| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/mac/launchd_interception_server.h" | 5 #include "sandbox/mac/launchd_interception_server.h" |
| 6 | 6 |
| 7 #include <bsm/libbsm.h> | 7 #include <bsm/libbsm.h> |
| 8 #include <servers/bootstrap.h> | 8 #include <servers/bootstrap.h> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 compat_shim_.look_up2_fill_reply(reply, result_port); | 224 compat_shim_.look_up2_fill_reply(reply, result_port); |
| 225 SendReply(reply); | 225 SendReply(reply); |
| 226 } else { | 226 } else { |
| 227 NOTREACHED(); | 227 NOTREACHED(); |
| 228 } | 228 } |
| 229 } | 229 } |
| 230 | 230 |
| 231 void LaunchdInterceptionServer::HandleSwapInteger(mach_msg_header_t* request, | 231 void LaunchdInterceptionServer::HandleSwapInteger(mach_msg_header_t* request, |
| 232 mach_msg_header_t* reply, | 232 mach_msg_header_t* reply, |
| 233 pid_t sender_pid) { | 233 pid_t sender_pid) { |
| 234 // TODO(rsesek): Crack the message and ensure that the swap is only being | 234 // Only allow getting information out of launchd. Do not allow setting |
| 235 // used to get the value of a VPROC key, and do not allow setting it. | 235 // values. Two commonly observed values that are retrieved are |
| 236 VLOG(2) << "Forwarding vproc swap message #" << request->msgh_id; | 236 // VPROC_GSK_MGR_PID and VPROC_GSK_TRANSACTIONS_ENABLED. |
| 237 ForwardMessage(request, reply); | 237 if (compat_shim_.swap_integer_is_get_only(request)) { |
| 238 VLOG(2) << "Forwarding vproc swap_integer message."; |
| 239 ForwardMessage(request, reply); |
| 240 } else { |
| 241 VLOG(2) << "Rejecting non-read-only swap_integer message."; |
| 242 RejectMessage(request, reply, BOOTSTRAP_NOT_PRIVILEGED); |
| 243 } |
| 238 } | 244 } |
| 239 | 245 |
| 240 void LaunchdInterceptionServer::SendReply(mach_msg_header_t* reply) { | 246 void LaunchdInterceptionServer::SendReply(mach_msg_header_t* reply) { |
| 241 kern_return_t kr = mach_msg(reply, MACH_SEND_MSG, reply->msgh_size, 0, | 247 kern_return_t kr = mach_msg(reply, MACH_SEND_MSG, reply->msgh_size, 0, |
| 242 MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL); | 248 MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL); |
| 243 if (kr != KERN_SUCCESS) { | 249 if (kr != KERN_SUCCESS) { |
| 244 MACH_LOG(ERROR, kr) << "Unable to send intercepted reply message."; | 250 MACH_LOG(ERROR, kr) << "Unable to send intercepted reply message."; |
| 245 } | 251 } |
| 246 } | 252 } |
| 247 | 253 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 264 mig_reply_error_t* error_reply = reinterpret_cast<mig_reply_error_t*>(reply); | 270 mig_reply_error_t* error_reply = reinterpret_cast<mig_reply_error_t*>(reply); |
| 265 error_reply->Head.msgh_size = sizeof(mig_reply_error_t); | 271 error_reply->Head.msgh_size = sizeof(mig_reply_error_t); |
| 266 error_reply->Head.msgh_bits = | 272 error_reply->Head.msgh_bits = |
| 267 MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND_ONCE); | 273 MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND_ONCE); |
| 268 error_reply->NDR = NDR_record; | 274 error_reply->NDR = NDR_record; |
| 269 error_reply->RetCode = error_code; | 275 error_reply->RetCode = error_code; |
| 270 SendReply(&error_reply->Head); | 276 SendReply(&error_reply->Head); |
| 271 } | 277 } |
| 272 | 278 |
| 273 } // namespace sandbox | 279 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 284153005:
Bootstrap Sandbox: Ensure swap_integer messages are read-only. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src