OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <map> | 5 #include <map> |
6 | 6 |
7 #include "sandbox/win/src/policy_broker.h" | 7 #include "sandbox/win/src/policy_broker.h" |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/win/pe_image.h" | 10 #include "base/win/pe_image.h" |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
80 for (size_t i = 0; i < sizeof(g_nt)/sizeof(void*); i++) | 80 for (size_t i = 0; i < sizeof(g_nt)/sizeof(void*); i++) |
81 DCHECK(reinterpret_cast<char**>(&g_nt)[i]); | 81 DCHECK(reinterpret_cast<char**>(&g_nt)[i]); |
82 #endif | 82 #endif |
83 return (SBOX_ALL_OK == child->TransferVariable("g_nt", &g_nt, sizeof(g_nt))); | 83 return (SBOX_ALL_OK == child->TransferVariable("g_nt", &g_nt, sizeof(g_nt))); |
84 } | 84 } |
85 | 85 |
86 #undef INIT_GLOBAL_NT | 86 #undef INIT_GLOBAL_NT |
87 #undef INIT_GLOBAL_RTL | 87 #undef INIT_GLOBAL_RTL |
88 | 88 |
89 bool SetupBasicInterceptions(InterceptionManager* manager) { | 89 bool SetupBasicInterceptions(InterceptionManager* manager) { |
90 // Interceptions provided by process_thread_policy, without actual policy. | 90 // Interceptions provided by process_thread_policy, without actual policy. |
rvargas (doing something else)
2015/02/27 20:16:34
What's the change here? The first three intercepti
rvargas (doing something else)
2015/02/28 01:10:05
Looks like you missed these comments.
Shrikant Kelkar
2015/02/28 01:55:41
Done.
| |
91 if (!INTERCEPT_NT(manager, NtOpenThread, OPEN_TREAD_ID, 20) || | 91 if (!INTERCEPT_NT(manager, NtOpenThread, OPEN_TREAD_ID, 20) || |
92 !INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20) || | 92 !INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20)) |
rvargas (doing something else)
2015/02/27 20:16:34
Nit: this requires {} (and below)
| |
93 !INTERCEPT_NT(manager, NtOpenProcessToken, OPEN_PROCESS_TOKEN_ID, 16)) | |
94 return false; | 93 return false; |
95 | 94 |
96 // Interceptions with neither policy nor IPC. | 95 if(!INTERCEPT_NT(manager, NtOpenProcessToken, OPEN_PROCESS_TOKEN_ID, 16) || |
96 !INTERCEPT_NT(manager, NtOpenThreadToken, OPEN_THREAD_TOKEN_ID, 20)) | |
97 return false; | |
98 | |
97 if (!INTERCEPT_NT(manager, NtSetInformationThread, SET_INFORMATION_THREAD_ID, | 99 if (!INTERCEPT_NT(manager, NtSetInformationThread, SET_INFORMATION_THREAD_ID, |
98 20) || | 100 20)) |
99 !INTERCEPT_NT(manager, NtOpenThreadToken, OPEN_THREAD_TOKEN_ID, 20)) | |
100 return false; | 101 return false; |
101 | 102 |
102 if (base::win::GetVersion() >= base::win::VERSION_XP) { | 103 if (base::win::GetVersion() >= base::win::VERSION_XP) { |
103 // Bug 27218: We don't have dispatch for some x64 syscalls. | 104 // Bug 27218: We don't have dispatch for some x64 syscalls. |
104 // This one is also provided by process_thread_policy. | 105 // This one is also provided by process_thread_policy. |
105 if (!INTERCEPT_NT(manager, NtOpenProcessTokenEx, OPEN_PROCESS_TOKEN_EX_ID, | 106 if (!INTERCEPT_NT(manager, NtOpenProcessTokenEx, OPEN_PROCESS_TOKEN_EX_ID, |
106 20)) | 107 20)) |
107 return false; | 108 return false; |
108 | 109 |
109 return INTERCEPT_NT(manager, NtOpenThreadTokenEx, OPEN_THREAD_TOKEN_EX_ID, | 110 return INTERCEPT_NT(manager, NtOpenThreadTokenEx, OPEN_THREAD_TOKEN_EX_ID, |
110 24); | 111 24); |
111 } | 112 } |
112 | 113 |
113 return true; | 114 return true; |
114 } | 115 } |
115 | 116 |
116 } // namespace sandbox | 117 } // namespace sandbox |
OLD | NEW |