// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file contains unit tests for the job object.
#include "sandbox/win/src/job.h"
#include "base/win/scoped_process_information.h"
#include "sandbox/win/src/security_level.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace sandbox {
// Tests the creation and destruction of the job.
TEST(JobTest, TestCreation) {
// Create the job.
Job job;
ASSERT_FALSE(job.IsValid());
ASSERT_EQ(nullptr, job.GetHandle());
ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
job.Init(JobLevel::kLockdown, 0, 0));
EXPECT_TRUE(job.IsValid());
EXPECT_NE(nullptr, job.GetHandle());
}
// Tests the ui exceptions
TEST(JobTest, TestExceptions) {
HANDLE job_handle;
// Scope the creation of Job.
{
// Create the job.
Job job;
ASSERT_EQ(
static_cast<DWORD>(ERROR_SUCCESS),
job.Init(JobLevel::kLockdown, JOB_OBJECT_UILIMIT_READCLIPBOARD, 0));
job_handle = job.GetHandle();
ASSERT_NE(nullptr, job_handle);
JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0};
DWORD size = sizeof(jbur);
ASSERT_TRUE(::QueryInformationJobObject(
job_handle, JobObjectBasicUIRestrictions, &jbur, size, &size));
ASSERT_EQ(0u, jbur.UIRestrictionsClass & JOB_OBJECT_UILIMIT_READCLIPBOARD);
}
// Scope the creation of Job.
{
// Create the job.
Job job;
ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
job.Init(JobLevel::kLockdown, 0, 0));
job_handle = job.GetHandle();
ASSERT_NE(nullptr, job_handle);
JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0};
DWORD size = sizeof(jbur);
ASSERT_TRUE(::QueryInformationJobObject(
job_handle, JobObjectBasicUIRestrictions, &jbur, size, &size));
ASSERT_EQ(static_cast<DWORD>(JOB_OBJECT_UILIMIT_READCLIPBOARD),
jbur.UIRestrictionsClass & JOB_OBJECT_UILIMIT_READCLIPBOARD);
}
}
// Tests the error case when the job is initialized twice.
TEST(JobTest, DoubleInit) {
// Create the job.
Job job;
ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
job.Init(JobLevel::kLockdown, 0, 0));
ASSERT_EQ(static_cast<DWORD>(ERROR_ALREADY_INITIALIZED),
job.Init(JobLevel::kLockdown, 0, 0));
}
// Tests the initialization of the job with different security levels.
TEST(JobTest, SecurityLevel) {
Job job_lockdown;
ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
job_lockdown.Init(JobLevel::kLockdown, 0, 0));
Job job_limited_user;
ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
job_limited_user.Init(JobLevel::kLimitedUser, 0, 0));
Job job_interactive;
ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
job_interactive.Init(JobLevel::kInteractive, 0, 0));
Job job_unprotected;
ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
job_unprotected.Init(JobLevel::kUnprotected, 0, 0));
}
} // namespace sandbox
Codebase Browser
chromium