Chromium Code Reviews Chromium Code Reviews
Issue 318603003:
Sandbox policy and intercepts for the MITIGATION_WIN32K_DISABLE policy for renderer processes. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/interceptors_64.h" | 5 #include "sandbox/win/src/interceptors_64.h" |
| 6 | 6 |
| 7 #include "sandbox/win/src/interceptors.h" | 7 #include "sandbox/win/src/interceptors.h" |
| 8 #include "sandbox/win/src/filesystem_interception.h" | 8 #include "sandbox/win/src/filesystem_interception.h" |
| 9 #include "sandbox/win/src/named_pipe_interception.h" | 9 #include "sandbox/win/src/named_pipe_interception.h" |
| 10 #include "sandbox/win/src/policy_target.h" | 10 #include "sandbox/win/src/policy_target.h" |
| 11 #include "sandbox/win/src/process_mitigations_win32k_interception.h" | |
| 11 #include "sandbox/win/src/process_thread_interception.h" | 12 #include "sandbox/win/src/process_thread_interception.h" |
| 12 #include "sandbox/win/src/registry_interception.h" | 13 #include "sandbox/win/src/registry_interception.h" |
| 13 #include "sandbox/win/src/sandbox_nt_types.h" | 14 #include "sandbox/win/src/sandbox_nt_types.h" |
| 14 #include "sandbox/win/src/sandbox_types.h" | 15 #include "sandbox/win/src/sandbox_types.h" |
| 15 #include "sandbox/win/src/sync_interception.h" | 16 #include "sandbox/win/src/sync_interception.h" |
| 16 #include "sandbox/win/src/target_interceptions.h" | 17 #include "sandbox/win/src/target_interceptions.h" |
| 17 | 18 |
| 18 namespace sandbox { | 19 namespace sandbox { |
| 19 | 20 |
| 20 SANDBOX_INTERCEPT NtExports g_nt; | 21 SANDBOX_INTERCEPT NtExports g_nt; |
| (...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 240 | 241 |
| 241 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64( | 242 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64( |
| 242 PHANDLE key, ACCESS_MASK desired_access, | 243 PHANDLE key, ACCESS_MASK desired_access, |
| 243 POBJECT_ATTRIBUTES object_attributes, ULONG open_options) { | 244 POBJECT_ATTRIBUTES object_attributes, ULONG open_options) { |
| 244 NtOpenKeyExFunction orig_fn = reinterpret_cast< | 245 NtOpenKeyExFunction orig_fn = reinterpret_cast< |
| 245 NtOpenKeyExFunction>(g_originals[OPEN_KEY_EX_ID]); | 246 NtOpenKeyExFunction>(g_originals[OPEN_KEY_EX_ID]); |
| 246 return TargetNtOpenKeyEx(orig_fn, key, desired_access, object_attributes, | 247 return TargetNtOpenKeyEx(orig_fn, key, desired_access, object_attributes, |
| 247 open_options); | 248 open_options); |
| 248 } | 249 } |
| 249 | 250 |
| 250 // ----------------------------------------------------------------------- | 251 // ----------------------------------------------------------------------- |
|
rvargas (doing something else)
2014/06/06 21:22:23
nit: add one of this at line 271
ananta
2014/06/06 23:57:34
Done.
| |
| 251 | 252 |
| 252 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent64( | 253 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent64( |
| 253 PHANDLE event_handle, ACCESS_MASK desired_access, | 254 PHANDLE event_handle, ACCESS_MASK desired_access, |
| 254 POBJECT_ATTRIBUTES object_attributes, EVENT_TYPE event_type, | 255 POBJECT_ATTRIBUTES object_attributes, EVENT_TYPE event_type, |
| 255 BOOLEAN initial_state) { | 256 BOOLEAN initial_state) { |
| 256 NtCreateEventFunction orig_fn = reinterpret_cast< | 257 NtCreateEventFunction orig_fn = reinterpret_cast< |
| 257 NtCreateEventFunction>(g_originals[CREATE_EVENT_ID]); | 258 NtCreateEventFunction>(g_originals[CREATE_EVENT_ID]); |
| 258 return TargetNtCreateEvent(orig_fn, event_handle, desired_access, | 259 return TargetNtCreateEvent(orig_fn, event_handle, desired_access, |
| 259 object_attributes, event_type, initial_state); | 260 object_attributes, event_type, initial_state); |
| 260 } | 261 } |
| 261 | 262 |
| 262 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent64( | 263 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent64( |
| 263 PHANDLE event_handle, ACCESS_MASK desired_access, | 264 PHANDLE event_handle, ACCESS_MASK desired_access, |
| 264 POBJECT_ATTRIBUTES object_attributes) { | 265 POBJECT_ATTRIBUTES object_attributes) { |
| 265 NtOpenEventFunction orig_fn = reinterpret_cast< | 266 NtOpenEventFunction orig_fn = reinterpret_cast< |
| 266 NtOpenEventFunction>(g_originals[OPEN_EVENT_ID]); | 267 NtOpenEventFunction>(g_originals[OPEN_EVENT_ID]); |
| 267 return TargetNtOpenEvent(orig_fn, event_handle, desired_access, | 268 return TargetNtOpenEvent(orig_fn, event_handle, desired_access, |
| 268 object_attributes); | 269 object_attributes); |
| 269 } | 270 } |
| 270 | 271 |
| 272 SANDBOX_INTERCEPT BOOL WINAPI TargetGdiDllInitialize64( | |
| 273 HANDLE dll, | |
| 274 DWORD reason) { | |
| 275 GdiDllInitializeFunction orig_fn = reinterpret_cast< | |
| 276 GdiDllInitializeFunction>(g_originals[GDIINITIALIZE_ID]); | |
| 277 return TargetGdiDllInitialize(orig_fn, dll, reason); | |
| 278 } | |
| 279 | |
| 280 SANDBOX_INTERCEPT HGDIOBJ WINAPI TargetGetStockObject64(int object) { | |
| 281 GetStockObjectFunction orig_fn = reinterpret_cast< | |
| 282 GetStockObjectFunction>(g_originals[GETSTOCKOBJECT_ID]); | |
| 283 return TargetGetStockObject(orig_fn, object); | |
| 284 } | |
| 285 | |
| 286 SANDBOX_INTERCEPT ATOM WINAPI TargetRegisterClassW64( | |
| 287 const WNDCLASS* wnd_class) { | |
| 288 RegisterClassWFunction orig_fn = reinterpret_cast< | |
| 289 RegisterClassWFunction>(g_originals[REGISTERCLASSW_ID]); | |
| 290 return TargetRegisterClassW(orig_fn, wnd_class); | |
| 291 } | |
| 292 | |
| 271 } // namespace sandbox | 293 } // namespace sandbox |
| OLD | NEW |
