diff options
Diffstat (limited to 'sandbox/win/src/policy_engine_unittest.cc')
-rw-r--r-- | sandbox/win/src/policy_engine_unittest.cc | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/sandbox/win/src/policy_engine_unittest.cc b/sandbox/win/src/policy_engine_unittest.cc deleted file mode 100644 index 325a101dac..0000000000 --- a/sandbox/win/src/policy_engine_unittest.cc +++ /dev/null @@ -1,102 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "sandbox/win/src/policy_engine_params.h" -#include "sandbox/win/src/policy_engine_processor.h" -#include "testing/gtest/include/gtest/gtest.h" - -#define POLPARAMS_BEGIN(x) sandbox::ParameterSet x[] = { -#define POLPARAM(p) sandbox::ParamPickerMake(p), -#define POLPARAMS_END } - -namespace sandbox { - -bool SetupNtdllImports(); - -TEST(PolicyEngineTest, Rules1) { - SetupNtdllImports(); - - // Construct two policy rules that say: - // - // #1 - // If the path is c:\\documents and settings\\* AND - // If the creation mode is 'open existing' AND - // If the security descriptor is null THEN - // Ask the broker. - // - // #2 - // If the security descriptor is null AND - // If the path ends with *.txt AND - // If the creation mode is not 'create new' THEN - // return Access Denied. - - enum FileCreateArgs { - FileNameArg, - CreationDispositionArg, - FlagsAndAttributesArg, - SecurityAttributes - }; - - const size_t policy_sz = 1024; - PolicyBuffer* policy = reinterpret_cast<PolicyBuffer*>(new char[policy_sz]); - OpcodeFactory opcode_maker(policy, policy_sz - 0x40); - - // Add rule set #1 - opcode_maker.MakeOpWStringMatch(FileNameArg, - L"c:\\documents and settings\\", - 0, CASE_INSENSITIVE, kPolNone); - opcode_maker.MakeOpNumberMatch(CreationDispositionArg, OPEN_EXISTING, - kPolNone); - opcode_maker.MakeOpVoidPtrMatch(SecurityAttributes, (void*)NULL, - kPolNone); - opcode_maker.MakeOpAction(ASK_BROKER, kPolNone); - - // Add rule set #2 - opcode_maker.MakeOpWStringMatch(FileNameArg, L".TXT", - kSeekToEnd, CASE_INSENSITIVE, kPolNone); - opcode_maker.MakeOpNumberMatch(CreationDispositionArg, CREATE_NEW, - kPolNegateEval); - opcode_maker.MakeOpAction(FAKE_ACCESS_DENIED, kPolNone); - policy->opcode_count = 7; - - const wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt"; - uint32 creation_mode = OPEN_EXISTING; - uint32 flags = FILE_ATTRIBUTE_NORMAL; - void* security_descriptor = NULL; - - POLPARAMS_BEGIN(eval_params) - POLPARAM(filename) - POLPARAM(creation_mode) - POLPARAM(flags) - POLPARAM(security_descriptor) - POLPARAMS_END; - - PolicyResult pr; - PolicyProcessor pol_ev(policy); - - // Test should match the first rule set. - pr = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); - EXPECT_EQ(POLICY_MATCH, pr); - EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); - - // Test should still match the first rule set. - pr = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); - EXPECT_EQ(POLICY_MATCH, pr); - EXPECT_EQ(ASK_BROKER, pol_ev.GetAction()); - - // Changing creation_mode such that evaluation should not match any rule. - creation_mode = CREATE_NEW; - pr = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); - EXPECT_EQ(NO_POLICY_MATCH, pr); - - // Changing creation_mode such that evaluation should match rule #2. - creation_mode = OPEN_ALWAYS; - pr = pol_ev.Evaluate(kShortEval, eval_params, _countof(eval_params)); - EXPECT_EQ(POLICY_MATCH, pr); - EXPECT_EQ(FAKE_ACCESS_DENIED, pol_ev.GetAction()); - - delete [] reinterpret_cast<char*>(policy); -} - -} // namespace sandbox |