| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <map> | 5 #include <map> |
| 6 | 6 |
| 7 #include "sandbox/src/policy_broker.h" | 7 #include "sandbox/src/policy_broker.h" |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/pe_image.h" | 10 #include "base/pe_image.h" |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 #endif | 81 #endif |
| 82 ResultCode ret = child->TransferVariable("g_nt", &g_nt, sizeof(g_nt)); | 82 ResultCode ret = child->TransferVariable("g_nt", &g_nt, sizeof(g_nt)); |
| 83 | 83 |
| 84 return SBOX_ALL_OK == ret ? true : false; | 84 return SBOX_ALL_OK == ret ? true : false; |
| 85 } | 85 } |
| 86 | 86 |
| 87 #undef INIT_GLOBAL_NT | 87 #undef INIT_GLOBAL_NT |
| 88 #undef INIT_GLOBAL_RTL | 88 #undef INIT_GLOBAL_RTL |
| 89 | 89 |
| 90 bool SetupBasicInterceptions(InterceptionManager* manager) { | 90 bool SetupBasicInterceptions(InterceptionManager* manager) { |
| 91 #if !defined(_WIN64) | |
| 92 // Bug 27218: We don't have dispatch for some x64 syscalls. | |
| 93 // Interceptions provided by process_thread_policy, without actual policy. | 91 // Interceptions provided by process_thread_policy, without actual policy. |
| 94 if (!INTERCEPT_NT(manager, NtOpenThread, OPEN_TREAD_ID, 20) || | 92 if (!INTERCEPT_NT(manager, NtOpenThread, OPEN_TREAD_ID, 20) || |
| 95 !INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20) || | 93 !INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20) || |
| 96 !INTERCEPT_NT(manager, NtOpenProcessToken, OPEN_PROCESS_TOKEN_ID, 16)) | 94 !INTERCEPT_NT(manager, NtOpenProcessToken, OPEN_PROCESS_TOKEN_ID, 16)) |
| 97 return false; | 95 return false; |
| 98 #endif | |
| 99 | 96 |
| 100 // Interceptions with neither policy nor IPC. | 97 // Interceptions with neither policy nor IPC. |
| 101 if (!INTERCEPT_NT(manager, NtSetInformationThread, SET_INFORMATION_THREAD_ID, | 98 if (!INTERCEPT_NT(manager, NtSetInformationThread, SET_INFORMATION_THREAD_ID, |
| 102 20) || | 99 20) || |
| 103 !INTERCEPT_NT(manager, NtOpenThreadToken, OPEN_THREAD_TOKEN_ID, 20)) | 100 !INTERCEPT_NT(manager, NtOpenThreadToken, OPEN_THREAD_TOKEN_ID, 20)) |
| 104 return false; | 101 return false; |
| 105 | 102 |
| 106 if (win_util::GetWinVersion() >= win_util::WINVERSION_XP) { | 103 if (win_util::GetWinVersion() >= win_util::WINVERSION_XP) { |
| 107 #if !defined(_WIN64) | |
| 108 // Bug 27218: We don't have dispatch for some x64 syscalls. | 104 // Bug 27218: We don't have dispatch for some x64 syscalls. |
| 109 // This one is also provided by process_thread_policy. | 105 // This one is also provided by process_thread_policy. |
| 110 if (!INTERCEPT_NT(manager, NtOpenProcessTokenEx, OPEN_PROCESS_TOKEN_EX_ID, | 106 if (!INTERCEPT_NT(manager, NtOpenProcessTokenEx, OPEN_PROCESS_TOKEN_EX_ID, |
| 111 20)) | 107 20)) |
| 112 return false; | 108 return false; |
| 113 #endif | |
| 114 | 109 |
| 115 return INTERCEPT_NT(manager, NtOpenThreadTokenEx, OPEN_THREAD_TOKEN_EX_ID, | 110 return INTERCEPT_NT(manager, NtOpenThreadTokenEx, OPEN_THREAD_TOKEN_EX_ID, |
| 116 24); | 111 24); |
| 117 } | 112 } |
| 118 | 113 |
| 119 return true; | 114 return true; |
| 120 } | 115 } |
| 121 | 116 |
| 122 } // namespace sandbox | 117 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 757001:
Second round of sbox changes for 64 bit port... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/