1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <windows.h>
6#include <string>
7
8#define TEST_INJECTION_DLL
9#include "chrome/test/security_tests/ipc_security_tests.h"
10#include "content/public/common/injection_test_win.h"
11#include "sandbox/win/tests/common/controller.h"
12#include "sandbox/win/tests/validation_tests/commands.h"
13
14using sandbox::TestOpenKey;
15using sandbox::TestOpenReadFile;
16using sandbox::TestOpenWriteFile;
17
18#define SECURITY_CHECK(x) (*test_count)++; \
19                          if (sandbox::SBOX_TEST_DENIED != x) { \
20                            return FALSE; \
21                          };
22
23BOOL APIENTRY DllMain(HMODULE module, DWORD ul_reason_for_call,
24                      LPVOID lpReserved) {
25  return TRUE;
26}
27
28// Runs the security tests of sandbox for the renderer process.
29// If a test fails, the return value is FALSE and test_count contains the
30// number of tests executed, including the failing test.
31BOOL __declspec(dllexport) __cdecl RunRendererTests(int *test_count) {
32  *test_count = 0;
33  SECURITY_CHECK(TestOpenReadFile(L"%SystemDrive%"));
34  SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%"));
35  SECURITY_CHECK(TestOpenReadFile(L"%ProgramFiles%"));
36  SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\System32"));
37  SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\explorer.exe"));
38  SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\Cursors\\arrow_i.cur"));
39  SECURITY_CHECK(TestOpenReadFile(L"%AllUsersProfile%"));
40  SECURITY_CHECK(TestOpenReadFile(L"%Temp%"));
41  SECURITY_CHECK(TestOpenReadFile(L"%AppData%"));
42  SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE, L""));
43  SECURITY_CHECK(TestOpenKey(HKEY_CURRENT_USER, L""));
44  SECURITY_CHECK(TestOpenKey(HKEY_USERS, L""));
45  SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE,
46                 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon"));
47  // Test below run on a separate thread because they cannot block the
48  // renderer process. Therefore they do not return a meaningful value.
49  PipeImpersonationAttack();
50  return TRUE;
51}
52
53// Runs the security tests of sandbox for the plugin process.
54// If a test fails, the return value is FALSE and test_count contains the
55// number of tests executed, including the failing test.
56BOOL __declspec(dllexport) __cdecl RunPluginTests(int *test_count) {
57  *test_count = 0;
58  SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%"));
59  SECURITY_CHECK(TestOpenWriteFile(L"%ProgramFiles%"));
60  SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\System32"));
61  SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\explorer.exe"));
62  SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\Cursors\\arrow_i.cur"));
63  return TRUE;
64}
65