chrome/test/security_tests/security_tests.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <windows.h>
   6 #include <string>
   7
   8 #define TEST_INJECTION_DLL
   9 #include "chrome/test/security_tests/ipc_security_tests.h"
  10 #include "content/public/common/injection_test_win.h"
  11 #include "sandbox/win/tests/common/controller.h"
  12 #include "sandbox/win/tests/validation_tests/commands.h"
  13
  14 using sandbox::TestOpenKey;
  15 using sandbox::TestOpenReadFile;
  16 using sandbox::TestOpenWriteFile;
  17
  18 #define SECURITY_CHECK(x) (*test_count)++; \
  19                           if (sandbox::SBOX_TEST_DENIED != x) { \
  20                             return FALSE; \
  21                           };
  22
  23 BOOL APIENTRY DllMain(HMODULE module, DWORD ul_reason_for_call,
  24                       LPVOID lpReserved) {
  25   return TRUE;
  26 }
  27
  28 // Runs the security tests of sandbox for the renderer process.
  29 // If a test fails, the return value is FALSE and test_count contains the
  30 // number of tests executed, including the failing test.
  31 BOOL __declspec(dllexport) __cdecl RunRendererTests(int *test_count) {
  32   *test_count = 0;
  33   SECURITY_CHECK(TestOpenReadFile(L"%SystemDrive%"));
  34   SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%"));
  35   SECURITY_CHECK(TestOpenReadFile(L"%ProgramFiles%"));
  36   SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\System32"));
  37   SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\explorer.exe"));
  38   SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\Cursors\\arrow_i.cur"));
  39   SECURITY_CHECK(TestOpenReadFile(L"%AllUsersProfile%"));
  40   SECURITY_CHECK(TestOpenReadFile(L"%Temp%"));
  41   SECURITY_CHECK(TestOpenReadFile(L"%AppData%"));
  42   SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE, L""));
  43   SECURITY_CHECK(TestOpenKey(HKEY_CURRENT_USER, L""));
  44   SECURITY_CHECK(TestOpenKey(HKEY_USERS, L""));
  45   SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE,
  46                  L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon"));
  47   // Test below run on a separate thread because they cannot block the
  48   // renderer process. Therefore they do not return a meaningful value.
  49   PipeImpersonationAttack();
  50   return TRUE;
  51 }
  52
  53 // Runs the security tests of sandbox for the plugin process.
  54 // If a test fails, the return value is FALSE and test_count contains the
  55 // number of tests executed, including the failing test.
  56 BOOL __declspec(dllexport) __cdecl RunPluginTests(int *test_count) {
  57   *test_count = 0;
  58   SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%"));
  59   SECURITY_CHECK(TestOpenWriteFile(L"%ProgramFiles%"));
  60   SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\System32"));
  61   SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\explorer.exe"));
  62   SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\Cursors\\arrow_i.cur"));
  63   return TRUE;
  64 }