15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This file contains the validation tests for the sandbox. 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// It includes the tests that need to be performed inside the 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// sandbox. 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <shlwapi.h> 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/win/windows_version.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/tests/common/controller.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#pragma comment(lib, "shlwapi.lib") 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void TestProcessAccess(sandbox::TestRunner* runner, DWORD target) { 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const wchar_t *kCommandTemplate = L"OpenProcessCmd %d %d"; 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wchar_t command[1024] = {0}; 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Test all the scary process permissions. 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, PROCESS_CREATE_THREAD); 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, PROCESS_DUP_HANDLE); 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, PROCESS_SET_INFORMATION); 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, PROCESS_VM_OPERATION); 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, PROCESS_VM_READ); 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, PROCESS_VM_WRITE); 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, PROCESS_QUERY_INFORMATION); 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, WRITE_DAC); 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, WRITE_OWNER); 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, kCommandTemplate, target, READ_CONTROL); 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(sandbox::SBOX_TEST_DENIED, runner->RunTest(command)); 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sandbox { 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Returns true if the volume that contains any_path supports ACL security. The 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// input path can contain unexpanded environment strings. Returns false on any 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// failure or if the file system does not support file security (such as FAT). 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool VolumeSupportsACLs(const wchar_t* any_path) { 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wchar_t expand[MAX_PATH +1]; 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD len =::ExpandEnvironmentStringsW(any_path, expand, _countof(expand)); 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (0 == len) return false; 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (len > _countof(expand)) return false; 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!::PathStripToRootW(expand)) return false; 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD fs_flags = 0; 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!::GetVolumeInformationW(expand, NULL, 0, 0, NULL, &fs_flags, NULL, 0)) 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (fs_flags & FILE_PERSISTENT_ACLS) return true; 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests if the suite is working properly. 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestSuite) { 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_EQ(SBOX_TEST_PING_OK, runner.RunTest(L"ping")); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests if the file system is correctly protected by the sandbox. 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestFileSystem) { 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Do not perform the test if the system is using FAT or any other 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // file system that does not have file security. 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(VolumeSupportsACLs(L"%SystemDrive%\\")); 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(VolumeSupportsACLs(L"%SystemRoot%\\")); 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(VolumeSupportsACLs(L"%ProgramFiles%\\")); 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(VolumeSupportsACLs(L"%Temp%\\")); 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ASSERT_TRUE(VolumeSupportsACLs(L"%AppData%\\")); 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %SystemDrive%")); 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %SystemRoot%")); 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %ProgramFiles%")); 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.RunTest(L"OpenFile %SystemRoot%\\System32")); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.RunTest(L"OpenFile %SystemRoot%\\explorer.exe")); 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.RunTest(L"OpenFile %SystemRoot%\\Cursors\\arrow_i.cur")); 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.RunTest(L"OpenFile %AllUsersProfile%")); 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %Temp%")); 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenFile %AppData%")); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests if the registry is correctly protected by the sandbox. 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestRegistry) { 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenKey HKLM")); 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenKey HKCU")); 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenKey HKU")); 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.RunTest( 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) L"OpenKey HKLM " 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) L"\"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon\"")); 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests that the permissions on the Windowstation does not allow the sandbox 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// to get to the interactive desktop or to make the sbox desktop interactive. 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestDesktop) { 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.GetPolicy()->SetAlternateDesktop(false); 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"OpenInteractiveDesktop NULL")); 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"SwitchToSboxDesktop NULL")); 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests if the windows are correctly protected by the sandbox. 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestWindows) { 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wchar_t command[1024] = {0}; 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, L"ValidWindow %d", ::GetDesktopWindow()); 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, L"ValidWindow %d", ::FindWindow(NULL, NULL)); 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests that a locked-down process cannot open another locked-down process. 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestProcessDenyLockdown) { 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner target; 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wchar_t command[1024] = {0}; 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) target.SetAsynchronous(true); 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000")); 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestProcessAccess(&runner, target.process_id()); 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests that a low-integrity process cannot open a locked-down process (due 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// to the integrity label changing after startup via SetDelayedIntegrityLevel). 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestProcessDenyLowIntegrity) { 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This test applies only to Vista and above. 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (base::win::Version() < base::win::VERSION_VISTA) 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner target; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wchar_t command[1024] = {0}; 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) target.SetAsynchronous(true); 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) target.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW); 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) USER_INTERACTIVE); 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000")); 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestProcessAccess(&runner, target.process_id()); 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests that a locked-down process cannot open a low-integrity process. 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestProcessDenyBelowLowIntegrity) { 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This test applies only to Vista and above. 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (base::win::Version() < base::win::VERSION_VISTA) 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner target; 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wchar_t command[1024] = {0}; 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) target.SetAsynchronous(true); 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) target.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) target.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) USER_INTERACTIVE); 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_UNTRUSTED); 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) runner.GetPolicy()->SetTokenLevel(USER_RESTRICTED_SAME_ACCESS, 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) USER_INTERACTIVE); 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"SleepCmd 30000")); 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestProcessAccess(&runner, target.process_id()); 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tests if the threads are correctly protected by the sandbox. 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST(ValidationSuite, TestThread) { 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TestRunner runner; 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wchar_t command[1024] = {0}; 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) wsprintf(command, L"OpenThreadCmd %d", ::GetCurrentThreadId()); 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace sandbox 201