1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include <windows.h> 6#include <string> 7 8#define TEST_INJECTION_DLL 9#include "chrome/test/security_tests/ipc_security_tests.h" 10#include "content/public/common/injection_test_win.h" 11#include "sandbox/win/tests/common/controller.h" 12#include "sandbox/win/tests/validation_tests/commands.h" 13 14using sandbox::TestOpenKey; 15using sandbox::TestOpenReadFile; 16using sandbox::TestOpenWriteFile; 17 18#define SECURITY_CHECK(x) (*test_count)++; \ 19 if (sandbox::SBOX_TEST_DENIED != x) { \ 20 return FALSE; \ 21 }; 22 23BOOL APIENTRY DllMain(HMODULE module, DWORD ul_reason_for_call, 24 LPVOID lpReserved) { 25 return TRUE; 26} 27 28// Runs the security tests of sandbox for the renderer process. 29// If a test fails, the return value is FALSE and test_count contains the 30// number of tests executed, including the failing test. 31BOOL __declspec(dllexport) __cdecl RunRendererTests(int *test_count) { 32 *test_count = 0; 33 SECURITY_CHECK(TestOpenReadFile(L"%SystemDrive%")); 34 SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%")); 35 SECURITY_CHECK(TestOpenReadFile(L"%ProgramFiles%")); 36 SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\System32")); 37 SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\explorer.exe")); 38 SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\Cursors\\arrow_i.cur")); 39 SECURITY_CHECK(TestOpenReadFile(L"%AllUsersProfile%")); 40 SECURITY_CHECK(TestOpenReadFile(L"%Temp%")); 41 SECURITY_CHECK(TestOpenReadFile(L"%AppData%")); 42 SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE, L"")); 43 SECURITY_CHECK(TestOpenKey(HKEY_CURRENT_USER, L"")); 44 SECURITY_CHECK(TestOpenKey(HKEY_USERS, L"")); 45 SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE, 46 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon")); 47 // Test below run on a separate thread because they cannot block the 48 // renderer process. Therefore they do not return a meaningful value. 49 PipeImpersonationAttack(); 50 return TRUE; 51} 52 53// Runs the security tests of sandbox for the plugin process. 54// If a test fails, the return value is FALSE and test_count contains the 55// number of tests executed, including the failing test. 56BOOL __declspec(dllexport) __cdecl RunPluginTests(int *test_count) { 57 *test_count = 0; 58 SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%")); 59 SECURITY_CHECK(TestOpenWriteFile(L"%ProgramFiles%")); 60 SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\System32")); 61 SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\explorer.exe")); 62 SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\Cursors\\arrow_i.cur")); 63 return TRUE; 64} 65