Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/sync_interception.cc

Issue 31933005: Replace the CreateEvent/OpenEvent patches with their Nt counterparts like NtOpenEvent and NtCreateE… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« sandbox/win/src/sync_interception.h ('K') | « sandbox/win/src/sync_interception.h ('k') | sandbox/win/src/sync_policy.cc » ('j') | sandbox/win/src/sync_policy.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/sync_interception.h" 5 #include "sandbox/win/src/sync_interception.h"
6 6
7 #include "sandbox/win/src/crosscall_client.h" 7 #include "sandbox/win/src/crosscall_client.h"
8 #include "sandbox/win/src/ipc_tags.h" 8 #include "sandbox/win/src/ipc_tags.h"
9 #include "sandbox/win/src/policy_params.h" 9 #include "sandbox/win/src/policy_params.h"
10 #include "sandbox/win/src/policy_target.h" 10 #include "sandbox/win/src/policy_target.h"
11 #include "sandbox/win/src/sandbox_factory.h" 11 #include "sandbox/win/src/sandbox_factory.h"
12 #include "sandbox/win/src/sandbox_nt_util.h" 12 #include "sandbox/win/src/sandbox_nt_util.h"
13 #include "sandbox/win/src/sharedmem_ipc_client.h" 13 #include "sandbox/win/src/sharedmem_ipc_client.h"
14 #include "sandbox/win/src/target_services.h" 14 #include "sandbox/win/src/target_services.h"
15 15
16 namespace sandbox { 16 namespace sandbox {
17 17
18 ResultCode ProxyCreateEvent(LPCWSTR name, 18 ResultCode ProxyCreateEvent(LPCWSTR name,
19 BOOL initial_state, 19 BOOL initial_state,
20 BOOL manual_reset, 20 BOOL manual_reset,
21 CrossCallReturn* answer) { 21 CrossCallReturn* answer) {
22 void* memory = GetGlobalIPCMemory(); 22 void* memory = GetGlobalIPCMemory();
rvargas (doing something else) 2013/10/23 01:36:57 nit: pass the pointer from the caller?
ananta 2013/10/23 06:20:18 Done.
23 if (!memory) 23 if (!memory)
24 return SBOX_ERROR_GENERIC; 24 return SBOX_ERROR_GENERIC;
25 25
26 CountedParameterSet<NameBased> params; 26 CountedParameterSet<NameBased> params;
27 params[NameBased::NAME] = ParamPickerMake(name); 27 params[NameBased::NAME] = ParamPickerMake(name);
28 28
29 if (!QueryBroker(IPC_CREATEEVENT_TAG, params.GetBase())) 29 if (!QueryBroker(IPC_CREATEEVENT_TAG, params.GetBase()))
30 return SBOX_ERROR_GENERIC; 30 return SBOX_ERROR_GENERIC;
31 31
32 SharedMemIPCClient ipc(memory); 32 SharedMemIPCClient ipc(memory);
33 ResultCode code = CrossCall(ipc, IPC_CREATEEVENT_TAG, name, manual_reset, 33 ResultCode code = CrossCall(ipc, IPC_CREATEEVENT_TAG, name, manual_reset,
rvargas (doing something else) 2013/10/23 01:36:57 We should modify the IPC definition to use an int
ananta 2013/10/23 06:20:18 Done.
34 initial_state, answer); 34 initial_state, answer);
35 return code; 35 return code;
36 } 36 }
37 37
38 ResultCode ProxyOpenEvent(LPCWSTR name, 38 ResultCode ProxyOpenEvent(LPCWSTR name,
39 ACCESS_MASK desired_access, 39 ACCESS_MASK desired_access,
40 BOOL inherit_handle, 40 BOOL inherit_handle,
rvargas (doing something else) 2013/10/23 01:36:57 remove the argument
ananta 2013/10/23 06:20:18 Done.
41 CrossCallReturn* answer) { 41 CrossCallReturn* answer) {
42 void* memory = GetGlobalIPCMemory(); 42 void* memory = GetGlobalIPCMemory();
43 if (!memory) 43 if (!memory)
44 return SBOX_ERROR_GENERIC; 44 return SBOX_ERROR_GENERIC;
45 45
46 uint32 inherit_handle_ipc = inherit_handle; 46 uint32 inherit_handle_ipc = inherit_handle;
47 CountedParameterSet<OpenEventParams> params; 47 CountedParameterSet<OpenEventParams> params;
48 params[OpenEventParams::NAME] = ParamPickerMake(name); 48 params[OpenEventParams::NAME] = ParamPickerMake(name);
49 params[OpenEventParams::ACCESS] = ParamPickerMake(desired_access); 49 params[OpenEventParams::ACCESS] = ParamPickerMake(desired_access);
50 50
51 if (!QueryBroker(IPC_OPENEVENT_TAG, params.GetBase())) 51 if (!QueryBroker(IPC_OPENEVENT_TAG, params.GetBase()))
52 return SBOX_ERROR_GENERIC; 52 return SBOX_ERROR_GENERIC;
53 53
54 SharedMemIPCClient ipc(memory); 54 SharedMemIPCClient ipc(memory);
55 ResultCode code = CrossCall(ipc, IPC_OPENEVENT_TAG, name, desired_access, 55 ResultCode code = CrossCall(ipc, IPC_OPENEVENT_TAG, name, desired_access,
56 inherit_handle_ipc, answer); 56 inherit_handle_ipc, answer);
57 57
58 return code; 58 return code;
59 } 59 }
60 60
61 HANDLE WINAPI TargetCreateEventW(CreateEventWFunction orig_CreateEvent, 61 NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent,
rvargas (doing something else) 2013/10/23 01:36:57 nit: follow the declaration order
ananta 2013/10/23 06:20:18 Done.
62 LPSECURITY_ATTRIBUTES security_attributes, 62 PHANDLE event_handle,
63 BOOL manual_reset, 63 DWORD desired_access,
64 BOOL initial_state, 64 POBJECT_ATTRIBUTES object_attributes) {
65 LPCWSTR name) { 65 NTSTATUS status = orig_OpenEvent(event_handle, desired_access,
66 // Check if the process can create it first. 66 object_attributes);
67 HANDLE handle = orig_CreateEvent(security_attributes, manual_reset, 67 if (status != STATUS_ACCESS_DENIED || !object_attributes)
68 initial_state, name); 68 return status;
69 if (handle || !name)
70 return handle;
71
72 DWORD original_error = ::GetLastError();
73 69
74 // We don't trust that the IPC can work this early. 70 // We don't trust that the IPC can work this early.
75 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) 71 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
76 return NULL; 72 return status;
77 73
78 CrossCallReturn answer = {0}; 74 do {
79 ResultCode code = ProxyCreateEvent(name, initial_state, manual_reset, 75 if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE))
80 &answer); 76 break;
81 77
82 if (code == SBOX_ALL_OK) { 78 void* memory = GetGlobalIPCMemory();
83 ::SetLastError(answer.win32_result); 79 if (memory == NULL)
84 return answer.handle; 80 break;
85 } 81
86 ::SetLastError(original_error); 82 OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes;
87 return NULL; 83 // The RootDirectory points to BaseNamedObjects. We can ignore it.
84 object_attribs_copy.RootDirectory = NULL;
85
86 wchar_t* name = NULL;
87 uint32 attributes = 0;
88 NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes,
89 NULL);
90 if (!NT_SUCCESS(ret) || name == NULL)
91 break;
92
93 CrossCallReturn answer = {0};
94 ResultCode code = ProxyOpenEvent(name, desired_access, FALSE, &answer);
95 operator delete(name, NT_ALLOC);
96
97 if (code != SBOX_ALL_OK) {
98 status = answer.nt_status;
99 break;
100 }
101
102 __try {
103 *event_handle = answer.handle;
104 status = STATUS_SUCCESS;
105 } __except(EXCEPTION_EXECUTE_HANDLER) {
106 break;
107 }
108 } while (false);
109
110 return status;
88 } 111 }
89 112
90 HANDLE WINAPI TargetCreateEventA(CreateEventAFunction orig_CreateEvent, 113 NTSTATUS WINAPI TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent,
91 LPSECURITY_ATTRIBUTES security_attributes, 114 PHANDLE event_handle,
92 BOOL manual_reset, 115 ACCESS_MASK desired_access,
93 BOOL initial_state, 116 POBJECT_ATTRIBUTES object_attributes,
94 LPCSTR name) { 117 EVENT_TYPE event_type,
95 // Check if the process can create it first. 118 BOOLEAN initial_state) {
96 HANDLE handle = orig_CreateEvent(security_attributes, manual_reset, 119 NTSTATUS status = orig_CreateEvent(event_handle, desired_access,
97 initial_state, name); 120 object_attributes, event_type,
98 if (handle || !name) 121 initial_state);
99 return handle; 122 if (status != STATUS_ACCESS_DENIED || !object_attributes)
100 123 return status;
101 DWORD original_error = ::GetLastError();
102 124
103 // We don't trust that the IPC can work this early. 125 // We don't trust that the IPC can work this early.
104 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) 126 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
105 return NULL; 127 return status;
106 128
107 UNICODE_STRING* wide_name = AnsiToUnicode(name); 129 do {
108 if (!wide_name) 130 if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE))
109 return NULL; 131 break;
110 132
111 CrossCallReturn answer = {0}; 133 void* memory = GetGlobalIPCMemory();
112 ResultCode code = ProxyCreateEvent(wide_name->Buffer, initial_state, 134 if (memory == NULL)
113 manual_reset, &answer); 135 break;
114 operator delete(wide_name, NT_ALLOC);
115 136
116 if (code == SBOX_ALL_OK) { 137 OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes;
117 ::SetLastError(answer.win32_result); 138 // The RootDirectory points to BaseNamedObjects. We can ignore it.
118 return answer.handle; 139 object_attribs_copy.RootDirectory = NULL;
119 }
120 ::SetLastError(original_error);
121 return NULL;
122 }
123 140
124 // Interception of OpenEventW on the child process. 141 wchar_t* name = NULL;
125 // It should never be called directly 142 uint32 attributes = 0;
126 HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent, 143 NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes,
127 ACCESS_MASK desired_access, 144 NULL);
128 BOOL inherit_handle, 145 if (!NT_SUCCESS(ret) || name == NULL)
129 LPCWSTR name) { 146 break;
130 // Check if the process can open it first.
131 HANDLE handle = orig_OpenEvent(desired_access, inherit_handle, name);
132 if (handle || !name)
133 return handle;
134 147
135 DWORD original_error = ::GetLastError(); 148 CrossCallReturn answer = {0};
149 ResultCode code = ProxyCreateEvent(name, initial_state,
150 event_type == NotificationEvent,
151 &answer);
152 operator delete(name, NT_ALLOC);
136 153
137 // We don't trust that the IPC can work this early. 154 if (code != SBOX_ALL_OK) {
138 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) 155 status = answer.nt_status;
139 return NULL; 156 break;
157 }
158 __try {
159 *event_handle = answer.handle;
160 status = STATUS_SUCCESS;
161 } __except(EXCEPTION_EXECUTE_HANDLER) {
162 break;
163 }
164 } while (false);
140 165
141 CrossCallReturn answer = {0}; 166 return status;
142
143 ResultCode code = ProxyOpenEvent(name, desired_access, inherit_handle,
144 &answer);
145 if (code == SBOX_ALL_OK) {
146 ::SetLastError(answer.win32_result);
147 return answer.handle;
148 }
149 ::SetLastError(original_error);
150 return NULL;
151 }
152
153 HANDLE WINAPI TargetOpenEventA(OpenEventAFunction orig_OpenEvent,
154 ACCESS_MASK desired_access,
155 BOOL inherit_handle,
156 LPCSTR name) {
157 // Check if the process can open it first.
158 HANDLE handle = orig_OpenEvent(desired_access, inherit_handle, name);
159 if (handle || !name)
160 return handle;
161
162 DWORD original_error = ::GetLastError();
163
164 // We don't trust that the IPC can work this early.
165 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
166 return NULL;
167
168 UNICODE_STRING* wide_name = AnsiToUnicode(name);
169 if (!wide_name)
170 return NULL;
171
172 CrossCallReturn answer = {0};
173 ResultCode code = ProxyOpenEvent(wide_name->Buffer, desired_access,
174 inherit_handle, &answer);
175 operator delete(wide_name, NT_ALLOC);
176
177 if (code == SBOX_ALL_OK) {
178 ::SetLastError(answer.win32_result);
179 return answer.handle;
180 }
181 ::SetLastError(original_error);
182 return NULL;
183 } 167 }
184 168
185 } // namespace sandbox 169 } // namespace sandbox
OLDNEW
« sandbox/win/src/sync_interception.h ('K') | « sandbox/win/src/sync_interception.h ('k') | sandbox/win/src/sync_policy.cc » ('j') | sandbox/win/src/sync_policy.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698