Chromium Code Reviews Chromium Code Reviews
Issue 1225183003:
CreateThread interception, to use CreateRemoteThread (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include <sddl.h> | 7 #include <sddl.h> |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 126 use_alternate_desktop_(false), | 126 use_alternate_desktop_(false), |
| 127 use_alternate_winstation_(false), | 127 use_alternate_winstation_(false), |
| 128 file_system_init_(false), | 128 file_system_init_(false), |
| 129 relaxed_interceptions_(true), | 129 relaxed_interceptions_(true), |
| 130 stdout_handle_(INVALID_HANDLE_VALUE), | 130 stdout_handle_(INVALID_HANDLE_VALUE), |
| 131 stderr_handle_(INVALID_HANDLE_VALUE), | 131 stderr_handle_(INVALID_HANDLE_VALUE), |
| 132 integrity_level_(INTEGRITY_LEVEL_LAST), | 132 integrity_level_(INTEGRITY_LEVEL_LAST), |
| 133 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), | 133 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), |
| 134 mitigations_(0), | 134 mitigations_(0), |
| 135 delayed_mitigations_(0), | 135 delayed_mitigations_(0), |
| 136 is_csrss_connected_(false), | |
|
cpu_(ooo_6.6-7.5)
2016/02/05 20:49:37
true ?
liamjm (20p)
2016/02/05 21:53:08
Yikes! Good catch.
Fixed.
| |
| 136 policy_maker_(NULL), | 137 policy_maker_(NULL), |
| 137 policy_(NULL), | 138 policy_(NULL), |
| 138 lowbox_sid_(NULL) { | 139 lowbox_sid_(NULL) { |
| 139 ::InitializeCriticalSection(&lock_); | 140 ::InitializeCriticalSection(&lock_); |
| 140 dispatcher_.reset(new TopLevelDispatcher(this)); | 141 dispatcher_.reset(new TopLevelDispatcher(this)); |
| 141 } | 142 } |
| 142 | 143 |
| 143 PolicyBase::~PolicyBase() { | 144 PolicyBase::~PolicyBase() { |
| 144 ClearSharedHandles(); | 145 ClearSharedHandles(); |
| 145 | 146 |
| (...skipping 472 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 618 } | 619 } |
| 619 if (it == targets_.end()) { | 620 if (it == targets_.end()) { |
| 620 return false; | 621 return false; |
| 621 } | 622 } |
| 622 TargetProcess* target = *it; | 623 TargetProcess* target = *it; |
| 623 targets_.erase(it); | 624 targets_.erase(it); |
| 624 delete target; | 625 delete target; |
| 625 return true; | 626 return true; |
| 626 } | 627 } |
| 627 | 628 |
| 629 void PolicyBase::DisconnectCsrss() { | |
| 630 if (base::win::GetVersion() >= base::win::VERSION_WIN8) { | |
| 631 is_csrss_connected_ = false; | |
| 632 AddKernelObjectToClose(L"ALPC Port", NULL); | |
| 633 } | |
| 634 } | |
| 635 | |
| 628 EvalResult PolicyBase::EvalPolicy(int service, | 636 EvalResult PolicyBase::EvalPolicy(int service, |
| 629 CountedParameterSetBase* params) { | 637 CountedParameterSetBase* params) { |
| 630 if (NULL != policy_) { | 638 if (NULL != policy_) { |
| 631 if (NULL == policy_->entry[service]) { | 639 if (NULL == policy_->entry[service]) { |
| 632 // There is no policy for this particular service. This is not a big | 640 // There is no policy for this particular service. This is not a big |
| 633 // deal. | 641 // deal. |
| 634 return DENY_ACCESS; | 642 return DENY_ACCESS; |
| 635 } | 643 } |
| 636 for (int i = 0; i < params->count; i++) { | 644 for (int i = 0; i < params->count; i++) { |
| 637 if (!params->parameters[i].IsValid()) { | 645 if (!params->parameters[i].IsValid()) { |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 670 } | 678 } |
| 671 } | 679 } |
| 672 | 680 |
| 673 if (!blacklisted_dlls_.empty()) { | 681 if (!blacklisted_dlls_.empty()) { |
| 674 std::vector<base::string16>::iterator it = blacklisted_dlls_.begin(); | 682 std::vector<base::string16>::iterator it = blacklisted_dlls_.begin(); |
| 675 for (; it != blacklisted_dlls_.end(); ++it) { | 683 for (; it != blacklisted_dlls_.end(); ++it) { |
| 676 manager.AddToUnloadModules(it->c_str()); | 684 manager.AddToUnloadModules(it->c_str()); |
| 677 } | 685 } |
| 678 } | 686 } |
| 679 | 687 |
| 680 if (!SetupBasicInterceptions(&manager)) | 688 if (!SetupBasicInterceptions(&manager, is_csrss_connected_)) |
| 681 return false; | 689 return false; |
| 682 | 690 |
| 683 if (!manager.InitializeInterceptions()) | 691 if (!manager.InitializeInterceptions()) |
| 684 return false; | 692 return false; |
| 685 | 693 |
| 686 // Finally, setup imports on the target so the interceptions can work. | 694 // Finally, setup imports on the target so the interceptions can work. |
| 687 return SetupNtdllImports(target); | 695 return SetupNtdllImports(target); |
| 688 } | 696 } |
| 689 | 697 |
| 690 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 698 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 765 break; | 773 break; |
| 766 } | 774 } |
| 767 | 775 |
| 768 default: { return SBOX_ERROR_UNSUPPORTED; } | 776 default: { return SBOX_ERROR_UNSUPPORTED; } |
| 769 } | 777 } |
| 770 | 778 |
| 771 return SBOX_ALL_OK; | 779 return SBOX_ALL_OK; |
| 772 } | 780 } |
| 773 | 781 |
| 774 } // namespace sandbox | 782 } // namespace sandbox |
| OLD | NEW |
