1*6777b538SAndroid Build Coastguard Worker // Copyright 2021 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker
5*6777b538SAndroid Build Coastguard Worker #include "base/win/security_util.h"
6*6777b538SAndroid Build Coastguard Worker
7*6777b538SAndroid Build Coastguard Worker // clang-format off
8*6777b538SAndroid Build Coastguard Worker #include <windows.h> // Must be in front of other Windows header files.
9*6777b538SAndroid Build Coastguard Worker // clang-format on
10*6777b538SAndroid Build Coastguard Worker
11*6777b538SAndroid Build Coastguard Worker #include <aclapi.h>
12*6777b538SAndroid Build Coastguard Worker #include <sddl.h>
13*6777b538SAndroid Build Coastguard Worker
14*6777b538SAndroid Build Coastguard Worker #include <utility>
15*6777b538SAndroid Build Coastguard Worker
16*6777b538SAndroid Build Coastguard Worker #include "base/files/file_util.h"
17*6777b538SAndroid Build Coastguard Worker #include "base/files/scoped_temp_dir.h"
18*6777b538SAndroid Build Coastguard Worker #include "base/strings/string_number_conversions_win.h"
19*6777b538SAndroid Build Coastguard Worker #include "base/win/scoped_handle.h"
20*6777b538SAndroid Build Coastguard Worker #include "base/win/scoped_localalloc.h"
21*6777b538SAndroid Build Coastguard Worker #include "base/win/sid.h"
22*6777b538SAndroid Build Coastguard Worker #include "testing/gtest/include/gtest/gtest.h"
23*6777b538SAndroid Build Coastguard Worker
24*6777b538SAndroid Build Coastguard Worker namespace base {
25*6777b538SAndroid Build Coastguard Worker namespace win {
26*6777b538SAndroid Build Coastguard Worker
27*6777b538SAndroid Build Coastguard Worker namespace {
28*6777b538SAndroid Build Coastguard Worker
29*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kBaseDacl[] = L"D:P(A;;FA;;;WD)";
30*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest1Dacl[] = L"D:PAI(A;;FR;;;AU)(A;;FA;;;WD)";
31*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest2Dacl[] = L"D:PAI(A;;FA;;;BA)(A;;FA;;;AU)(A;;FA;;;WD)";
32*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest1DenyDacl[] = L"D:PAI(D;;FR;;;LG)(A;;FA;;;WD)";
33*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest1DaclNoInherit[] = L"D:P(A;;FR;;;AU)(A;;FA;;;WD)";
34*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest2DaclNoInherit[] =
35*6777b538SAndroid Build Coastguard Worker L"D:P(A;;FA;;;BA)(A;;FA;;;AU)(A;;FA;;;WD)";
36*6777b538SAndroid Build Coastguard Worker
37*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kBaseDirDacl[] = L"D:P(A;OICI;FA;;;WD)";
38*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest1InheritedDacl[] = L"D:(A;ID;FA;;;WD)";
39*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kBaseDir2Dacl[] = L"D:PAI(A;OICI;FR;;;AU)(A;OICI;FA;;;WD)";
40*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest2InheritedDacl[] = L"D:AI(A;ID;FR;;;AU)(A;ID;FA;;;WD)";
41*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kBaseDir2DaclNoInherit[] =
42*6777b538SAndroid Build Coastguard Worker L"D:P(A;OICI;FR;;;AU)(A;OICI;FA;;;WD)";
43*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest2InheritedDaclNoInherit[] = L"D:P(A;;FA;;;WD)";
44*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kTest3InheritedDacl[] = L"D:(A;ID;FR;;;AU)(A;ID;FA;;;WD)";
45*6777b538SAndroid Build Coastguard Worker
46*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kNoWriteDacDacl[] = L"D:(D;;WD;;;OW)(A;;FRSD;;;WD)";
47*6777b538SAndroid Build Coastguard Worker
48*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kAuthenticatedUsersSid[] = L"AU";
49*6777b538SAndroid Build Coastguard Worker constexpr wchar_t kLocalGuestSid[] = L"LG";
50*6777b538SAndroid Build Coastguard Worker
GetFileDacl(const FilePath & path)51*6777b538SAndroid Build Coastguard Worker std::wstring GetFileDacl(const FilePath& path) {
52*6777b538SAndroid Build Coastguard Worker PSECURITY_DESCRIPTOR sd;
53*6777b538SAndroid Build Coastguard Worker if (::GetNamedSecurityInfo(path.value().c_str(), SE_FILE_OBJECT,
54*6777b538SAndroid Build Coastguard Worker DACL_SECURITY_INFORMATION, nullptr, nullptr,
55*6777b538SAndroid Build Coastguard Worker nullptr, nullptr, &sd) != ERROR_SUCCESS) {
56*6777b538SAndroid Build Coastguard Worker return std::wstring();
57*6777b538SAndroid Build Coastguard Worker }
58*6777b538SAndroid Build Coastguard Worker auto sd_ptr = TakeLocalAlloc(sd);
59*6777b538SAndroid Build Coastguard Worker LPWSTR sddl;
60*6777b538SAndroid Build Coastguard Worker if (!::ConvertSecurityDescriptorToStringSecurityDescriptor(
61*6777b538SAndroid Build Coastguard Worker sd_ptr.get(), SDDL_REVISION_1, DACL_SECURITY_INFORMATION, &sddl,
62*6777b538SAndroid Build Coastguard Worker nullptr)) {
63*6777b538SAndroid Build Coastguard Worker return std::wstring();
64*6777b538SAndroid Build Coastguard Worker }
65*6777b538SAndroid Build Coastguard Worker return TakeLocalAlloc(sddl).get();
66*6777b538SAndroid Build Coastguard Worker }
67*6777b538SAndroid Build Coastguard Worker
CreateWithDacl(const FilePath & path,const wchar_t * sddl,bool directory)68*6777b538SAndroid Build Coastguard Worker bool CreateWithDacl(const FilePath& path, const wchar_t* sddl, bool directory) {
69*6777b538SAndroid Build Coastguard Worker PSECURITY_DESCRIPTOR sd;
70*6777b538SAndroid Build Coastguard Worker if (!::ConvertStringSecurityDescriptorToSecurityDescriptor(
71*6777b538SAndroid Build Coastguard Worker sddl, SDDL_REVISION_1, &sd, nullptr)) {
72*6777b538SAndroid Build Coastguard Worker return false;
73*6777b538SAndroid Build Coastguard Worker }
74*6777b538SAndroid Build Coastguard Worker auto sd_ptr = TakeLocalAlloc(sd);
75*6777b538SAndroid Build Coastguard Worker SECURITY_ATTRIBUTES security_attr = {};
76*6777b538SAndroid Build Coastguard Worker security_attr.nLength = sizeof(security_attr);
77*6777b538SAndroid Build Coastguard Worker security_attr.lpSecurityDescriptor = sd_ptr.get();
78*6777b538SAndroid Build Coastguard Worker if (directory)
79*6777b538SAndroid Build Coastguard Worker return !!::CreateDirectory(path.value().c_str(), &security_attr);
80*6777b538SAndroid Build Coastguard Worker
81*6777b538SAndroid Build Coastguard Worker return ScopedHandle(::CreateFile(path.value().c_str(), GENERIC_ALL, 0,
82*6777b538SAndroid Build Coastguard Worker &security_attr, CREATE_ALWAYS, 0, nullptr))
83*6777b538SAndroid Build Coastguard Worker .is_valid();
84*6777b538SAndroid Build Coastguard Worker }
85*6777b538SAndroid Build Coastguard Worker
86*6777b538SAndroid Build Coastguard Worker } // namespace
87*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,GrantAccessToPathErrorCase)88*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, GrantAccessToPathErrorCase) {
89*6777b538SAndroid Build Coastguard Worker ScopedTempDir temp_dir;
90*6777b538SAndroid Build Coastguard Worker auto sids = Sid::FromSddlStringVector({kAuthenticatedUsersSid});
91*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids);
92*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
93*6777b538SAndroid Build Coastguard Worker FilePath path = temp_dir.GetPath().Append(L"test");
94*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(
95*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, true));
96*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(
97*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, false));
98*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(CreateWithDacl(path, kBaseDacl, false));
99*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
100*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, true));
101*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
102*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, false));
103*6777b538SAndroid Build Coastguard Worker std::vector<Sid> large_sid_list;
104*6777b538SAndroid Build Coastguard Worker while (large_sid_list.size() < 0x10000) {
105*6777b538SAndroid Build Coastguard Worker auto sid = Sid::FromSddlString(L"S-1-5-1234-" +
106*6777b538SAndroid Build Coastguard Worker NumberToWString(large_sid_list.size()));
107*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sid);
108*6777b538SAndroid Build Coastguard Worker large_sid_list.emplace_back(std::move(*sid));
109*6777b538SAndroid Build Coastguard Worker }
110*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(GrantAccessToPath(path, large_sid_list, FILE_GENERIC_READ,
111*6777b538SAndroid Build Coastguard Worker NO_INHERITANCE, false));
112*6777b538SAndroid Build Coastguard Worker path = temp_dir.GetPath().Append(L"test_nowritedac");
113*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(CreateWithDacl(path, kNoWriteDacDacl, false));
114*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(
115*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, true));
116*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(
117*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, false));
118*6777b538SAndroid Build Coastguard Worker }
119*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,GrantAccessToPathFile)120*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, GrantAccessToPathFile) {
121*6777b538SAndroid Build Coastguard Worker ScopedTempDir temp_dir;
122*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
123*6777b538SAndroid Build Coastguard Worker FilePath path = temp_dir.GetPath().Append(L"test");
124*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(CreateWithDacl(path, kBaseDacl, false));
125*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDacl, GetFileDacl(path));
126*6777b538SAndroid Build Coastguard Worker auto sids = Sid::FromSddlStringVector({kAuthenticatedUsersSid});
127*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids);
128*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
129*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, true));
130*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest1Dacl, GetFileDacl(path));
131*6777b538SAndroid Build Coastguard Worker auto sids2 = Sid::FromSddlStringVector({L"S-1-5-11", L"BA"});
132*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids2);
133*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
134*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids2, GENERIC_ALL, NO_INHERITANCE, true));
135*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest2Dacl, GetFileDacl(path));
136*6777b538SAndroid Build Coastguard Worker }
137*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,GrantAccessToPathFileNoInherit)138*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, GrantAccessToPathFileNoInherit) {
139*6777b538SAndroid Build Coastguard Worker ScopedTempDir temp_dir;
140*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
141*6777b538SAndroid Build Coastguard Worker FilePath path = temp_dir.GetPath().Append(L"test");
142*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(CreateWithDacl(path, kBaseDacl, false));
143*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDacl, GetFileDacl(path));
144*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
145*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, {}, FILE_GENERIC_READ, NO_INHERITANCE, false));
146*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDacl, GetFileDacl(path));
147*6777b538SAndroid Build Coastguard Worker auto sids = Sid::FromSddlStringVector({kAuthenticatedUsersSid});
148*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids);
149*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
150*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, false));
151*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest1DaclNoInherit, GetFileDacl(path));
152*6777b538SAndroid Build Coastguard Worker auto sids2 = Sid::FromSddlStringVector({L"S-1-5-11", L"BA"});
153*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids2);
154*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
155*6777b538SAndroid Build Coastguard Worker GrantAccessToPath(path, *sids2, GENERIC_ALL, NO_INHERITANCE, false));
156*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest2DaclNoInherit, GetFileDacl(path));
157*6777b538SAndroid Build Coastguard Worker }
158*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,DenyAccessToPathFile)159*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, DenyAccessToPathFile) {
160*6777b538SAndroid Build Coastguard Worker ScopedTempDir temp_dir;
161*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
162*6777b538SAndroid Build Coastguard Worker FilePath path = temp_dir.GetPath().Append(L"test");
163*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(CreateWithDacl(path, kBaseDacl, false));
164*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDacl, GetFileDacl(path));
165*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
166*6777b538SAndroid Build Coastguard Worker DenyAccessToPath(path, {}, FILE_GENERIC_READ, NO_INHERITANCE, true));
167*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDacl, GetFileDacl(path));
168*6777b538SAndroid Build Coastguard Worker auto sids = Sid::FromSddlStringVector({kLocalGuestSid});
169*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids);
170*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
171*6777b538SAndroid Build Coastguard Worker DenyAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, true));
172*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest1DenyDacl, GetFileDacl(path));
173*6777b538SAndroid Build Coastguard Worker }
174*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,DenyAccessToPathFileMultiple)175*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, DenyAccessToPathFileMultiple) {
176*6777b538SAndroid Build Coastguard Worker ScopedTempDir temp_dir;
177*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
178*6777b538SAndroid Build Coastguard Worker FilePath path = temp_dir.GetPath().Append(L"test");
179*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(CreateWithDacl(path, kBaseDacl, false));
180*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDacl, GetFileDacl(path));
181*6777b538SAndroid Build Coastguard Worker auto sids = Sid::FromSddlStringVector({kLocalGuestSid});
182*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids);
183*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
184*6777b538SAndroid Build Coastguard Worker DenyAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, true));
185*6777b538SAndroid Build Coastguard Worker // Verify setting same ACE on same file does not change the ACL.
186*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
187*6777b538SAndroid Build Coastguard Worker DenyAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, true));
188*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
189*6777b538SAndroid Build Coastguard Worker DenyAccessToPath(path, *sids, FILE_GENERIC_READ, NO_INHERITANCE, true));
190*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest1DenyDacl, GetFileDacl(path));
191*6777b538SAndroid Build Coastguard Worker }
192*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,GrantAccessToPathDirectory)193*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, GrantAccessToPathDirectory) {
194*6777b538SAndroid Build Coastguard Worker ScopedTempDir temp_dir;
195*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
196*6777b538SAndroid Build Coastguard Worker FilePath path = temp_dir.GetPath().Append(L"testdir");
197*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(CreateWithDacl(path, kBaseDirDacl, true));
198*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDirDacl, GetFileDacl(path));
199*6777b538SAndroid Build Coastguard Worker FilePath file_path = path.Append(L"test");
200*6777b538SAndroid Build Coastguard Worker File file(file_path, File::FLAG_CREATE_ALWAYS | File::FLAG_WRITE);
201*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(file.IsValid());
202*6777b538SAndroid Build Coastguard Worker file.Close();
203*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest1InheritedDacl, GetFileDacl(file_path));
204*6777b538SAndroid Build Coastguard Worker auto sids = Sid::FromSddlStringVector({kAuthenticatedUsersSid});
205*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids);
206*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(GrantAccessToPath(path, *sids, FILE_GENERIC_READ,
207*6777b538SAndroid Build Coastguard Worker OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
208*6777b538SAndroid Build Coastguard Worker true));
209*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDir2Dacl, GetFileDacl(path));
210*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest2InheritedDacl, GetFileDacl(file_path));
211*6777b538SAndroid Build Coastguard Worker }
212*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,GrantAccessToPathDirectoryNoInherit)213*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, GrantAccessToPathDirectoryNoInherit) {
214*6777b538SAndroid Build Coastguard Worker ScopedTempDir temp_dir;
215*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
216*6777b538SAndroid Build Coastguard Worker FilePath path = temp_dir.GetPath().Append(L"testdir");
217*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(CreateWithDacl(path, kBaseDirDacl, true));
218*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDirDacl, GetFileDacl(path));
219*6777b538SAndroid Build Coastguard Worker FilePath file_path = path.Append(L"test");
220*6777b538SAndroid Build Coastguard Worker File file(file_path, File::FLAG_CREATE_ALWAYS | File::FLAG_WRITE);
221*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(file.IsValid());
222*6777b538SAndroid Build Coastguard Worker file.Close();
223*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest1InheritedDacl, GetFileDacl(file_path));
224*6777b538SAndroid Build Coastguard Worker auto sids = Sid::FromSddlStringVector({kAuthenticatedUsersSid});
225*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(sids);
226*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(GrantAccessToPath(path, *sids, FILE_GENERIC_READ,
227*6777b538SAndroid Build Coastguard Worker OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
228*6777b538SAndroid Build Coastguard Worker false));
229*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kBaseDir2DaclNoInherit, GetFileDacl(path));
230*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest2InheritedDaclNoInherit, GetFileDacl(file_path));
231*6777b538SAndroid Build Coastguard Worker
232*6777b538SAndroid Build Coastguard Worker FilePath file_path2 = path.Append(L"test2");
233*6777b538SAndroid Build Coastguard Worker File file2(file_path2, File::FLAG_CREATE_ALWAYS | File::FLAG_WRITE);
234*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(file2.IsValid());
235*6777b538SAndroid Build Coastguard Worker file2.Close();
236*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(kTest3InheritedDacl, GetFileDacl(file_path2));
237*6777b538SAndroid Build Coastguard Worker }
238*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,CloneSidVector)239*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, CloneSidVector) {
240*6777b538SAndroid Build Coastguard Worker std::vector<Sid> sids =
241*6777b538SAndroid Build Coastguard Worker Sid::FromKnownSidVector({WellKnownSid::kNull, WellKnownSid::kWorld});
242*6777b538SAndroid Build Coastguard Worker std::vector<Sid> clone = CloneSidVector(sids);
243*6777b538SAndroid Build Coastguard Worker ASSERT_EQ(sids.size(), clone.size());
244*6777b538SAndroid Build Coastguard Worker for (size_t index = 0; index < sids.size(); ++index) {
245*6777b538SAndroid Build Coastguard Worker ASSERT_EQ(sids[index], clone[index]);
246*6777b538SAndroid Build Coastguard Worker ASSERT_NE(sids[index].GetPSID(), clone[index].GetPSID());
247*6777b538SAndroid Build Coastguard Worker }
248*6777b538SAndroid Build Coastguard Worker ASSERT_EQ(CloneSidVector(std::vector<Sid>()).size(), 0U);
249*6777b538SAndroid Build Coastguard Worker }
250*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,AppendSidVector)251*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, AppendSidVector) {
252*6777b538SAndroid Build Coastguard Worker std::vector<Sid> sids =
253*6777b538SAndroid Build Coastguard Worker Sid::FromKnownSidVector({WellKnownSid::kNull, WellKnownSid::kWorld});
254*6777b538SAndroid Build Coastguard Worker
255*6777b538SAndroid Build Coastguard Worker std::vector<Sid> total_sids;
256*6777b538SAndroid Build Coastguard Worker AppendSidVector(total_sids, sids);
257*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(total_sids.size(), sids.size());
258*6777b538SAndroid Build Coastguard Worker
259*6777b538SAndroid Build Coastguard Worker std::vector<Sid> sids2 = Sid::FromKnownSidVector(
260*6777b538SAndroid Build Coastguard Worker {WellKnownSid::kCreatorOwner, WellKnownSid::kNetwork});
261*6777b538SAndroid Build Coastguard Worker AppendSidVector(total_sids, sids2);
262*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(total_sids.size(), sids.size() + sids2.size());
263*6777b538SAndroid Build Coastguard Worker
264*6777b538SAndroid Build Coastguard Worker auto sid_interator = total_sids.cbegin();
265*6777b538SAndroid Build Coastguard Worker for (size_t index = 0; index < sids.size(); ++index) {
266*6777b538SAndroid Build Coastguard Worker ASSERT_EQ(*sid_interator, sids[index]);
267*6777b538SAndroid Build Coastguard Worker ASSERT_NE(sid_interator->GetPSID(), sids[index].GetPSID());
268*6777b538SAndroid Build Coastguard Worker sid_interator++;
269*6777b538SAndroid Build Coastguard Worker }
270*6777b538SAndroid Build Coastguard Worker for (size_t index = 0; index < sids2.size(); ++index) {
271*6777b538SAndroid Build Coastguard Worker ASSERT_EQ(*sid_interator, sids2[index]);
272*6777b538SAndroid Build Coastguard Worker ASSERT_NE(sid_interator->GetPSID(), sids2[index].GetPSID());
273*6777b538SAndroid Build Coastguard Worker sid_interator++;
274*6777b538SAndroid Build Coastguard Worker }
275*6777b538SAndroid Build Coastguard Worker }
276*6777b538SAndroid Build Coastguard Worker
TEST(SecurityUtilTest,GetGrantedAccess)277*6777b538SAndroid Build Coastguard Worker TEST(SecurityUtilTest, GetGrantedAccess) {
278*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(GetGrantedAccess(nullptr));
279*6777b538SAndroid Build Coastguard Worker ScopedHandle handle(::CreateMutexEx(nullptr, nullptr, 0, MUTEX_MODIFY_STATE));
280*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(GetGrantedAccess(handle.get()), DWORD{MUTEX_MODIFY_STATE});
281*6777b538SAndroid Build Coastguard Worker handle.Set(::CreateMutexEx(nullptr, nullptr, 0, READ_CONTROL));
282*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(GetGrantedAccess(handle.get()), DWORD{READ_CONTROL});
283*6777b538SAndroid Build Coastguard Worker handle.Set(::CreateMutexEx(nullptr, nullptr, 0, GENERIC_ALL));
284*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(GetGrantedAccess(handle.get()), DWORD{MUTEX_ALL_ACCESS});
285*6777b538SAndroid Build Coastguard Worker }
286*6777b538SAndroid Build Coastguard Worker
287*6777b538SAndroid Build Coastguard Worker } // namespace win
288*6777b538SAndroid Build Coastguard Worker } // namespace base
289