| Index: sandbox/win/src/registry_interception.cc
|
| diff --git a/sandbox/win/src/registry_interception.cc b/sandbox/win/src/registry_interception.cc
|
| deleted file mode 100644
|
| index e44099ccff6f1dafaccb73c9ac2d0a7d7c3b8c0b..0000000000000000000000000000000000000000
|
| --- a/sandbox/win/src/registry_interception.cc
|
| +++ /dev/null
|
| @@ -1,226 +0,0 @@
|
| -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "sandbox/win/src/registry_interception.h"
|
| -
|
| -#include <stdint.h>
|
| -
|
| -#include "sandbox/win/src/crosscall_client.h"
|
| -#include "sandbox/win/src/ipc_tags.h"
|
| -#include "sandbox/win/src/policy_params.h"
|
| -#include "sandbox/win/src/policy_target.h"
|
| -#include "sandbox/win/src/sandbox_factory.h"
|
| -#include "sandbox/win/src/sandbox_nt_util.h"
|
| -#include "sandbox/win/src/sharedmem_ipc_client.h"
|
| -#include "sandbox/win/src/target_services.h"
|
| -
|
| -namespace sandbox {
|
| -
|
| -NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
|
| - PHANDLE key, ACCESS_MASK desired_access,
|
| - POBJECT_ATTRIBUTES object_attributes,
|
| - ULONG title_index, PUNICODE_STRING class_name,
|
| - ULONG create_options, PULONG disposition) {
|
| - // Check if the process can create it first.
|
| - NTSTATUS status = orig_CreateKey(key, desired_access, object_attributes,
|
| - title_index, class_name, create_options,
|
| - disposition);
|
| - if (NT_SUCCESS(status))
|
| - return status;
|
| -
|
| - // We don't trust that the IPC can work this early.
|
| - if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
| - return status;
|
| -
|
| - do {
|
| - if (!ValidParameter(key, sizeof(HANDLE), WRITE))
|
| - break;
|
| -
|
| - if (disposition && !ValidParameter(disposition, sizeof(ULONG), WRITE))
|
| - break;
|
| -
|
| - // At this point we don't support class_name.
|
| - if (class_name && class_name->Buffer && class_name->Length)
|
| - break;
|
| -
|
| - // We don't support creating link keys, volatile keys and backup/restore.
|
| - if (create_options)
|
| - break;
|
| -
|
| - void* memory = GetGlobalIPCMemory();
|
| - if (NULL == memory)
|
| - break;
|
| -
|
| - wchar_t* name;
|
| - uint32_t attributes = 0;
|
| - HANDLE root_directory = 0;
|
| - NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,
|
| - &root_directory);
|
| - if (!NT_SUCCESS(ret) || NULL == name)
|
| - break;
|
| -
|
| - uint32_t desired_access_uint32 = desired_access;
|
| - CountedParameterSet<OpenKey> params;
|
| - params[OpenKey::ACCESS] = ParamPickerMake(desired_access_uint32);
|
| -
|
| - wchar_t* full_name = NULL;
|
| -
|
| - if (root_directory) {
|
| - ret = sandbox::AllocAndGetFullPath(root_directory, name, &full_name);
|
| - if (!NT_SUCCESS(ret) || NULL == full_name)
|
| - break;
|
| - params[OpenKey::NAME] = ParamPickerMake(full_name);
|
| - } else {
|
| - params[OpenKey::NAME] = ParamPickerMake(name);
|
| - }
|
| -
|
| - bool query_broker = QueryBroker(IPC_NTCREATEKEY_TAG, params.GetBase());
|
| -
|
| - if (full_name != NULL)
|
| - operator delete(full_name, NT_ALLOC);
|
| -
|
| - if (!query_broker)
|
| - break;
|
| -
|
| - SharedMemIPCClient ipc(memory);
|
| - CrossCallReturn answer = {0};
|
| -
|
| - ResultCode code = CrossCall(ipc, IPC_NTCREATEKEY_TAG, name, attributes,
|
| - root_directory, desired_access, title_index,
|
| - create_options, &answer);
|
| -
|
| - operator delete(name, NT_ALLOC);
|
| -
|
| - if (SBOX_ALL_OK != code)
|
| - break;
|
| -
|
| - if (!NT_SUCCESS(answer.nt_status))
|
| - // TODO(nsylvain): We should return answer.nt_status here instead
|
| - // of status. We can do this only after we checked the policy.
|
| - // otherwise we will returns ACCESS_DENIED for all paths
|
| - // that are not specified by a policy, even though your token allows
|
| - // access to that path, and the original call had a more meaningful
|
| - // error. Bug 4369
|
| - break;
|
| -
|
| - __try {
|
| - *key = answer.handle;
|
| -
|
| - if (disposition)
|
| - *disposition = answer.extended[0].unsigned_int;
|
| -
|
| - status = answer.nt_status;
|
| - } __except(EXCEPTION_EXECUTE_HANDLER) {
|
| - break;
|
| - }
|
| - } while (false);
|
| -
|
| - return status;
|
| -}
|
| -
|
| -NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,
|
| - ACCESS_MASK desired_access,
|
| - POBJECT_ATTRIBUTES object_attributes) {
|
| - // We don't trust that the IPC can work this early.
|
| - if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
| - return status;
|
| -
|
| - do {
|
| - if (!ValidParameter(key, sizeof(HANDLE), WRITE))
|
| - break;
|
| -
|
| - void* memory = GetGlobalIPCMemory();
|
| - if (NULL == memory)
|
| - break;
|
| -
|
| - wchar_t* name;
|
| - uint32_t attributes;
|
| - HANDLE root_directory;
|
| - NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,
|
| - &root_directory);
|
| - if (!NT_SUCCESS(ret) || NULL == name)
|
| - break;
|
| -
|
| - uint32_t desired_access_uint32 = desired_access;
|
| - CountedParameterSet<OpenKey> params;
|
| - params[OpenKey::ACCESS] = ParamPickerMake(desired_access_uint32);
|
| -
|
| - wchar_t* full_name = NULL;
|
| -
|
| - if (root_directory) {
|
| - ret = sandbox::AllocAndGetFullPath(root_directory, name, &full_name);
|
| - if (!NT_SUCCESS(ret) || NULL == full_name)
|
| - break;
|
| - params[OpenKey::NAME] = ParamPickerMake(full_name);
|
| - } else {
|
| - params[OpenKey::NAME] = ParamPickerMake(name);
|
| - }
|
| -
|
| - bool query_broker = QueryBroker(IPC_NTOPENKEY_TAG, params.GetBase());
|
| -
|
| - if (full_name != NULL)
|
| - operator delete(full_name, NT_ALLOC);
|
| -
|
| - if (!query_broker)
|
| - break;
|
| -
|
| - SharedMemIPCClient ipc(memory);
|
| - CrossCallReturn answer = {0};
|
| - ResultCode code = CrossCall(ipc, IPC_NTOPENKEY_TAG, name, attributes,
|
| - root_directory, desired_access, &answer);
|
| -
|
| - operator delete(name, NT_ALLOC);
|
| -
|
| - if (SBOX_ALL_OK != code)
|
| - break;
|
| -
|
| - if (!NT_SUCCESS(answer.nt_status))
|
| - // TODO(nsylvain): We should return answer.nt_status here instead
|
| - // of status. We can do this only after we checked the policy.
|
| - // otherwise we will returns ACCESS_DENIED for all paths
|
| - // that are not specified by a policy, even though your token allows
|
| - // access to that path, and the original call had a more meaningful
|
| - // error. Bug 4369
|
| - break;
|
| -
|
| - __try {
|
| - *key = answer.handle;
|
| - status = answer.nt_status;
|
| - } __except(EXCEPTION_EXECUTE_HANDLER) {
|
| - break;
|
| - }
|
| - } while (false);
|
| -
|
| - return status;
|
| -}
|
| -
|
| -NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
|
| - ACCESS_MASK desired_access,
|
| - POBJECT_ATTRIBUTES object_attributes) {
|
| - // Check if the process can open it first.
|
| - NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
|
| - if (NT_SUCCESS(status))
|
| - return status;
|
| -
|
| - return CommonNtOpenKey(status, key, desired_access, object_attributes);
|
| -}
|
| -
|
| -NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
|
| - PHANDLE key, ACCESS_MASK desired_access,
|
| - POBJECT_ATTRIBUTES object_attributes,
|
| - ULONG open_options) {
|
| - // Check if the process can open it first.
|
| - NTSTATUS status = orig_OpenKeyEx(key, desired_access, object_attributes,
|
| - open_options);
|
| -
|
| - // We do not support open_options at this time. The 2 current known values
|
| - // are REG_OPTION_CREATE_LINK, to open a symbolic link, and
|
| - // REG_OPTION_BACKUP_RESTORE to open the key with special privileges.
|
| - if (NT_SUCCESS(status) || open_options != 0)
|
| - return status;
|
| -
|
| - return CommonNtOpenKey(status, key, desired_access, object_attributes);
|
| -}
|
| -
|
| -} // namespace sandbox
|
|
|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master