Permission message rules: Each rule must have >= 1 required permissions
[chromium-blink-merge.git] / sandbox / win / src / process_mitigations_test.cc
blob080d8eca3fcbd49752b9b3318e43527cc65e0add
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/strings/stringprintf.h"
6 #include "base/win/scoped_handle.h"
8 #include "base/win/windows_version.h"
9 #include "sandbox/win/src/nt_internals.h"
10 #include "sandbox/win/src/process_mitigations.h"
11 #include "sandbox/win/src/sandbox.h"
12 #include "sandbox/win/src/sandbox_factory.h"
13 #include "sandbox/win/src/target_services.h"
14 #include "sandbox/win/src/win_utils.h"
15 #include "sandbox/win/tests/common/controller.h"
16 #include "testing/gtest/include/gtest/gtest.h"
18 namespace {
20 typedef BOOL (WINAPI *GetProcessDEPPolicyFunction)(
21 HANDLE process,
22 LPDWORD flags,
23 PBOOL permanent);
25 typedef BOOL (WINAPI *GetProcessMitigationPolicyFunction)(
26 HANDLE process,
27 PROCESS_MITIGATION_POLICY mitigation_policy,
28 PVOID buffer,
29 SIZE_T length);
31 GetProcessMitigationPolicyFunction get_process_mitigation_policy;
33 #if !defined(_WIN64)
34 bool CheckWin8DepPolicy() {
35 PROCESS_MITIGATION_DEP_POLICY policy = {};
36 if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessDEPPolicy,
37 &policy, sizeof(policy))) {
38 return false;
40 return policy.Enable && policy.Permanent;
42 #endif // !defined(_WIN64)
44 #if defined(NDEBUG)
45 bool CheckWin8AslrPolicy() {
46 PROCESS_MITIGATION_ASLR_POLICY policy = {};
47 if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessASLRPolicy,
48 &policy, sizeof(policy))) {
49 return false;
51 return policy.EnableForceRelocateImages && policy.DisallowStrippedImages;
53 #endif // defined(NDEBUG)
55 bool CheckWin8StrictHandlePolicy() {
56 PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY policy = {};
57 if (!get_process_mitigation_policy(::GetCurrentProcess(),
58 ProcessStrictHandleCheckPolicy,
59 &policy, sizeof(policy))) {
60 return false;
62 return policy.RaiseExceptionOnInvalidHandleReference &&
63 policy.HandleExceptionsPermanentlyEnabled;
66 bool CheckWin8Win32CallPolicy() {
67 PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY policy = {};
68 if (!get_process_mitigation_policy(::GetCurrentProcess(),
69 ProcessSystemCallDisablePolicy,
70 &policy, sizeof(policy))) {
71 return false;
73 return policy.DisallowWin32kSystemCalls;
76 bool CheckWin8DllExtensionPolicy() {
77 PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {};
78 if (!get_process_mitigation_policy(::GetCurrentProcess(),
79 ProcessExtensionPointDisablePolicy,
80 &policy, sizeof(policy))) {
81 return false;
83 return policy.DisableExtensionPoints;
86 } // namespace
88 namespace sandbox {
90 SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t **argv) {
91 get_process_mitigation_policy =
92 reinterpret_cast<GetProcessMitigationPolicyFunction>(
93 ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"),
94 "GetProcessMitigationPolicy"));
95 if (!get_process_mitigation_policy)
96 return SBOX_TEST_NOT_FOUND;
98 #if !defined(_WIN64) // DEP is always enabled on 64-bit.
99 if (!CheckWin8DepPolicy())
100 return SBOX_TEST_FIRST_ERROR;
101 #endif
103 #if defined(NDEBUG) // ASLR cannot be forced in debug builds.
104 if (!CheckWin8AslrPolicy())
105 return SBOX_TEST_SECOND_ERROR;
106 #endif
108 if (!CheckWin8StrictHandlePolicy())
109 return SBOX_TEST_THIRD_ERROR;
111 if (!CheckWin8DllExtensionPolicy())
112 return SBOX_TEST_FIFTH_ERROR;
114 return SBOX_TEST_SUCCEEDED;
117 TEST(ProcessMitigationsTest, CheckWin8) {
118 if (base::win::GetVersion() < base::win::VERSION_WIN8)
119 return;
121 TestRunner runner;
122 sandbox::TargetPolicy* policy = runner.GetPolicy();
124 sandbox::MitigationFlags mitigations = MITIGATION_DEP |
125 MITIGATION_DEP_NO_ATL_THUNK |
126 MITIGATION_EXTENSION_DLL_DISABLE;
127 #if defined(NDEBUG) // ASLR cannot be forced in debug builds.
128 mitigations |= MITIGATION_RELOCATE_IMAGE |
129 MITIGATION_RELOCATE_IMAGE_REQUIRED;
130 #endif
132 EXPECT_EQ(policy->SetProcessMitigations(mitigations), SBOX_ALL_OK);
134 mitigations |= MITIGATION_STRICT_HANDLE_CHECKS;
136 EXPECT_EQ(policy->SetDelayedProcessMitigations(mitigations), SBOX_ALL_OK);
138 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8"));
142 SBOX_TESTS_COMMAND int CheckDep(int argc, wchar_t **argv) {
143 GetProcessDEPPolicyFunction get_process_dep_policy =
144 reinterpret_cast<GetProcessDEPPolicyFunction>(
145 ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"),
146 "GetProcessDEPPolicy"));
147 if (get_process_dep_policy) {
148 BOOL is_permanent = FALSE;
149 DWORD dep_flags = 0;
151 if (!get_process_dep_policy(::GetCurrentProcess(), &dep_flags,
152 &is_permanent)) {
153 return SBOX_TEST_FIRST_ERROR;
156 if (!(dep_flags & PROCESS_DEP_ENABLE) || !is_permanent)
157 return SBOX_TEST_SECOND_ERROR;
159 } else {
160 NtQueryInformationProcessFunction query_information_process = NULL;
161 ResolveNTFunctionPtr("NtQueryInformationProcess",
162 &query_information_process);
163 if (!query_information_process)
164 return SBOX_TEST_NOT_FOUND;
166 ULONG size = 0;
167 ULONG dep_flags = 0;
168 if (!SUCCEEDED(query_information_process(::GetCurrentProcess(),
169 ProcessExecuteFlags, &dep_flags,
170 sizeof(dep_flags), &size))) {
171 return SBOX_TEST_THIRD_ERROR;
174 static const int MEM_EXECUTE_OPTION_DISABLE = 2;
175 static const int MEM_EXECUTE_OPTION_PERMANENT = 8;
176 dep_flags &= 0xff;
178 if (dep_flags != (MEM_EXECUTE_OPTION_DISABLE |
179 MEM_EXECUTE_OPTION_PERMANENT)) {
180 return SBOX_TEST_FOURTH_ERROR;
184 return SBOX_TEST_SUCCEEDED;
187 #if !defined(_WIN64) // DEP is always enabled on 64-bit.
188 TEST(ProcessMitigationsTest, CheckDep) {
189 if (base::win::GetVersion() > base::win::VERSION_WIN7)
190 return;
192 TestRunner runner;
193 sandbox::TargetPolicy* policy = runner.GetPolicy();
195 EXPECT_EQ(policy->SetProcessMitigations(
196 MITIGATION_DEP |
197 MITIGATION_DEP_NO_ATL_THUNK |
198 MITIGATION_SEHOP),
199 SBOX_ALL_OK);
200 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckDep"));
202 #endif
204 SBOX_TESTS_COMMAND int CheckWin8Lockdown(int argc, wchar_t **argv) {
205 get_process_mitigation_policy =
206 reinterpret_cast<GetProcessMitigationPolicyFunction>(
207 ::GetProcAddress(::GetModuleHandleW(L"kernel32.dll"),
208 "GetProcessMitigationPolicy"));
209 if (!get_process_mitigation_policy)
210 return SBOX_TEST_NOT_FOUND;
212 if (!CheckWin8Win32CallPolicy())
213 return SBOX_TEST_FIRST_ERROR;
214 return SBOX_TEST_SUCCEEDED;
217 // This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation on
218 // the target process causes the launch to fail in process initialization.
219 // The test process itself links against user32/gdi32.
220 TEST(ProcessMitigationsTest, CheckWin8Win32KLockDownFailure) {
221 if (base::win::GetVersion() < base::win::VERSION_WIN8)
222 return;
224 TestRunner runner;
225 sandbox::TargetPolicy* policy = runner.GetPolicy();
227 EXPECT_EQ(policy->SetProcessMitigations(MITIGATION_WIN32K_DISABLE),
228 SBOX_ALL_OK);
229 EXPECT_NE(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8Lockdown"));
232 // This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation
233 // along with the policy to fake user32 and gdi32 initialization successfully
234 // launches the target process.
235 // The test process itself links against user32/gdi32.
236 TEST(ProcessMitigationsTest, CheckWin8Win32KLockDownSuccess) {
237 if (base::win::GetVersion() < base::win::VERSION_WIN8)
238 return;
240 TestRunner runner;
241 sandbox::TargetPolicy* policy = runner.GetPolicy();
243 EXPECT_EQ(policy->SetProcessMitigations(MITIGATION_WIN32K_DISABLE),
244 SBOX_ALL_OK);
245 EXPECT_EQ(policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
246 sandbox::TargetPolicy::FAKE_USER_GDI_INIT, NULL),
247 sandbox::SBOX_ALL_OK);
248 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8Lockdown"));
251 } // namespace sandbox