Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(401)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/sync_interception.cc

Issue 31933005: Replace the CreateEvent/OpenEvent patches with their Nt counterparts like NtOpenEvent and NtCreateE… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/sync_interception.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/sync_interception.cc
===================================================================
--- sandbox/win/src/sync_interception.cc (revision 229443)
+++ sandbox/win/src/sync_interception.cc (working copy)
@@ -58,128 +58,109 @@
return code;
}
-HANDLE WINAPI TargetCreateEventW(CreateEventWFunction orig_CreateEvent,
- LPSECURITY_ATTRIBUTES security_attributes,
- BOOL manual_reset,
- BOOL initial_state,
- LPCWSTR name) {
- // Check if the process can create it first.
- HANDLE handle = orig_CreateEvent(security_attributes, manual_reset,
- initial_state, name);
- if (handle || !name)
- return handle;
+NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent,
+ PHANDLE event_handle,
+ DWORD desired_access,
+ POBJECT_ATTRIBUTES object_attributes) {
+ NTSTATUS status = orig_OpenEvent(event_handle, desired_access,
+ object_attributes);
+ if (status != STATUS_ACCESS_DENIED || !object_attributes)
+ return status;
- DWORD original_error = ::GetLastError();
-
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
- return NULL;
+ return status;
- CrossCallReturn answer = {0};
- ResultCode code = ProxyCreateEvent(name, initial_state, manual_reset,
- &answer);
+ do {
+ if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE))
+ break;
- if (code == SBOX_ALL_OK) {
- ::SetLastError(answer.win32_result);
- return answer.handle;
- }
- ::SetLastError(original_error);
- return NULL;
-}
+ void* memory = GetGlobalIPCMemory();
+ if (memory == NULL)
+ break;
-HANDLE WINAPI TargetCreateEventA(CreateEventAFunction orig_CreateEvent,
- LPSECURITY_ATTRIBUTES security_attributes,
- BOOL manual_reset,
- BOOL initial_state,
- LPCSTR name) {
- // Check if the process can create it first.
- HANDLE handle = orig_CreateEvent(security_attributes, manual_reset,
- initial_state, name);
- if (handle || !name)
- return handle;
+ OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes;
+ // The RootDirectory points to BaseNamedObjects. We can ignore it.
+ object_attribs_copy.RootDirectory = NULL;
- DWORD original_error = ::GetLastError();
+ wchar_t* name = NULL;
+ uint32 attributes = 0;
+ NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes,
+ NULL);
+ if (!NT_SUCCESS(ret) || name == NULL)
+ break;
- // We don't trust that the IPC can work this early.
- if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
- return NULL;
+ CrossCallReturn answer = {0};
+ ResultCode code = ProxyOpenEvent(name, desired_access, FALSE, &answer);
+ operator delete(name, NT_ALLOC);
- UNICODE_STRING* wide_name = AnsiToUnicode(name);
- if (!wide_name)
- return NULL;
+ if (code != SBOX_ALL_OK)
+ break;
- CrossCallReturn answer = {0};
- ResultCode code = ProxyCreateEvent(wide_name->Buffer, initial_state,
- manual_reset, &answer);
- operator delete(wide_name, NT_ALLOC);
+ __try {
+ *event_handle = answer.handle;
+ status = STATUS_SUCCESS;
+ } __except(EXCEPTION_EXECUTE_HANDLER) {
+ break;
+ }
+ } while (false);
- if (code == SBOX_ALL_OK) {
- ::SetLastError(answer.win32_result);
- return answer.handle;
- }
- ::SetLastError(original_error);
- return NULL;
+ return status;
}
-// Interception of OpenEventW on the child process.
-// It should never be called directly
-HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent,
- ACCESS_MASK desired_access,
- BOOL inherit_handle,
- LPCWSTR name) {
- // Check if the process can open it first.
- HANDLE handle = orig_OpenEvent(desired_access, inherit_handle, name);
- if (handle || !name)
- return handle;
+NTSTATUS WINAPI TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent,
+ PHANDLE event_handle,
+ ACCESS_MASK desired_access,
+ POBJECT_ATTRIBUTES object_attributes,
+ EVENT_TYPE event_type,
+ BOOLEAN initial_state) {
+ NTSTATUS status = orig_CreateEvent(event_handle, desired_access,
+ object_attributes, event_type,
+ initial_state);
+ if (status != STATUS_ACCESS_DENIED || !object_attributes)
+ return status;
- DWORD original_error = ::GetLastError();
-
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
- return NULL;
+ return status;
- CrossCallReturn answer = {0};
+ do {
+ if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE))
+ break;
- ResultCode code = ProxyOpenEvent(name, desired_access, inherit_handle,
- &answer);
- if (code == SBOX_ALL_OK) {
- ::SetLastError(answer.win32_result);
- return answer.handle;
- }
- ::SetLastError(original_error);
- return NULL;
-}
+ void* memory = GetGlobalIPCMemory();
+ if (memory == NULL)
+ break;
-HANDLE WINAPI TargetOpenEventA(OpenEventAFunction orig_OpenEvent,
- ACCESS_MASK desired_access,
- BOOL inherit_handle,
- LPCSTR name) {
- // Check if the process can open it first.
- HANDLE handle = orig_OpenEvent(desired_access, inherit_handle, name);
- if (handle || !name)
- return handle;
+ OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes;
+ // The RootDirectory points to BaseNamedObjects. We can ignore it.
+ object_attribs_copy.RootDirectory = NULL;
- DWORD original_error = ::GetLastError();
+ wchar_t* name = NULL;
+ uint32 attributes = 0;
+ NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes,
+ NULL);
+ if (!NT_SUCCESS(ret) || name == NULL)
+ break;
- // We don't trust that the IPC can work this early.
- if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
- return NULL;
+ CrossCallReturn answer = {0};
+ ResultCode code = ProxyCreateEvent(name, initial_state,
+ event_type == NotificationEvent,
cpu_(ooo_6.6-7.5) 2013/10/22 01:27:41 this seems to map to 'manual reset' please check t
ananta 2013/10/22 05:57:10 Yes
+ &answer);
+ operator delete(name, NT_ALLOC);
- UNICODE_STRING* wide_name = AnsiToUnicode(name);
- if (!wide_name)
- return NULL;
+ if (code != SBOX_ALL_OK)
+ break;
- CrossCallReturn answer = {0};
- ResultCode code = ProxyOpenEvent(wide_name->Buffer, desired_access,
- inherit_handle, &answer);
- operator delete(wide_name, NT_ALLOC);
+ __try {
+ *event_handle = answer.handle;
+ status = STATUS_SUCCESS;
+ } __except(EXCEPTION_EXECUTE_HANDLER) {
+ break;
+ }
+ } while (false);
- if (code == SBOX_ALL_OK) {
- ::SetLastError(answer.win32_result);
- return answer.handle;
- }
- ::SetLastError(original_error);
- return NULL;
+ return status;
}
} // namespace sandbox
« no previous file with comments | « sandbox/win/src/sync_interception.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698