OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/process_thread_interception.h" | 5 #include "sandbox/win/src/process_thread_interception.h" |
6 | 6 |
7 #include "sandbox/win/src/crosscall_client.h" | 7 #include "sandbox/win/src/crosscall_client.h" |
8 #include "sandbox/win/src/ipc_tags.h" | 8 #include "sandbox/win/src/ipc_tags.h" |
9 #include "sandbox/win/src/policy_params.h" | 9 #include "sandbox/win/src/policy_params.h" |
10 #include "sandbox/win/src/policy_target.h" | 10 #include "sandbox/win/src/policy_target.h" |
(...skipping 257 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
268 LPSTARTUPINFOW startup_info, | 268 LPSTARTUPINFOW startup_info, |
269 LPPROCESS_INFORMATION process_information) { | 269 LPPROCESS_INFORMATION process_information) { |
270 if (SandboxFactory::GetTargetServices()->GetState()->IsCsrssConnected() && | 270 if (SandboxFactory::GetTargetServices()->GetState()->IsCsrssConnected() && |
271 orig_CreateProcessW(application_name, command_line, process_attributes, | 271 orig_CreateProcessW(application_name, command_line, process_attributes, |
272 thread_attributes, inherit_handles, flags, | 272 thread_attributes, inherit_handles, flags, |
273 environment, current_directory, startup_info, | 273 environment, current_directory, startup_info, |
274 process_information)) { | 274 process_information)) { |
275 return TRUE; | 275 return TRUE; |
276 } | 276 } |
277 | 277 |
278 // We don't trust that the IPC can work this early. | |
279 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
280 return FALSE; | |
281 | |
282 DWORD original_error = ::GetLastError(); | 278 DWORD original_error = ::GetLastError(); |
283 | 279 |
284 do { | 280 // We don't trust that the IPC can work this early. |
285 if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION), | 281 if (SandboxFactory::GetTargetServices()->GetState()->InitCalled()) { |
brucedawson
2015/09/12 00:33:55
Moving this below the initialization of original_e
cpu_(ooo_6.6-7.5)
2015/09/14 17:17:16
In this particular case it is harmless to move it
brucedawson
2015/09/14 18:59:55
Got it.
How about a comment to make the rational
| |
286 WRITE)) | 282 do { |
287 break; | 283 if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION), |
284 WRITE)) | |
285 break; | |
288 | 286 |
289 void* memory = GetGlobalIPCMemory(); | 287 void* memory = GetGlobalIPCMemory(); |
290 if (NULL == memory) | 288 if (NULL == memory) |
291 break; | 289 break; |
292 | 290 |
293 const wchar_t* cur_dir = NULL; | 291 const wchar_t* cur_dir = NULL; |
294 | 292 |
295 wchar_t current_directory[MAX_PATH]; | 293 wchar_t current_directory[MAX_PATH]; |
296 DWORD result = ::GetCurrentDirectory(MAX_PATH, current_directory); | 294 DWORD result = ::GetCurrentDirectory(MAX_PATH, current_directory); |
297 if (0 != result && result < MAX_PATH) | 295 if (0 != result && result < MAX_PATH) |
298 cur_dir = current_directory; | 296 cur_dir = current_directory; |
299 | 297 |
300 SharedMemIPCClient ipc(memory); | 298 SharedMemIPCClient ipc(memory); |
301 CrossCallReturn answer = {0}; | 299 CrossCallReturn answer = {0}; |
302 | 300 |
303 InOutCountedBuffer proc_info(process_information, | 301 InOutCountedBuffer proc_info(process_information, |
304 sizeof(PROCESS_INFORMATION)); | 302 sizeof(PROCESS_INFORMATION)); |
305 | 303 |
306 ResultCode code = CrossCall(ipc, IPC_CREATEPROCESSW_TAG, application_name, | 304 ResultCode code = CrossCall(ipc, IPC_CREATEPROCESSW_TAG, application_name, |
307 command_line, cur_dir, proc_info, &answer); | 305 command_line, cur_dir, proc_info, &answer); |
308 if (SBOX_ALL_OK != code) | 306 if (SBOX_ALL_OK != code) |
309 break; | 307 break; |
310 | 308 |
311 ::SetLastError(answer.win32_result); | 309 ::SetLastError(answer.win32_result); |
312 if (ERROR_SUCCESS != answer.win32_result) | 310 if (ERROR_SUCCESS != answer.win32_result) |
313 return FALSE; | 311 return FALSE; |
314 | 312 |
315 return TRUE; | 313 return TRUE; |
316 } while (false); | 314 } while (false); |
315 } | |
317 | 316 |
318 ::SetLastError(original_error); | 317 ::SetLastError(original_error); |
319 return FALSE; | 318 return FALSE; |
320 } | 319 } |
321 | 320 |
322 BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA, | 321 BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA, |
323 LPCSTR application_name, LPSTR command_line, | 322 LPCSTR application_name, LPSTR command_line, |
324 LPSECURITY_ATTRIBUTES process_attributes, | 323 LPSECURITY_ATTRIBUTES process_attributes, |
325 LPSECURITY_ATTRIBUTES thread_attributes, | 324 LPSECURITY_ATTRIBUTES thread_attributes, |
326 BOOL inherit_handles, DWORD flags, | 325 BOOL inherit_handles, DWORD flags, |
327 LPVOID environment, LPCSTR current_directory, | 326 LPVOID environment, LPCSTR current_directory, |
328 LPSTARTUPINFOA startup_info, | 327 LPSTARTUPINFOA startup_info, |
329 LPPROCESS_INFORMATION process_information) { | 328 LPPROCESS_INFORMATION process_information) { |
330 if (orig_CreateProcessA(application_name, command_line, process_attributes, | 329 if (orig_CreateProcessA(application_name, command_line, process_attributes, |
331 thread_attributes, inherit_handles, flags, | 330 thread_attributes, inherit_handles, flags, |
332 environment, current_directory, startup_info, | 331 environment, current_directory, startup_info, |
333 process_information)) { | 332 process_information)) { |
334 return TRUE; | 333 return TRUE; |
335 } | 334 } |
336 | 335 |
337 // We don't trust that the IPC can work this early. | |
338 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
339 return FALSE; | |
340 | |
341 DWORD original_error = ::GetLastError(); | 336 DWORD original_error = ::GetLastError(); |
342 | 337 |
343 do { | 338 // We don't trust that the IPC can work this early. |
344 if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION), | 339 if (SandboxFactory::GetTargetServices()->GetState()->InitCalled()) { |
345 WRITE)) | 340 do { |
346 break; | 341 if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION), |
342 WRITE)) | |
343 break; | |
347 | 344 |
348 void* memory = GetGlobalIPCMemory(); | 345 void* memory = GetGlobalIPCMemory(); |
349 if (NULL == memory) | 346 if (NULL == memory) |
350 break; | 347 break; |
351 | 348 |
352 // Convert the input params to unicode. | 349 // Convert the input params to unicode. |
353 UNICODE_STRING *cmd_unicode = NULL; | 350 UNICODE_STRING *cmd_unicode = NULL; |
354 UNICODE_STRING *app_unicode = NULL; | 351 UNICODE_STRING *app_unicode = NULL; |
355 if (command_line) { | 352 if (command_line) { |
356 cmd_unicode = AnsiToUnicode(command_line); | 353 cmd_unicode = AnsiToUnicode(command_line); |
357 if (!cmd_unicode) | 354 if (!cmd_unicode) |
355 break; | |
356 } | |
357 | |
358 if (application_name) { | |
359 app_unicode = AnsiToUnicode(application_name); | |
360 if (!app_unicode) { | |
361 operator delete(cmd_unicode, NT_ALLOC); | |
362 break; | |
363 } | |
364 } | |
365 | |
366 const wchar_t* cmd_line = cmd_unicode ? cmd_unicode->Buffer : NULL; | |
367 const wchar_t* app_name = app_unicode ? app_unicode->Buffer : NULL; | |
368 const wchar_t* cur_dir = NULL; | |
369 | |
370 wchar_t current_directory[MAX_PATH]; | |
371 DWORD result = ::GetCurrentDirectory(MAX_PATH, current_directory); | |
372 if (0 != result && result < MAX_PATH) | |
373 cur_dir = current_directory; | |
374 | |
375 SharedMemIPCClient ipc(memory); | |
376 CrossCallReturn answer = {0}; | |
377 | |
378 InOutCountedBuffer proc_info(process_information, | |
379 sizeof(PROCESS_INFORMATION)); | |
380 | |
381 ResultCode code = CrossCall(ipc, IPC_CREATEPROCESSW_TAG, app_name, | |
382 cmd_line, cur_dir, proc_info, &answer); | |
383 | |
384 operator delete(cmd_unicode, NT_ALLOC); | |
385 operator delete(app_unicode, NT_ALLOC); | |
386 | |
387 if (SBOX_ALL_OK != code) | |
358 break; | 388 break; |
359 } | |
360 | 389 |
361 if (application_name) { | 390 ::SetLastError(answer.win32_result); |
362 app_unicode = AnsiToUnicode(application_name); | 391 if (ERROR_SUCCESS != answer.win32_result) |
363 if (!app_unicode) { | 392 return FALSE; |
364 operator delete(cmd_unicode, NT_ALLOC); | |
365 break; | |
366 } | |
367 } | |
368 | 393 |
369 const wchar_t* cmd_line = cmd_unicode ? cmd_unicode->Buffer : NULL; | 394 return TRUE; |
370 const wchar_t* app_name = app_unicode ? app_unicode->Buffer : NULL; | 395 } while (false); |
371 const wchar_t* cur_dir = NULL; | 396 } |
372 | |
373 wchar_t current_directory[MAX_PATH]; | |
374 DWORD result = ::GetCurrentDirectory(MAX_PATH, current_directory); | |
375 if (0 != result && result < MAX_PATH) | |
376 cur_dir = current_directory; | |
377 | |
378 SharedMemIPCClient ipc(memory); | |
379 CrossCallReturn answer = {0}; | |
380 | |
381 InOutCountedBuffer proc_info(process_information, | |
382 sizeof(PROCESS_INFORMATION)); | |
383 | |
384 ResultCode code = CrossCall(ipc, IPC_CREATEPROCESSW_TAG, app_name, | |
385 cmd_line, cur_dir, proc_info, &answer); | |
386 | |
387 operator delete(cmd_unicode, NT_ALLOC); | |
388 operator delete(app_unicode, NT_ALLOC); | |
389 | |
390 if (SBOX_ALL_OK != code) | |
391 break; | |
392 | |
393 ::SetLastError(answer.win32_result); | |
394 if (ERROR_SUCCESS != answer.win32_result) | |
395 return FALSE; | |
396 | |
397 return TRUE; | |
398 } while (false); | |
399 | 397 |
400 ::SetLastError(original_error); | 398 ::SetLastError(original_error); |
401 return FALSE; | 399 return FALSE; |
402 } | 400 } |
403 | 401 |
404 } // namespace sandbox | 402 } // namespace sandbox |
OLD | NEW |