OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/process_mitigations_win32k_dispatcher.h" | 5 #include "sandbox/win/src/process_mitigations_win32k_dispatcher.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/memory/shared_memory.h" | 9 #include "base/memory/shared_memory.h" |
10 #include "base/strings/string16.h" | 10 #include "base/strings/string16.h" |
11 #include "base/unguessable_token.h" | 11 #include "base/unguessable_token.h" |
12 #include "base/win/windows_version.h" | 12 #include "base/win/windows_version.h" |
13 #include "sandbox/win/src/interception.h" | 13 #include "sandbox/win/src/interception.h" |
14 #include "sandbox/win/src/interceptors.h" | 14 #include "sandbox/win/src/interceptors.h" |
15 #include "sandbox/win/src/ipc_tags.h" | 15 #include "sandbox/win/src/ipc_tags.h" |
16 #include "sandbox/win/src/process_mitigations_win32k_interception.h" | 16 #include "sandbox/win/src/process_mitigations_win32k_interception.h" |
17 #include "sandbox/win/src/process_mitigations_win32k_policy.h" | 17 #include "sandbox/win/src/process_mitigations_win32k_policy.h" |
18 | 18 |
19 namespace sandbox { | 19 namespace sandbox { |
20 | 20 |
21 namespace { | 21 namespace { |
22 | 22 |
23 base::SharedMemoryHandle GetSharedMemoryHandle(const ClientInfo& client_info, | 23 base::SharedMemoryHandle GetSharedMemoryHandle(const ClientInfo& client_info, |
24 HANDLE handle) { | 24 HANDLE handle, |
| 25 size_t size) { |
25 HANDLE result_handle = nullptr; | 26 HANDLE result_handle = nullptr; |
26 intptr_t handle_int = reinterpret_cast<intptr_t>(handle); | 27 intptr_t handle_int = reinterpret_cast<intptr_t>(handle); |
27 if (handle_int <= 0 || | 28 if (handle_int <= 0 || |
28 !::DuplicateHandle(client_info.process, handle, ::GetCurrentProcess(), | 29 !::DuplicateHandle(client_info.process, handle, ::GetCurrentProcess(), |
29 &result_handle, 0, FALSE, DUPLICATE_SAME_ACCESS)) { | 30 &result_handle, 0, FALSE, DUPLICATE_SAME_ACCESS)) { |
30 result_handle = nullptr; | 31 result_handle = nullptr; |
31 } | 32 } |
32 return base::SharedMemoryHandle(result_handle, | 33 return base::SharedMemoryHandle(result_handle, size, |
33 base::UnguessableToken::Create()); | 34 base::UnguessableToken::Create()); |
34 } | 35 } |
35 | 36 |
36 } // namespace | 37 } // namespace |
37 | 38 |
38 ProtectedVideoOutput::~ProtectedVideoOutput() { | 39 ProtectedVideoOutput::~ProtectedVideoOutput() { |
39 ProcessMitigationsWin32KLockdownPolicy::DestroyOPMProtectedOutputAction( | 40 ProcessMitigationsWin32KLockdownPolicy::DestroyOPMProtectedOutputAction( |
40 handle_); | 41 handle_); |
41 } | 42 } |
42 | 43 |
(...skipping 361 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
404 uint32_t shared_buffer_size) { | 405 uint32_t shared_buffer_size) { |
405 if (!policy_base_->GetEnableOPMRedirection()) { | 406 if (!policy_base_->GetEnableOPMRedirection()) { |
406 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 407 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
407 return true; | 408 return true; |
408 } | 409 } |
409 // Don't let caller map an arbitrarily large buffer into memory. | 410 // Don't let caller map an arbitrarily large buffer into memory. |
410 if (shared_buffer_size > kProtectedVideoOutputSectionSize) { | 411 if (shared_buffer_size > kProtectedVideoOutputSectionSize) { |
411 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 412 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
412 return true; | 413 return true; |
413 } | 414 } |
414 base::SharedMemoryHandle handle = | 415 base::SharedMemoryHandle handle = GetSharedMemoryHandle( |
415 GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); | 416 *ipc->client_info, shared_buffer_handle, shared_buffer_size); |
416 if (!handle.IsValid()) { | 417 if (!handle.IsValid()) { |
417 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 418 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
418 return true; | 419 return true; |
419 } | 420 } |
420 base::SharedMemory cert_data(handle, false); | 421 base::SharedMemory cert_data(handle, false); |
421 if (!cert_data.Map(shared_buffer_size)) { | 422 if (!cert_data.Map(shared_buffer_size)) { |
422 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 423 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
423 return true; | 424 return true; |
424 } | 425 } |
425 NTSTATUS status = STATUS_INVALID_PARAMETER; | 426 NTSTATUS status = STATUS_INVALID_PARAMETER; |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
509 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 510 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
510 return true; | 511 return true; |
511 } | 512 } |
512 scoped_refptr<ProtectedVideoOutput> output = | 513 scoped_refptr<ProtectedVideoOutput> output = |
513 GetProtectedVideoOutput(protected_output, false); | 514 GetProtectedVideoOutput(protected_output, false); |
514 if (!output) { | 515 if (!output) { |
515 ipc->return_info.nt_status = STATUS_INVALID_HANDLE; | 516 ipc->return_info.nt_status = STATUS_INVALID_HANDLE; |
516 return true; | 517 return true; |
517 }; | 518 }; |
518 base::SharedMemoryHandle handle = | 519 base::SharedMemoryHandle handle = |
519 GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); | 520 GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle, |
| 521 sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS)); |
520 if (!handle.IsValid()) { | 522 if (!handle.IsValid()) { |
521 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 523 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
522 return true; | 524 return true; |
523 } | 525 } |
524 base::SharedMemory buffer(handle, false); | 526 base::SharedMemory buffer(handle, false); |
525 if (!buffer.Map(sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS))) { | 527 if (!buffer.Map(sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS))) { |
526 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 528 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
527 return true; | 529 return true; |
528 } | 530 } |
529 NTSTATUS status = | 531 NTSTATUS status = |
(...skipping 10 matching lines...) Expand all Loading... |
540 if (!policy_base_->GetEnableOPMRedirection()) { | 542 if (!policy_base_->GetEnableOPMRedirection()) { |
541 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 543 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
542 return true; | 544 return true; |
543 } | 545 } |
544 scoped_refptr<ProtectedVideoOutput> output = | 546 scoped_refptr<ProtectedVideoOutput> output = |
545 GetProtectedVideoOutput(protected_output, false); | 547 GetProtectedVideoOutput(protected_output, false); |
546 if (!output) { | 548 if (!output) { |
547 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 549 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
548 return true; | 550 return true; |
549 } | 551 } |
550 base::SharedMemoryHandle handle = | 552 size_t shared_buffer_size = |
551 GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); | 553 std::max(sizeof(DXGKMDT_OPM_GET_INFO_PARAMETERS), |
| 554 sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); |
| 555 |
| 556 base::SharedMemoryHandle handle = GetSharedMemoryHandle( |
| 557 *ipc->client_info, shared_buffer_handle, shared_buffer_size); |
552 if (!handle.IsValid()) { | 558 if (!handle.IsValid()) { |
553 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 559 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
554 return true; | 560 return true; |
555 } | 561 } |
556 base::SharedMemory buffer(handle, false); | 562 base::SharedMemory buffer(handle, false); |
557 | 563 |
558 size_t shared_buffer_size = | |
559 std::max(sizeof(DXGKMDT_OPM_GET_INFO_PARAMETERS), | |
560 sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); | |
561 if (!buffer.Map(shared_buffer_size)) { | 564 if (!buffer.Map(shared_buffer_size)) { |
562 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; | 565 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
563 return true; | 566 return true; |
564 } | 567 } |
565 DXGKMDT_OPM_REQUESTED_INFORMATION requested_info = {}; | 568 DXGKMDT_OPM_REQUESTED_INFORMATION requested_info = {}; |
566 NTSTATUS status = | 569 NTSTATUS status = |
567 ProcessMitigationsWin32KLockdownPolicy::GetOPMInformationAction( | 570 ProcessMitigationsWin32KLockdownPolicy::GetOPMInformationAction( |
568 *ipc->client_info, output.get()->handle(), buffer.memory(), | 571 *ipc->client_info, output.get()->handle(), buffer.memory(), |
569 &requested_info); | 572 &requested_info); |
570 if (!status) { | 573 if (!status) { |
571 memcpy(buffer.memory(), &requested_info, | 574 memcpy(buffer.memory(), &requested_info, |
572 sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); | 575 sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); |
573 } | 576 } |
574 ipc->return_info.nt_status = status; | 577 ipc->return_info.nt_status = status; |
575 return true; | 578 return true; |
576 } | 579 } |
577 | 580 |
578 } // namespace sandbox | 581 } // namespace sandbox |
579 | 582 |
OLD | NEW |