Index: sandbox/win/src/process_thread_policy.cc |
diff --git a/sandbox/win/src/process_thread_policy.cc b/sandbox/win/src/process_thread_policy.cc |
index b4976c0bbebeaefc8cfb9cdf57c9533d2c3c0b96..e78608744fe8bd098bccf52ce29311611d754747 100644 |
--- a/sandbox/win/src/process_thread_policy.cc |
+++ b/sandbox/win/src/process_thread_policy.cc |
@@ -99,6 +99,9 @@ bool ProcessPolicy::GenerateRules(const wchar_t* name, |
if (!policy->AddRule(IPC_CREATEPROCESSW_TAG, process.get())) { |
return false; |
} |
+ if (!policy->AddRule(IPC_CREATETHREAD_TAG, process.get())) { |
+ return false; |
+ } |
liamjm (20p)
2016/02/02 20:43:45
cpu@: Can you comment on the suitability of adding
|
return true; |
} |
@@ -238,4 +241,31 @@ DWORD ProcessPolicy::CreateProcessWAction(EvalResult eval_result, |
return ERROR_SUCCESS; |
} |
+DWORD ProcessPolicy::CreateThreadAction( |
forshaw
2016/02/02 11:11:49
Is this only going to be used in test code or will
liamjm (20p)
2016/02/02 20:43:45
This is the intended mechanism for CreateThread in
|
+ EvalResult eval_result, |
+ const ClientInfo& client_info, |
+ const SIZE_T stack_size, |
+ const LPTHREAD_START_ROUTINE start_address, |
+ const LPVOID parameter, |
+ const DWORD creation_flags, |
+ LPDWORD thread_id, |
+ HANDLE* handle) { |
+ // The only action supported is ASK_BROKER which means create the process. |
forshaw
2016/02/02 11:11:49
nit: You mean thread not process?
liamjm (20p)
2016/02/02 20:43:45
Done.
|
+ if (GIVE_ALLACCESS != eval_result && GIVE_READONLY != eval_result) { |
+ return ERROR_ACCESS_DENIED; |
+ } |
+ HANDLE local_handle = |
+ CreateRemoteThread(client_info.process, nullptr, stack_size, |
+ start_address, parameter, creation_flags, thread_id); |
+ if (!local_handle) { |
+ return ::GetLastError(); |
+ } |
+ if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
+ client_info.process, handle, 0, FALSE, |
Will Harris
2016/02/02 05:45:33
should this 0 be THREAD_ALL_ACCESS if eval_result
forshaw
2016/02/02 11:11:49
CreateRemoteThread should return a handle with THR
liamjm (20p)
2016/02/02 20:43:45
If DUPLCIATE_SAME_ACCESS is specified below, then
|
+ DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
Will Harris
2016/02/02 05:45:33
I'm not sure this should be DUPLICATE_SAME_ACCESS
|
+ return ERROR_ACCESS_DENIED; |
+ } |
+ return ERROR_SUCCESS; |
+} |
+ |
} // namespace sandbox |