1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include <windows.h> 6#include <atlsecurity.h> 7 8#include "base/win/windows_version.h" 9#include "testing/gtest/include/gtest/gtest.h" 10#include "sandbox/win/src/sandbox.h" 11#include "sandbox/win/src/sandbox_policy.h" 12#include "sandbox/win/src/sandbox_factory.h" 13#include "sandbox/win/tests/common/controller.h" 14 15namespace sandbox { 16 17 18SBOX_TESTS_COMMAND int CheckIntegrityLevel(int argc, wchar_t **argv) { 19 ATL::CAccessToken token; 20 if (!token.GetEffectiveToken(TOKEN_READ)) 21 return SBOX_TEST_FAILED; 22 23 char* buffer[100]; 24 DWORD buf_size = 100; 25 if (!::GetTokenInformation(token.GetHandle(), TokenIntegrityLevel, 26 reinterpret_cast<void*>(buffer), buf_size, 27 &buf_size)) 28 return SBOX_TEST_FAILED; 29 30 TOKEN_MANDATORY_LABEL* label = 31 reinterpret_cast<TOKEN_MANDATORY_LABEL*>(buffer); 32 33 PSID sid_low = NULL; 34 if (!::ConvertStringSidToSid(L"S-1-16-4096", &sid_low)) 35 return SBOX_TEST_FAILED; 36 37 BOOL is_low_sid = ::EqualSid(label->Label.Sid, sid_low); 38 39 ::LocalFree(sid_low); 40 41 if (is_low_sid) 42 return SBOX_TEST_SUCCEEDED; 43 44 return SBOX_TEST_DENIED; 45} 46 47TEST(IntegrityLevelTest, TestLowILReal) { 48 if (base::win::GetVersion() != base::win::VERSION_VISTA) 49 return; 50 51 TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE); 52 53 runner.SetTimeout(INFINITE); 54 55 runner.GetPolicy()->SetAlternateDesktop(true); 56 runner.GetPolicy()->SetIntegrityLevel(INTEGRITY_LEVEL_LOW); 57 58 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel")); 59 60 runner.SetTestState(BEFORE_REVERT); 61 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel")); 62} 63 64TEST(DelayedIntegrityLevelTest, TestLowILDelayed) { 65 if (base::win::GetVersion() != base::win::VERSION_VISTA) 66 return; 67 68 TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE); 69 70 runner.SetTimeout(INFINITE); 71 72 runner.GetPolicy()->SetDelayedIntegrityLevel(INTEGRITY_LEVEL_LOW); 73 74 EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckIntegrityLevel")); 75 76 runner.SetTestState(BEFORE_REVERT); 77 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"CheckIntegrityLevel")); 78} 79 80TEST(IntegrityLevelTest, TestNoILChange) { 81 if (base::win::GetVersion() != base::win::VERSION_VISTA) 82 return; 83 84 TestRunner runner(JOB_LOCKDOWN, USER_INTERACTIVE, USER_INTERACTIVE); 85 86 runner.SetTimeout(INFINITE); 87 88 EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(L"CheckIntegrityLevel")); 89} 90 91} // namespace sandbox 92