Home | History | Annotate | Download | only in security_tests 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include <windows.h>
      6 #include <string>
      7 
      8 #define TEST_INJECTION_DLL
      9 #include "chrome/test/security_tests/ipc_security_tests.h"
     10 #include "content/public/common/injection_test_win.h"
     11 #include "sandbox/win/tests/common/controller.h"
     12 #include "sandbox/win/tests/validation_tests/commands.h"
     13 
     14 using sandbox::TestOpenKey;
     15 using sandbox::TestOpenReadFile;
     16 using sandbox::TestOpenWriteFile;
     17 
     18 #define SECURITY_CHECK(x) (*test_count)++; \
     19                           if (sandbox::SBOX_TEST_DENIED != x) { \
     20                             return FALSE; \
     21                           };
     22 
     23 BOOL APIENTRY DllMain(HMODULE module, DWORD ul_reason_for_call,
     24                       LPVOID lpReserved) {
     25   return TRUE;
     26 }
     27 
     28 // Runs the security tests of sandbox for the renderer process.
     29 // If a test fails, the return value is FALSE and test_count contains the
     30 // number of tests executed, including the failing test.
     31 BOOL __declspec(dllexport) __cdecl RunRendererTests(int *test_count) {
     32   *test_count = 0;
     33   SECURITY_CHECK(TestOpenReadFile(L"%SystemDrive%"));
     34   SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%"));
     35   SECURITY_CHECK(TestOpenReadFile(L"%ProgramFiles%"));
     36   SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\System32"));
     37   SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\explorer.exe"));
     38   SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\Cursors\\arrow_i.cur"));
     39   SECURITY_CHECK(TestOpenReadFile(L"%AllUsersProfile%"));
     40   SECURITY_CHECK(TestOpenReadFile(L"%Temp%"));
     41   SECURITY_CHECK(TestOpenReadFile(L"%AppData%"));
     42   SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE, L""));
     43   SECURITY_CHECK(TestOpenKey(HKEY_CURRENT_USER, L""));
     44   SECURITY_CHECK(TestOpenKey(HKEY_USERS, L""));
     45   SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE,
     46                  L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon"));
     47   // Test below run on a separate thread because they cannot block the
     48   // renderer process. Therefore they do not return a meaningful value.
     49   PipeImpersonationAttack();
     50   return TRUE;
     51 }
     52 
     53 // Runs the security tests of sandbox for the plugin process.
     54 // If a test fails, the return value is FALSE and test_count contains the
     55 // number of tests executed, including the failing test.
     56 BOOL __declspec(dllexport) __cdecl RunPluginTests(int *test_count) {
     57   *test_count = 0;
     58   SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%"));
     59   SECURITY_CHECK(TestOpenWriteFile(L"%ProgramFiles%"));
     60   SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\System32"));
     61   SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\explorer.exe"));
     62   SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\Cursors\\arrow_i.cur"));
     63   return TRUE;
     64 }
     65