| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/process_mitigations_win32k_dispatcher.h" | 5 #include "sandbox/win/src/process_mitigations_win32k_dispatcher.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/memory/shared_memory.h" | 9 #include "base/memory/shared_memory.h" |
| 10 #include "base/strings/string16.h" | 10 #include "base/strings/string16.h" |
| 11 #include "base/unguessable_token.h" | 11 #include "base/unguessable_token.h" |
| 12 #include "base/win/windows_version.h" | 12 #include "base/win/windows_version.h" |
| 13 #include "sandbox/win/src/interception.h" | 13 #include "sandbox/win/src/interception.h" |
| 14 #include "sandbox/win/src/interceptors.h" | 14 #include "sandbox/win/src/interceptors.h" |
| 15 #include "sandbox/win/src/ipc_tags.h" | 15 #include "sandbox/win/src/ipc_tags.h" |
| 16 #include "sandbox/win/src/process_mitigations_win32k_interception.h" | 16 #include "sandbox/win/src/process_mitigations_win32k_interception.h" |
| 17 #include "sandbox/win/src/process_mitigations_win32k_policy.h" | 17 #include "sandbox/win/src/process_mitigations_win32k_policy.h" |
| 18 | 18 |
| 19 namespace sandbox { | 19 namespace sandbox { |
| 20 | 20 |
| 21 namespace { | 21 namespace { |
| 22 | 22 |
| 23 base::SharedMemoryHandle GetSharedMemoryHandle(const ClientInfo& client_info, | 23 base::SharedMemoryHandle GetSharedMemoryHandle(const ClientInfo& client_info, |
| 24 HANDLE handle) { | 24 HANDLE handle, |
| 25 size_t size) { |
| 25 HANDLE result_handle = nullptr; | 26 HANDLE result_handle = nullptr; |
| 26 intptr_t handle_int = reinterpret_cast<intptr_t>(handle); | 27 intptr_t handle_int = reinterpret_cast<intptr_t>(handle); |
| 27 if (handle_int <= 0 || | 28 if (handle_int <= 0 || |
| 28 !::DuplicateHandle(client_info.process, handle, ::GetCurrentProcess(), | 29 !::DuplicateHandle(client_info.process, handle, ::GetCurrentProcess(), |
| 29 &result_handle, 0, FALSE, DUPLICATE_SAME_ACCESS)) { | 30 &result_handle, 0, FALSE, DUPLICATE_SAME_ACCESS)) { |
| 30 result_handle = nullptr; | 31 result_handle = nullptr; |
| 31 } | 32 } |
| 32 return base::SharedMemoryHandle(result_handle, | 33 return base::SharedMemoryHandle(result_handle, size, |
| 33 base::UnguessableToken::Create()); | 34 base::UnguessableToken::Create()); |
| 34 } | 35 } |
| 35 | 36 |
| 36 } // namespace | 37 } // namespace |
| 37 | 38 |
| 38 ProtectedVideoOutput::~ProtectedVideoOutput() { | 39 ProtectedVideoOutput::~ProtectedVideoOutput() { |
| 39 ProcessMitigationsWin32KLockdownPolicy::DestroyOPMProtectedOutputAction( | 40 ProcessMitigationsWin32KLockdownPolicy::DestroyOPMProtectedOutputAction( |
| 40 handle_); | 41 handle_); |
| 41 } | 42 } |
| 42 | 43 |
| (...skipping 361 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 404 uint32_t shared_buffer_size) { | 405 uint32_t shared_buffer_size) { |
| 405 if (!policy_base_->GetEnableOPMRedirection()) { | 406 if (!policy_base_->GetEnableOPMRedirection()) { |
| 406 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 407 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 407 return true; | 408 return true; |
| 408 } | 409 } |
| 409 // Don't let caller map an arbitrarily large buffer into memory. | 410 // Don't let caller map an arbitrarily large buffer into memory. |
| 410 if (shared_buffer_size > kProtectedVideoOutputSectionSize) { | 411 if (shared_buffer_size > kProtectedVideoOutputSectionSize) { |
| 411 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 412 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 412 return true; | 413 return true; |
| 413 } | 414 } |
| 414 base::SharedMemoryHandle handle = | 415 base::SharedMemoryHandle handle = GetSharedMemoryHandle( |
| 415 GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); | 416 *ipc->client_info, shared_buffer_handle, shared_buffer_size); |
| 416 if (!handle.IsValid()) { | 417 if (!handle.IsValid()) { |
| 417 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 418 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 418 return true; | 419 return true; |
| 419 } | 420 } |
| 420 base::SharedMemory cert_data(handle, false); | 421 base::SharedMemory cert_data(handle, false); |
| 421 if (!cert_data.Map(shared_buffer_size)) { | 422 if (!cert_data.Map(shared_buffer_size)) { |
| 422 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 423 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 423 return true; | 424 return true; |
| 424 } | 425 } |
| 425 NTSTATUS status = STATUS_INVALID_PARAMETER; | 426 NTSTATUS status = STATUS_INVALID_PARAMETER; |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 509 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 510 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 510 return true; | 511 return true; |
| 511 } | 512 } |
| 512 scoped_refptr<ProtectedVideoOutput> output = | 513 scoped_refptr<ProtectedVideoOutput> output = |
| 513 GetProtectedVideoOutput(protected_output, false); | 514 GetProtectedVideoOutput(protected_output, false); |
| 514 if (!output) { | 515 if (!output) { |
| 515 ipc->return_info.nt_status = STATUS_INVALID_HANDLE; | 516 ipc->return_info.nt_status = STATUS_INVALID_HANDLE; |
| 516 return true; | 517 return true; |
| 517 }; | 518 }; |
| 518 base::SharedMemoryHandle handle = | 519 base::SharedMemoryHandle handle = |
| 519 GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); | 520 GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle, |
| 521 sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS)); |
| 520 if (!handle.IsValid()) { | 522 if (!handle.IsValid()) { |
| 521 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 523 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 522 return true; | 524 return true; |
| 523 } | 525 } |
| 524 base::SharedMemory buffer(handle, false); | 526 base::SharedMemory buffer(handle, false); |
| 525 if (!buffer.Map(sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS))) { | 527 if (!buffer.Map(sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS))) { |
| 526 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 528 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 527 return true; | 529 return true; |
| 528 } | 530 } |
| 529 NTSTATUS status = | 531 NTSTATUS status = |
| (...skipping 10 matching lines...) Expand all Loading... |
| 540 if (!policy_base_->GetEnableOPMRedirection()) { | 542 if (!policy_base_->GetEnableOPMRedirection()) { |
| 541 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 543 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 542 return true; | 544 return true; |
| 543 } | 545 } |
| 544 scoped_refptr<ProtectedVideoOutput> output = | 546 scoped_refptr<ProtectedVideoOutput> output = |
| 545 GetProtectedVideoOutput(protected_output, false); | 547 GetProtectedVideoOutput(protected_output, false); |
| 546 if (!output) { | 548 if (!output) { |
| 547 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 549 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 548 return true; | 550 return true; |
| 549 } | 551 } |
| 550 base::SharedMemoryHandle handle = | 552 size_t shared_buffer_size = |
| 551 GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); | 553 std::max(sizeof(DXGKMDT_OPM_GET_INFO_PARAMETERS), |
| 554 sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); |
| 555 |
| 556 base::SharedMemoryHandle handle = GetSharedMemoryHandle( |
| 557 *ipc->client_info, shared_buffer_handle, shared_buffer_size); |
| 552 if (!handle.IsValid()) { | 558 if (!handle.IsValid()) { |
| 553 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 559 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 554 return true; | 560 return true; |
| 555 } | 561 } |
| 556 base::SharedMemory buffer(handle, false); | 562 base::SharedMemory buffer(handle, false); |
| 557 | 563 |
| 558 size_t shared_buffer_size = | |
| 559 std::max(sizeof(DXGKMDT_OPM_GET_INFO_PARAMETERS), | |
| 560 sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); | |
| 561 if (!buffer.Map(shared_buffer_size)) { | 564 if (!buffer.Map(shared_buffer_size)) { |
| 562 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 565 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
| 563 return true; | 566 return true; |
| 564 } | 567 } |
| 565 DXGKMDT_OPM_REQUESTED_INFORMATION requested_info = {}; | 568 DXGKMDT_OPM_REQUESTED_INFORMATION requested_info = {}; |
| 566 NTSTATUS status = | 569 NTSTATUS status = |
| 567 ProcessMitigationsWin32KLockdownPolicy::GetOPMInformationAction( | 570 ProcessMitigationsWin32KLockdownPolicy::GetOPMInformationAction( |
| 568 *ipc->client_info, output.get()->handle(), buffer.memory(), | 571 *ipc->client_info, output.get()->handle(), buffer.memory(), |
| 569 &requested_info); | 572 &requested_info); |
| 570 if (!status) { | 573 if (!status) { |
| 571 memcpy(buffer.memory(), &requested_info, | 574 memcpy(buffer.memory(), &requested_info, |
| 572 sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); | 575 sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); |
| 573 } | 576 } |
| 574 ipc->return_info.nt_status = status; | 577 ipc->return_info.nt_status = status; |
| 575 return true; | 578 return true; |
| 576 } | 579 } |
| 577 | 580 |
| 578 } // namespace sandbox | 581 } // namespace sandbox |
| 579 | 582 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2875453002:
Add a size parameter to SharedMemoryHandle. (Closed)
