Check within target process for policy match on registry intercepts

sandbox/win/src/sandbox_nt_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/sandbox_nt_util.h"
 
 #include "base/win/pe_image.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/target_services.h"
 
@@ skipping 197 matching lines @@
 NTSTATUS CopyData(void* destination, const void* source, size_t bytes) {
   NTSTATUS ret = STATUS_SUCCESS;
   __try {
     g_nt.memcpy(destination, source, bytes);
   } __except(EXCEPTION_EXECUTE_HANDLER) {
     ret = GetExceptionCode();
   }
   return ret;
 }
 
+NTSTATUS AllocAndGetFullPath(HANDLE root,
+                             wchar_t* path,
+                             wchar_t** full_path) {
+  if (!InitHeap())
+    return STATUS_NO_MEMORY;
+
+  DCHECK_NT(full_path);
+  DCHECK_NT(path);
+  *full_path = NULL;
+  OBJECT_NAME_INFORMATION* handle_name = NULL;
+  NTSTATUS ret = STATUS_UNSUCCESSFUL;
+  __try {
+    do {
+      static NtQueryObjectFunction NtQueryObject = NULL;
+      if (!NtQueryObject)
+        ResolveNTFunctionPtr("NtQueryObject", &NtQueryObject);
+
+      ULONG size = 0;
+      // Query the name information a first time to get the size of the name.
+      ret = NtQueryObject(root, ObjectNameInformation, NULL, 0, &size);
+
+      if (size) {
+        handle_name = reinterpret_cast<OBJECT_NAME_INFORMATION*>(
+            new(NT_ALLOC) BYTE[size]);
+
+        // Query the name information a second time to get the name of the
+        // object referenced by the handle.
+        ret = NtQueryObject(root, ObjectNameInformation, handle_name, size,
+                            &size);
+      }
+
+      if (STATUS_SUCCESS != ret)
+        break;
+
+      // Space for path + '\' + name + '\0'.
+      size_t name_length = handle_name->ObjectName.Length +
+                           (wcslen(path) + 2) * sizeof(wchar_t);
+      *full_path = new(NT_ALLOC) wchar_t[name_length/sizeof(wchar_t)];
+      if (NULL == *full_path)
+        break;
+      wchar_t* off = *full_path;
+      ret = CopyData(off, handle_name->ObjectName.Buffer,
+                     handle_name->ObjectName.Length);
+      if (!NT_SUCCESS(ret))
+        break;
+      off += handle_name->ObjectName.Length / sizeof(wchar_t);
+      *off = L'\\';
+      off += 1;
+      ret = CopyData(off, path, wcslen(path) * sizeof(wchar_t));
+      if (!NT_SUCCESS(ret))
+        break;
+      off += wcslen(path);
+      *off = L'\0';
+    } while (false);
+  } __except(EXCEPTION_EXECUTE_HANDLER) {
+    ret = GetExceptionCode();
+  }
+
+  if (!NT_SUCCESS(ret)) {
+    if (*full_path) {
+      operator delete(*full_path, NT_ALLOC);
+      *full_path = NULL;
+    }
+    if (handle_name) {
+      operator delete(handle_name, NT_ALLOC);
+      handle_name = NULL;
+    }
+  }
+
+  return ret;
+}
+
 // Hacky code... replace with AllocAndCopyObjectAttributes.
 NTSTATUS AllocAndCopyName(const OBJECT_ATTRIBUTES* in_object,
                           wchar_t** out_name, uint32* attributes,
                           HANDLE* root) {
   if (!InitHeap())
     return STATUS_NO_MEMORY;
 
   DCHECK_NT(out_name);
   *out_name = NULL;
   NTSTATUS ret = STATUS_UNSUCCESSFUL;
@@ skipping 370 matching lines @@
   UNREFERENCED_PARAMETER(type);
   return buffer;
 }
 
 void __cdecl operator delete(void* memory, void* buffer,
                              sandbox::AllocationType type) {
   UNREFERENCED_PARAMETER(memory);
   UNREFERENCED_PARAMETER(buffer);
   UNREFERENCED_PARAMETER(type);
 }