OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/process_thread_policy.h" | 5 #include "sandbox/win/src/process_thread_policy.h" |
6 | 6 |
7 #include <stdint.h> | |
8 | |
9 #include <string> | 7 #include <string> |
10 | 8 |
11 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
12 #include "sandbox/win/src/ipc_tags.h" | 10 #include "sandbox/win/src/ipc_tags.h" |
13 #include "sandbox/win/src/nt_internals.h" | 11 #include "sandbox/win/src/nt_internals.h" |
14 #include "sandbox/win/src/policy_engine_opcodes.h" | 12 #include "sandbox/win/src/policy_engine_opcodes.h" |
15 #include "sandbox/win/src/policy_params.h" | 13 #include "sandbox/win/src/policy_params.h" |
16 #include "sandbox/win/src/sandbox_types.h" | 14 #include "sandbox/win/src/sandbox_types.h" |
17 #include "sandbox/win/src/win_utils.h" | 15 #include "sandbox/win/src/win_utils.h" |
18 | 16 |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
96 if (!process->AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) { | 94 if (!process->AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) { |
97 return false; | 95 return false; |
98 } | 96 } |
99 if (!policy->AddRule(IPC_CREATEPROCESSW_TAG, process.get())) { | 97 if (!policy->AddRule(IPC_CREATEPROCESSW_TAG, process.get())) { |
100 return false; | 98 return false; |
101 } | 99 } |
102 return true; | 100 return true; |
103 } | 101 } |
104 | 102 |
105 NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info, | 103 NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info, |
106 uint32_t desired_access, | 104 uint32 desired_access, |
107 uint32_t thread_id, | 105 uint32 thread_id, |
108 HANDLE* handle) { | 106 HANDLE* handle) { |
109 *handle = NULL; | 107 *handle = NULL; |
110 | 108 |
111 NtOpenThreadFunction NtOpenThread = NULL; | 109 NtOpenThreadFunction NtOpenThread = NULL; |
112 ResolveNTFunctionPtr("NtOpenThread", &NtOpenThread); | 110 ResolveNTFunctionPtr("NtOpenThread", &NtOpenThread); |
113 | 111 |
114 OBJECT_ATTRIBUTES attributes = {0}; | 112 OBJECT_ATTRIBUTES attributes = {0}; |
115 attributes.Length = sizeof(attributes); | 113 attributes.Length = sizeof(attributes); |
116 CLIENT_ID client_id = {0}; | 114 CLIENT_ID client_id = {0}; |
117 client_id.UniqueProcess = reinterpret_cast<PVOID>( | 115 client_id.UniqueProcess = reinterpret_cast<PVOID>( |
118 static_cast<ULONG_PTR>(client_info.process_id)); | 116 static_cast<ULONG_PTR>(client_info.process_id)); |
119 client_id.UniqueThread = | 117 client_id.UniqueThread = |
120 reinterpret_cast<PVOID>(static_cast<ULONG_PTR>(thread_id)); | 118 reinterpret_cast<PVOID>(static_cast<ULONG_PTR>(thread_id)); |
121 | 119 |
122 HANDLE local_handle = NULL; | 120 HANDLE local_handle = NULL; |
123 NTSTATUS status = NtOpenThread(&local_handle, desired_access, &attributes, | 121 NTSTATUS status = NtOpenThread(&local_handle, desired_access, &attributes, |
124 &client_id); | 122 &client_id); |
125 if (NT_SUCCESS(status)) { | 123 if (NT_SUCCESS(status)) { |
126 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 124 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
127 client_info.process, handle, 0, FALSE, | 125 client_info.process, handle, 0, FALSE, |
128 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 126 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
129 return STATUS_ACCESS_DENIED; | 127 return STATUS_ACCESS_DENIED; |
130 } | 128 } |
131 } | 129 } |
132 | 130 |
133 return status; | 131 return status; |
134 } | 132 } |
135 | 133 |
136 NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info, | 134 NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info, |
137 uint32_t desired_access, | 135 uint32 desired_access, |
138 uint32_t process_id, | 136 uint32 process_id, |
139 HANDLE* handle) { | 137 HANDLE* handle) { |
140 *handle = NULL; | 138 *handle = NULL; |
141 | 139 |
142 NtOpenProcessFunction NtOpenProcess = NULL; | 140 NtOpenProcessFunction NtOpenProcess = NULL; |
143 ResolveNTFunctionPtr("NtOpenProcess", &NtOpenProcess); | 141 ResolveNTFunctionPtr("NtOpenProcess", &NtOpenProcess); |
144 | 142 |
145 if (client_info.process_id != process_id) | 143 if (client_info.process_id != process_id) |
146 return STATUS_ACCESS_DENIED; | 144 return STATUS_ACCESS_DENIED; |
147 | 145 |
148 OBJECT_ATTRIBUTES attributes = {0}; | 146 OBJECT_ATTRIBUTES attributes = {0}; |
(...skipping 10 matching lines...) Expand all Loading... |
159 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 157 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
160 return STATUS_ACCESS_DENIED; | 158 return STATUS_ACCESS_DENIED; |
161 } | 159 } |
162 } | 160 } |
163 | 161 |
164 return status; | 162 return status; |
165 } | 163 } |
166 | 164 |
167 NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info, | 165 NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info, |
168 HANDLE process, | 166 HANDLE process, |
169 uint32_t desired_access, | 167 uint32 desired_access, |
170 HANDLE* handle) { | 168 HANDLE* handle) { |
171 *handle = NULL; | 169 *handle = NULL; |
172 NtOpenProcessTokenFunction NtOpenProcessToken = NULL; | 170 NtOpenProcessTokenFunction NtOpenProcessToken = NULL; |
173 ResolveNTFunctionPtr("NtOpenProcessToken", &NtOpenProcessToken); | 171 ResolveNTFunctionPtr("NtOpenProcessToken", &NtOpenProcessToken); |
174 | 172 |
175 if (CURRENT_PROCESS != process) | 173 if (CURRENT_PROCESS != process) |
176 return STATUS_ACCESS_DENIED; | 174 return STATUS_ACCESS_DENIED; |
177 | 175 |
178 HANDLE local_handle = NULL; | 176 HANDLE local_handle = NULL; |
179 NTSTATUS status = NtOpenProcessToken(client_info.process, desired_access, | 177 NTSTATUS status = NtOpenProcessToken(client_info.process, desired_access, |
180 &local_handle); | 178 &local_handle); |
181 if (NT_SUCCESS(status)) { | 179 if (NT_SUCCESS(status)) { |
182 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 180 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
183 client_info.process, handle, 0, FALSE, | 181 client_info.process, handle, 0, FALSE, |
184 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 182 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
185 return STATUS_ACCESS_DENIED; | 183 return STATUS_ACCESS_DENIED; |
186 } | 184 } |
187 } | 185 } |
188 return status; | 186 return status; |
189 } | 187 } |
190 | 188 |
191 NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info, | 189 NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info, |
192 HANDLE process, | 190 HANDLE process, |
193 uint32_t desired_access, | 191 uint32 desired_access, |
194 uint32_t attributes, | 192 uint32 attributes, |
195 HANDLE* handle) { | 193 HANDLE* handle) { |
196 *handle = NULL; | 194 *handle = NULL; |
197 NtOpenProcessTokenExFunction NtOpenProcessTokenEx = NULL; | 195 NtOpenProcessTokenExFunction NtOpenProcessTokenEx = NULL; |
198 ResolveNTFunctionPtr("NtOpenProcessTokenEx", &NtOpenProcessTokenEx); | 196 ResolveNTFunctionPtr("NtOpenProcessTokenEx", &NtOpenProcessTokenEx); |
199 | 197 |
200 if (CURRENT_PROCESS != process) | 198 if (CURRENT_PROCESS != process) |
201 return STATUS_ACCESS_DENIED; | 199 return STATUS_ACCESS_DENIED; |
202 | 200 |
203 HANDLE local_handle = NULL; | 201 HANDLE local_handle = NULL; |
204 NTSTATUS status = NtOpenProcessTokenEx(client_info.process, desired_access, | 202 NTSTATUS status = NtOpenProcessTokenEx(client_info.process, desired_access, |
(...skipping 27 matching lines...) Expand all Loading... |
232 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, | 230 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, |
233 app_name.c_str(), cmd_line.get(), NULL, NULL, | 231 app_name.c_str(), cmd_line.get(), NULL, NULL, |
234 FALSE, 0, NULL, NULL, &startup_info, | 232 FALSE, 0, NULL, NULL, &startup_info, |
235 process_info)) { | 233 process_info)) { |
236 return ERROR_ACCESS_DENIED; | 234 return ERROR_ACCESS_DENIED; |
237 } | 235 } |
238 return ERROR_SUCCESS; | 236 return ERROR_SUCCESS; |
239 } | 237 } |
240 | 238 |
241 } // namespace sandbox | 239 } // namespace sandbox |
OLD | NEW |