Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(523)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/registry_interception.cc

Issue 700373005: Check within target process for policy match on registry intercepts (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: nits. fix dcheck Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | sandbox/win/src/sandbox_nt_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/registry_interception.h" 5 #include "sandbox/win/src/registry_interception.h"
6 6
7 #include "sandbox/win/src/crosscall_client.h" 7 #include "sandbox/win/src/crosscall_client.h"
8 #include "sandbox/win/src/ipc_tags.h" 8 #include "sandbox/win/src/ipc_tags.h"
9 #include "sandbox/win/src/policy_params.h"
10 #include "sandbox/win/src/policy_target.h"
9 #include "sandbox/win/src/sandbox_factory.h" 11 #include "sandbox/win/src/sandbox_factory.h"
10 #include "sandbox/win/src/sandbox_nt_util.h" 12 #include "sandbox/win/src/sandbox_nt_util.h"
11 #include "sandbox/win/src/sharedmem_ipc_client.h" 13 #include "sandbox/win/src/sharedmem_ipc_client.h"
12 #include "sandbox/win/src/target_services.h" 14 #include "sandbox/win/src/target_services.h"
13 15
14 namespace sandbox { 16 namespace sandbox {
15 17
16 NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey, 18 NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
17 PHANDLE key, ACCESS_MASK desired_access, 19 PHANDLE key, ACCESS_MASK desired_access,
18 POBJECT_ATTRIBUTES object_attributes, 20 POBJECT_ATTRIBUTES object_attributes,
(...skipping 30 matching lines...) Expand all
49 break; 51 break;
50 52
51 wchar_t* name; 53 wchar_t* name;
52 uint32 attributes = 0; 54 uint32 attributes = 0;
53 HANDLE root_directory = 0; 55 HANDLE root_directory = 0;
54 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, 56 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,
55 &root_directory); 57 &root_directory);
56 if (!NT_SUCCESS(ret) || NULL == name) 58 if (!NT_SUCCESS(ret) || NULL == name)
57 break; 59 break;
58 60
61 uint32 desired_access_uint32 = desired_access;
62 CountedParameterSet<OpenKey> params;
63 params[OpenKey::ACCESS] = ParamPickerMake(desired_access_uint32);
64
65 wchar_t* full_name = NULL;
66
67 if (root_directory) {
68 ret = sandbox::AllocAndGetFullPath(root_directory, name, &full_name);
69 if (!NT_SUCCESS(ret) || NULL == full_name)
70 break;
71 params[OpenKey::NAME] = ParamPickerMake(full_name);
72 } else {
73 params[OpenKey::NAME] = ParamPickerMake(name);
74 }
75
76 bool query_broker = QueryBroker(IPC_NTCREATEKEY_TAG, params.GetBase());
77
78 if (full_name != NULL)
79 operator delete(full_name, NT_ALLOC);
80
81 if (!query_broker)
82 break;
83
59 SharedMemIPCClient ipc(memory); 84 SharedMemIPCClient ipc(memory);
60 CrossCallReturn answer = {0}; 85 CrossCallReturn answer = {0};
61 86
62 ResultCode code = CrossCall(ipc, IPC_NTCREATEKEY_TAG, name, attributes, 87 ResultCode code = CrossCall(ipc, IPC_NTCREATEKEY_TAG, name, attributes,
63 root_directory, desired_access, title_index, 88 root_directory, desired_access, title_index,
64 create_options, &answer); 89 create_options, &answer);
65 90
66 operator delete(name, NT_ALLOC); 91 operator delete(name, NT_ALLOC);
67 92
68 if (SBOX_ALL_OK != code) 93 if (SBOX_ALL_OK != code)
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 break; 133 break;
109 134
110 wchar_t* name; 135 wchar_t* name;
111 uint32 attributes; 136 uint32 attributes;
112 HANDLE root_directory; 137 HANDLE root_directory;
113 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes, 138 NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,
114 &root_directory); 139 &root_directory);
115 if (!NT_SUCCESS(ret) || NULL == name) 140 if (!NT_SUCCESS(ret) || NULL == name)
116 break; 141 break;
117 142
143 uint32 desired_access_uint32 = desired_access;
144 CountedParameterSet<OpenKey> params;
145 params[OpenKey::ACCESS] = ParamPickerMake(desired_access_uint32);
146
147 wchar_t* full_name = NULL;
148
149 if (root_directory) {
150 ret = sandbox::AllocAndGetFullPath(root_directory, name, &full_name);
151 if (!NT_SUCCESS(ret) || NULL == full_name)
152 break;
153 params[OpenKey::NAME] = ParamPickerMake(full_name);
154 } else {
155 params[OpenKey::NAME] = ParamPickerMake(name);
156 }
157
158 bool query_broker = QueryBroker(IPC_NTOPENKEY_TAG, params.GetBase());
159
160 if (full_name != NULL)
161 operator delete(full_name, NT_ALLOC);
162
163 if (!query_broker)
164 break;
165
118 SharedMemIPCClient ipc(memory); 166 SharedMemIPCClient ipc(memory);
119 CrossCallReturn answer = {0}; 167 CrossCallReturn answer = {0};
120 ResultCode code = CrossCall(ipc, IPC_NTOPENKEY_TAG, name, attributes, 168 ResultCode code = CrossCall(ipc, IPC_NTOPENKEY_TAG, name, attributes,
121 root_directory, desired_access, &answer); 169 root_directory, desired_access, &answer);
122 170
123 operator delete(name, NT_ALLOC); 171 operator delete(name, NT_ALLOC);
124 172
125 if (SBOX_ALL_OK != code) 173 if (SBOX_ALL_OK != code)
126 break; 174 break;
127 175
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
167 // We do not support open_options at this time. The 2 current known values 215 // We do not support open_options at this time. The 2 current known values
168 // are REG_OPTION_CREATE_LINK, to open a symbolic link, and 216 // are REG_OPTION_CREATE_LINK, to open a symbolic link, and
169 // REG_OPTION_BACKUP_RESTORE to open the key with special privileges. 217 // REG_OPTION_BACKUP_RESTORE to open the key with special privileges.
170 if (NT_SUCCESS(status) || open_options != 0) 218 if (NT_SUCCESS(status) || open_options != 0)
171 return status; 219 return status;
172 220
173 return CommonNtOpenKey(status, key, desired_access, object_attributes); 221 return CommonNtOpenKey(status, key, desired_access, object_attributes);
174 } 222 }
175 223
176 } // namespace sandbox 224 } // namespace sandbox
OLDNEW
« no previous file with comments | « no previous file | sandbox/win/src/sandbox_nt_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698