Chromium Code Reviews Chromium Code Reviews
Issue 1419483002:
Windows sbox: Warmup locales before sandbox lockdown (and tests) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/target_services.h" | 5 #include "sandbox/win/src/target_services.h" |
| 6 | 6 |
| 7 #include <new> | 7 #include <new> |
| 8 | 8 |
| 9 #include <process.h> | 9 #include <process.h> |
| 10 | 10 |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 52 if (sandbox::HandleCloserAgent::NeedsHandlesClosed()) { | 52 if (sandbox::HandleCloserAgent::NeedsHandlesClosed()) { |
| 53 sandbox::HandleCloserAgent handle_closer; | 53 sandbox::HandleCloserAgent handle_closer; |
| 54 handle_closer.InitializeHandlesToClose(is_csrss_connected); | 54 handle_closer.InitializeHandlesToClose(is_csrss_connected); |
| 55 if (!handle_closer.CloseHandles()) | 55 if (!handle_closer.CloseHandles()) |
| 56 return false; | 56 return false; |
| 57 } | 57 } |
| 58 | 58 |
| 59 return true; | 59 return true; |
| 60 } | 60 } |
| 61 | 61 |
| 62 // GetUserDefaultLocaleName is not available on WIN XP. So we'll | |
| 63 // load it on-the-fly. | |
| 64 const wchar_t kKernel32DllName[] = L"kernel32.dll"; | |
| 65 typedef int(WINAPI* GetUserDefaultLocaleNameFunction)(LPWSTR lpLocaleName, | |
|
Will Harris
2015/12/03 06:06:40
nit: could use typedef decltype e.g.
typedef decl
liamjm (20p)
2015/12/03 18:18:42
Done.
| |
| 66 int cchLocaleName); | |
| 67 | |
| 68 // Warm up language subsystems before the sandbox is turned on. | |
| 69 // Tested on Win8.1 x64: | |
| 70 // This needs to happen after RevertToSelf() is called, because (at least) in | |
| 71 // the case of GetUserDefaultLCID() it checks the TEB to see if the process is | |
| 72 // impersonating (TEB!IsImpersonating). If it is, the cached locale information | |
| 73 // is not used, nor is it set. Therefore, calls after RevertToSelf() will not | |
| 74 // have warmed-up values to use. | |
| 75 bool WarmupWindowsLocales() { | |
| 76 // NOTE(liamjm): When last checked (Win 8.1 x64) it wasn't necessary to | |
| 77 // warmup all of these functions, but let's not assume that. | |
| 78 ::GetUserDefaultLangID(); | |
| 79 ::GetUserDefaultLCID(); | |
| 80 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { | |
| 81 static GetUserDefaultLocaleNameFunction GetUserDefaultLocaleName_func = | |
| 82 NULL; | |
| 83 if (!GetUserDefaultLocaleName_func) { | |
| 84 HMODULE kernel32_dll = ::GetModuleHandle(kKernel32DllName); | |
| 85 if (!kernel32_dll) { | |
| 86 return false; | |
| 87 } | |
| 88 GetUserDefaultLocaleName_func = | |
| 89 reinterpret_cast<GetUserDefaultLocaleNameFunction>( | |
| 90 GetProcAddress(kernel32_dll, "GetUserDefaultLocaleName")); | |
| 91 if (!GetUserDefaultLocaleName_func) { | |
| 92 return false; | |
| 93 } | |
| 94 } | |
| 95 wchar_t localeName[LOCALE_NAME_MAX_LENGTH] = {0}; | |
| 96 return (0 != GetUserDefaultLocaleName_func( | |
| 97 localeName, LOCALE_NAME_MAX_LENGTH * sizeof(wchar_t))); | |
| 98 } | |
| 99 return true; | |
| 100 } | |
| 62 | 101 |
| 63 // Used as storage for g_target_services, because other allocation facilities | 102 // Used as storage for g_target_services, because other allocation facilities |
| 64 // are not available early. We can't use a regular function static because on | 103 // are not available early. We can't use a regular function static because on |
| 65 // VS2015, because the CRT tries to acquire a lock to guard initialization, but | 104 // VS2015, because the CRT tries to acquire a lock to guard initialization, but |
| 66 // this code runs before the CRT is initialized. | 105 // this code runs before the CRT is initialized. |
| 67 char g_target_services_memory[sizeof(sandbox::TargetServicesBase)]; | 106 char g_target_services_memory[sizeof(sandbox::TargetServicesBase)]; |
| 68 sandbox::TargetServicesBase* g_target_services = nullptr; | 107 sandbox::TargetServicesBase* g_target_services = nullptr; |
| 69 | 108 |
| 70 } // namespace | 109 } // namespace |
| 71 | 110 |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 90 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_INTEGRITY); | 129 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_INTEGRITY); |
| 91 process_state_.SetRevertedToSelf(); | 130 process_state_.SetRevertedToSelf(); |
| 92 // If the client code as called RegOpenKey, advapi32.dll has cached some | 131 // If the client code as called RegOpenKey, advapi32.dll has cached some |
| 93 // handles. The following code gets rid of them. | 132 // handles. The following code gets rid of them. |
| 94 if (!::RevertToSelf()) | 133 if (!::RevertToSelf()) |
| 95 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_DROPTOKEN); | 134 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_DROPTOKEN); |
| 96 if (!FlushCachedRegHandles()) | 135 if (!FlushCachedRegHandles()) |
| 97 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_FLUSHANDLES); | 136 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_FLUSHANDLES); |
| 98 if (ERROR_SUCCESS != ::RegDisablePredefinedCache()) | 137 if (ERROR_SUCCESS != ::RegDisablePredefinedCache()) |
| 99 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CACHEDISABLE); | 138 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CACHEDISABLE); |
| 139 if (!WarmupWindowsLocales()) | |
| 140 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_WARMUP); | |
| 100 bool is_csrss_connected = true; | 141 bool is_csrss_connected = true; |
| 101 if (!CloseOpenHandles(&is_csrss_connected)) | 142 if (!CloseOpenHandles(&is_csrss_connected)) |
| 102 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CLOSEHANDLES); | 143 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CLOSEHANDLES); |
| 103 process_state_.SetCsrssConnected(is_csrss_connected); | 144 process_state_.SetCsrssConnected(is_csrss_connected); |
| 104 // Enabling mitigations must happen last otherwise handle closing breaks | 145 // Enabling mitigations must happen last otherwise handle closing breaks |
| 105 if (g_shared_delayed_mitigations && | 146 if (g_shared_delayed_mitigations && |
| 106 !ApplyProcessMitigationsToCurrentProcess(g_shared_delayed_mitigations)) | 147 !ApplyProcessMitigationsToCurrentProcess(g_shared_delayed_mitigations)) |
| 107 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_MITIGATION); | 148 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_MITIGATION); |
| 108 } | 149 } |
| 109 | 150 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 212 ResultCode TargetServicesBase::DuplicateHandle(HANDLE source_handle, | 253 ResultCode TargetServicesBase::DuplicateHandle(HANDLE source_handle, |
| 213 DWORD target_process_id, | 254 DWORD target_process_id, |
| 214 HANDLE* target_handle, | 255 HANDLE* target_handle, |
| 215 DWORD desired_access, | 256 DWORD desired_access, |
| 216 DWORD options) { | 257 DWORD options) { |
| 217 return sandbox::DuplicateHandleProxy(source_handle, target_process_id, | 258 return sandbox::DuplicateHandleProxy(source_handle, target_process_id, |
| 218 target_handle, desired_access, options); | 259 target_handle, desired_access, options); |
| 219 } | 260 } |
| 220 | 261 |
| 221 } // namespace sandbox | 262 } // namespace sandbox |
| OLD | NEW |
