| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "sandbox/win/sandbox_poc/sandbox.h" | |
| 6 | |
| 7 #include <windows.h> | |
| 8 #include <tchar.h> | |
| 9 #include <shellapi.h> | |
| 10 | |
| 11 #include <string> | |
| 12 | |
| 13 #include "base/logging.h" | |
| 14 #include "sandbox/win/sandbox_poc/main_ui_window.h" | |
| 15 #include "sandbox/win/src/sandbox.h" | |
| 16 #include "sandbox/win/src/sandbox_factory.h" | |
| 17 | |
| 18 // Prototype allowed for functions to be called in the POC | |
| 19 typedef void(__cdecl *lpfnInit)(HANDLE); | |
| 20 | |
| 21 bool ParseCommandLine(wchar_t * command_line, | |
| 22 std::string * dll_name, | |
| 23 std::string * entry_point, | |
| 24 base::string16 * log_file) { | |
| 25 DCHECK(dll_name); | |
| 26 DCHECK(entry_point); | |
| 27 DCHECK(log_file); | |
| 28 if (!dll_name || !entry_point || !log_file) | |
| 29 return false; | |
| 30 | |
| 31 LPWSTR* arg_list; | |
| 32 int arg_count; | |
| 33 | |
| 34 // We expect the command line to contain: EntryPointName "DLLPath" "LogPath" | |
| 35 // NOTE: Double quotes are required, even if long path name not used | |
| 36 // NOTE: LogPath can be blank, but still requires the double quotes | |
| 37 arg_list = CommandLineToArgvW(command_line, &arg_count); | |
| 38 if (NULL == arg_list || arg_count < 4) { | |
| 39 return false; | |
| 40 } | |
| 41 | |
| 42 base::string16 entry_point_wide = arg_list[1]; | |
| 43 base::string16 dll_name_wide = arg_list[2]; | |
| 44 *entry_point = std::string(entry_point_wide.begin(), entry_point_wide.end()); | |
| 45 *dll_name = std::string(dll_name_wide.begin(), dll_name_wide.end()); | |
| 46 *log_file = arg_list[3]; | |
| 47 | |
| 48 // Free memory allocated for CommandLineToArgvW arguments. | |
| 49 LocalFree(arg_list); | |
| 50 | |
| 51 return true; | |
| 52 } | |
| 53 | |
| 54 int APIENTRY _tWinMain(HINSTANCE instance, HINSTANCE, wchar_t* command_line, | |
| 55 int show_command) { | |
| 56 sandbox::BrokerServices* broker_service = | |
| 57 sandbox::SandboxFactory::GetBrokerServices(); | |
| 58 sandbox::ResultCode result; | |
| 59 | |
| 60 // This application starts as the broker; an application with a UI that | |
| 61 // spawns an instance of itself (called a 'target') inside the sandbox. | |
| 62 // Before spawning a hidden instance of itself, the application will have | |
| 63 // asked the user which DLL the spawned instance should load and passes | |
| 64 // that as command line argument to the spawned instance. | |
| 65 // | |
| 66 // We check here to see if we can retrieve a pointer to the BrokerServices, | |
| 67 // which is not possible if we are running inside the sandbox under a | |
| 68 // restricted token so it also tells us which mode we are in. If we can | |
| 69 // retrieve the pointer, then we are the broker, otherwise we are the target | |
| 70 // that the broker launched. | |
| 71 if (NULL != broker_service) { | |
| 72 // Yes, we are the broker so we need to initialize and show the UI | |
| 73 if (0 != (result = broker_service->Init())) { | |
| 74 ::MessageBox(NULL, L"Failed to initialize the BrokerServices object", | |
| 75 L"Error during initialization", MB_ICONERROR); | |
| 76 return 1; | |
| 77 } | |
| 78 | |
| 79 wchar_t exe_name[MAX_PATH]; | |
| 80 if (0 == GetModuleFileName(NULL, exe_name, MAX_PATH - 1)) { | |
| 81 ::MessageBox(NULL, L"Failed to get name of current EXE", | |
| 82 L"Error during initialization", MB_ICONERROR); | |
| 83 return 1; | |
| 84 } | |
| 85 | |
| 86 // The CreateMainWindowAndLoop() call will not return until the user closes | |
| 87 // the application window (or selects File\Exit). | |
| 88 MainUIWindow window; | |
| 89 window.CreateMainWindowAndLoop(instance, | |
| 90 exe_name, | |
| 91 show_command, | |
| 92 broker_service); | |
| 93 | |
| 94 | |
| 95 // Cannot exit until we have cleaned up after all the targets we have | |
| 96 // created | |
| 97 broker_service->WaitForAllTargets(); | |
| 98 } else { | |
| 99 // This is an instance that has been spawned inside the sandbox by the | |
| 100 // broker, so we need to parse the command line to figure out which DLL to | |
| 101 // load and what entry point to call | |
| 102 sandbox::TargetServices* target_service | |
| 103 = sandbox::SandboxFactory::GetTargetServices(); | |
| 104 | |
| 105 if (NULL == target_service) { | |
| 106 // TODO(finnur): write the failure to the log file | |
| 107 // We cannot display messageboxes inside the sandbox unless access to | |
| 108 // the desktop handle has been granted to us, and we don't have a | |
| 109 // console window to write to. Therefore we need to have the broker | |
| 110 // grant us access to a handle to a logfile and write the error that | |
| 111 // occurred into the log before continuing | |
| 112 return -1; | |
| 113 } | |
| 114 | |
| 115 // Debugging the spawned application can be tricky, because DebugBreak() | |
| 116 // and _asm int 3 cause the app to terminate (due to a flag in the job | |
| 117 // object), MessageBoxes() will not be displayed unless we have been granted | |
| 118 // that privilege and the target finishes its business so quickly we cannot | |
| 119 // attach to it quickly enough. Therefore, you can uncomment the | |
| 120 // following line and attach (w. msdev or windbg) as the target is sleeping | |
| 121 | |
| 122 // Sleep(10000); | |
| 123 | |
| 124 if (sandbox::SBOX_ALL_OK != (result = target_service->Init())) { | |
| 125 // TODO(finnur): write the initialization error to the log file | |
| 126 return -2; | |
| 127 } | |
| 128 | |
| 129 // Parse the command line to find out what we need to call | |
| 130 std::string dll_name, entry_point; | |
| 131 base::string16 log_file; | |
| 132 if (!ParseCommandLine(GetCommandLineW(), | |
| 133 &dll_name, | |
| 134 &entry_point, | |
| 135 &log_file)) { | |
| 136 // TODO(finnur): write the failure to the log file | |
| 137 return -3; | |
| 138 } | |
| 139 | |
| 140 // Open the pipe to transfert the log output | |
| 141 HANDLE pipe = ::CreateFile(log_file.c_str(), | |
| 142 GENERIC_WRITE, | |
| 143 FILE_SHARE_READ | FILE_SHARE_WRITE, | |
| 144 NULL, // Default security attributes. | |
| 145 CREATE_ALWAYS, | |
| 146 FILE_ATTRIBUTE_NORMAL, | |
| 147 NULL); // No template | |
| 148 | |
| 149 if (INVALID_HANDLE_VALUE == pipe) { | |
| 150 return -4; | |
| 151 } | |
| 152 | |
| 153 // We now know what we should load, so load it | |
| 154 HMODULE dll_module = ::LoadLibraryA(dll_name.c_str()); | |
| 155 if (dll_module == NULL) { | |
| 156 // TODO(finnur): write the failure to the log file | |
| 157 return -5; | |
| 158 } | |
| 159 | |
| 160 // Initialization is finished, so we can enter lock-down mode | |
| 161 target_service->LowerToken(); | |
| 162 | |
| 163 lpfnInit init_function = | |
| 164 (lpfnInit) ::GetProcAddress(dll_module, entry_point.c_str()); | |
| 165 | |
| 166 if (!init_function) { | |
| 167 // TODO(finnur): write the failure to the log file | |
| 168 ::FreeLibrary(dll_module); | |
| 169 CloseHandle(pipe); | |
| 170 return -6; | |
| 171 } | |
| 172 | |
| 173 // Transfer control to the entry point in the DLL requested | |
| 174 init_function(pipe); | |
| 175 | |
| 176 CloseHandle(pipe); | |
| 177 Sleep(1000); // Give a change to the debug output to arrive before the | |
| 178 // end of the process | |
| 179 | |
| 180 ::FreeLibrary(dll_module); | |
| 181 } | |
| 182 | |
| 183 return 0; | |
| 184 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master