Don't preload rarely seen large images
[chromium-blink-merge.git] / sandbox / win / src / policy_low_level_unittest.cc
blob4081a5885d3d5feeac06c3a08161b34ca0fd57a8
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/policy_engine_params.h"
6 #include "sandbox/win/src/policy_engine_processor.h"
7 #include "sandbox/win/src/policy_low_level.h"
8 #include "testing/gtest/include/gtest/gtest.h"
10 #define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = {
11 #define POLPARAM(p) sandbox::ParamPickerMake(p),
12 #define POLPARAMS_END }
14 namespace sandbox {
16 bool SetupNtdllImports();
18 // Testing that we allow opcode generation on valid string patterns.
19 TEST(PolicyEngineTest, StringPatternsOK) {
20 SetupNtdllImports();
21 PolicyRule pr(ASK_BROKER);
22 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\adobe\\ver??\\", CASE_SENSITIVE));
23 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"*.tmp", CASE_SENSITIVE));
24 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\*.doc", CASE_SENSITIVE));
25 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\windows\\*", CASE_SENSITIVE));
26 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"d:\\adobe\\acrobat.exe",
27 CASE_SENSITIVE));
30 // Testing that we signal invalid string patterns.
31 TEST(PolicyEngineTest, StringPatternsBAD) {
32 SetupNtdllImports();
33 PolicyRule pr(ASK_BROKER);
34 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"one**two", CASE_SENSITIVE));
35 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"**three", CASE_SENSITIVE));
36 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"five?six*?seven", CASE_SENSITIVE));
37 EXPECT_FALSE(pr.AddStringMatch(IF, 0, L"eight?*nine", CASE_SENSITIVE));
40 // Helper function to allocate space (on the heap) for policy.
41 PolicyGlobal* MakePolicyMemory() {
42 const size_t kTotalPolicySz = 4096*8;
43 char* mem = new char[kTotalPolicySz];
44 memset(mem, 0, kTotalPolicySz);
45 PolicyGlobal* policy = reinterpret_cast<PolicyGlobal*>(mem);
46 policy->data_size = kTotalPolicySz - sizeof(PolicyGlobal);
47 return policy;
50 // The simplest test using LowLevelPolicy it should test a single opcode which
51 // does a exact string comparison.
52 TEST(PolicyEngineTest, SimpleStrMatch) {
53 SetupNtdllImports();
54 PolicyRule pr(ASK_BROKER);
55 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"z:\\Directory\\domo.txt",
56 CASE_INSENSITIVE));
58 PolicyGlobal* policy = MakePolicyMemory();
59 const uint32 kFakeService = 2;
61 LowLevelPolicy policyGen(policy);
62 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
63 EXPECT_TRUE(policyGen.Done());
65 const wchar_t* filename = L"Z:\\Directory\\domo.txt";
67 POLPARAMS_BEGIN(eval_params)
68 POLPARAM(filename) // Argument 0
69 POLPARAMS_END;
71 PolicyResult result;
72 PolicyProcessor pol_ev(policy->entry[kFakeService]);
74 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
75 EXPECT_EQ(POLICY_MATCH, result);
76 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
78 filename = L"Z:\\Directory\\domo.txt.tmp";
79 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
80 EXPECT_EQ(NO_POLICY_MATCH, result);
82 delete [] reinterpret_cast<char*>(policy);
85 TEST(PolicyEngineTest, SimpleIfNotStrMatch) {
86 SetupNtdllImports();
87 PolicyRule pr(ASK_BROKER);
88 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\",
89 CASE_SENSITIVE));
91 PolicyGlobal* policy = MakePolicyMemory();
92 const uint32 kFakeService = 2;
93 LowLevelPolicy policyGen(policy);
95 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
96 EXPECT_TRUE(policyGen.Done());
98 const wchar_t* filename = NULL;
99 POLPARAMS_BEGIN(eval_params)
100 POLPARAM(filename) // Argument 0
101 POLPARAMS_END;
103 PolicyResult result;
104 PolicyProcessor pol_ev(policy->entry[kFakeService]);
106 filename = L"c:\\Microsoft\\";
107 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
108 EXPECT_EQ(NO_POLICY_MATCH, result);
110 filename = L"c:\\MicroNerd\\";
111 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
112 EXPECT_EQ(POLICY_MATCH, result);
113 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
115 filename = L"c:\\Microsoft\\domo.txt";
116 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
117 EXPECT_EQ(POLICY_MATCH, result);
118 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
120 delete [] reinterpret_cast<char*>(policy);
123 TEST(PolicyEngineTest, SimpleIfNotStrMatchWild1) {
124 SetupNtdllImports();
125 PolicyRule pr(ASK_BROKER);
126 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*",
127 CASE_SENSITIVE));
129 PolicyGlobal* policy = MakePolicyMemory();
130 const uint32 kFakeService = 3;
131 LowLevelPolicy policyGen(policy);
133 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
134 EXPECT_TRUE(policyGen.Done());
136 const wchar_t* filename = NULL;
137 POLPARAMS_BEGIN(eval_params)
138 POLPARAM(filename) // Argument 0
139 POLPARAMS_END;
141 PolicyResult result;
142 PolicyProcessor pol_ev(policy->entry[kFakeService]);
144 filename = L"c:\\Microsoft\\domo.txt";
145 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
146 EXPECT_EQ(NO_POLICY_MATCH, result);
148 filename = L"c:\\MicroNerd\\domo.txt";
149 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
150 EXPECT_EQ(POLICY_MATCH, result);
151 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
153 delete [] reinterpret_cast<char*>(policy);
156 TEST(PolicyEngineTest, SimpleIfNotStrMatchWild2) {
157 SetupNtdllImports();
158 PolicyRule pr(ASK_BROKER);
159 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*.txt",
160 CASE_SENSITIVE));
162 PolicyGlobal* policy = MakePolicyMemory();
163 const uint32 kFakeService = 3;
164 LowLevelPolicy policyGen(policy);
166 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
167 EXPECT_TRUE(policyGen.Done());
169 const wchar_t* filename = NULL;
170 POLPARAMS_BEGIN(eval_params)
171 POLPARAM(filename) // Argument 0
172 POLPARAMS_END;
174 PolicyResult result;
175 PolicyProcessor pol_ev(policy->entry[kFakeService]);
177 filename = L"c:\\Microsoft\\domo.txt";
178 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
179 EXPECT_EQ(NO_POLICY_MATCH, result);
181 filename = L"c:\\MicroNerd\\domo.txt";
182 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
183 EXPECT_EQ(POLICY_MATCH, result);
184 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
186 filename = L"c:\\Microsoft\\domo.bmp";
187 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
188 EXPECT_EQ(POLICY_MATCH, result);
189 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
191 delete [] reinterpret_cast<char*>(policy);
194 TEST(PolicyEngineTest, IfNotStrMatchTwoRulesWild1) {
195 SetupNtdllImports();
196 PolicyRule pr(ASK_BROKER);
197 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\Microsoft\\*",
198 CASE_SENSITIVE));
199 EXPECT_TRUE(pr.AddNumberMatch(IF, 1, 24, EQUAL));
201 PolicyGlobal* policy = MakePolicyMemory();
202 const uint32 kFakeService = 3;
203 LowLevelPolicy policyGen(policy);
205 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
206 EXPECT_TRUE(policyGen.Done());
208 const wchar_t* filename = NULL;
209 uint32 access = 0;
210 POLPARAMS_BEGIN(eval_params)
211 POLPARAM(filename) // Argument 0
212 POLPARAM(access) // Argument 1
213 POLPARAMS_END;
215 PolicyResult result;
216 PolicyProcessor pol_ev(policy->entry[kFakeService]);
218 filename = L"c:\\Microsoft\\domo.txt";
219 access = 24;
220 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
221 EXPECT_EQ(NO_POLICY_MATCH, result);
223 filename = L"c:\\Microsoft\\domo.txt";
224 access = 42;
225 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
226 EXPECT_EQ(NO_POLICY_MATCH, result);
228 filename = L"c:\\MicroNerd\\domo.txt";
229 access = 24;
230 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
231 EXPECT_EQ(POLICY_MATCH, result);
232 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
234 filename = L"c:\\Micronesia\\domo.txt";
235 access = 42;
236 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
237 EXPECT_EQ(NO_POLICY_MATCH, result);
239 delete [] reinterpret_cast<char*>(policy);
242 TEST(PolicyEngineTest, IfNotStrMatchTwoRulesWild2) {
243 SetupNtdllImports();
244 PolicyRule pr(ASK_BROKER);
245 EXPECT_TRUE(pr.AddNumberMatch(IF, 1, 24, EQUAL));
246 EXPECT_TRUE(pr.AddStringMatch(IF_NOT, 0, L"c:\\GoogleV?\\*.txt",
247 CASE_SENSITIVE));
248 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, 66, EQUAL));
250 PolicyGlobal* policy = MakePolicyMemory();
251 const uint32 kFakeService = 3;
252 LowLevelPolicy policyGen(policy);
254 EXPECT_TRUE(policyGen.AddRule(kFakeService, &pr));
255 EXPECT_TRUE(policyGen.Done());
257 const wchar_t* filename = NULL;
258 uint32 access = 0;
259 uint32 sharing = 66;
261 POLPARAMS_BEGIN(eval_params)
262 POLPARAM(filename) // Argument 0
263 POLPARAM(access) // Argument 1
264 POLPARAM(sharing) // Argument 2
265 POLPARAMS_END;
267 PolicyResult result;
268 PolicyProcessor pol_ev(policy->entry[kFakeService]);
270 filename = L"c:\\GoogleV2\\domo.txt";
271 access = 24;
272 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
273 EXPECT_EQ(NO_POLICY_MATCH, result);
275 filename = L"c:\\GoogleV2\\domo.bmp";
276 access = 24;
277 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
278 EXPECT_EQ(POLICY_MATCH, result);
279 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
281 filename = L"c:\\GoogleV23\\domo.txt";
282 access = 24;
283 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
284 EXPECT_EQ(POLICY_MATCH, result);
285 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
288 filename = L"c:\\GoogleV2\\domo.txt";
289 access = 42;
290 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
291 EXPECT_EQ(NO_POLICY_MATCH, result);
293 filename = L"c:\\Google\\domo.txt";
294 access = 24;
295 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
296 EXPECT_EQ(POLICY_MATCH, result);
297 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
299 filename = L"c:\\Micronesia\\domo.txt";
300 access = 42;
301 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
302 EXPECT_EQ(NO_POLICY_MATCH, result);
304 filename = L"c:\\GoogleV2\\domo.bmp";
305 access = 24;
306 sharing = 0;
307 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
308 EXPECT_EQ(NO_POLICY_MATCH, result);
310 delete [] reinterpret_cast<char*>(policy);
313 // Testing one single rule in one single service. The service is made to
314 // resemble NtCreateFile.
315 TEST(PolicyEngineTest, OneRuleTest) {
316 SetupNtdllImports();
317 PolicyRule pr(ASK_BROKER);
318 EXPECT_TRUE(pr.AddStringMatch(IF, 0, L"c:\\*Microsoft*\\*.txt",
319 CASE_SENSITIVE));
320 EXPECT_TRUE(pr.AddNumberMatch(IF_NOT, 1, CREATE_ALWAYS, EQUAL));
321 EXPECT_TRUE(pr.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
323 PolicyGlobal* policy = MakePolicyMemory();
325 const uint32 kNtFakeCreateFile = 7;
327 LowLevelPolicy policyGen(policy);
328 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr));
329 EXPECT_TRUE(policyGen.Done());
331 const wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt";
332 uint32 creation_mode = OPEN_EXISTING;
333 uint32 flags = FILE_ATTRIBUTE_NORMAL;
334 void* security_descriptor = NULL;
336 POLPARAMS_BEGIN(eval_params)
337 POLPARAM(filename) // Argument 0
338 POLPARAM(creation_mode) // Argument 1
339 POLPARAM(flags) // Argument 2
340 POLPARAM(security_descriptor)
341 POLPARAMS_END;
343 PolicyResult result;
344 PolicyProcessor pol_ev(policy->entry[kNtFakeCreateFile]);
346 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
347 EXPECT_EQ(POLICY_MATCH, result);
348 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
350 creation_mode = CREATE_ALWAYS;
351 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
352 EXPECT_EQ(NO_POLICY_MATCH, result);
354 creation_mode = OPEN_EXISTING;
355 filename = L"c:\\Other\\Path\\Microsoft\\Another file.txt";
356 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
357 EXPECT_EQ(POLICY_MATCH, result);
358 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
360 filename = L"c:\\Other\\Path\\Microsoft\\Another file.txt.tmp";
361 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
362 EXPECT_EQ(NO_POLICY_MATCH, result);
364 flags = FILE_ATTRIBUTE_DEVICE;
365 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
366 EXPECT_EQ(NO_POLICY_MATCH, result);
368 filename = L"c:\\Other\\Macrosoft\\Another file.txt";
369 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
370 EXPECT_EQ(NO_POLICY_MATCH, result);
372 filename = L"c:\\Microsoft\\1.txt";
373 flags = FILE_ATTRIBUTE_NORMAL;
374 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
375 EXPECT_EQ(POLICY_MATCH, result);
376 EXPECT_EQ(ASK_BROKER, pol_ev.GetAction());
378 filename = L"c:\\Microsoft\\1.ttt";
379 result = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params));
380 EXPECT_EQ(NO_POLICY_MATCH, result);
382 delete [] reinterpret_cast<char*>(policy);
385 // Testing 3 rules in 3 services. Two of the services resemble File services.
386 TEST(PolicyEngineTest, ThreeRulesTest) {
387 SetupNtdllImports();
388 PolicyRule pr_pipe(FAKE_SUCCESS);
389 EXPECT_TRUE(pr_pipe.AddStringMatch(IF, 0, L"\\\\/?/?\\Pipe\\Chrome.*",
390 CASE_INSENSITIVE));
391 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 1, OPEN_EXISTING, EQUAL));
392 EXPECT_TRUE(pr_pipe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
394 size_t opc1 = pr_pipe.GetOpcodeCount();
395 EXPECT_EQ(3, opc1);
397 PolicyRule pr_dump(ASK_BROKER);
398 EXPECT_TRUE(pr_dump.AddStringMatch(IF, 0, L"\\\\/?/?\\*\\Crash Reports\\*",
399 CASE_INSENSITIVE));
400 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 1, CREATE_ALWAYS, EQUAL));
401 EXPECT_TRUE(pr_dump.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
403 size_t opc2 = pr_dump.GetOpcodeCount();
404 EXPECT_EQ(4, opc2);
406 PolicyRule pr_winexe(SIGNAL_ALARM);
407 EXPECT_TRUE(pr_winexe.AddStringMatch(IF, 0, L"\\\\/?/?\\C:\\Windows\\*.exe",
408 CASE_INSENSITIVE));
409 EXPECT_TRUE(pr_winexe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
411 size_t opc3 = pr_winexe.GetOpcodeCount();
412 EXPECT_EQ(3, opc3);
414 PolicyRule pr_adobe(GIVE_CACHED);
415 EXPECT_TRUE(pr_adobe.AddStringMatch(IF, 0, L"c:\\adobe\\ver?.?\\",
416 CASE_SENSITIVE));
417 EXPECT_TRUE(pr_adobe.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL));
419 size_t opc4 = pr_adobe.GetOpcodeCount();
420 EXPECT_EQ(4, opc4);
422 PolicyRule pr_none(GIVE_FIRST);
423 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_READONLY, AND));
424 EXPECT_TRUE(pr_none.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_SYSTEM, AND));
426 size_t opc5 = pr_none.GetOpcodeCount();
427 EXPECT_EQ(2, opc5);
429 PolicyGlobal* policy = MakePolicyMemory();
431 const uint32 kNtFakeNone = 4;
432 const uint32 kNtFakeCreateFile = 5;
433 const uint32 kNtFakeOpenFile = 6;
435 LowLevelPolicy policyGen(policy);
436 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_pipe));
437 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_dump));
438 EXPECT_TRUE(policyGen.AddRule(kNtFakeCreateFile, &pr_winexe));
440 EXPECT_TRUE(policyGen.AddRule(kNtFakeOpenFile, &pr_adobe));
441 EXPECT_TRUE(policyGen.AddRule(kNtFakeOpenFile, &pr_pipe));
443 EXPECT_TRUE(policyGen.AddRule(kNtFakeNone, &pr_none));
445 EXPECT_TRUE(policyGen.Done());
447 // Inspect the policy structure manually.
448 EXPECT_TRUE(NULL == policy->entry[0]);
449 EXPECT_TRUE(NULL == policy->entry[1]);
450 EXPECT_TRUE(NULL == policy->entry[2]);
451 EXPECT_TRUE(NULL == policy->entry[3]);
452 EXPECT_TRUE(NULL != policy->entry[4]); // kNtFakeNone.
453 EXPECT_TRUE(NULL != policy->entry[5]); // kNtFakeCreateFile.
454 EXPECT_TRUE(NULL != policy->entry[6]); // kNtFakeOpenFile.
455 EXPECT_TRUE(NULL == policy->entry[7]);
457 // The total per service opcode counts now must take in account one
458 // extra opcode (action opcode) per rule.
459 ++opc1;
460 ++opc2;
461 ++opc3;
462 ++opc4;
463 ++opc5;
465 size_t tc1 = policy->entry[kNtFakeNone]->opcode_count;
466 size_t tc2 = policy->entry[kNtFakeCreateFile]->opcode_count;
467 size_t tc3 = policy->entry[kNtFakeOpenFile]->opcode_count;
469 EXPECT_EQ(opc5, tc1);
470 EXPECT_EQ((opc1 + opc2 + opc3), tc2);
471 EXPECT_EQ((opc1 + opc4), tc3);
473 // Check the type of the first and last opcode of each service.
475 EXPECT_EQ(OP_NUMBER_AND_MATCH,
476 policy->entry[kNtFakeNone]->opcodes[0].GetID());
477 EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeNone]->opcodes[tc1-1].GetID());
478 EXPECT_EQ(OP_WSTRING_MATCH,
479 policy->entry[kNtFakeCreateFile]->opcodes[0].GetID());
480 EXPECT_EQ(OP_ACTION,
481 policy->entry[kNtFakeCreateFile]->opcodes[tc2-1].GetID());
482 EXPECT_EQ(OP_WSTRING_MATCH,
483 policy->entry[kNtFakeOpenFile]->opcodes[0].GetID());
484 EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeOpenFile]->opcodes[tc3-1].GetID());
486 // Test the policy evaluation.
488 const wchar_t* filename = L"";
489 uint32 creation_mode = OPEN_EXISTING;
490 uint32 flags = FILE_ATTRIBUTE_NORMAL;
491 void* security_descriptor = NULL;
493 POLPARAMS_BEGIN(params)
494 POLPARAM(filename) // Argument 0
495 POLPARAM(creation_mode) // Argument 1
496 POLPARAM(flags) // Argument 2
497 POLPARAM(security_descriptor)
498 POLPARAMS_END;
500 PolicyResult result;
501 PolicyProcessor eval_CreateFile(policy->entry[kNtFakeCreateFile]);
502 PolicyProcessor eval_OpenFile(policy->entry[kNtFakeOpenFile]);
503 PolicyProcessor eval_None(policy->entry[kNtFakeNone]);
505 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
506 EXPECT_EQ(NO_POLICY_MATCH, result);
507 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
508 EXPECT_EQ(NO_POLICY_MATCH, result);
509 result = eval_None.Evaluate(kShortEval, params, _countof(params));
510 EXPECT_EQ(NO_POLICY_MATCH, result);
512 filename = L"\\\\??\\c:\\Windows\\System32\\calc.exe";
513 flags = FILE_ATTRIBUTE_SYSTEM;
514 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
515 EXPECT_EQ(NO_POLICY_MATCH, result);
516 result = eval_None.Evaluate(kShortEval, params, _countof(params));
517 EXPECT_EQ(NO_POLICY_MATCH, result);
518 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
519 EXPECT_EQ(NO_POLICY_MATCH, result);
521 flags += FILE_ATTRIBUTE_READONLY;
522 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
523 EXPECT_EQ(NO_POLICY_MATCH, result);
524 result = eval_None.Evaluate(kShortEval, params, _countof(params));
525 EXPECT_EQ(POLICY_MATCH, result);
526 EXPECT_EQ(GIVE_FIRST, eval_None.GetAction());
527 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
528 EXPECT_EQ(NO_POLICY_MATCH, result);
530 flags = FILE_ATTRIBUTE_NORMAL;
531 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
532 EXPECT_EQ(POLICY_MATCH, result);
533 EXPECT_EQ(SIGNAL_ALARM, eval_CreateFile.GetAction());
534 result = eval_None.Evaluate(kShortEval, params, _countof(params));
535 EXPECT_EQ(NO_POLICY_MATCH, result);
536 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
537 EXPECT_EQ(NO_POLICY_MATCH, result);
539 filename = L"c:\\adobe\\ver3.2\\temp";
540 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
541 EXPECT_EQ(NO_POLICY_MATCH, result);
542 result = eval_None.Evaluate(kShortEval, params, _countof(params));
543 EXPECT_EQ(NO_POLICY_MATCH, result);
544 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
545 EXPECT_EQ(POLICY_MATCH, result);
546 EXPECT_EQ(GIVE_CACHED, eval_OpenFile.GetAction());
548 filename = L"c:\\adobe\\ver3.22\\temp";
549 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
550 EXPECT_EQ(NO_POLICY_MATCH, result);
552 filename = L"\\\\??\\c:\\some path\\other path\\crash reports\\some path";
553 creation_mode = CREATE_ALWAYS;
554 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
555 EXPECT_EQ(POLICY_MATCH, result);
556 EXPECT_EQ(ASK_BROKER, eval_CreateFile.GetAction());
557 result = eval_None.Evaluate(kShortEval, params, _countof(params));
558 EXPECT_EQ(NO_POLICY_MATCH, result);
559 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
560 EXPECT_EQ(NO_POLICY_MATCH, result);
562 filename = L"\\\\??\\Pipe\\Chrome.12345";
563 creation_mode = OPEN_EXISTING;
564 result = eval_CreateFile.Evaluate(kShortEval, params, _countof(params));
565 EXPECT_EQ(POLICY_MATCH, result);
566 EXPECT_EQ(FAKE_SUCCESS, eval_CreateFile.GetAction());
567 result = eval_None.Evaluate(kShortEval, params, _countof(params));
568 EXPECT_EQ(NO_POLICY_MATCH, result);
569 result = eval_OpenFile.Evaluate(kShortEval, params, _countof(params));
570 EXPECT_EQ(POLICY_MATCH, result);
571 EXPECT_EQ(FAKE_SUCCESS, eval_OpenFile.GetAction());
573 delete [] reinterpret_cast<char*>(policy);
576 TEST(PolicyEngineTest, PolicyRuleCopyConstructorTwoStrings) {
577 SetupNtdllImports();
578 // Both pr_orig and pr_copy should allow hello.* but not *.txt files.
579 PolicyRule pr_orig(ASK_BROKER);
580 EXPECT_TRUE(pr_orig.AddStringMatch(IF, 0, L"hello.*", CASE_SENSITIVE));
582 PolicyRule pr_copy(pr_orig);
583 EXPECT_TRUE(pr_orig.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE));
584 EXPECT_TRUE(pr_copy.AddStringMatch(IF_NOT, 0, L"*.txt", CASE_SENSITIVE));
586 PolicyGlobal* policy = MakePolicyMemory();
587 LowLevelPolicy policyGen(policy);
588 EXPECT_TRUE(policyGen.AddRule(1, &pr_orig));
589 EXPECT_TRUE(policyGen.AddRule(2, &pr_copy));
590 EXPECT_TRUE(policyGen.Done());
592 const wchar_t* name = NULL;
593 POLPARAMS_BEGIN(eval_params)
594 POLPARAM(name)
595 POLPARAMS_END;
597 PolicyResult result;
598 PolicyProcessor pol_ev_orig(policy->entry[1]);
599 name = L"domo.txt";
600 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params));
601 EXPECT_EQ(NO_POLICY_MATCH, result);
603 name = L"hello.bmp";
604 result = pol_ev_orig.Evaluate(kShortEval, eval_params, _countof(eval_params));
605 EXPECT_EQ(POLICY_MATCH, result);
606 EXPECT_EQ(ASK_BROKER, pol_ev_orig.GetAction());
608 PolicyProcessor pol_ev_copy(policy->entry[2]);
609 name = L"domo.txt";
610 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params));
611 EXPECT_EQ(NO_POLICY_MATCH, result);
613 name = L"hello.bmp";
614 result = pol_ev_copy.Evaluate(kShortEval, eval_params, _countof(eval_params));
615 EXPECT_EQ(POLICY_MATCH, result);
616 EXPECT_EQ(ASK_BROKER, pol_ev_copy.GetAction());
618 } // namespace sandbox