File: sandbox_policy_feature_test.cc

package info (click to toggle)

chromium 139.0.7258.127-1

links: PTS, VCS
area: main
in suites:
size: 6,122,068 kB
sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36

file content (91 lines) | stat: -rw-r--r-- 3,291 bytes

parent folder | download | duplicates (9)

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "sandbox/policy/win/sandbox_policy_feature_test.h"

#include "sandbox/policy/features.h"

namespace sandbox {
namespace policy {

SandboxFeatureTest::SandboxFeatureTest() {
  std::vector<base::test::FeatureRef> enabled_features;
  std::vector<base::test::FeatureRef> disabled_features;

  if (::testing::get<TestParameter::kEnableRendererAppContainer>(GetParam()))
    enabled_features.push_back(features::kRendererAppContainer);
  else
    disabled_features.push_back(features::kRendererAppContainer);

  feature_list_.InitWithFeatures(enabled_features, disabled_features);
}

IntegrityLevel SandboxFeatureTest::GetExpectedIntegrityLevel() {
  return IntegrityLevel::INTEGRITY_LEVEL_LOW;
}

TokenLevel SandboxFeatureTest::GetExpectedLockdownTokenLevel() {
  return TokenLevel::USER_LOCKDOWN;
}

TokenLevel SandboxFeatureTest::GetExpectedInitialTokenLevel() {
  return TokenLevel::USER_RESTRICTED_SAME_ACCESS;
}

MitigationFlags SandboxFeatureTest::GetExpectedMitigationFlags() {
  // Mitigation flags are set on the policy regardless of the OS version
  ::sandbox::MitigationFlags flags =
      ::sandbox::MITIGATION_BOTTOM_UP_ASLR | ::sandbox::MITIGATION_DEP |
      ::sandbox::MITIGATION_DEP_NO_ATL_THUNK |
      ::sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
      ::sandbox::MITIGATION_FSCTL_DISABLED |
      ::sandbox::MITIGATION_HEAP_TERMINATE |
      ::sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL |
      ::sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
      ::sandbox::MITIGATION_KTM_COMPONENT |
      ::sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE |
      ::sandbox::MITIGATION_RESTRICT_INDIRECT_BRANCH_PREDICTION |
      ::sandbox::MITIGATION_SEHOP | ::sandbox::MITIGATION_WIN32K_DISABLE;

  return flags;
}

MitigationFlags SandboxFeatureTest::GetExpectedDelayedMitigationFlags() {
  return ::sandbox::MITIGATION_DLL_SEARCH_ORDER |
         ::sandbox::MITIGATION_FORCE_MS_SIGNED_BINS;
}

AppContainerType SandboxFeatureTest::GetExpectedAppContainerType() {
  return AppContainerType::kNone;
}

std::vector<base::win::Sid> SandboxFeatureTest::GetExpectedCapabilities() {
  return {};
}

void SandboxFeatureTest::ValidateSecurityLevels(TargetConfig* config) {
  EXPECT_EQ(config->GetIntegrityLevel(), GetExpectedIntegrityLevel());
  EXPECT_EQ(config->GetLockdownTokenLevel(), GetExpectedLockdownTokenLevel());
  EXPECT_EQ(config->GetInitialTokenLevel(), GetExpectedInitialTokenLevel());
}

void SandboxFeatureTest::ValidatePolicyFlagSettings(TargetConfig* config) {
  EXPECT_EQ(config->GetProcessMitigations(), GetExpectedMitigationFlags());
  EXPECT_EQ(config->GetDelayedProcessMitigations(),
            GetExpectedDelayedMitigationFlags());
}

void SandboxFeatureTest::ValidateAppContainerSettings(TargetConfig* config) {
  if (GetExpectedAppContainerType() == ::sandbox::AppContainerType::kLowbox) {
    EXPECT_EQ(GetExpectedAppContainerType(),
              config->GetAppContainer()->GetAppContainerType());

    EXPECT_EQ(config->GetAppContainer()->GetCapabilities(),
              GetExpectedCapabilities());
  } else {
    EXPECT_EQ(config->GetAppContainer(), nullptr);
  }
}
}  // namespace policy
}  // namespace sandbox