// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <windows.h>
#include <string>
#include "sandbox/win/src/process_mitigations.h"
#include "sandbox/win/src/process_mitigations_win32k_policy.h"
#include "sandbox/win/src/sandbox_policy.h"
#include "sandbox/win/tests/common/controller.h"
#include "sandbox/win/tests/integration_tests/integration_tests_common.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace sandbox {
//------------------------------------------------------------------------------
// Exported Win32k Lockdown Tests
//------------------------------------------------------------------------------
// This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation on
// the target process causes the launch to fail in process initialization.
// The test process itself links against user32/gdi32.
TEST(ProcessMitigationsWin32kTest, CheckWin8LockDownFailure) {
std::wstring test_policy_command = L"CheckPolicy ";
test_policy_command += std::to_wstring(TESTPOLICY_WIN32K);
TestRunner runner;
sandbox::TargetConfig* config = runner.GetPolicy()->GetConfig();
EXPECT_EQ(config->SetProcessMitigations(MITIGATION_WIN32K_DISABLE),
SBOX_ALL_OK);
EXPECT_NE(SBOX_TEST_SUCCEEDED, runner.RunTest(test_policy_command.c_str()));
}
// This test validates that setting the MITIGATION_WIN32K_DISABLE mitigation
// along with the policy to fake user32 and gdi32 initialization successfully
// launches the target process.
// The test process itself links against user32/gdi32.
TEST(ProcessMitigationsWin32kTest, CheckWin8LockDownSuccess) {
std::wstring test_policy_command = L"CheckPolicy ";
test_policy_command += std::to_wstring(TESTPOLICY_WIN32K);
TestRunner runner;
runner.SetTestState(sandbox::EVERY_STATE);
sandbox::TargetConfig* config = runner.GetPolicy()->GetConfig();
EXPECT_EQ(config->SetProcessMitigations(MITIGATION_WIN32K_DISABLE),
SBOX_ALL_OK);
EXPECT_EQ(config->SetFakeGdiInit(), sandbox::SBOX_ALL_OK);
EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(test_policy_command.c_str()));
}
// This test validates the MITIGATION_WIN32K_DISABLE works without the
// SetFakeGdiInit() interceptions that allow gdi32.dll and user32.dll to load.
TEST(ProcessMitigationsWin32kTest,
CheckWin32kLockDownSuccessWithoutFakeGdiInit) {
// Component build dlls statically link in gdi32 and user32 for convenience.
#if !defined(COMPONENT_BUILD)
std::wstring test_policy_command = L"CheckPolicy ";
test_policy_command += std::to_wstring(TESTPOLICY_WIN32K_NOFAKEGDI);
TestRunner runner;
runner.SetTestState(sandbox::EVERY_STATE);
sandbox::TargetConfig* config = runner.GetPolicy()->GetConfig();
EXPECT_EQ(config->SetProcessMitigations(MITIGATION_WIN32K_DISABLE),
SBOX_ALL_OK);
EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(test_policy_command.c_str()));
#endif
}
} // namespace sandbox
Codebase Browser
chromium