Chromium Code Reviews Chromium Code Reviews
Issue 31933005:
Replace the CreateEvent/OpenEvent patches with their Nt counterparts like NtOpenEvent and NtCreateE… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sync_interception.h" | 5 #include "sandbox/win/src/sync_interception.h" |
| 6 | 6 |
| 7 #include "sandbox/win/src/crosscall_client.h" | 7 #include "sandbox/win/src/crosscall_client.h" |
| 8 #include "sandbox/win/src/ipc_tags.h" | 8 #include "sandbox/win/src/ipc_tags.h" |
| 9 #include "sandbox/win/src/policy_params.h" | 9 #include "sandbox/win/src/policy_params.h" |
| 10 #include "sandbox/win/src/policy_target.h" | 10 #include "sandbox/win/src/policy_target.h" |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 51 if (!QueryBroker(IPC_OPENEVENT_TAG, params.GetBase())) | 51 if (!QueryBroker(IPC_OPENEVENT_TAG, params.GetBase())) |
| 52 return SBOX_ERROR_GENERIC; | 52 return SBOX_ERROR_GENERIC; |
| 53 | 53 |
| 54 SharedMemIPCClient ipc(memory); | 54 SharedMemIPCClient ipc(memory); |
| 55 ResultCode code = CrossCall(ipc, IPC_OPENEVENT_TAG, name, desired_access, | 55 ResultCode code = CrossCall(ipc, IPC_OPENEVENT_TAG, name, desired_access, |
| 56 inherit_handle_ipc, answer); | 56 inherit_handle_ipc, answer); |
| 57 | 57 |
| 58 return code; | 58 return code; |
| 59 } | 59 } |
| 60 | 60 |
| 61 HANDLE WINAPI TargetCreateEventW(CreateEventWFunction orig_CreateEvent, | 61 NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent, |
| 62 LPSECURITY_ATTRIBUTES security_attributes, | 62 PHANDLE event_handle, |
| 63 BOOL manual_reset, | 63 DWORD desired_access, |
| 64 BOOL initial_state, | 64 POBJECT_ATTRIBUTES object_attributes) { |
| 65 LPCWSTR name) { | 65 NTSTATUS status = orig_OpenEvent(event_handle, desired_access, |
| 66 // Check if the process can create it first. | 66 object_attributes); |
| 67 HANDLE handle = orig_CreateEvent(security_attributes, manual_reset, | 67 if (status != STATUS_ACCESS_DENIED || !object_attributes) |
| 68 initial_state, name); | 68 return status; |
| 69 if (handle || !name) | |
| 70 return handle; | |
| 71 | |
| 72 DWORD original_error = ::GetLastError(); | |
| 73 | 69 |
| 74 // We don't trust that the IPC can work this early. | 70 // We don't trust that the IPC can work this early. |
| 75 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | 71 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) |
| 76 return NULL; | 72 return status; |
| 77 | 73 |
| 78 CrossCallReturn answer = {0}; | 74 do { |
| 79 ResultCode code = ProxyCreateEvent(name, initial_state, manual_reset, | 75 if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) |
| 80 &answer); | 76 break; |
| 81 | 77 |
| 82 if (code == SBOX_ALL_OK) { | 78 void* memory = GetGlobalIPCMemory(); |
| 83 ::SetLastError(answer.win32_result); | 79 if (memory == NULL) |
| 84 return answer.handle; | 80 break; |
| 85 } | 81 |
| 86 ::SetLastError(original_error); | 82 OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes; |
| 87 return NULL; | 83 // The RootDirectory points to BaseNamedObjects. We can ignore it. |
| 84 object_attribs_copy.RootDirectory = NULL; | |
| 85 | |
| 86 wchar_t* name = NULL; | |
| 87 uint32 attributes = 0; | |
| 88 NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes, | |
| 89 NULL); | |
| 90 if (!NT_SUCCESS(ret) || name == NULL) | |
| 91 break; | |
| 92 | |
| 93 CrossCallReturn answer = {0}; | |
| 94 ResultCode code = ProxyOpenEvent(name, desired_access, FALSE, &answer); | |
| 95 operator delete(name, NT_ALLOC); | |
| 96 | |
| 97 if (code != SBOX_ALL_OK) | |
| 98 break; | |
| 99 | |
| 100 __try { | |
| 101 *event_handle = answer.handle; | |
| 102 status = STATUS_SUCCESS; | |
| 103 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
| 104 break; | |
| 105 } | |
| 106 } while (false); | |
| 107 | |
| 108 return status; | |
| 88 } | 109 } |
| 89 | 110 |
| 90 HANDLE WINAPI TargetCreateEventA(CreateEventAFunction orig_CreateEvent, | 111 NTSTATUS WINAPI TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent, |
| 91 LPSECURITY_ATTRIBUTES security_attributes, | 112 PHANDLE event_handle, |
| 92 BOOL manual_reset, | 113 ACCESS_MASK desired_access, |
| 93 BOOL initial_state, | 114 POBJECT_ATTRIBUTES object_attributes, |
| 94 LPCSTR name) { | 115 EVENT_TYPE event_type, |
| 95 // Check if the process can create it first. | 116 BOOLEAN initial_state) { |
| 96 HANDLE handle = orig_CreateEvent(security_attributes, manual_reset, | 117 NTSTATUS status = orig_CreateEvent(event_handle, desired_access, |
| 97 initial_state, name); | 118 object_attributes, event_type, |
| 98 if (handle || !name) | 119 initial_state); |
| 99 return handle; | 120 if (status != STATUS_ACCESS_DENIED || !object_attributes) |
| 100 | 121 return status; |
| 101 DWORD original_error = ::GetLastError(); | |
| 102 | 122 |
| 103 // We don't trust that the IPC can work this early. | 123 // We don't trust that the IPC can work this early. |
| 104 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | 124 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) |
| 105 return NULL; | 125 return status; |
| 106 | 126 |
| 107 UNICODE_STRING* wide_name = AnsiToUnicode(name); | 127 do { |
| 108 if (!wide_name) | 128 if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) |
| 109 return NULL; | 129 break; |
| 110 | 130 |
| 111 CrossCallReturn answer = {0}; | 131 void* memory = GetGlobalIPCMemory(); |
| 112 ResultCode code = ProxyCreateEvent(wide_name->Buffer, initial_state, | 132 if (memory == NULL) |
| 113 manual_reset, &answer); | 133 break; |
| 114 operator delete(wide_name, NT_ALLOC); | |
| 115 | 134 |
| 116 if (code == SBOX_ALL_OK) { | 135 OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes; |
| 117 ::SetLastError(answer.win32_result); | 136 // The RootDirectory points to BaseNamedObjects. We can ignore it. |
| 118 return answer.handle; | 137 object_attribs_copy.RootDirectory = NULL; |
| 119 } | |
| 120 ::SetLastError(original_error); | |
| 121 return NULL; | |
| 122 } | |
| 123 | 138 |
| 124 // Interception of OpenEventW on the child process. | 139 wchar_t* name = NULL; |
| 125 // It should never be called directly | 140 uint32 attributes = 0; |
| 126 HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent, | 141 NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes, |
| 127 ACCESS_MASK desired_access, | 142 NULL); |
| 128 BOOL inherit_handle, | 143 if (!NT_SUCCESS(ret) || name == NULL) |
| 129 LPCWSTR name) { | 144 break; |
| 130 // Check if the process can open it first. | |
| 131 HANDLE handle = orig_OpenEvent(desired_access, inherit_handle, name); | |
| 132 if (handle || !name) | |
| 133 return handle; | |
| 134 | 145 |
| 135 DWORD original_error = ::GetLastError(); | 146 CrossCallReturn answer = {0}; |
| 147 ResultCode code = ProxyCreateEvent(name, initial_state, | |
| 148 event_type == NotificationEvent, | |
|
cpu_(ooo_6.6-7.5)
2013/10/22 01:27:41
this seems to map to 'manual reset' please check t
ananta
2013/10/22 05:57:10
Yes
| |
| 149 &answer); | |
| 150 operator delete(name, NT_ALLOC); | |
| 136 | 151 |
| 137 // We don't trust that the IPC can work this early. | 152 if (code != SBOX_ALL_OK) |
| 138 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | 153 break; |
| 139 return NULL; | |
| 140 | 154 |
| 141 CrossCallReturn answer = {0}; | 155 __try { |
| 156 *event_handle = answer.handle; | |
| 157 status = STATUS_SUCCESS; | |
| 158 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
| 159 break; | |
| 160 } | |
| 161 } while (false); | |
| 142 | 162 |
| 143 ResultCode code = ProxyOpenEvent(name, desired_access, inherit_handle, | 163 return status; |
| 144 &answer); | |
| 145 if (code == SBOX_ALL_OK) { | |
| 146 ::SetLastError(answer.win32_result); | |
| 147 return answer.handle; | |
| 148 } | |
| 149 ::SetLastError(original_error); | |
| 150 return NULL; | |
| 151 } | |
| 152 | |
| 153 HANDLE WINAPI TargetOpenEventA(OpenEventAFunction orig_OpenEvent, | |
| 154 ACCESS_MASK desired_access, | |
| 155 BOOL inherit_handle, | |
| 156 LPCSTR name) { | |
| 157 // Check if the process can open it first. | |
| 158 HANDLE handle = orig_OpenEvent(desired_access, inherit_handle, name); | |
| 159 if (handle || !name) | |
| 160 return handle; | |
| 161 | |
| 162 DWORD original_error = ::GetLastError(); | |
| 163 | |
| 164 // We don't trust that the IPC can work this early. | |
| 165 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) | |
| 166 return NULL; | |
| 167 | |
| 168 UNICODE_STRING* wide_name = AnsiToUnicode(name); | |
| 169 if (!wide_name) | |
| 170 return NULL; | |
| 171 | |
| 172 CrossCallReturn answer = {0}; | |
| 173 ResultCode code = ProxyOpenEvent(wide_name->Buffer, desired_access, | |
| 174 inherit_handle, &answer); | |
| 175 operator delete(wide_name, NT_ALLOC); | |
| 176 | |
| 177 if (code == SBOX_ALL_OK) { | |
| 178 ::SetLastError(answer.win32_result); | |
| 179 return answer.handle; | |
| 180 } | |
| 181 ::SetLastError(original_error); | |
| 182 return NULL; | |
| 183 } | 164 } |
| 184 | 165 |
| 185 } // namespace sandbox | 166 } // namespace sandbox |
| OLD | NEW |
