OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "sandbox/win/src/filesystem_interception.h" | |
6 | |
7 #include <stdint.h> | |
8 | |
9 #include "sandbox/win/src/crosscall_client.h" | |
10 #include "sandbox/win/src/ipc_tags.h" | |
11 #include "sandbox/win/src/policy_params.h" | |
12 #include "sandbox/win/src/policy_target.h" | |
13 #include "sandbox/win/src/sandbox_factory.h" | |
14 #include "sandbox/win/src/sandbox_nt_util.h" | |
15 #include "sandbox/win/src/sharedmem_ipc_client.h" | |
16 #include "sandbox/win/src/target_services.h" | |
17 | |
18 namespace sandbox { | |
19 | |
20 NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile, | |
21 PHANDLE file, ACCESS_MASK desired_access, | |
22 POBJECT_ATTRIBUTES object_attributes, | |
23 PIO_STATUS_BLOCK io_status, | |
24 PLARGE_INTEGER allocation_size, | |
25 ULONG file_attributes, ULONG sharing, | |
26 ULONG disposition, ULONG options, | |
27 PVOID ea_buffer, ULONG ea_length) { | |
28 // Check if the process can open it first. | |
29 NTSTATUS status = orig_CreateFile(file, desired_access, object_attributes, | |
30 io_status, allocation_size, | |
31 file_attributes, sharing, disposition, | |
32 options, ea_buffer, ea_length); | |
33 if (STATUS_ACCESS_DENIED != status) | |
34 return status; | |
35 | |
36 // We don't trust that the IPC can work this early. | |
37 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
38 return status; | |
39 | |
40 wchar_t* name = NULL; | |
41 do { | |
42 if (!ValidParameter(file, sizeof(HANDLE), WRITE)) | |
43 break; | |
44 if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) | |
45 break; | |
46 | |
47 void* memory = GetGlobalIPCMemory(); | |
48 if (NULL == memory) | |
49 break; | |
50 | |
51 uint32_t attributes = 0; | |
52 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, | |
53 NULL); | |
54 if (!NT_SUCCESS(ret) || NULL == name) | |
55 break; | |
56 | |
57 uint32_t desired_access_uint32 = desired_access; | |
58 uint32_t options_uint32 = options; | |
59 uint32_t disposition_uint32 = disposition; | |
60 uint32_t broker = FALSE; | |
61 CountedParameterSet<OpenFile> params; | |
62 params[OpenFile::NAME] = ParamPickerMake(name); | |
63 params[OpenFile::ACCESS] = ParamPickerMake(desired_access_uint32); | |
64 params[OpenFile::DISPOSITION] = ParamPickerMake(disposition_uint32); | |
65 params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32); | |
66 params[OpenFile::BROKER] = ParamPickerMake(broker); | |
67 | |
68 if (!QueryBroker(IPC_NTCREATEFILE_TAG, params.GetBase())) | |
69 break; | |
70 | |
71 SharedMemIPCClient ipc(memory); | |
72 CrossCallReturn answer = {0}; | |
73 // The following call must match in the parameters with | |
74 // FilesystemDispatcher::ProcessNtCreateFile. | |
75 ResultCode code = CrossCall(ipc, IPC_NTCREATEFILE_TAG, name, attributes, | |
76 desired_access_uint32, file_attributes, sharing, | |
77 disposition, options_uint32, &answer); | |
78 if (SBOX_ALL_OK != code) | |
79 break; | |
80 | |
81 status = answer.nt_status; | |
82 | |
83 if (!NT_SUCCESS(answer.nt_status)) | |
84 break; | |
85 | |
86 __try { | |
87 *file = answer.handle; | |
88 io_status->Status = answer.nt_status; | |
89 io_status->Information = answer.extended[0].ulong_ptr; | |
90 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
91 break; | |
92 } | |
93 } while (false); | |
94 | |
95 if (name) | |
96 operator delete(name, NT_ALLOC); | |
97 | |
98 return status; | |
99 } | |
100 | |
101 NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file, | |
102 ACCESS_MASK desired_access, | |
103 POBJECT_ATTRIBUTES object_attributes, | |
104 PIO_STATUS_BLOCK io_status, ULONG sharing, | |
105 ULONG options) { | |
106 // Check if the process can open it first. | |
107 NTSTATUS status = orig_OpenFile(file, desired_access, object_attributes, | |
108 io_status, sharing, options); | |
109 if (STATUS_ACCESS_DENIED != status) | |
110 return status; | |
111 | |
112 // We don't trust that the IPC can work this early. | |
113 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
114 return status; | |
115 | |
116 wchar_t* name = NULL; | |
117 do { | |
118 if (!ValidParameter(file, sizeof(HANDLE), WRITE)) | |
119 break; | |
120 if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) | |
121 break; | |
122 | |
123 void* memory = GetGlobalIPCMemory(); | |
124 if (NULL == memory) | |
125 break; | |
126 | |
127 uint32_t attributes; | |
128 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, | |
129 NULL); | |
130 if (!NT_SUCCESS(ret) || NULL == name) | |
131 break; | |
132 | |
133 uint32_t desired_access_uint32 = desired_access; | |
134 uint32_t options_uint32 = options; | |
135 uint32_t disposition_uint32 = FILE_OPEN; | |
136 uint32_t broker = FALSE; | |
137 CountedParameterSet<OpenFile> params; | |
138 params[OpenFile::NAME] = ParamPickerMake(name); | |
139 params[OpenFile::ACCESS] = ParamPickerMake(desired_access_uint32); | |
140 params[OpenFile::DISPOSITION] = ParamPickerMake(disposition_uint32); | |
141 params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32); | |
142 params[OpenFile::BROKER] = ParamPickerMake(broker); | |
143 | |
144 if (!QueryBroker(IPC_NTOPENFILE_TAG, params.GetBase())) | |
145 break; | |
146 | |
147 SharedMemIPCClient ipc(memory); | |
148 CrossCallReturn answer = {0}; | |
149 ResultCode code = CrossCall(ipc, IPC_NTOPENFILE_TAG, name, attributes, | |
150 desired_access_uint32, sharing, options_uint32, | |
151 &answer); | |
152 if (SBOX_ALL_OK != code) | |
153 break; | |
154 | |
155 status = answer.nt_status; | |
156 | |
157 if (!NT_SUCCESS(answer.nt_status)) | |
158 break; | |
159 | |
160 __try { | |
161 *file = answer.handle; | |
162 io_status->Status = answer.nt_status; | |
163 io_status->Information = answer.extended[0].ulong_ptr; | |
164 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
165 break; | |
166 } | |
167 } while (false); | |
168 | |
169 if (name) | |
170 operator delete(name, NT_ALLOC); | |
171 | |
172 return status; | |
173 } | |
174 | |
175 NTSTATUS WINAPI TargetNtQueryAttributesFile( | |
176 NtQueryAttributesFileFunction orig_QueryAttributes, | |
177 POBJECT_ATTRIBUTES object_attributes, | |
178 PFILE_BASIC_INFORMATION file_attributes) { | |
179 // Check if the process can query it first. | |
180 NTSTATUS status = orig_QueryAttributes(object_attributes, file_attributes); | |
181 if (STATUS_ACCESS_DENIED != status) | |
182 return status; | |
183 | |
184 // We don't trust that the IPC can work this early. | |
185 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
186 return status; | |
187 | |
188 wchar_t* name = NULL; | |
189 do { | |
190 if (!ValidParameter(file_attributes, sizeof(FILE_BASIC_INFORMATION), WRITE)) | |
191 break; | |
192 | |
193 void* memory = GetGlobalIPCMemory(); | |
194 if (NULL == memory) | |
195 break; | |
196 | |
197 uint32_t attributes = 0; | |
198 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, | |
199 NULL); | |
200 if (!NT_SUCCESS(ret) || NULL == name) | |
201 break; | |
202 | |
203 InOutCountedBuffer file_info(file_attributes, | |
204 sizeof(FILE_BASIC_INFORMATION)); | |
205 | |
206 uint32_t broker = FALSE; | |
207 CountedParameterSet<FileName> params; | |
208 params[FileName::NAME] = ParamPickerMake(name); | |
209 params[FileName::BROKER] = ParamPickerMake(broker); | |
210 | |
211 if (!QueryBroker(IPC_NTQUERYATTRIBUTESFILE_TAG, params.GetBase())) | |
212 break; | |
213 | |
214 SharedMemIPCClient ipc(memory); | |
215 CrossCallReturn answer = {0}; | |
216 ResultCode code = CrossCall(ipc, IPC_NTQUERYATTRIBUTESFILE_TAG, name, | |
217 attributes, file_info, &answer); | |
218 | |
219 if (SBOX_ALL_OK != code) | |
220 break; | |
221 | |
222 status = answer.nt_status; | |
223 | |
224 } while (false); | |
225 | |
226 if (name) | |
227 operator delete(name, NT_ALLOC); | |
228 | |
229 return status; | |
230 } | |
231 | |
232 NTSTATUS WINAPI TargetNtQueryFullAttributesFile( | |
233 NtQueryFullAttributesFileFunction orig_QueryFullAttributes, | |
234 POBJECT_ATTRIBUTES object_attributes, | |
235 PFILE_NETWORK_OPEN_INFORMATION file_attributes) { | |
236 // Check if the process can query it first. | |
237 NTSTATUS status = orig_QueryFullAttributes(object_attributes, | |
238 file_attributes); | |
239 if (STATUS_ACCESS_DENIED != status) | |
240 return status; | |
241 | |
242 // We don't trust that the IPC can work this early. | |
243 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
244 return status; | |
245 | |
246 wchar_t* name = NULL; | |
247 do { | |
248 if (!ValidParameter(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION), | |
249 WRITE)) | |
250 break; | |
251 | |
252 void* memory = GetGlobalIPCMemory(); | |
253 if (NULL == memory) | |
254 break; | |
255 | |
256 uint32_t attributes = 0; | |
257 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, | |
258 NULL); | |
259 if (!NT_SUCCESS(ret) || NULL == name) | |
260 break; | |
261 | |
262 InOutCountedBuffer file_info(file_attributes, | |
263 sizeof(FILE_NETWORK_OPEN_INFORMATION)); | |
264 | |
265 uint32_t broker = FALSE; | |
266 CountedParameterSet<FileName> params; | |
267 params[FileName::NAME] = ParamPickerMake(name); | |
268 params[FileName::BROKER] = ParamPickerMake(broker); | |
269 | |
270 if (!QueryBroker(IPC_NTQUERYFULLATTRIBUTESFILE_TAG, params.GetBase())) | |
271 break; | |
272 | |
273 SharedMemIPCClient ipc(memory); | |
274 CrossCallReturn answer = {0}; | |
275 ResultCode code = CrossCall(ipc, IPC_NTQUERYFULLATTRIBUTESFILE_TAG, name, | |
276 attributes, file_info, &answer); | |
277 | |
278 if (SBOX_ALL_OK != code) | |
279 break; | |
280 | |
281 status = answer.nt_status; | |
282 } while (false); | |
283 | |
284 if (name) | |
285 operator delete(name, NT_ALLOC); | |
286 | |
287 return status; | |
288 } | |
289 | |
290 NTSTATUS WINAPI TargetNtSetInformationFile( | |
291 NtSetInformationFileFunction orig_SetInformationFile, HANDLE file, | |
292 PIO_STATUS_BLOCK io_status, PVOID file_info, ULONG length, | |
293 FILE_INFORMATION_CLASS file_info_class) { | |
294 // Check if the process can open it first. | |
295 NTSTATUS status = orig_SetInformationFile(file, io_status, file_info, length, | |
296 file_info_class); | |
297 if (STATUS_ACCESS_DENIED != status) | |
298 return status; | |
299 | |
300 // We don't trust that the IPC can work this early. | |
301 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
302 return status; | |
303 | |
304 wchar_t* name = NULL; | |
305 do { | |
306 void* memory = GetGlobalIPCMemory(); | |
307 if (NULL == memory) | |
308 break; | |
309 | |
310 if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) | |
311 break; | |
312 | |
313 if (!ValidParameter(file_info, length, READ)) | |
314 break; | |
315 | |
316 FILE_RENAME_INFORMATION* file_rename_info = | |
317 reinterpret_cast<FILE_RENAME_INFORMATION*>(file_info); | |
318 OBJECT_ATTRIBUTES object_attributes; | |
319 UNICODE_STRING object_name; | |
320 InitializeObjectAttributes(&object_attributes, &object_name, 0, NULL, NULL); | |
321 | |
322 __try { | |
323 if (!IsSupportedRenameCall(file_rename_info, length, file_info_class)) | |
324 break; | |
325 | |
326 object_attributes.RootDirectory = file_rename_info->RootDirectory; | |
327 object_name.Buffer = file_rename_info->FileName; | |
328 object_name.Length = object_name.MaximumLength = | |
329 static_cast<USHORT>(file_rename_info->FileNameLength); | |
330 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
331 break; | |
332 } | |
333 | |
334 NTSTATUS ret = AllocAndCopyName(&object_attributes, &name, NULL, NULL); | |
335 if (!NT_SUCCESS(ret) || !name) | |
336 break; | |
337 | |
338 uint32_t broker = FALSE; | |
339 CountedParameterSet<FileName> params; | |
340 params[FileName::NAME] = ParamPickerMake(name); | |
341 params[FileName::BROKER] = ParamPickerMake(broker); | |
342 | |
343 if (!QueryBroker(IPC_NTSETINFO_RENAME_TAG, params.GetBase())) | |
344 break; | |
345 | |
346 InOutCountedBuffer io_status_buffer(io_status, sizeof(IO_STATUS_BLOCK)); | |
347 // This is actually not an InOut buffer, only In, but using InOut facility | |
348 // really helps to simplify the code. | |
349 InOutCountedBuffer file_info_buffer(file_info, length); | |
350 | |
351 SharedMemIPCClient ipc(memory); | |
352 CrossCallReturn answer = {0}; | |
353 ResultCode code = CrossCall(ipc, IPC_NTSETINFO_RENAME_TAG, file, | |
354 io_status_buffer, file_info_buffer, length, | |
355 file_info_class, &answer); | |
356 | |
357 if (SBOX_ALL_OK != code) | |
358 break; | |
359 | |
360 status = answer.nt_status; | |
361 } while (false); | |
362 | |
363 if (name) | |
364 operator delete(name, NT_ALLOC); | |
365 | |
366 return status; | |
367 } | |
368 | |
369 } // namespace sandbox | |
OLD | NEW |