Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(63)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/src/process_thread_interception.cc

Issue 7552014: Don't switch to RtlCreateUserThread until after lockdown. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/src/process_thread_interception.h" 5 #include "sandbox/src/process_thread_interception.h"
6 6
7 #include "sandbox/src/crosscall_client.h" 7 #include "sandbox/src/crosscall_client.h"
8 #include "sandbox/src/ipc_tags.h" 8 #include "sandbox/src/ipc_tags.h"
9 #include "sandbox/src/policy_params.h" 9 #include "sandbox/src/policy_params.h"
10 #include "sandbox/src/policy_target.h" 10 #include "sandbox/src/policy_target.h"
(...skipping 389 matching lines...) Expand 10 before | Expand all | Expand 10 after
400 400
401 // Creates a thread without registering with CSRSS. This is required if we 401 // Creates a thread without registering with CSRSS. This is required if we
402 // closed the CSRSS ALPC port after lockdown. 402 // closed the CSRSS ALPC port after lockdown.
403 HANDLE WINAPI TargetCreateThread(CreateThreadFunction orig_CreateThread, 403 HANDLE WINAPI TargetCreateThread(CreateThreadFunction orig_CreateThread,
404 LPSECURITY_ATTRIBUTES thread_attributes, 404 LPSECURITY_ATTRIBUTES thread_attributes,
405 SIZE_T stack_size, 405 SIZE_T stack_size,
406 LPTHREAD_START_ROUTINE start_address, 406 LPTHREAD_START_ROUTINE start_address,
407 PVOID parameter, 407 PVOID parameter,
408 DWORD creation_flags, 408 DWORD creation_flags,
409 LPDWORD thread_id) { 409 LPDWORD thread_id) {
410 // Try the normal CreateThread; switch to RtlCreateUserThread if needed.
411 static bool use_create_thread = true;
410 HANDLE thread; 412 HANDLE thread;
413 if (use_create_thread) {
414 thread = orig_CreateThread(thread_attributes, stack_size, start_address,
415 parameter, creation_flags, thread_id);
416 if (thread)
417 return thread;
418 }
419
411 PSECURITY_DESCRIPTOR sd = 420 PSECURITY_DESCRIPTOR sd =
412 thread_attributes ? thread_attributes->lpSecurityDescriptor : NULL; 421 thread_attributes ? thread_attributes->lpSecurityDescriptor : NULL;
413 CLIENT_ID client_id; 422 CLIENT_ID client_id;
414 423
415 NTSTATUS result = g_nt.RtlCreateUserThread(NtCurrentProcess, sd, 424 NTSTATUS result = g_nt.RtlCreateUserThread(NtCurrentProcess, sd,
416 creation_flags & CREATE_SUSPENDED, 425 creation_flags & CREATE_SUSPENDED,
417 0, stack_size, 0, start_address, 426 0, stack_size, 0, start_address,
418 parameter, &thread, &client_id); 427 parameter, &thread, &client_id);
419 if (!NT_SUCCESS(result)) 428 if (!NT_SUCCESS(result))
420 return 0; 429 return 0;
421 430
431 // CSRSS is closed if we got here, so use RtlCreateUserThread from here on.
432 use_create_thread = false;
422 if (thread_id) 433 if (thread_id)
423 *thread_id = HandleToUlong(client_id.UniqueThread); 434 *thread_id = HandleToUlong(client_id.UniqueThread);
424 return thread; 435 return thread;
425 } 436 }
426 437
427 // Cache the default LCID to avoid pinging CSRSS after lockdown. 438 // Cache the default LCID to avoid pinging CSRSS after lockdown.
428 // TODO(jschuh): This approach will miss a default locale changes after 439 // TODO(jschuh): This approach will miss a default locale changes after
429 // lockdown. In the future we may want to have the broker check instead. 440 // lockdown. In the future we may want to have the broker check instead.
430 LCID WINAPI TargetGetUserDefaultLCID( 441 LCID WINAPI TargetGetUserDefaultLCID(
431 GetUserDefaultLCIDFunction orig_GetUserDefaultLCID) { 442 GetUserDefaultLCIDFunction orig_GetUserDefaultLCID) {
432 static LCID default_lcid = orig_GetUserDefaultLCID(); 443 static LCID default_lcid = orig_GetUserDefaultLCID();
433 return default_lcid; 444 return default_lcid;
434 } 445 }
435 446
436 } // namespace sandbox 447 } // namespace sandbox
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698