| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "sandbox/win/src/filesystem_interception.h" | |
| 6 | |
| 7 #include <stdint.h> | |
| 8 | |
| 9 #include "sandbox/win/src/crosscall_client.h" | |
| 10 #include "sandbox/win/src/ipc_tags.h" | |
| 11 #include "sandbox/win/src/policy_params.h" | |
| 12 #include "sandbox/win/src/policy_target.h" | |
| 13 #include "sandbox/win/src/sandbox_factory.h" | |
| 14 #include "sandbox/win/src/sandbox_nt_util.h" | |
| 15 #include "sandbox/win/src/sharedmem_ipc_client.h" | |
| 16 #include "sandbox/win/src/target_services.h" | |
| 17 | |
| 18 namespace sandbox { | |
| 19 | |
| 20 NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile, | |
| 21 PHANDLE file, ACCESS_MASK desired_access, | |
| 22 POBJECT_ATTRIBUTES object_attributes, | |
| 23 PIO_STATUS_BLOCK io_status, | |
| 24 PLARGE_INTEGER allocation_size, | |
| 25 ULONG file_attributes, ULONG sharing, | |
| 26 ULONG disposition, ULONG options, | |
| 27 PVOID ea_buffer, ULONG ea_length) { | |
| 28 // Check if the process can open it first. | |
| 29 NTSTATUS status = orig_CreateFile(file, desired_access, object_attributes, | |
| 30 io_status, allocation_size, | |
| 31 file_attributes, sharing, disposition, | |
| 32 options, ea_buffer, ea_length); | |
| 33 if (STATUS_ACCESS_DENIED != status) | |
| 34 return status; | |
| 35 | |
| 36 // We don't trust that the IPC can work this early. | |
| 37 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
| 38 return status; | |
| 39 | |
| 40 wchar_t* name = NULL; | |
| 41 do { | |
| 42 if (!ValidParameter(file, sizeof(HANDLE), WRITE)) | |
| 43 break; | |
| 44 if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) | |
| 45 break; | |
| 46 | |
| 47 void* memory = GetGlobalIPCMemory(); | |
| 48 if (NULL == memory) | |
| 49 break; | |
| 50 | |
| 51 uint32_t attributes = 0; | |
| 52 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, | |
| 53 NULL); | |
| 54 if (!NT_SUCCESS(ret) || NULL == name) | |
| 55 break; | |
| 56 | |
| 57 uint32_t desired_access_uint32 = desired_access; | |
| 58 uint32_t options_uint32 = options; | |
| 59 uint32_t disposition_uint32 = disposition; | |
| 60 uint32_t broker = FALSE; | |
| 61 CountedParameterSet<OpenFile> params; | |
| 62 params[OpenFile::NAME] = ParamPickerMake(name); | |
| 63 params[OpenFile::ACCESS] = ParamPickerMake(desired_access_uint32); | |
| 64 params[OpenFile::DISPOSITION] = ParamPickerMake(disposition_uint32); | |
| 65 params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32); | |
| 66 params[OpenFile::BROKER] = ParamPickerMake(broker); | |
| 67 | |
| 68 if (!QueryBroker(IPC_NTCREATEFILE_TAG, params.GetBase())) | |
| 69 break; | |
| 70 | |
| 71 SharedMemIPCClient ipc(memory); | |
| 72 CrossCallReturn answer = {0}; | |
| 73 // The following call must match in the parameters with | |
| 74 // FilesystemDispatcher::ProcessNtCreateFile. | |
| 75 ResultCode code = CrossCall(ipc, IPC_NTCREATEFILE_TAG, name, attributes, | |
| 76 desired_access_uint32, file_attributes, sharing, | |
| 77 disposition, options_uint32, &answer); | |
| 78 if (SBOX_ALL_OK != code) | |
| 79 break; | |
| 80 | |
| 81 status = answer.nt_status; | |
| 82 | |
| 83 if (!NT_SUCCESS(answer.nt_status)) | |
| 84 break; | |
| 85 | |
| 86 __try { | |
| 87 *file = answer.handle; | |
| 88 io_status->Status = answer.nt_status; | |
| 89 io_status->Information = answer.extended[0].ulong_ptr; | |
| 90 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
| 91 break; | |
| 92 } | |
| 93 } while (false); | |
| 94 | |
| 95 if (name) | |
| 96 operator delete(name, NT_ALLOC); | |
| 97 | |
| 98 return status; | |
| 99 } | |
| 100 | |
| 101 NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file, | |
| 102 ACCESS_MASK desired_access, | |
| 103 POBJECT_ATTRIBUTES object_attributes, | |
| 104 PIO_STATUS_BLOCK io_status, ULONG sharing, | |
| 105 ULONG options) { | |
| 106 // Check if the process can open it first. | |
| 107 NTSTATUS status = orig_OpenFile(file, desired_access, object_attributes, | |
| 108 io_status, sharing, options); | |
| 109 if (STATUS_ACCESS_DENIED != status) | |
| 110 return status; | |
| 111 | |
| 112 // We don't trust that the IPC can work this early. | |
| 113 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
| 114 return status; | |
| 115 | |
| 116 wchar_t* name = NULL; | |
| 117 do { | |
| 118 if (!ValidParameter(file, sizeof(HANDLE), WRITE)) | |
| 119 break; | |
| 120 if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) | |
| 121 break; | |
| 122 | |
| 123 void* memory = GetGlobalIPCMemory(); | |
| 124 if (NULL == memory) | |
| 125 break; | |
| 126 | |
| 127 uint32_t attributes; | |
| 128 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, | |
| 129 NULL); | |
| 130 if (!NT_SUCCESS(ret) || NULL == name) | |
| 131 break; | |
| 132 | |
| 133 uint32_t desired_access_uint32 = desired_access; | |
| 134 uint32_t options_uint32 = options; | |
| 135 uint32_t disposition_uint32 = FILE_OPEN; | |
| 136 uint32_t broker = FALSE; | |
| 137 CountedParameterSet<OpenFile> params; | |
| 138 params[OpenFile::NAME] = ParamPickerMake(name); | |
| 139 params[OpenFile::ACCESS] = ParamPickerMake(desired_access_uint32); | |
| 140 params[OpenFile::DISPOSITION] = ParamPickerMake(disposition_uint32); | |
| 141 params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32); | |
| 142 params[OpenFile::BROKER] = ParamPickerMake(broker); | |
| 143 | |
| 144 if (!QueryBroker(IPC_NTOPENFILE_TAG, params.GetBase())) | |
| 145 break; | |
| 146 | |
| 147 SharedMemIPCClient ipc(memory); | |
| 148 CrossCallReturn answer = {0}; | |
| 149 ResultCode code = CrossCall(ipc, IPC_NTOPENFILE_TAG, name, attributes, | |
| 150 desired_access_uint32, sharing, options_uint32, | |
| 151 &answer); | |
| 152 if (SBOX_ALL_OK != code) | |
| 153 break; | |
| 154 | |
| 155 status = answer.nt_status; | |
| 156 | |
| 157 if (!NT_SUCCESS(answer.nt_status)) | |
| 158 break; | |
| 159 | |
| 160 __try { | |
| 161 *file = answer.handle; | |
| 162 io_status->Status = answer.nt_status; | |
| 163 io_status->Information = answer.extended[0].ulong_ptr; | |
| 164 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
| 165 break; | |
| 166 } | |
| 167 } while (false); | |
| 168 | |
| 169 if (name) | |
| 170 operator delete(name, NT_ALLOC); | |
| 171 | |
| 172 return status; | |
| 173 } | |
| 174 | |
| 175 NTSTATUS WINAPI TargetNtQueryAttributesFile( | |
| 176 NtQueryAttributesFileFunction orig_QueryAttributes, | |
| 177 POBJECT_ATTRIBUTES object_attributes, | |
| 178 PFILE_BASIC_INFORMATION file_attributes) { | |
| 179 // Check if the process can query it first. | |
| 180 NTSTATUS status = orig_QueryAttributes(object_attributes, file_attributes); | |
| 181 if (STATUS_ACCESS_DENIED != status) | |
| 182 return status; | |
| 183 | |
| 184 // We don't trust that the IPC can work this early. | |
| 185 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
| 186 return status; | |
| 187 | |
| 188 wchar_t* name = NULL; | |
| 189 do { | |
| 190 if (!ValidParameter(file_attributes, sizeof(FILE_BASIC_INFORMATION), WRITE)) | |
| 191 break; | |
| 192 | |
| 193 void* memory = GetGlobalIPCMemory(); | |
| 194 if (NULL == memory) | |
| 195 break; | |
| 196 | |
| 197 uint32_t attributes = 0; | |
| 198 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, | |
| 199 NULL); | |
| 200 if (!NT_SUCCESS(ret) || NULL == name) | |
| 201 break; | |
| 202 | |
| 203 InOutCountedBuffer file_info(file_attributes, | |
| 204 sizeof(FILE_BASIC_INFORMATION)); | |
| 205 | |
| 206 uint32_t broker = FALSE; | |
| 207 CountedParameterSet<FileName> params; | |
| 208 params[FileName::NAME] = ParamPickerMake(name); | |
| 209 params[FileName::BROKER] = ParamPickerMake(broker); | |
| 210 | |
| 211 if (!QueryBroker(IPC_NTQUERYATTRIBUTESFILE_TAG, params.GetBase())) | |
| 212 break; | |
| 213 | |
| 214 SharedMemIPCClient ipc(memory); | |
| 215 CrossCallReturn answer = {0}; | |
| 216 ResultCode code = CrossCall(ipc, IPC_NTQUERYATTRIBUTESFILE_TAG, name, | |
| 217 attributes, file_info, &answer); | |
| 218 | |
| 219 if (SBOX_ALL_OK != code) | |
| 220 break; | |
| 221 | |
| 222 status = answer.nt_status; | |
| 223 | |
| 224 } while (false); | |
| 225 | |
| 226 if (name) | |
| 227 operator delete(name, NT_ALLOC); | |
| 228 | |
| 229 return status; | |
| 230 } | |
| 231 | |
| 232 NTSTATUS WINAPI TargetNtQueryFullAttributesFile( | |
| 233 NtQueryFullAttributesFileFunction orig_QueryFullAttributes, | |
| 234 POBJECT_ATTRIBUTES object_attributes, | |
| 235 PFILE_NETWORK_OPEN_INFORMATION file_attributes) { | |
| 236 // Check if the process can query it first. | |
| 237 NTSTATUS status = orig_QueryFullAttributes(object_attributes, | |
| 238 file_attributes); | |
| 239 if (STATUS_ACCESS_DENIED != status) | |
| 240 return status; | |
| 241 | |
| 242 // We don't trust that the IPC can work this early. | |
| 243 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
| 244 return status; | |
| 245 | |
| 246 wchar_t* name = NULL; | |
| 247 do { | |
| 248 if (!ValidParameter(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION), | |
| 249 WRITE)) | |
| 250 break; | |
| 251 | |
| 252 void* memory = GetGlobalIPCMemory(); | |
| 253 if (NULL == memory) | |
| 254 break; | |
| 255 | |
| 256 uint32_t attributes = 0; | |
| 257 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, | |
| 258 NULL); | |
| 259 if (!NT_SUCCESS(ret) || NULL == name) | |
| 260 break; | |
| 261 | |
| 262 InOutCountedBuffer file_info(file_attributes, | |
| 263 sizeof(FILE_NETWORK_OPEN_INFORMATION)); | |
| 264 | |
| 265 uint32_t broker = FALSE; | |
| 266 CountedParameterSet<FileName> params; | |
| 267 params[FileName::NAME] = ParamPickerMake(name); | |
| 268 params[FileName::BROKER] = ParamPickerMake(broker); | |
| 269 | |
| 270 if (!QueryBroker(IPC_NTQUERYFULLATTRIBUTESFILE_TAG, params.GetBase())) | |
| 271 break; | |
| 272 | |
| 273 SharedMemIPCClient ipc(memory); | |
| 274 CrossCallReturn answer = {0}; | |
| 275 ResultCode code = CrossCall(ipc, IPC_NTQUERYFULLATTRIBUTESFILE_TAG, name, | |
| 276 attributes, file_info, &answer); | |
| 277 | |
| 278 if (SBOX_ALL_OK != code) | |
| 279 break; | |
| 280 | |
| 281 status = answer.nt_status; | |
| 282 } while (false); | |
| 283 | |
| 284 if (name) | |
| 285 operator delete(name, NT_ALLOC); | |
| 286 | |
| 287 return status; | |
| 288 } | |
| 289 | |
| 290 NTSTATUS WINAPI TargetNtSetInformationFile( | |
| 291 NtSetInformationFileFunction orig_SetInformationFile, HANDLE file, | |
| 292 PIO_STATUS_BLOCK io_status, PVOID file_info, ULONG length, | |
| 293 FILE_INFORMATION_CLASS file_info_class) { | |
| 294 // Check if the process can open it first. | |
| 295 NTSTATUS status = orig_SetInformationFile(file, io_status, file_info, length, | |
| 296 file_info_class); | |
| 297 if (STATUS_ACCESS_DENIED != status) | |
| 298 return status; | |
| 299 | |
| 300 // We don't trust that the IPC can work this early. | |
| 301 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
| 302 return status; | |
| 303 | |
| 304 wchar_t* name = NULL; | |
| 305 do { | |
| 306 void* memory = GetGlobalIPCMemory(); | |
| 307 if (NULL == memory) | |
| 308 break; | |
| 309 | |
| 310 if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) | |
| 311 break; | |
| 312 | |
| 313 if (!ValidParameter(file_info, length, READ)) | |
| 314 break; | |
| 315 | |
| 316 FILE_RENAME_INFORMATION* file_rename_info = | |
| 317 reinterpret_cast<FILE_RENAME_INFORMATION*>(file_info); | |
| 318 OBJECT_ATTRIBUTES object_attributes; | |
| 319 UNICODE_STRING object_name; | |
| 320 InitializeObjectAttributes(&object_attributes, &object_name, 0, NULL, NULL); | |
| 321 | |
| 322 __try { | |
| 323 if (!IsSupportedRenameCall(file_rename_info, length, file_info_class)) | |
| 324 break; | |
| 325 | |
| 326 object_attributes.RootDirectory = file_rename_info->RootDirectory; | |
| 327 object_name.Buffer = file_rename_info->FileName; | |
| 328 object_name.Length = object_name.MaximumLength = | |
| 329 static_cast<USHORT>(file_rename_info->FileNameLength); | |
| 330 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
| 331 break; | |
| 332 } | |
| 333 | |
| 334 NTSTATUS ret = AllocAndCopyName(&object_attributes, &name, NULL, NULL); | |
| 335 if (!NT_SUCCESS(ret) || !name) | |
| 336 break; | |
| 337 | |
| 338 uint32_t broker = FALSE; | |
| 339 CountedParameterSet<FileName> params; | |
| 340 params[FileName::NAME] = ParamPickerMake(name); | |
| 341 params[FileName::BROKER] = ParamPickerMake(broker); | |
| 342 | |
| 343 if (!QueryBroker(IPC_NTSETINFO_RENAME_TAG, params.GetBase())) | |
| 344 break; | |
| 345 | |
| 346 InOutCountedBuffer io_status_buffer(io_status, sizeof(IO_STATUS_BLOCK)); | |
| 347 // This is actually not an InOut buffer, only In, but using InOut facility | |
| 348 // really helps to simplify the code. | |
| 349 InOutCountedBuffer file_info_buffer(file_info, length); | |
| 350 | |
| 351 SharedMemIPCClient ipc(memory); | |
| 352 CrossCallReturn answer = {0}; | |
| 353 ResultCode code = CrossCall(ipc, IPC_NTSETINFO_RENAME_TAG, file, | |
| 354 io_status_buffer, file_info_buffer, length, | |
| 355 file_info_class, &answer); | |
| 356 | |
| 357 if (SBOX_ALL_OK != code) | |
| 358 break; | |
| 359 | |
| 360 status = answer.nt_status; | |
| 361 } while (false); | |
| 362 | |
| 363 if (name) | |
| 364 operator delete(name, NT_ALLOC); | |
| 365 | |
| 366 return status; | |
| 367 } | |
| 368 | |
| 369 } // namespace sandbox | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master