| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "sandbox/win/src/sync_interception.h" | |
| 6 | |
| 7 #include <stdint.h> | |
| 8 | |
| 9 #include "sandbox/win/src/crosscall_client.h" | |
| 10 #include "sandbox/win/src/ipc_tags.h" | |
| 11 #include "sandbox/win/src/policy_params.h" | |
| 12 #include "sandbox/win/src/policy_target.h" | |
| 13 #include "sandbox/win/src/sandbox_factory.h" | |
| 14 #include "sandbox/win/src/sandbox_nt_util.h" | |
| 15 #include "sandbox/win/src/sharedmem_ipc_client.h" | |
| 16 #include "sandbox/win/src/target_services.h" | |
| 17 | |
| 18 namespace sandbox { | |
| 19 | |
| 20 ResultCode ProxyCreateEvent(LPCWSTR name, | |
| 21 uint32_t initial_state, | |
| 22 EVENT_TYPE event_type, | |
| 23 void* ipc_memory, | |
| 24 CrossCallReturn* answer) { | |
| 25 CountedParameterSet<NameBased> params; | |
| 26 params[NameBased::NAME] = ParamPickerMake(name); | |
| 27 | |
| 28 if (!QueryBroker(IPC_CREATEEVENT_TAG, params.GetBase())) | |
| 29 return SBOX_ERROR_GENERIC; | |
| 30 | |
| 31 SharedMemIPCClient ipc(ipc_memory); | |
| 32 ResultCode code = CrossCall(ipc, IPC_CREATEEVENT_TAG, name, event_type, | |
| 33 initial_state, answer); | |
| 34 return code; | |
| 35 } | |
| 36 | |
| 37 ResultCode ProxyOpenEvent(LPCWSTR name, | |
| 38 uint32_t desired_access, | |
| 39 void* ipc_memory, | |
| 40 CrossCallReturn* answer) { | |
| 41 CountedParameterSet<OpenEventParams> params; | |
| 42 params[OpenEventParams::NAME] = ParamPickerMake(name); | |
| 43 params[OpenEventParams::ACCESS] = ParamPickerMake(desired_access); | |
| 44 | |
| 45 if (!QueryBroker(IPC_OPENEVENT_TAG, params.GetBase())) | |
| 46 return SBOX_ERROR_GENERIC; | |
| 47 | |
| 48 SharedMemIPCClient ipc(ipc_memory); | |
| 49 ResultCode code = CrossCall(ipc, IPC_OPENEVENT_TAG, name, desired_access, | |
| 50 answer); | |
| 51 | |
| 52 return code; | |
| 53 } | |
| 54 | |
| 55 NTSTATUS WINAPI TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent, | |
| 56 PHANDLE event_handle, | |
| 57 ACCESS_MASK desired_access, | |
| 58 POBJECT_ATTRIBUTES object_attributes, | |
| 59 EVENT_TYPE event_type, | |
| 60 BOOLEAN initial_state) { | |
| 61 NTSTATUS status = orig_CreateEvent(event_handle, desired_access, | |
| 62 object_attributes, event_type, | |
| 63 initial_state); | |
| 64 if (status != STATUS_ACCESS_DENIED || !object_attributes) | |
| 65 return status; | |
| 66 | |
| 67 // We don't trust that the IPC can work this early. | |
| 68 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
| 69 return status; | |
| 70 | |
| 71 do { | |
| 72 if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) | |
| 73 break; | |
| 74 | |
| 75 void* memory = GetGlobalIPCMemory(); | |
| 76 if (memory == NULL) | |
| 77 break; | |
| 78 | |
| 79 OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes; | |
| 80 // The RootDirectory points to BaseNamedObjects. We can ignore it. | |
| 81 object_attribs_copy.RootDirectory = NULL; | |
| 82 | |
| 83 wchar_t* name = NULL; | |
| 84 uint32_t attributes = 0; | |
| 85 NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes, | |
| 86 NULL); | |
| 87 if (!NT_SUCCESS(ret) || name == NULL) | |
| 88 break; | |
| 89 | |
| 90 CrossCallReturn answer = {0}; | |
| 91 answer.nt_status = status; | |
| 92 ResultCode code = ProxyCreateEvent(name, initial_state, event_type, memory, | |
| 93 &answer); | |
| 94 operator delete(name, NT_ALLOC); | |
| 95 | |
| 96 if (code != SBOX_ALL_OK) { | |
| 97 status = answer.nt_status; | |
| 98 break; | |
| 99 } | |
| 100 __try { | |
| 101 *event_handle = answer.handle; | |
| 102 status = STATUS_SUCCESS; | |
| 103 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
| 104 break; | |
| 105 } | |
| 106 } while (false); | |
| 107 | |
| 108 return status; | |
| 109 } | |
| 110 | |
| 111 NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent, | |
| 112 PHANDLE event_handle, | |
| 113 ACCESS_MASK desired_access, | |
| 114 POBJECT_ATTRIBUTES object_attributes) { | |
| 115 NTSTATUS status = orig_OpenEvent(event_handle, desired_access, | |
| 116 object_attributes); | |
| 117 if (status != STATUS_ACCESS_DENIED || !object_attributes) | |
| 118 return status; | |
| 119 | |
| 120 // We don't trust that the IPC can work this early. | |
| 121 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
| 122 return status; | |
| 123 | |
| 124 do { | |
| 125 if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) | |
| 126 break; | |
| 127 | |
| 128 void* memory = GetGlobalIPCMemory(); | |
| 129 if (memory == NULL) | |
| 130 break; | |
| 131 | |
| 132 OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes; | |
| 133 // The RootDirectory points to BaseNamedObjects. We can ignore it. | |
| 134 object_attribs_copy.RootDirectory = NULL; | |
| 135 | |
| 136 wchar_t* name = NULL; | |
| 137 uint32_t attributes = 0; | |
| 138 NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes, | |
| 139 NULL); | |
| 140 if (!NT_SUCCESS(ret) || name == NULL) | |
| 141 break; | |
| 142 | |
| 143 CrossCallReturn answer = {0}; | |
| 144 answer.nt_status = status; | |
| 145 ResultCode code = ProxyOpenEvent(name, desired_access, memory, &answer); | |
| 146 operator delete(name, NT_ALLOC); | |
| 147 | |
| 148 if (code != SBOX_ALL_OK) { | |
| 149 status = answer.nt_status; | |
| 150 break; | |
| 151 } | |
| 152 __try { | |
| 153 *event_handle = answer.handle; | |
| 154 status = STATUS_SUCCESS; | |
| 155 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
| 156 break; | |
| 157 } | |
| 158 } while (false); | |
| 159 | |
| 160 return status; | |
| 161 } | |
| 162 | |
| 163 } // namespace sandbox | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master