROKER
);
197 EXPECT_TRUE(pr
.AddStringMatch(IF_NOT
, 0, L
"c:\\Microsoft\\*",
199 EXPECT_TRUE(pr
.AddNumberMatch(IF
, 1, 24, EQUAL
));
201 PolicyGlobal
* policy
= MakePolicyMemory();
202 const uint32 kFakeService
= 3;
203 LowLevelPolicy
policyGen(policy
);
205 EXPECT_TRUE(policyGen
.AddRule(kFakeService
, &pr
));
206 EXPECT_TRUE(policyGen
.Done());
208 wchar_t* filename
= NULL
;
209 unsigned long access
= 0;
210 POLPARAMS_BEGIN(eval_params
)
211 POLPARAM(filename
) // Argument 0
212 POLPARAM(access
) // Argument 1
216 PolicyProcessor
pol_ev(policy
->entry
[kFakeService
]);
218 filename
= L
"c:\\Microsoft\\domo.txt";
220 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
221 EXPECT_EQ(NO_POLICY_MATCH
, result
);
223 filename
= L
"c:\\Microsoft\\domo.txt";
225 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
226 EXPECT_EQ(NO_POLICY_MATCH
, result
);
228 filename
= L
"c:\\MicroNerd\\domo.txt";
230 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
231 EXPECT_EQ(POLICY_MATCH
, result
);
232 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
234 filename
= L
"c:\\Micronesia\\domo.txt";
236 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
237 EXPECT_EQ(NO_POLICY_MATCH
, result
);
239 delete [] reinterpret_cast<char*>(policy
);
242 TEST(PolicyEngineTest
, IfNotStrMatchTwoRulesWild2
) {
244 PolicyRule
pr(ASK_BROKER
);
245 EXPECT_TRUE(pr
.AddNumberMatch(IF
, 1, 24, EQUAL
));
246 EXPECT_TRUE(pr
.AddStringMatch(IF_NOT
, 0, L
"c:\\GoogleV?\\*.txt",
248 EXPECT_TRUE(pr
.AddNumberMatch(IF
, 2, 66, EQUAL
));
250 PolicyGlobal
* policy
= MakePolicyMemory();
251 const uint32 kFakeService
= 3;
252 LowLevelPolicy
policyGen(policy
);
254 EXPECT_TRUE(policyGen
.AddRule(kFakeService
, &pr
));
255 EXPECT_TRUE(policyGen
.Done());
257 wchar_t* filename
= NULL
;
258 unsigned long access
= 0;
259 unsigned long sharing
= 66;
261 POLPARAMS_BEGIN(eval_params
)
262 POLPARAM(filename
) // Argument 0
263 POLPARAM(access
) // Argument 1
264 POLPARAM(sharing
) // Argument 2
268 PolicyProcessor
pol_ev(policy
->entry
[kFakeService
]);
270 filename
= L
"c:\\GoogleV2\\domo.txt";
272 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
273 EXPECT_EQ(NO_POLICY_MATCH
, result
);
275 filename
= L
"c:\\GoogleV2\\domo.bmp";
277 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
278 EXPECT_EQ(POLICY_MATCH
, result
);
279 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
281 filename
= L
"c:\\GoogleV23\\domo.txt";
283 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
284 EXPECT_EQ(POLICY_MATCH
, result
);
285 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
288 filename
= L
"c:\\GoogleV2\\domo.txt";
290 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
291 EXPECT_EQ(NO_POLICY_MATCH
, result
);
293 filename
= L
"c:\\Google\\domo.txt";
295 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
296 EXPECT_EQ(POLICY_MATCH
, result
);
297 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
299 filename
= L
"c:\\Micronesia\\domo.txt";
301 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
302 EXPECT_EQ(NO_POLICY_MATCH
, result
);
304 filename
= L
"c:\\GoogleV2\\domo.bmp";
307 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
308 EXPECT_EQ(NO_POLICY_MATCH
, result
);
310 delete [] reinterpret_cast<char*>(policy
);
313 // Testing one single rule in one single service. The service is made to
314 // resemble NtCreateFile.
315 TEST(PolicyEngineTest
, OneRuleTest
) {
317 PolicyRule
pr(ASK_BROKER
);
318 EXPECT_TRUE(pr
.AddStringMatch(IF
, 0, L
"c:\\*Microsoft*\\*.txt",
320 EXPECT_TRUE(pr
.AddNumberMatch(IF_NOT
, 1, CREATE_ALWAYS
, EQUAL
));
321 EXPECT_TRUE(pr
.AddNumberMatch(IF
, 2, FILE_ATTRIBUTE_NORMAL
, EQUAL
));
323 PolicyGlobal
* policy
= MakePolicyMemory();
325 const uint32 kNtFakeCreateFile
= 7;
327 LowLevelPolicy
policyGen(policy
);
328 EXPECT_TRUE(policyGen
.AddRule(kNtFakeCreateFile
, &pr
));
329 EXPECT_TRUE(policyGen
.Done());
331 wchar_t* filename
= L
"c:\\Documents and Settings\\Microsoft\\BLAH.txt";
332 unsigned long creation_mode
= OPEN_EXISTING
;
333 unsigned long flags
= FILE_ATTRIBUTE_NORMAL
;
334 void* security_descriptor
= NULL
;
336 POLPARAMS_BEGIN(eval_params
)
337 POLPARAM(filename
) // Argument 0
338 POLPARAM(creation_mode
) // Argument 1
339 POLPARAM(flags
) // Argument 2
340 POLPARAM(security_descriptor
)
344 PolicyProcessor
pol_ev(policy
->entry
[kNtFakeCreateFile
]);
346 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
347 EXPECT_EQ(POLICY_MATCH
, result
);
348 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
350 creation_mode
= CREATE_ALWAYS
;
351 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
352 EXPECT_EQ(NO_POLICY_MATCH
, result
);
354 creation_mode
= OPEN_EXISTING
;
355 filename
= L
"c:\\Other\\Path\\Microsoft\\Another file.txt";
356 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
357 EXPECT_EQ(POLICY_MATCH
, result
);
358 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
360 filename
= L
"c:\\Other\\Path\\Microsoft\\Another file.txt.tmp";
361 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
362 EXPECT_EQ(NO_POLICY_MATCH
, result
);
364 flags
= FILE_ATTRIBUTE_DEVICE
;
365 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
366 EXPECT_EQ(NO_POLICY_MATCH
, result
);
368 filename
= L
"c:\\Other\\Macrosoft\\Another file.txt";
369 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
370 EXPECT_EQ(NO_POLICY_MATCH
, result
);
372 filename
= L
"c:\\Microsoft\\1.txt";
373 flags
= FILE_ATTRIBUTE_NORMAL
;
374 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
375 EXPECT_EQ(POLICY_MATCH
, result
);
376 EXPECT_EQ(ASK_BROKER
, pol_ev
.GetAction());
378 filename
= L
"c:\\Microsoft\\1.ttt";
379 result
= pol_ev
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
380 EXPECT_EQ(NO_POLICY_MATCH
, result
);
382 delete [] reinterpret_cast<char*>(policy
);
385 // Testing 3 rules in 3 services. Two of the services resemble File services.
386 TEST(PolicyEngineTest
, ThreeRulesTest
) {
388 PolicyRule
pr_pipe(FAKE_SUCCESS
);
389 EXPECT_TRUE(pr_pipe
.AddStringMatch(IF
, 0, L
"\\\\/?/?\\Pipe\\Chrome.*",
391 EXPECT_TRUE(pr_pipe
.AddNumberMatch(IF
, 1, OPEN_EXISTING
, EQUAL
));
392 EXPECT_TRUE(pr_pipe
.AddNumberMatch(IF
, 2, FILE_ATTRIBUTE_NORMAL
, EQUAL
));
394 size_t opc1
= pr_pipe
.GetOpcodeCount();
397 PolicyRule
pr_dump(ASK_BROKER
);
398 EXPECT_TRUE(pr_dump
.AddStringMatch(IF
, 0, L
"\\\\/?/?\\*\\Crash Reports\\*",
400 EXPECT_TRUE(pr_dump
.AddNumberMatch(IF
, 1, CREATE_ALWAYS
, EQUAL
));
401 EXPECT_TRUE(pr_dump
.AddNumberMatch(IF
, 2, FILE_ATTRIBUTE_NORMAL
, EQUAL
));
403 size_t opc2
= pr_dump
.GetOpcodeCount();
406 PolicyRule
pr_winexe(SIGNAL_ALARM
);
407 EXPECT_TRUE(pr_winexe
.AddStringMatch(IF
, 0, L
"\\\\/?/?\\C:\\Windows\\*.exe",
409 EXPECT_TRUE(pr_winexe
.AddNumberMatch(IF
, 2, FILE_ATTRIBUTE_NORMAL
, EQUAL
));
411 size_t opc3
= pr_winexe
.GetOpcodeCount();
414 PolicyRule
pr_adobe(GIVE_CACHED
);
415 EXPECT_TRUE(pr_adobe
.AddStringMatch(IF
, 0, L
"c:\\adobe\\ver?.?\\",
417 EXPECT_TRUE(pr_adobe
.AddNumberMatch(IF
, 2, FILE_ATTRIBUTE_NORMAL
, EQUAL
));
419 size_t opc4
= pr_adobe
.GetOpcodeCount();
422 PolicyRule
pr_none(GIVE_FIRST
);
423 EXPECT_TRUE(pr_none
.AddNumberMatch(IF
, 2, FILE_ATTRIBUTE_READONLY
, AND
));
424 EXPECT_TRUE(pr_none
.AddNumberMatch(IF
, 2, FILE_ATTRIBUTE_SYSTEM
, AND
));
426 size_t opc5
= pr_none
.GetOpcodeCount();
429 PolicyGlobal
* policy
= MakePolicyMemory();
431 const uint32 kNtFakeNone
= 4;
432 const uint32 kNtFakeCreateFile
= 5;
433 const uint32 kNtFakeOpenFile
= 6;
435 LowLevelPolicy
policyGen(policy
);
436 EXPECT_TRUE(policyGen
.AddRule(kNtFakeCreateFile
, &pr_pipe
));
437 EXPECT_TRUE(policyGen
.AddRule(kNtFakeCreateFile
, &pr_dump
));
438 EXPECT_TRUE(policyGen
.AddRule(kNtFakeCreateFile
, &pr_winexe
));
440 EXPECT_TRUE(policyGen
.AddRule(kNtFakeOpenFile
, &pr_adobe
));
441 EXPECT_TRUE(policyGen
.AddRule(kNtFakeOpenFile
, &pr_pipe
));
443 EXPECT_TRUE(policyGen
.AddRule(kNtFakeNone
, &pr_none
));
445 EXPECT_TRUE(policyGen
.Done());
447 // Inspect the policy structure manually.
448 EXPECT_TRUE(NULL
== policy
->entry
[0]);
449 EXPECT_TRUE(NULL
== policy
->entry
[1]);
450 EXPECT_TRUE(NULL
== policy
->entry
[2]);
451 EXPECT_TRUE(NULL
== policy
->entry
[3]);
452 EXPECT_TRUE(NULL
!= policy
->entry
[4]); // kNtFakeNone.
453 EXPECT_TRUE(NULL
!= policy
->entry
[5]); // kNtFakeCreateFile.
454 EXPECT_TRUE(NULL
!= policy
->entry
[6]); // kNtFakeOpenFile.
455 EXPECT_TRUE(NULL
== policy
->entry
[7]);
457 // The total per service opcode counts now must take in account one
458 // extra opcode (action opcode) per rule.
465 size_t tc1
= policy
->entry
[kNtFakeNone
]->opcode_count
;
466 size_t tc2
= policy
->entry
[kNtFakeCreateFile
]->opcode_count
;
467 size_t tc3
= policy
->entry
[kNtFakeOpenFile
]->opcode_count
;
469 EXPECT_EQ(opc5
, tc1
);
470 EXPECT_EQ((opc1
+ opc2
+ opc3
), tc2
);
471 EXPECT_EQ((opc1
+ opc4
), tc3
);
473 // Check the type of the first and last opcode of each service.
475 EXPECT_EQ(OP_ULONG_AND_MATCH
, policy
->entry
[kNtFakeNone
]->opcodes
[0].GetID());
476 EXPECT_EQ(OP_ACTION
, policy
->entry
[kNtFakeNone
]->opcodes
[tc1
-1].GetID());
477 EXPECT_EQ(OP_WSTRING_MATCH
,
478 policy
->entry
[kNtFakeCreateFile
]->opcodes
[0].GetID());
480 policy
->entry
[kNtFakeCreateFile
]->opcodes
[tc2
-1].GetID());
481 EXPECT_EQ(OP_WSTRING_MATCH
,
482 policy
->entry
[kNtFakeOpenFile
]->opcodes
[0].GetID());
483 EXPECT_EQ(OP_ACTION
, policy
->entry
[kNtFakeOpenFile
]->opcodes
[tc3
-1].GetID());
485 // Test the policy evaluation.
487 wchar_t* filename
= L
"";
488 unsigned long creation_mode
= OPEN_EXISTING
;
489 unsigned long flags
= FILE_ATTRIBUTE_NORMAL
;
490 void* security_descriptor
= NULL
;
492 POLPARAMS_BEGIN(params
)
493 POLPARAM(filename
) // Argument 0
494 POLPARAM(creation_mode
) // Argument 1
495 POLPARAM(flags
) // Argument 2
496 POLPARAM(security_descriptor
)
500 PolicyProcessor
eval_CreateFile(policy
->entry
[kNtFakeCreateFile
]);
501 PolicyProcessor
eval_OpenFile(policy
->entry
[kNtFakeOpenFile
]);
502 PolicyProcessor
eval_None(policy
->entry
[kNtFakeNone
]);
504 result
= eval_CreateFile
.Evaluate(kShortEval
, params
, _countof(params
));
505 EXPECT_EQ(NO_POLICY_MATCH
, result
);
506 result
= eval_OpenFile
.Evaluate(kShortEval
, params
, _countof(params
));
507 EXPECT_EQ(NO_POLICY_MATCH
, result
);
508 result
= eval_None
.Evaluate(kShortEval
, params
, _countof(params
));
509 EXPECT_EQ(NO_POLICY_MATCH
, result
);
511 filename
= L
"\\\\??\\c:\\Windows\\System32\\calc.exe";
512 flags
= FILE_ATTRIBUTE_SYSTEM
;
513 result
= eval_CreateFile
.Evaluate(kShortEval
, params
, _countof(params
));
514 EXPECT_EQ(NO_POLICY_MATCH
, result
);
515 result
= eval_None
.Evaluate(kShortEval
, params
, _countof(params
));
516 EXPECT_EQ(NO_POLICY_MATCH
, result
);
517 result
= eval_OpenFile
.Evaluate(kShortEval
, params
, _countof(params
));
518 EXPECT_EQ(NO_POLICY_MATCH
, result
);
520 flags
+= FILE_ATTRIBUTE_READONLY
;
521 result
= eval_CreateFile
.Evaluate(kShortEval
, params
, _countof(params
));
522 EXPECT_EQ(NO_POLICY_MATCH
, result
);
523 result
= eval_None
.Evaluate(kShortEval
, params
, _countof(params
));
524 EXPECT_EQ(POLICY_MATCH
, result
);
525 EXPECT_EQ(GIVE_FIRST
, eval_None
.GetAction());
526 result
= eval_OpenFile
.Evaluate(kShortEval
, params
, _countof(params
));
527 EXPECT_EQ(NO_POLICY_MATCH
, result
);
529 flags
= FILE_ATTRIBUTE_NORMAL
;
530 result
= eval_CreateFile
.Evaluate(kShortEval
, params
, _countof(params
));
531 EXPECT_EQ(POLICY_MATCH
, result
);
532 EXPECT_EQ(SIGNAL_ALARM
, eval_CreateFile
.GetAction());
533 result
= eval_None
.Evaluate(kShortEval
, params
, _countof(params
));
534 EXPECT_EQ(NO_POLICY_MATCH
, result
);
535 result
= eval_OpenFile
.Evaluate(kShortEval
, params
, _countof(params
));
536 EXPECT_EQ(NO_POLICY_MATCH
, result
);
538 filename
= L
"c:\\adobe\\ver3.2\\temp";
539 result
= eval_CreateFile
.Evaluate(kShortEval
, params
, _countof(params
));
540 EXPECT_EQ(NO_POLICY_MATCH
, result
);
541 result
= eval_None
.Evaluate(kShortEval
, params
, _countof(params
));
542 EXPECT_EQ(NO_POLICY_MATCH
, result
);
543 result
= eval_OpenFile
.Evaluate(kShortEval
, params
, _countof(params
));
544 EXPECT_EQ(POLICY_MATCH
, result
);
545 EXPECT_EQ(GIVE_CACHED
, eval_OpenFile
.GetAction());
547 filename
= L
"c:\\adobe\\ver3.22\\temp";
548 result
= eval_OpenFile
.Evaluate(kShortEval
, params
, _countof(params
));
549 EXPECT_EQ(NO_POLICY_MATCH
, result
);
551 filename
= L
"\\\\??\\c:\\some path\\other path\\crash reports\\some path";
552 creation_mode
= CREATE_ALWAYS
;
553 result
= eval_CreateFile
.Evaluate(kShortEval
, params
, _countof(params
));
554 EXPECT_EQ(POLICY_MATCH
, result
);
555 EXPECT_EQ(ASK_BROKER
, eval_CreateFile
.GetAction());
556 result
= eval_None
.Evaluate(kShortEval
, params
, _countof(params
));
557 EXPECT_EQ(NO_POLICY_MATCH
, result
);
558 result
= eval_OpenFile
.Evaluate(kShortEval
, params
, _countof(params
));
559 EXPECT_EQ(NO_POLICY_MATCH
, result
);
561 filename
= L
"\\\\??\\Pipe\\Chrome.12345";
562 creation_mode
= OPEN_EXISTING
;
563 result
= eval_CreateFile
.Evaluate(kShortEval
, params
, _countof(params
));
564 EXPECT_EQ(POLICY_MATCH
, result
);
565 EXPECT_EQ(FAKE_SUCCESS
, eval_CreateFile
.GetAction());
566 result
= eval_None
.Evaluate(kShortEval
, params
, _countof(params
));
567 EXPECT_EQ(NO_POLICY_MATCH
, result
);
568 result
= eval_OpenFile
.Evaluate(kShortEval
, params
, _countof(params
));
569 EXPECT_EQ(POLICY_MATCH
, result
);
570 EXPECT_EQ(FAKE_SUCCESS
, eval_OpenFile
.GetAction());
572 delete [] reinterpret_cast<char*>(policy
);
575 TEST(PolicyEngineTest
, PolicyRuleCopyConstructorTwoStrings
) {
577 // Both pr_orig and pr_copy should allow hello.* but not *.txt files.
578 PolicyRule
pr_orig(ASK_BROKER
);
579 EXPECT_TRUE(pr_orig
.AddStringMatch(IF
, 0, L
"hello.*", CASE_SENSITIVE
));
581 PolicyRule
pr_copy(pr_orig
);
582 EXPECT_TRUE(pr_orig
.AddStringMatch(IF_NOT
, 0, L
"*.txt", CASE_SENSITIVE
));
583 EXPECT_TRUE(pr_copy
.AddStringMatch(IF_NOT
, 0, L
"*.txt", CASE_SENSITIVE
));
585 PolicyGlobal
* policy
= MakePolicyMemory();
586 LowLevelPolicy
policyGen(policy
);
587 EXPECT_TRUE(policyGen
.AddRule(1, &pr_orig
));
588 EXPECT_TRUE(policyGen
.AddRule(2, &pr_copy
));
589 EXPECT_TRUE(policyGen
.Done());
591 wchar_t* name
= NULL
;
592 POLPARAMS_BEGIN(eval_params
)
597 PolicyProcessor
pol_ev_orig(policy
->entry
[1]);
599 result
= pol_ev_orig
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
600 EXPECT_EQ(NO_POLICY_MATCH
, result
);
603 result
= pol_ev_orig
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
604 EXPECT_EQ(POLICY_MATCH
, result
);
605 EXPECT_EQ(ASK_BROKER
, pol_ev_orig
.GetAction());
607 PolicyProcessor
pol_ev_copy(policy
->entry
[2]);
609 result
= pol_ev_copy
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
610 EXPECT_EQ(NO_POLICY_MATCH
, result
);
613 result
= pol_ev_copy
.Evaluate(kShortEval
, eval_params
, _countof(eval_params
));
614 EXPECT_EQ(POLICY_MATCH
, result
);
615 EXPECT_EQ(ASK_BROKER
, pol_ev_copy
.GetAction());
617 } // namespace sandbox