sandbox/win/src/registry_interception.cc - Issue 1851213002: Remove sandbox on Windows.

Side by Side Diff: sandbox/win/src/registry_interception.cc

Issue 1851213002: Remove sandbox on Windows. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fix nacl compile issues Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "sandbox/win/src/registry_interception.h"

6

7 #include <stdint.h>

8

9 #include "sandbox/win/src/crosscall_client.h"

10 #include "sandbox/win/src/ipc_tags.h"

11 #include "sandbox/win/src/policy_params.h"

12 #include "sandbox/win/src/policy_target.h"

13 #include "sandbox/win/src/sandbox_factory.h"

14 #include "sandbox/win/src/sandbox_nt_util.h"

15 #include "sandbox/win/src/sharedmem_ipc_client.h"

16 #include "sandbox/win/src/target_services.h"

17

18 namespace sandbox {

19

20 NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,

21 PHANDLE key, ACCESS_MASK desired_access,

22 POBJECT_ATTRIBUTES object_attributes,

23 ULONG title_index, PUNICODE_STRING class_name,

24 ULONG create_options, PULONG disposition) {

25 // Check if the process can create it first.

26 NTSTATUS status = orig_CreateKey(key, desired_access, object_attributes,

27 title_index, class_name, create_options,

28 disposition);

29 if (NT_SUCCESS(status))

30 return status;

31

32 // We don't trust that the IPC can work this early.

33 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())

34 return status;

35

36 do {

37 if (!ValidParameter(key, sizeof(HANDLE), WRITE))

38 break;

39

40 if (disposition && !ValidParameter(disposition, sizeof(ULONG), WRITE))

41 break;

42

43 // At this point we don't support class_name.

44 if (class_name && class_name->Buffer && class_name->Length)

45 break;

46

47 // We don't support creating link keys, volatile keys and backup/restore.

48 if (create_options)

49 break;

50

51 void* memory = GetGlobalIPCMemory();

52 if (NULL == memory)

53 break;

54

55 wchar_t* name;

56 uint32_t attributes = 0;

57 HANDLE root_directory = 0;

58 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,

59 &root_directory);

60 if (!NT_SUCCESS(ret) \|\| NULL == name)

61 break;

62

63 uint32_t desired_access_uint32 = desired_access;

64 CountedParameterSet<OpenKey> params;

65 params[OpenKey::ACCESS] = ParamPickerMake(desired_access_uint32);

66

67 wchar_t* full_name = NULL;

68

69 if (root_directory) {

70 ret = sandbox::AllocAndGetFullPath(root_directory, name, &full_name);

71 if (!NT_SUCCESS(ret) \|\| NULL == full_name)

72 break;

73 params[OpenKey::NAME] = ParamPickerMake(full_name);

74 } else {

75 params[OpenKey::NAME] = ParamPickerMake(name);

76 }

77

78 bool query_broker = QueryBroker(IPC_NTCREATEKEY_TAG, params.GetBase());

79

80 if (full_name != NULL)

81 operator delete(full_name, NT_ALLOC);

82

83 if (!query_broker)

84 break;

85

86 SharedMemIPCClient ipc(memory);

87 CrossCallReturn answer = {0};

88

89 ResultCode code = CrossCall(ipc, IPC_NTCREATEKEY_TAG, name, attributes,

90 root_directory, desired_access, title_index,

91 create_options, &answer);

92

93 operator delete(name, NT_ALLOC);

94

95 if (SBOX_ALL_OK != code)

96 break;

97

98 if (!NT_SUCCESS(answer.nt_status))

99 // TODO(nsylvain): We should return answer.nt_status here instead

100 // of status. We can do this only after we checked the policy.

101 // otherwise we will returns ACCESS_DENIED for all paths

102 // that are not specified by a policy, even though your token allows

103 // access to that path, and the original call had a more meaningful

104 // error. Bug 4369

105 break;

106

107 __try {

108 *key = answer.handle;

109

110 if (disposition)

111 *disposition = answer.extended[0].unsigned_int;

112

113 status = answer.nt_status;

114 } __except(EXCEPTION_EXECUTE_HANDLER) {

115 break;

116 }

117 } while (false);

118

119 return status;

120 }

121

122 NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,

123 ACCESS_MASK desired_access,

124 POBJECT_ATTRIBUTES object_attributes) {

125 // We don't trust that the IPC can work this early.

126 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())

127 return status;

128

129 do {

130 if (!ValidParameter(key, sizeof(HANDLE), WRITE))

131 break;

132

133 void* memory = GetGlobalIPCMemory();

134 if (NULL == memory)

135 break;

136

137 wchar_t* name;

138 uint32_t attributes;

139 HANDLE root_directory;

140 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,

141 &root_directory);

142 if (!NT_SUCCESS(ret) \|\| NULL == name)

143 break;

144

145 uint32_t desired_access_uint32 = desired_access;

146 CountedParameterSet<OpenKey> params;

147 params[OpenKey::ACCESS] = ParamPickerMake(desired_access_uint32);

148

149 wchar_t* full_name = NULL;

150

151 if (root_directory) {

152 ret = sandbox::AllocAndGetFullPath(root_directory, name, &full_name);

153 if (!NT_SUCCESS(ret) \|\| NULL == full_name)

154 break;

155 params[OpenKey::NAME] = ParamPickerMake(full_name);

156 } else {

157 params[OpenKey::NAME] = ParamPickerMake(name);

158 }

159

160 bool query_broker = QueryBroker(IPC_NTOPENKEY_TAG, params.GetBase());

161

162 if (full_name != NULL)

163 operator delete(full_name, NT_ALLOC);

164

165 if (!query_broker)

166 break;

167

168 SharedMemIPCClient ipc(memory);

169 CrossCallReturn answer = {0};

170 ResultCode code = CrossCall(ipc, IPC_NTOPENKEY_TAG, name, attributes,

171 root_directory, desired_access, &answer);

172

173 operator delete(name, NT_ALLOC);

174

175 if (SBOX_ALL_OK != code)

176 break;

177

178 if (!NT_SUCCESS(answer.nt_status))

179 // TODO(nsylvain): We should return answer.nt_status here instead

180 // of status. We can do this only after we checked the policy.

181 // otherwise we will returns ACCESS_DENIED for all paths

182 // that are not specified by a policy, even though your token allows

183 // access to that path, and the original call had a more meaningful

184 // error. Bug 4369

185 break;

186

187 __try {

188 *key = answer.handle;

189 status = answer.nt_status;

190 } __except(EXCEPTION_EXECUTE_HANDLER) {

191 break;

192 }

193 } while (false);

194

195 return status;

196 }

197

198 NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,

199 ACCESS_MASK desired_access,

200 POBJECT_ATTRIBUTES object_attributes) {

201 // Check if the process can open it first.

202 NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);

203 if (NT_SUCCESS(status))

204 return status;

205

206 return CommonNtOpenKey(status, key, desired_access, object_attributes);

207 }

208

209 NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,

210 PHANDLE key, ACCESS_MASK desired_access,

211 POBJECT_ATTRIBUTES object_attributes,

212 ULONG open_options) {

213 // Check if the process can open it first.

214 NTSTATUS status = orig_OpenKeyEx(key, desired_access, object_attributes,

215 open_options);

216

217 // We do not support open_options at this time. The 2 current known values

218 // are REG_OPTION_CREATE_LINK, to open a symbolic link, and

219 // REG_OPTION_BACKUP_RESTORE to open the key with special privileges.

220 if (NT_SUCCESS(status) \|\| open_options != 0)

221 return status;

222

223 return CommonNtOpenKey(status, key, desired_access, object_attributes);

224 }

225

226 } // namespace sandbox

OLD	NEW

« no previous file with comments | « sandbox/win/src/registry_interception.h ('k') | sandbox/win/src/registry_policy.h » ('j') | no next file with comments »