OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/process_thread_policy.h" | 5 #include "sandbox/win/src/process_thread_policy.h" |
6 | 6 |
| 7 #include <stdint.h> |
| 8 |
7 #include <string> | 9 #include <string> |
8 | 10 |
9 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
10 #include "sandbox/win/src/ipc_tags.h" | 12 #include "sandbox/win/src/ipc_tags.h" |
11 #include "sandbox/win/src/nt_internals.h" | 13 #include "sandbox/win/src/nt_internals.h" |
12 #include "sandbox/win/src/policy_engine_opcodes.h" | 14 #include "sandbox/win/src/policy_engine_opcodes.h" |
13 #include "sandbox/win/src/policy_params.h" | 15 #include "sandbox/win/src/policy_params.h" |
14 #include "sandbox/win/src/sandbox_types.h" | 16 #include "sandbox/win/src/sandbox_types.h" |
15 #include "sandbox/win/src/win_utils.h" | 17 #include "sandbox/win/src/win_utils.h" |
16 | 18 |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
94 if (!process->AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) { | 96 if (!process->AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) { |
95 return false; | 97 return false; |
96 } | 98 } |
97 if (!policy->AddRule(IPC_CREATEPROCESSW_TAG, process.get())) { | 99 if (!policy->AddRule(IPC_CREATEPROCESSW_TAG, process.get())) { |
98 return false; | 100 return false; |
99 } | 101 } |
100 return true; | 102 return true; |
101 } | 103 } |
102 | 104 |
103 NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info, | 105 NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info, |
104 uint32 desired_access, | 106 uint32_t desired_access, |
105 uint32 thread_id, | 107 uint32_t thread_id, |
106 HANDLE* handle) { | 108 HANDLE* handle) { |
107 *handle = NULL; | 109 *handle = NULL; |
108 | 110 |
109 NtOpenThreadFunction NtOpenThread = NULL; | 111 NtOpenThreadFunction NtOpenThread = NULL; |
110 ResolveNTFunctionPtr("NtOpenThread", &NtOpenThread); | 112 ResolveNTFunctionPtr("NtOpenThread", &NtOpenThread); |
111 | 113 |
112 OBJECT_ATTRIBUTES attributes = {0}; | 114 OBJECT_ATTRIBUTES attributes = {0}; |
113 attributes.Length = sizeof(attributes); | 115 attributes.Length = sizeof(attributes); |
114 CLIENT_ID client_id = {0}; | 116 CLIENT_ID client_id = {0}; |
115 client_id.UniqueProcess = reinterpret_cast<PVOID>( | 117 client_id.UniqueProcess = reinterpret_cast<PVOID>( |
116 static_cast<ULONG_PTR>(client_info.process_id)); | 118 static_cast<ULONG_PTR>(client_info.process_id)); |
117 client_id.UniqueThread = | 119 client_id.UniqueThread = |
118 reinterpret_cast<PVOID>(static_cast<ULONG_PTR>(thread_id)); | 120 reinterpret_cast<PVOID>(static_cast<ULONG_PTR>(thread_id)); |
119 | 121 |
120 HANDLE local_handle = NULL; | 122 HANDLE local_handle = NULL; |
121 NTSTATUS status = NtOpenThread(&local_handle, desired_access, &attributes, | 123 NTSTATUS status = NtOpenThread(&local_handle, desired_access, &attributes, |
122 &client_id); | 124 &client_id); |
123 if (NT_SUCCESS(status)) { | 125 if (NT_SUCCESS(status)) { |
124 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 126 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
125 client_info.process, handle, 0, FALSE, | 127 client_info.process, handle, 0, FALSE, |
126 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 128 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
127 return STATUS_ACCESS_DENIED; | 129 return STATUS_ACCESS_DENIED; |
128 } | 130 } |
129 } | 131 } |
130 | 132 |
131 return status; | 133 return status; |
132 } | 134 } |
133 | 135 |
134 NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info, | 136 NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info, |
135 uint32 desired_access, | 137 uint32_t desired_access, |
136 uint32 process_id, | 138 uint32_t process_id, |
137 HANDLE* handle) { | 139 HANDLE* handle) { |
138 *handle = NULL; | 140 *handle = NULL; |
139 | 141 |
140 NtOpenProcessFunction NtOpenProcess = NULL; | 142 NtOpenProcessFunction NtOpenProcess = NULL; |
141 ResolveNTFunctionPtr("NtOpenProcess", &NtOpenProcess); | 143 ResolveNTFunctionPtr("NtOpenProcess", &NtOpenProcess); |
142 | 144 |
143 if (client_info.process_id != process_id) | 145 if (client_info.process_id != process_id) |
144 return STATUS_ACCESS_DENIED; | 146 return STATUS_ACCESS_DENIED; |
145 | 147 |
146 OBJECT_ATTRIBUTES attributes = {0}; | 148 OBJECT_ATTRIBUTES attributes = {0}; |
(...skipping 10 matching lines...) Expand all Loading... |
157 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 159 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
158 return STATUS_ACCESS_DENIED; | 160 return STATUS_ACCESS_DENIED; |
159 } | 161 } |
160 } | 162 } |
161 | 163 |
162 return status; | 164 return status; |
163 } | 165 } |
164 | 166 |
165 NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info, | 167 NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info, |
166 HANDLE process, | 168 HANDLE process, |
167 uint32 desired_access, | 169 uint32_t desired_access, |
168 HANDLE* handle) { | 170 HANDLE* handle) { |
169 *handle = NULL; | 171 *handle = NULL; |
170 NtOpenProcessTokenFunction NtOpenProcessToken = NULL; | 172 NtOpenProcessTokenFunction NtOpenProcessToken = NULL; |
171 ResolveNTFunctionPtr("NtOpenProcessToken", &NtOpenProcessToken); | 173 ResolveNTFunctionPtr("NtOpenProcessToken", &NtOpenProcessToken); |
172 | 174 |
173 if (CURRENT_PROCESS != process) | 175 if (CURRENT_PROCESS != process) |
174 return STATUS_ACCESS_DENIED; | 176 return STATUS_ACCESS_DENIED; |
175 | 177 |
176 HANDLE local_handle = NULL; | 178 HANDLE local_handle = NULL; |
177 NTSTATUS status = NtOpenProcessToken(client_info.process, desired_access, | 179 NTSTATUS status = NtOpenProcessToken(client_info.process, desired_access, |
178 &local_handle); | 180 &local_handle); |
179 if (NT_SUCCESS(status)) { | 181 if (NT_SUCCESS(status)) { |
180 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 182 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
181 client_info.process, handle, 0, FALSE, | 183 client_info.process, handle, 0, FALSE, |
182 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 184 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
183 return STATUS_ACCESS_DENIED; | 185 return STATUS_ACCESS_DENIED; |
184 } | 186 } |
185 } | 187 } |
186 return status; | 188 return status; |
187 } | 189 } |
188 | 190 |
189 NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info, | 191 NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info, |
190 HANDLE process, | 192 HANDLE process, |
191 uint32 desired_access, | 193 uint32_t desired_access, |
192 uint32 attributes, | 194 uint32_t attributes, |
193 HANDLE* handle) { | 195 HANDLE* handle) { |
194 *handle = NULL; | 196 *handle = NULL; |
195 NtOpenProcessTokenExFunction NtOpenProcessTokenEx = NULL; | 197 NtOpenProcessTokenExFunction NtOpenProcessTokenEx = NULL; |
196 ResolveNTFunctionPtr("NtOpenProcessTokenEx", &NtOpenProcessTokenEx); | 198 ResolveNTFunctionPtr("NtOpenProcessTokenEx", &NtOpenProcessTokenEx); |
197 | 199 |
198 if (CURRENT_PROCESS != process) | 200 if (CURRENT_PROCESS != process) |
199 return STATUS_ACCESS_DENIED; | 201 return STATUS_ACCESS_DENIED; |
200 | 202 |
201 HANDLE local_handle = NULL; | 203 HANDLE local_handle = NULL; |
202 NTSTATUS status = NtOpenProcessTokenEx(client_info.process, desired_access, | 204 NTSTATUS status = NtOpenProcessTokenEx(client_info.process, desired_access, |
(...skipping 27 matching lines...) Expand all Loading... |
230 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, | 232 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, |
231 app_name.c_str(), cmd_line.get(), NULL, NULL, | 233 app_name.c_str(), cmd_line.get(), NULL, NULL, |
232 FALSE, 0, NULL, NULL, &startup_info, | 234 FALSE, 0, NULL, NULL, &startup_info, |
233 process_info)) { | 235 process_info)) { |
234 return ERROR_ACCESS_DENIED; | 236 return ERROR_ACCESS_DENIED; |
235 } | 237 } |
236 return ERROR_SUCCESS; | 238 return ERROR_SUCCESS; |
237 } | 239 } |
238 | 240 |
239 } // namespace sandbox | 241 } // namespace sandbox |
OLD | NEW |