1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // This file contains unit tests for the job object.
6
7 #include "sandbox/win/src/job.h"
8
9 #include "base/win/scoped_process_information.h"
10 #include "testing/gtest/include/gtest/gtest.h"
11
12 namespace sandbox {
13
14 // Tests the creation and destruction of the job.
TEST(JobTest,TestCreation)15 TEST(JobTest, TestCreation) {
16 // Scope the creation of Job.
17 {
18 // Create the job.
19 Job job;
20 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
21 job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0, 0));
22
23 // check if the job exists.
24 HANDLE job_handle =
25 ::OpenJobObjectW(GENERIC_ALL, false, L"my_test_job_name");
26 ASSERT_TRUE(job_handle);
27
28 if (job_handle)
29 CloseHandle(job_handle);
30 }
31
32 // Check if the job is destroyed when the object goes out of scope.
33 HANDLE job_handle = ::OpenJobObjectW(GENERIC_ALL, false, L"my_test_job_name");
34 ASSERT_TRUE(!job_handle);
35 ASSERT_EQ(static_cast<DWORD>(ERROR_FILE_NOT_FOUND), ::GetLastError());
36 }
37
38 // Tests the method "Take".
TEST(JobTest,Take)39 TEST(JobTest, Take) {
40 base::win::ScopedHandle job_handle;
41 // Scope the creation of Job.
42 {
43 // Create the job.
44 Job job;
45 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
46 job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0, 0));
47
48 job_handle = job.Take();
49 ASSERT_TRUE(job_handle.IsValid());
50 }
51
52 // Check to be sure that the job is still alive even after the object is gone
53 // out of scope.
54 HANDLE job_handle_dup =
55 ::OpenJobObjectW(GENERIC_ALL, false, L"my_test_job_name");
56 ASSERT_TRUE(job_handle_dup);
57
58 // Remove all references.
59 if (job_handle_dup)
60 ::CloseHandle(job_handle_dup);
61
62 job_handle.Close();
63
64 // Check if the jbo is really dead.
65 job_handle_dup = ::OpenJobObjectW(GENERIC_ALL, false, L"my_test_job_name");
66 ASSERT_TRUE(!job_handle_dup);
67 ASSERT_EQ(static_cast<DWORD>(ERROR_FILE_NOT_FOUND), ::GetLastError());
68 }
69
70 // Tests the ui exceptions
TEST(JobTest,TestExceptions)71 TEST(JobTest, TestExceptions) {
72 base::win::ScopedHandle job_handle;
73 // Scope the creation of Job.
74 {
75 // Create the job.
76 Job job;
77 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
78 job.Init(JOB_LOCKDOWN, L"my_test_job_name",
79 JOB_OBJECT_UILIMIT_READCLIPBOARD, 0));
80
81 job_handle = job.Take();
82 ASSERT_TRUE(job_handle.IsValid());
83
84 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0};
85 DWORD size = sizeof(jbur);
86 ASSERT_TRUE(::QueryInformationJobObject(
87 job_handle.Get(), JobObjectBasicUIRestrictions, &jbur, size, &size));
88
89 ASSERT_EQ(0u, jbur.UIRestrictionsClass & JOB_OBJECT_UILIMIT_READCLIPBOARD);
90 job_handle.Close();
91 }
92
93 // Scope the creation of Job.
94 {
95 // Create the job.
96 Job job;
97 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
98 job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0, 0));
99
100 job_handle = job.Take();
101 ASSERT_TRUE(job_handle.IsValid());
102
103 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0};
104 DWORD size = sizeof(jbur);
105 ASSERT_TRUE(::QueryInformationJobObject(
106 job_handle.Get(), JobObjectBasicUIRestrictions, &jbur, size, &size));
107
108 ASSERT_EQ(static_cast<DWORD>(JOB_OBJECT_UILIMIT_READCLIPBOARD),
109 jbur.UIRestrictionsClass & JOB_OBJECT_UILIMIT_READCLIPBOARD);
110 }
111 }
112
113 // Tests the error case when the job is initialized twice.
TEST(JobTest,DoubleInit)114 TEST(JobTest, DoubleInit) {
115 // Create the job.
116 Job job;
117 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
118 job.Init(JOB_LOCKDOWN, L"my_test_job_name", 0, 0));
119 ASSERT_EQ(static_cast<DWORD>(ERROR_ALREADY_INITIALIZED),
120 job.Init(JOB_LOCKDOWN, L"test", 0, 0));
121 }
122
123 // Tests the error case when we use a method and the object is not yet
124 // initialized.
TEST(JobTest,NoInit)125 TEST(JobTest, NoInit) {
126 Job job;
127 ASSERT_EQ(static_cast<DWORD>(ERROR_NO_DATA),
128 job.UserHandleGrantAccess(nullptr));
129 ASSERT_EQ(static_cast<DWORD>(ERROR_NO_DATA), job.AssignProcessToJob(nullptr));
130 ASSERT_FALSE(job.Take().IsValid());
131 }
132
133 // Tests the initialization of the job with different security level.
TEST(JobTest,SecurityLevel)134 TEST(JobTest, SecurityLevel) {
135 Job job1;
136 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
137 job1.Init(JOB_LOCKDOWN, L"job1", 0, 0));
138
139 Job job2;
140 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
141 job2.Init(JOB_RESTRICTED, L"job2", 0, 0));
142
143 Job job3;
144 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
145 job3.Init(JOB_LIMITED_USER, L"job3", 0, 0));
146
147 Job job4;
148 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
149 job4.Init(JOB_INTERACTIVE, L"job4", 0, 0));
150
151 Job job5;
152 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
153 job5.Init(JOB_UNPROTECTED, L"job5", 0, 0));
154
155 // JOB_NONE means we run without a job object so Init should fail.
156 Job job6;
157 ASSERT_EQ(static_cast<DWORD>(ERROR_BAD_ARGUMENTS),
158 job6.Init(JOB_NONE, L"job6", 0, 0));
159
160 Job job7;
161 ASSERT_EQ(static_cast<DWORD>(ERROR_BAD_ARGUMENTS),
162 job7.Init(static_cast<JobLevel>(JOB_NONE + 1), L"job7", 0, 0));
163 }
164
165 // Tests the method "AssignProcessToJob".
TEST(JobTest,ProcessInJob)166 TEST(JobTest, ProcessInJob) {
167 // Create the job.
168 Job job;
169 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
170 job.Init(JOB_UNPROTECTED, L"job_test_process", 0, 0));
171
172 wchar_t notepad[] = L"notepad";
173 STARTUPINFO si = {sizeof(si)};
174 PROCESS_INFORMATION temp_process_info = {};
175 ASSERT_TRUE(::CreateProcess(nullptr, notepad, nullptr, nullptr, false, 0,
176 nullptr, nullptr, &si, &temp_process_info));
177 base::win::ScopedProcessInformation pi(temp_process_info);
178 ASSERT_EQ(static_cast<DWORD>(ERROR_SUCCESS),
179 job.AssignProcessToJob(pi.process_handle()));
180
181 // Get the job handle.
182 base::win::ScopedHandle job_handle = job.Take();
183
184 // Check if the process is in the job.
185 JOBOBJECT_BASIC_PROCESS_ID_LIST jbpidl = {0};
186 DWORD size = sizeof(jbpidl);
187 EXPECT_TRUE(::QueryInformationJobObject(
188 job_handle.Get(), JobObjectBasicProcessIdList, &jbpidl, size, &size));
189
190 EXPECT_EQ(1u, jbpidl.NumberOfAssignedProcesses);
191 EXPECT_EQ(1u, jbpidl.NumberOfProcessIdsInList);
192 EXPECT_EQ(pi.process_id(), jbpidl.ProcessIdList[0]);
193
194 EXPECT_TRUE(::TerminateProcess(pi.process_handle(), 0));
195 }
196
197 } // namespace sandbox
198