OLD | NEW |
1 // Copyright 2015 The Crashpad Authors. All rights reserved. | 1 // Copyright 2015 The Crashpad Authors. All rights reserved. |
2 // | 2 // |
3 // Licensed under the Apache License, Version 2.0 (the "License"); | 3 // Licensed under the Apache License, Version 2.0 (the "License"); |
4 // you may not use this file except in compliance with the License. | 4 // you may not use this file except in compliance with the License. |
5 // You may obtain a copy of the License at | 5 // You may obtain a copy of the License at |
6 // | 6 // |
7 // http://www.apache.org/licenses/LICENSE-2.0 | 7 // http://www.apache.org/licenses/LICENSE-2.0 |
8 // | 8 // |
9 // Unless required by applicable law or agreed to in writing, software | 9 // Unless required by applicable law or agreed to in writing, software |
10 // distributed under the License is distributed on an "AS IS" BASIS, | 10 // distributed under the License is distributed on an "AS IS" BASIS, |
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 // See the License for the specific language governing permissions and | 12 // See the License for the specific language governing permissions and |
13 // limitations under the License. | 13 // limitations under the License. |
14 | 14 |
15 #include "util/win/registration_protocol_win.h" | 15 #include "util/win/registration_protocol_win.h" |
16 | 16 |
17 #include <windows.h> | 17 #include <windows.h> |
18 #include <sddl.h> | |
19 | 18 |
20 #include "base/logging.h" | 19 #include "base/logging.h" |
| 20 #include "base/macros.h" |
21 #include "util/win/exception_handler_server.h" | 21 #include "util/win/exception_handler_server.h" |
22 #include "util/win/scoped_handle.h" | 22 #include "util/win/scoped_handle.h" |
23 #include "util/win/scoped_local_alloc.h" | |
24 | 23 |
25 namespace crashpad { | 24 namespace crashpad { |
26 | 25 |
27 bool SendToCrashHandlerServer(const base::string16& pipe_name, | 26 bool SendToCrashHandlerServer(const base::string16& pipe_name, |
28 const ClientToServerMessage& message, | 27 const ClientToServerMessage& message, |
29 ServerToClientMessage* response) { | 28 ServerToClientMessage* response) { |
30 // Retry CreateFile() in a loop. If the handler isn’t actively waiting in | 29 // Retry CreateFile() in a loop. If the handler isn’t actively waiting in |
31 // ConnectNamedPipe() on a pipe instance because it’s busy doing something | 30 // ConnectNamedPipe() on a pipe instance because it’s busy doing something |
32 // else, CreateFile() will fail with ERROR_PIPE_BUSY. WaitNamedPipe() waits | 31 // else, CreateFile() will fail with ERROR_PIPE_BUSY. WaitNamedPipe() waits |
33 // until a pipe instance is ready, but there’s no way to wait for this | 32 // until a pipe instance is ready, but there’s no way to wait for this |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
90 return false; | 89 return false; |
91 } | 90 } |
92 return true; | 91 return true; |
93 } | 92 } |
94 } | 93 } |
95 | 94 |
96 HANDLE CreateNamedPipeInstance(const std::wstring& pipe_name, | 95 HANDLE CreateNamedPipeInstance(const std::wstring& pipe_name, |
97 bool first_instance) { | 96 bool first_instance) { |
98 SECURITY_ATTRIBUTES security_attributes; | 97 SECURITY_ATTRIBUTES security_attributes; |
99 SECURITY_ATTRIBUTES* security_attributes_pointer = nullptr; | 98 SECURITY_ATTRIBUTES* security_attributes_pointer = nullptr; |
100 ScopedLocalAlloc scoped_sec_desc; | |
101 | 99 |
102 if (first_instance) { | 100 if (first_instance) { |
103 // Pre-Vista does not have integrity levels. | 101 // Pre-Vista does not have integrity levels. |
104 const DWORD version = GetVersion(); | 102 const DWORD version = GetVersion(); |
105 const DWORD major_version = LOBYTE(LOWORD(version)); | 103 const DWORD major_version = LOBYTE(LOWORD(version)); |
106 const bool is_vista_or_later = major_version >= 6; | 104 const bool is_vista_or_later = major_version >= 6; |
107 if (is_vista_or_later) { | 105 if (is_vista_or_later) { |
108 // Mandatory Label, no ACE flags, no ObjectType, integrity level | |
109 // untrusted. | |
110 const wchar_t kSddl[] = L"S:(ML;;;;;S-1-16-0)"; | |
111 | |
112 PSECURITY_DESCRIPTOR sec_desc; | |
113 PCHECK(ConvertStringSecurityDescriptorToSecurityDescriptor( | |
114 kSddl, SDDL_REVISION_1, &sec_desc, nullptr)) | |
115 << "ConvertStringSecurityDescriptorToSecurityDescriptor"; | |
116 | |
117 // Take ownership of the allocated SECURITY_DESCRIPTOR. | |
118 scoped_sec_desc.reset(sec_desc); | |
119 | |
120 memset(&security_attributes, 0, sizeof(security_attributes)); | 106 memset(&security_attributes, 0, sizeof(security_attributes)); |
121 security_attributes.nLength = sizeof(SECURITY_ATTRIBUTES); | 107 security_attributes.nLength = sizeof(SECURITY_ATTRIBUTES); |
122 security_attributes.lpSecurityDescriptor = sec_desc; | 108 security_attributes.lpSecurityDescriptor = |
| 109 const_cast<void*>(GetSecurityDescriptorForNamedPipeInstance(nullptr)); |
123 security_attributes.bInheritHandle = TRUE; | 110 security_attributes.bInheritHandle = TRUE; |
124 security_attributes_pointer = &security_attributes; | 111 security_attributes_pointer = &security_attributes; |
125 } | 112 } |
126 } | 113 } |
127 | 114 |
128 return CreateNamedPipe( | 115 return CreateNamedPipe( |
129 pipe_name.c_str(), | 116 pipe_name.c_str(), |
130 PIPE_ACCESS_DUPLEX | (first_instance ? FILE_FLAG_FIRST_PIPE_INSTANCE : 0), | 117 PIPE_ACCESS_DUPLEX | (first_instance ? FILE_FLAG_FIRST_PIPE_INSTANCE : 0), |
131 PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, | 118 PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, |
132 ExceptionHandlerServer::kPipeInstances, | 119 ExceptionHandlerServer::kPipeInstances, |
133 512, | 120 512, |
134 512, | 121 512, |
135 0, | 122 0, |
136 security_attributes_pointer); | 123 security_attributes_pointer); |
137 } | 124 } |
138 | 125 |
| 126 const void* GetSecurityDescriptorForNamedPipeInstance(size_t* size) { |
| 127 // Mandatory Label, no ACE flags, no ObjectType, integrity level untrusted is |
| 128 // "S:(ML;;;;;S-1-16-0)". Typically |
| 129 // ConvertStringSecurityDescriptorToSecurityDescriptor() would be used to |
| 130 // convert from a string representation. However, that function cannot be used |
| 131 // because it is in advapi32.dll and CreateNamedPipeInstance() is called from |
| 132 // within DllMain() where the loader lock is held. advapi32.dll is delay |
| 133 // loaded in chrome_elf.dll because it must avoid loading user32.dll. If an |
| 134 // advapi32.dll function were used, it would cause a load of the DLL, which |
| 135 // would in turn cause deadlock. |
| 136 |
| 137 #pragma pack(push, 1) |
| 138 static const struct SecurityDescriptorBlob { |
| 139 // See https://msdn.microsoft.com/en-us/library/cc230366.aspx. |
| 140 SECURITY_DESCRIPTOR_RELATIVE sd_rel; |
| 141 struct { |
| 142 ACL acl; |
| 143 struct { |
| 144 // This is equivalent to SYSTEM_MANDATORY_LABEL_ACE, but there's no |
| 145 // DWORD offset to the SID, instead it's inline. |
| 146 ACE_HEADER header; |
| 147 ACCESS_MASK mask; |
| 148 SID sid; |
| 149 } ace[1]; |
| 150 } sacl; |
| 151 } kSecDescBlob = { |
| 152 // sd_rel. |
| 153 { |
| 154 SECURITY_DESCRIPTOR_REVISION1, // Revision. |
| 155 0x00, // Sbz1. |
| 156 SE_SELF_RELATIVE | SE_SACL_PRESENT, // Control. |
| 157 0, // OffsetOwner. |
| 158 0, // OffsetGroup. |
| 159 offsetof(SecurityDescriptorBlob, sacl), // OffsetSacl. |
| 160 0, // OffsetDacl. |
| 161 }, |
| 162 |
| 163 // sacl. |
| 164 { |
| 165 // acl. |
| 166 { |
| 167 ACL_REVISION, // AclRevision. |
| 168 0, // Sbz1. |
| 169 sizeof(kSecDescBlob.sacl), // AclSize. |
| 170 arraysize(kSecDescBlob.sacl.ace), // AceCount. |
| 171 0, // Sbz2. |
| 172 }, |
| 173 |
| 174 // ace[0]. |
| 175 { |
| 176 { |
| 177 // header. |
| 178 { |
| 179 SYSTEM_MANDATORY_LABEL_ACE_TYPE, // AceType. |
| 180 0, // AceFlags. |
| 181 sizeof(kSecDescBlob.sacl.ace[0]), // AceSize. |
| 182 }, |
| 183 |
| 184 // mask. |
| 185 0, |
| 186 |
| 187 // sid. |
| 188 { |
| 189 SID_REVISION, // Revision. |
| 190 // SubAuthorityCount. |
| 191 arraysize(kSecDescBlob.sacl.ace[0].sid.SubAuthority), |
| 192 // IdentifierAuthority. |
| 193 {SECURITY_MANDATORY_LABEL_AUTHORITY}, |
| 194 {SECURITY_MANDATORY_UNTRUSTED_RID}, // SubAuthority. |
| 195 }, |
| 196 }, |
| 197 }, |
| 198 }, |
| 199 }; |
| 200 #pragma pack(pop) |
| 201 |
| 202 if (size) |
| 203 *size = sizeof(kSecDescBlob); |
| 204 return reinterpret_cast<const void*>(&kSecDescBlob); |
| 205 } |
| 206 |
139 } // namespace crashpad | 207 } // namespace crashpad |
OLD | NEW |