OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "sandbox/win/src/sync_interception.h" | |
6 | |
7 #include <stdint.h> | |
8 | |
9 #include "sandbox/win/src/crosscall_client.h" | |
10 #include "sandbox/win/src/ipc_tags.h" | |
11 #include "sandbox/win/src/policy_params.h" | |
12 #include "sandbox/win/src/policy_target.h" | |
13 #include "sandbox/win/src/sandbox_factory.h" | |
14 #include "sandbox/win/src/sandbox_nt_util.h" | |
15 #include "sandbox/win/src/sharedmem_ipc_client.h" | |
16 #include "sandbox/win/src/target_services.h" | |
17 | |
18 namespace sandbox { | |
19 | |
20 ResultCode ProxyCreateEvent(LPCWSTR name, | |
21 uint32_t initial_state, | |
22 EVENT_TYPE event_type, | |
23 void* ipc_memory, | |
24 CrossCallReturn* answer) { | |
25 CountedParameterSet<NameBased> params; | |
26 params[NameBased::NAME] = ParamPickerMake(name); | |
27 | |
28 if (!QueryBroker(IPC_CREATEEVENT_TAG, params.GetBase())) | |
29 return SBOX_ERROR_GENERIC; | |
30 | |
31 SharedMemIPCClient ipc(ipc_memory); | |
32 ResultCode code = CrossCall(ipc, IPC_CREATEEVENT_TAG, name, event_type, | |
33 initial_state, answer); | |
34 return code; | |
35 } | |
36 | |
37 ResultCode ProxyOpenEvent(LPCWSTR name, | |
38 uint32_t desired_access, | |
39 void* ipc_memory, | |
40 CrossCallReturn* answer) { | |
41 CountedParameterSet<OpenEventParams> params; | |
42 params[OpenEventParams::NAME] = ParamPickerMake(name); | |
43 params[OpenEventParams::ACCESS] = ParamPickerMake(desired_access); | |
44 | |
45 if (!QueryBroker(IPC_OPENEVENT_TAG, params.GetBase())) | |
46 return SBOX_ERROR_GENERIC; | |
47 | |
48 SharedMemIPCClient ipc(ipc_memory); | |
49 ResultCode code = CrossCall(ipc, IPC_OPENEVENT_TAG, name, desired_access, | |
50 answer); | |
51 | |
52 return code; | |
53 } | |
54 | |
55 NTSTATUS WINAPI TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent, | |
56 PHANDLE event_handle, | |
57 ACCESS_MASK desired_access, | |
58 POBJECT_ATTRIBUTES object_attributes, | |
59 EVENT_TYPE event_type, | |
60 BOOLEAN initial_state) { | |
61 NTSTATUS status = orig_CreateEvent(event_handle, desired_access, | |
62 object_attributes, event_type, | |
63 initial_state); | |
64 if (status != STATUS_ACCESS_DENIED || !object_attributes) | |
65 return status; | |
66 | |
67 // We don't trust that the IPC can work this early. | |
68 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
69 return status; | |
70 | |
71 do { | |
72 if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) | |
73 break; | |
74 | |
75 void* memory = GetGlobalIPCMemory(); | |
76 if (memory == NULL) | |
77 break; | |
78 | |
79 OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes; | |
80 // The RootDirectory points to BaseNamedObjects. We can ignore it. | |
81 object_attribs_copy.RootDirectory = NULL; | |
82 | |
83 wchar_t* name = NULL; | |
84 uint32_t attributes = 0; | |
85 NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes, | |
86 NULL); | |
87 if (!NT_SUCCESS(ret) || name == NULL) | |
88 break; | |
89 | |
90 CrossCallReturn answer = {0}; | |
91 answer.nt_status = status; | |
92 ResultCode code = ProxyCreateEvent(name, initial_state, event_type, memory, | |
93 &answer); | |
94 operator delete(name, NT_ALLOC); | |
95 | |
96 if (code != SBOX_ALL_OK) { | |
97 status = answer.nt_status; | |
98 break; | |
99 } | |
100 __try { | |
101 *event_handle = answer.handle; | |
102 status = STATUS_SUCCESS; | |
103 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
104 break; | |
105 } | |
106 } while (false); | |
107 | |
108 return status; | |
109 } | |
110 | |
111 NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent, | |
112 PHANDLE event_handle, | |
113 ACCESS_MASK desired_access, | |
114 POBJECT_ATTRIBUTES object_attributes) { | |
115 NTSTATUS status = orig_OpenEvent(event_handle, desired_access, | |
116 object_attributes); | |
117 if (status != STATUS_ACCESS_DENIED || !object_attributes) | |
118 return status; | |
119 | |
120 // We don't trust that the IPC can work this early. | |
121 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
122 return status; | |
123 | |
124 do { | |
125 if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) | |
126 break; | |
127 | |
128 void* memory = GetGlobalIPCMemory(); | |
129 if (memory == NULL) | |
130 break; | |
131 | |
132 OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes; | |
133 // The RootDirectory points to BaseNamedObjects. We can ignore it. | |
134 object_attribs_copy.RootDirectory = NULL; | |
135 | |
136 wchar_t* name = NULL; | |
137 uint32_t attributes = 0; | |
138 NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes, | |
139 NULL); | |
140 if (!NT_SUCCESS(ret) || name == NULL) | |
141 break; | |
142 | |
143 CrossCallReturn answer = {0}; | |
144 answer.nt_status = status; | |
145 ResultCode code = ProxyOpenEvent(name, desired_access, memory, &answer); | |
146 operator delete(name, NT_ALLOC); | |
147 | |
148 if (code != SBOX_ALL_OK) { | |
149 status = answer.nt_status; | |
150 break; | |
151 } | |
152 __try { | |
153 *event_handle = answer.handle; | |
154 status = STATUS_SUCCESS; | |
155 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
156 break; | |
157 } | |
158 } while (false); | |
159 | |
160 return status; | |
161 } | |
162 | |
163 } // namespace sandbox | |
OLD | NEW |