| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/target_services.h" | 5 #include "sandbox/win/src/target_services.h" |
| 6 | 6 |
| 7 #include <new> | 7 #include <new> |
| 8 | 8 |
| 9 #include <process.h> | 9 #include <process.h> |
| 10 #include <stdint.h> | 10 #include <stdint.h> |
| 11 | 11 |
| 12 #include "base/win/windows_version.h" | 12 #include "base/win/windows_version.h" |
| 13 #include "sandbox/win/src/crosscall_client.h" | 13 #include "sandbox/win/src/crosscall_client.h" |
| 14 #include "sandbox/win/src/handle_closer_agent.h" | 14 #include "sandbox/win/src/handle_closer_agent.h" |
| 15 #include "sandbox/win/src/heap_helper.h" |
| 15 #include "sandbox/win/src/ipc_tags.h" | 16 #include "sandbox/win/src/ipc_tags.h" |
| 16 #include "sandbox/win/src/process_mitigations.h" | 17 #include "sandbox/win/src/process_mitigations.h" |
| 17 #include "sandbox/win/src/restricted_token_utils.h" | 18 #include "sandbox/win/src/restricted_token_utils.h" |
| 18 #include "sandbox/win/src/sandbox.h" | 19 #include "sandbox/win/src/sandbox.h" |
| 19 #include "sandbox/win/src/sandbox_nt_util.h" | 20 #include "sandbox/win/src/sandbox_nt_util.h" |
| 20 #include "sandbox/win/src/sandbox_types.h" | 21 #include "sandbox/win/src/sandbox_types.h" |
| 21 #include "sandbox/win/src/sharedmem_ipc_client.h" | 22 #include "sandbox/win/src/sharedmem_ipc_client.h" |
| 22 | 23 |
| 24 namespace sandbox { |
| 23 namespace { | 25 namespace { |
| 24 | 26 |
| 25 // Flushing a cached key is triggered by just opening the key and closing the | 27 // Flushing a cached key is triggered by just opening the key and closing the |
| 26 // resulting handle. RegDisablePredefinedCache() is the documented way to flush | 28 // resulting handle. RegDisablePredefinedCache() is the documented way to flush |
| 27 // HKCU so do not use it with this function. | 29 // HKCU so do not use it with this function. |
| 28 bool FlushRegKey(HKEY root) { | 30 bool FlushRegKey(HKEY root) { |
| 29 HKEY key; | 31 HKEY key; |
| 30 if (ERROR_SUCCESS == ::RegOpenKeyExW(root, NULL, 0, MAXIMUM_ALLOWED, &key)) { | 32 if (ERROR_SUCCESS == ::RegOpenKeyExW(root, NULL, 0, MAXIMUM_ALLOWED, &key)) { |
| 31 if (ERROR_SUCCESS != ::RegCloseKey(key)) | 33 if (ERROR_SUCCESS != ::RegCloseKey(key)) |
| 32 return false; | 34 return false; |
| 33 } | 35 } |
| 34 return true; | 36 return true; |
| 35 } | 37 } |
| 36 | 38 |
| 37 // This function forces advapi32.dll to release some internally cached handles | 39 // This function forces advapi32.dll to release some internally cached handles |
| 38 // that were made during calls to RegOpenkey and RegOpenKeyEx if it is called | 40 // that were made during calls to RegOpenkey and RegOpenKeyEx if it is called |
| 39 // with a more restrictive token. Returns true if the flushing is succesful | 41 // with a more restrictive token. Returns true if the flushing is succesful |
| 40 // although this behavior is undocumented and there is no guarantee that in | 42 // although this behavior is undocumented and there is no guarantee that in |
| 41 // fact this will happen in future versions of windows. | 43 // fact this will happen in future versions of windows. |
| 42 bool FlushCachedRegHandles() { | 44 bool FlushCachedRegHandles() { |
| 43 return (FlushRegKey(HKEY_LOCAL_MACHINE) && | 45 return (FlushRegKey(HKEY_LOCAL_MACHINE) && |
| 44 FlushRegKey(HKEY_CLASSES_ROOT) && | 46 FlushRegKey(HKEY_CLASSES_ROOT) && |
| 45 FlushRegKey(HKEY_USERS)); | 47 FlushRegKey(HKEY_USERS)); |
| 46 } | 48 } |
| 47 | 49 |
| 50 // Cleans up this process if CSRSS will be disconnected, as this disconnection |
| 51 // is not supported Windows behavior. |
| 52 // Currently, this step requires closing a heap that this shared with csrss.exe. |
| 53 // Closing the ALPC Port handle to csrss.exe leaves this heap in an invalid |
| 54 // state. This causes problems if anyone enumerates the heap. |
| 55 bool CsrssDisconnectCleanup() { |
| 56 HANDLE csr_port_heap = FindCsrPortHeap(); |
| 57 if (!csr_port_heap) { |
| 58 LOG(ERROR) << "Failed to find CSR Port heap handle"; |
| 59 return false; |
| 60 } |
| 61 HeapDestroy(csr_port_heap); |
| 62 return true; |
| 63 } |
| 64 |
| 48 // Checks if we have handle entries pending and runs the closer. | 65 // Checks if we have handle entries pending and runs the closer. |
| 49 // Updates is_csrss_connected based on which handle types are closed. | 66 // Updates is_csrss_connected based on which handle types are closed. |
| 50 bool CloseOpenHandles(bool* is_csrss_connected) { | 67 bool CloseOpenHandles(bool* is_csrss_connected) { |
| 51 if (sandbox::HandleCloserAgent::NeedsHandlesClosed()) { | 68 if (HandleCloserAgent::NeedsHandlesClosed()) { |
| 52 sandbox::HandleCloserAgent handle_closer; | 69 HandleCloserAgent handle_closer; |
| 53 handle_closer.InitializeHandlesToClose(is_csrss_connected); | 70 handle_closer.InitializeHandlesToClose(is_csrss_connected); |
| 71 if (!*is_csrss_connected) { |
| 72 if (!CsrssDisconnectCleanup()) { |
| 73 return false; |
| 74 } |
| 75 } |
| 54 if (!handle_closer.CloseHandles()) | 76 if (!handle_closer.CloseHandles()) |
| 55 return false; | 77 return false; |
| 56 } | 78 } |
| 57 | |
| 58 return true; | 79 return true; |
| 59 } | 80 } |
| 60 | 81 |
| 61 // GetUserDefaultLocaleName is not available on WIN XP. So we'll | 82 // GetUserDefaultLocaleName is not available on WIN XP. So we'll |
| 62 // load it on-the-fly. | 83 // load it on-the-fly. |
| 63 const wchar_t kKernel32DllName[] = L"kernel32.dll"; | 84 const wchar_t kKernel32DllName[] = L"kernel32.dll"; |
| 64 typedef decltype(GetUserDefaultLocaleName)* GetUserDefaultLocaleNameFunction; | 85 typedef decltype(GetUserDefaultLocaleName)* GetUserDefaultLocaleNameFunction; |
| 65 | 86 |
| 66 // Warm up language subsystems before the sandbox is turned on. | 87 // Warm up language subsystems before the sandbox is turned on. |
| 67 // Tested on Win8.1 x64: | 88 // Tested on Win8.1 x64: |
| (...skipping 23 matching lines...) Expand all Loading... |
| 91 } | 112 } |
| 92 wchar_t localeName[LOCALE_NAME_MAX_LENGTH] = {0}; | 113 wchar_t localeName[LOCALE_NAME_MAX_LENGTH] = {0}; |
| 93 return (0 != GetUserDefaultLocaleName_func( | 114 return (0 != GetUserDefaultLocaleName_func( |
| 94 localeName, LOCALE_NAME_MAX_LENGTH * sizeof(wchar_t))); | 115 localeName, LOCALE_NAME_MAX_LENGTH * sizeof(wchar_t))); |
| 95 } | 116 } |
| 96 | 117 |
| 97 // Used as storage for g_target_services, because other allocation facilities | 118 // Used as storage for g_target_services, because other allocation facilities |
| 98 // are not available early. We can't use a regular function static because on | 119 // are not available early. We can't use a regular function static because on |
| 99 // VS2015, because the CRT tries to acquire a lock to guard initialization, but | 120 // VS2015, because the CRT tries to acquire a lock to guard initialization, but |
| 100 // this code runs before the CRT is initialized. | 121 // this code runs before the CRT is initialized. |
| 101 char g_target_services_memory[sizeof(sandbox::TargetServicesBase)]; | 122 char g_target_services_memory[sizeof(TargetServicesBase)]; |
| 102 sandbox::TargetServicesBase* g_target_services = nullptr; | 123 TargetServicesBase* g_target_services = nullptr; |
| 103 | 124 |
| 104 } // namespace | 125 } // namespace |
| 105 | 126 |
| 106 namespace sandbox { | |
| 107 | 127 |
| 108 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level = | 128 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level = |
| 109 INTEGRITY_LEVEL_LAST; | 129 INTEGRITY_LEVEL_LAST; |
| 110 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations = 0; | 130 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations = 0; |
| 111 | 131 |
| 112 TargetServicesBase::TargetServicesBase() { | 132 TargetServicesBase::TargetServicesBase() { |
| 113 } | 133 } |
| 114 | 134 |
| 115 ResultCode TargetServicesBase::Init() { | 135 ResultCode TargetServicesBase::Init() { |
| 116 process_state_.SetInitCalled(); | 136 process_state_.SetInitCalled(); |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 238 void ProcessState::SetRevertedToSelf() { | 258 void ProcessState::SetRevertedToSelf() { |
| 239 if (process_state_ < 3) | 259 if (process_state_ < 3) |
| 240 process_state_ = 3; | 260 process_state_ = 3; |
| 241 } | 261 } |
| 242 | 262 |
| 243 void ProcessState::SetCsrssConnected(bool csrss_connected) { | 263 void ProcessState::SetCsrssConnected(bool csrss_connected) { |
| 244 csrss_connected_ = csrss_connected; | 264 csrss_connected_ = csrss_connected; |
| 245 } | 265 } |
| 246 | 266 |
| 247 } // namespace sandbox | 267 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2726733003:
CSRSS lockdown: destroy CSRSS heap (Closed)
