| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "sandbox/win/src/lpc_dispatcher.h" |
| 6 |
| 7 #include "base/win/windows_version.h" |
| 8 #include "sandbox/win/src/crosscall_client.h" |
| 9 #include "sandbox/win/src/interception.h" |
| 10 #include "sandbox/win/src/interceptors.h" |
| 11 #include "sandbox/win/src/ipc_tags.h" |
| 12 #include "sandbox/win/src/policy_broker.h" |
| 13 #include "sandbox/win/src/policy_params.h" |
| 14 #include "sandbox/win/src/sandbox.h" |
| 15 #include "sandbox/win/src/lpc_interception.h" |
| 16 // #include "sandbox/win/src/sync_policy.h" |
| 17 |
| 18 namespace sandbox { |
| 19 |
| 20 LpcDispatcher::LpcDispatcher(PolicyBase* policy_base) |
| 21 : policy_base_(policy_base) { |
| 22 static const IPCCall connect_params = { |
| 23 {IPC_NTCONNECTALPCPORT_TAG, {WCHAR_TYPE}}, |
| 24 reinterpret_cast<CallbackGeneric>(&LpcDispatcher::AlpcConnectPort)}; |
| 25 |
| 26 ipc_calls_.push_back(connect_params); |
| 27 } |
| 28 |
| 29 bool LpcDispatcher::SetupService(InterceptionManager* manager, |
| 30 int service) { |
| 31 if (service == IPC_NTCONNECTALPCPORT_TAG) |
| 32 return INTERCEPT_NT(manager, NtAlpcConnectPort, NTCONNECTALPCPORT_ID, 48); |
| 33 return true; |
| 34 } |
| 35 |
| 36 bool LpcDispatcher::AlpcConnectPort(IPCInfo* ipc, base::string16* name) { |
| 37 const wchar_t* port_name = name->c_str(); |
| 38 CountedParameterSet<NameBased> params; |
| 39 params[NameBased::NAME] = ParamPickerMake(port_name); |
| 40 |
| 41 EvalResult result = policy_base_->EvalPolicy(IPC_NTCONNECTALPCPORT_TAG, |
| 42 params.GetBase()); |
| 43 HANDLE handle = NULL; |
| 44 (void) handle; |
| 45 (void) result; |
| 46 |
| 47 HMODULE ntdll = GetModuleHandle(L"ntdll.dll"); |
| 48 NtAlpcConnectPortFunction lpc_connect = |
| 49 reinterpret_cast<NtAlpcConnectPortFunction>(::GetProcAddress( |
| 50 ntdll, "NtAlpcConnectPort")); |
| 51 if (!lpc_connect) { |
| 52 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 53 return false; |
| 54 } |
| 55 |
| 56 RtlInitUnicodeStringFunction RtlInitUnicodeString = |
| 57 reinterpret_cast<RtlInitUnicodeStringFunction>( |
| 58 GetProcAddress(ntdll, "RtlInitUnicodeString")); |
| 59 DCHECK(RtlInitUnicodeString); |
| 60 UNICODE_STRING uni_name = {0}; |
| 61 RtlInitUnicodeString(&uni_name, port_name); |
| 62 LARGE_INTEGER timeout = {0}; |
| 63 timeout.QuadPart = -5000000; |
| 64 |
| 65 ALPC_PORT_ATTRIBUTES port_attributes = {0}; |
| 66 port_attributes.flags = 0xb0000; |
| 67 port_attributes.qos.Length = 0xc; |
| 68 port_attributes.qos.ImpersonationLevel = SecurityImpersonation; |
| 69 port_attributes.qos.ContextTrackingMode = 0x01; |
| 70 port_attributes.qos.EffectiveOnly = 0x01; |
| 71 port_attributes.max_message_length = 0x7fff; |
| 72 port_attributes.dup_object_types = 7; |
| 73 |
| 74 ipc->return_info.nt_status = lpc_connect(&handle, &uni_name, NULL, |
| 75 &port_attributes, 0x20000, NULL, NULL, NULL, NULL, NULL, &timeout); |
| 76 if (ipc->return_info.nt_status == STATUS_SUCCESS) { |
| 77 HANDLE dup_handle = NULL; |
| 78 if (!::DuplicateHandle(::GetCurrentProcess(), handle, |
| 79 ipc->client_info->process, &dup_handle, 0, FALSE, |
| 80 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 81 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 82 return false; |
| 83 } |
| 84 ipc->return_info.handle = dup_handle; |
| 85 return true; |
| 86 } |
| 87 #if 0 |
| 88 // Return operation status on the IPC. |
| 89 ipc->return_info.nt_status = SyncPolicy::CreateEventAction( |
| 90 result, *ipc->client_info, *name, event_type, initial_state, &handle); |
| 91 ipc->return_info.handle = handle; |
| 92 #endif |
| 93 return false; |
| 94 } |
| 95 |
| 96 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1296223005:
Continuing changes for lpc proxy
Base URL: https://chromium.googlesource.com/chromium/src.git@master