diff options
| author | caitkp <caitkp@chromium.org> | 2015-11-10 13:40:14 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-11-10 21:41:11 +0000 |
| commit | 77c15da03402ef36245c92d2a4e61da6f16ae396 (patch) | |
| tree | 5afcfb20c25596b3e844f7a0d1ff6d35c2fae10a /chrome_elf | |
| parent | e026f4038aeb0b33904241654375e1a2d1afd9cb (diff) | |
| download | chromium_src-77c15da03402ef36245c92d2a4e61da6f16ae396.zip chromium_src-77c15da03402ef36245c92d2a4e61da6f16ae396.tar.gz chromium_src-77c15da03402ef36245c92d2a4e61da6f16ae396.tar.bz2 | |
Remove CreateFile code from Chrome_Elf
R=robertshield@chromium.org
Review URL: https://codereview.chromium.org/1408403007
Cr-Commit-Position: refs/heads/master@{#358908}
Diffstat (limited to 'chrome_elf')
| -rw-r--r-- | chrome_elf/BUILD.gn | 37 | ||||
| -rw-r--r-- | chrome_elf/chrome_elf.def | 2 | ||||
| -rw-r--r-- | chrome_elf/chrome_elf.gyp | 54 | ||||
| -rw-r--r-- | chrome_elf/chrome_elf_constants.cc | 7 | ||||
| -rw-r--r-- | chrome_elf/chrome_elf_constants.h | 3 | ||||
| -rw-r--r-- | chrome_elf/chrome_elf_main.cc | 2 | ||||
| -rw-r--r-- | chrome_elf/chrome_elf_types.h | 13 | ||||
| -rw-r--r-- | chrome_elf/chrome_redirects.def | 9 | ||||
| -rw-r--r-- | chrome_elf/chrome_redirects_main.cc | 14 | ||||
| -rw-r--r-- | chrome_elf/create_file/chrome_create_file.cc | 330 | ||||
| -rw-r--r-- | chrome_elf/create_file/chrome_create_file.h | 41 | ||||
| -rw-r--r-- | chrome_elf/create_file/chrome_create_file_unittest.cc | 409 | ||||
| -rw-r--r-- | chrome_elf/ntdll_cache.cc | 89 | ||||
| -rw-r--r-- | chrome_elf/ntdll_cache.h | 21 | ||||
| -rw-r--r-- | chrome_elf/ntdll_cache_unittest.cc | 32 |
15 files changed, 0 insertions, 1063 deletions
diff --git a/chrome_elf/BUILD.gn b/chrome_elf/BUILD.gn index 1a1af75..50eca48 100644 --- a/chrome_elf/BUILD.gn +++ b/chrome_elf/BUILD.gn @@ -31,7 +31,6 @@ shared_library("chrome_elf") { ":blacklist", ":breakpad", ":chrome_elf_manifest", - ":lib", ":chrome_elf_resources", "//build/config/sanitizers:deps", ] @@ -47,20 +46,6 @@ shared_library("chrome_elf") { } } -source_set("lib") { - sources = [ - "create_file/chrome_create_file.cc", - "create_file/chrome_create_file.h", - "ntdll_cache.cc", - "ntdll_cache.h", - ] - deps = [ - ":common", - "//base:base_static", - "//sandbox", - ] -} - source_set("constants") { sources = [ "chrome_elf_constants.cc", @@ -94,25 +79,6 @@ source_set("breakpad") { ] } -if (is_component_build) { - shared_library("chrome_redirects") { - sources = [ - "chrome_redirects_main.cc", - ] - deps = [ - ":lib", - "//build/config/sanitizers:deps", - ] - configs += [ "//build/config/win:windowed" ] - ldflags = [ "/DEF:" + rebase_path("chrome_redirects.def") ] - - if (current_cpu == "x86") { - # Don't set an x64 base address (to avoid breaking HE-ASLR). - ldflags += [ "/BASE:0x01c20000" ] - } - } -} - source_set("dll_hash") { deps = [ "//base", @@ -156,15 +122,12 @@ test("chrome_elf_unittests") { sources = [ "blacklist/test/blacklist_test.cc", "chrome_elf_util_unittest.cc", - "create_file/chrome_create_file_unittest.cc", "elf_imports_unittest.cc", - "ntdll_cache_unittest.cc", ] include_dirs = [ "$target_gen_dir" ] deps = [ ":blacklist", ":blacklist_test_main_dll", - ":lib", "//base", "//base/test:run_all_unittests", "//base/test:test_support", diff --git a/chrome_elf/chrome_elf.def b/chrome_elf/chrome_elf.def index 07541e2..cbf3543 100644 --- a/chrome_elf/chrome_elf.def +++ b/chrome_elf/chrome_elf.def @@ -5,8 +5,6 @@ LIBRARY "chrome_elf.dll" EXPORTS - CreateFileW=CreateFileWRedirect - GetRedirectCount IsBlacklistInitialized SignalChromeElf SuccessfullyBlocked diff --git a/chrome_elf/chrome_elf.gyp b/chrome_elf/chrome_elf.gyp index 5b7998d..1532c17 100644 --- a/chrome_elf/chrome_elf.gyp +++ b/chrome_elf/chrome_elf.gyp @@ -42,7 +42,6 @@ 'dependencies': [ 'blacklist', 'chrome_elf_breakpad', - 'chrome_elf_lib', 'chrome_elf_resources', ], 'msvs_settings': { @@ -71,16 +70,13 @@ 'sources': [ 'blacklist/test/blacklist_test.cc', 'chrome_elf_util_unittest.cc', - 'create_file/chrome_create_file_unittest.cc', 'elf_imports_unittest.cc', - 'ntdll_cache_unittest.cc', ], 'include_dirs': [ '..', '<(SHARED_INTERMEDIATE_DIR)', ], 'dependencies': [ - 'chrome_elf_lib', '../base/base.gyp:base', '../base/base.gyp:run_all_unittests', '../base/base.gyp:test_support_base', @@ -106,24 +102,6 @@ ], }, { - 'target_name': 'chrome_elf_lib', - 'type': 'static_library', - 'include_dirs': [ - '..', - ], - 'sources': [ - 'create_file/chrome_create_file.cc', - 'create_file/chrome_create_file.h', - 'ntdll_cache.cc', - 'ntdll_cache.h', - ], - 'dependencies': [ - 'chrome_elf_common', - '../base/base.gyp:base_static', - '../sandbox/sandbox.gyp:sandbox', - ], - }, - { 'target_name': 'chrome_elf_constants', 'type': 'static_library', 'include_dirs': [ @@ -169,36 +147,4 @@ ], }, ], # targets - 'conditions': [ - ['component=="shared_library"', { - 'targets': [ - { - 'target_name': 'chrome_redirects', - 'type': 'shared_library', - 'include_dirs': [ - '..', - ], - 'sources': [ - 'chrome_redirects.def', - 'chrome_redirects_main.cc', - ], - 'dependencies': [ - 'chrome_elf_lib', - ], - 'msvs_settings': { - 'VCLinkerTool': { - 'conditions': [ - ['target_arch=="ia32"', { - # Don't set an x64 base address (to avoid breaking HE-ASLR). - 'BaseAddress': '0x01c20000', - }], - ], - # Set /SUBSYSTEM:WINDOWS. - 'SubSystem': '2', - }, - }, - }, - ], - }], - ], } diff --git a/chrome_elf/chrome_elf_constants.cc b/chrome_elf/chrome_elf_constants.cc index ffb9b9d..0300b53 100644 --- a/chrome_elf/chrome_elf_constants.cc +++ b/chrome_elf/chrome_elf_constants.cc @@ -12,14 +12,7 @@ #error Unknown branding #endif -#if defined(GOOGLE_CHROME_BUILD) -const wchar_t kAppDataDirName[] = L"Google\\Chrome"; -#else -const wchar_t kAppDataDirName[] = L"Chromium"; -#endif -const wchar_t kCanaryAppDataDirName[] = L"Google\\Chrome SxS"; const wchar_t kLocalStateFilename[] = L"Local State"; -const wchar_t kPreferencesFilename[] = L"Preferences"; const wchar_t kUserDataDirName[] = L"User Data"; namespace blacklist { diff --git a/chrome_elf/chrome_elf_constants.h b/chrome_elf/chrome_elf_constants.h index 92e44ca..bda7a50 100644 --- a/chrome_elf/chrome_elf_constants.h +++ b/chrome_elf/chrome_elf_constants.h @@ -10,10 +10,7 @@ #include <windows.h> // directory names -extern const wchar_t kAppDataDirName[]; -extern const wchar_t kCanaryAppDataDirName[]; extern const wchar_t kLocalStateFilename[]; -extern const wchar_t kPreferencesFilename[]; extern const wchar_t kUserDataDirName[]; namespace blacklist { diff --git a/chrome_elf/chrome_elf_main.cc b/chrome_elf/chrome_elf_main.cc index 52212cc..0cd740ac 100644 --- a/chrome_elf/chrome_elf_main.cc +++ b/chrome_elf/chrome_elf_main.cc @@ -9,7 +9,6 @@ #include "chrome_elf/blacklist/blacklist.h" #include "chrome_elf/breakpad.h" #include "chrome_elf/chrome_elf_util.h" -#include "chrome_elf/ntdll_cache.h" void SignalChromeElf() { blacklist::ResetBeacon(); @@ -21,7 +20,6 @@ BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved) { InitializeCrashReporting(); __try { - InitCache(); blacklist::Initialize(false); // Don't force, abort if beacon is present. } __except(GenerateCrashDump(GetExceptionInformation())) { } diff --git a/chrome_elf/chrome_elf_types.h b/chrome_elf/chrome_elf_types.h deleted file mode 100644 index 9cad485..0000000 --- a/chrome_elf/chrome_elf_types.h +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_ELF_CHROME_ELF_TYPES_H_ -#define CHROME_ELF_CHROME_ELF_TYPES_H_ - -#include <map> -#include <string> - -typedef std::map<std::string, void*> FunctionLookupTable; - -#endif // CHROME_ELF_CHROME_ELF_TYPES_H_ diff --git a/chrome_elf/chrome_redirects.def b/chrome_elf/chrome_redirects.def deleted file mode 100644 index 1238dc6..0000000 --- a/chrome_elf/chrome_redirects.def +++ /dev/null @@ -1,9 +0,0 @@ -; Copyright 2014 The Chromium Authors. All rights reserved. -; Use of this source code is governed by a BSD-style license that can be -; found in the LICENSE file. - -LIBRARY "chrome_redirects.dll" - -EXPORTS - CreateFileW=CreateFileWRedirect - GetRedirectCount diff --git a/chrome_elf/chrome_redirects_main.cc b/chrome_elf/chrome_redirects_main.cc deleted file mode 100644 index 960d07c..0000000 --- a/chrome_elf/chrome_redirects_main.cc +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <windows.h> - -#include "chrome_elf/ntdll_cache.h" - -BOOL APIENTRY DllMain(HMODULE module, DWORD reason, LPVOID reserved) { - if (reason == DLL_PROCESS_ATTACH) - InitCache(); - - return TRUE; -} diff --git a/chrome_elf/create_file/chrome_create_file.cc b/chrome_elf/create_file/chrome_create_file.cc deleted file mode 100644 index 2db6f8d..0000000 --- a/chrome_elf/create_file/chrome_create_file.cc +++ /dev/null @@ -1,330 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome_elf/create_file/chrome_create_file.h" - -#include <string> - -#include "base/strings/string16.h" -#include "chrome_elf/chrome_elf_constants.h" -#include "chrome_elf/chrome_elf_util.h" -#include "chrome_elf/ntdll_cache.h" -#include "sandbox/win/src/interception_internal.h" -#include "sandbox/win/src/nt_internals.h" - -namespace { - -// From ShlObj.h in the Windows SDK. -#define CSIDL_LOCAL_APPDATA 0x001c - -typedef BOOL (WINAPI *PathIsUNCFunction)( - IN LPCWSTR path); - -typedef BOOL (WINAPI *PathAppendFunction)( - IN LPWSTR path, - IN LPCWSTR more); - -typedef BOOL (WINAPI *PathIsPrefixFunction)( - IN LPCWSTR prefix, - IN LPCWSTR path); - -typedef LPCWSTR (WINAPI *PathFindFileName)( - IN LPCWSTR path); - -typedef HRESULT (WINAPI *SHGetFolderPathFunction)( - IN HWND hwnd_owner, - IN int folder, - IN HANDLE token, - IN DWORD flags, - OUT LPWSTR path); - -PathIsUNCFunction g_path_is_unc_func; -PathAppendFunction g_path_append_func; -PathIsPrefixFunction g_path_is_prefix_func; -PathFindFileName g_path_find_filename_func; -SHGetFolderPathFunction g_get_folder_func; - -// Record the number of calls we've redirected so far. -int g_redirect_count = 0; - -// Populates the g_*_func pointers to functions which will be used in -// ShouldBypass(). Chrome_elf cannot have a load-time dependency on shell32 or -// shlwapi as this would induce a load-time dependency on user32.dll. Instead, -// the addresses of the functions we need are retrieved the first time this -// method is called, and cached to avoid subsequent calls to GetProcAddress(). -// It is assumed that the host process will never unload these functions. -// Returns true if all the functions needed are present. -bool PopulateShellFunctions() { - // Early exit if functions have already been populated. - if (g_path_is_unc_func && g_path_append_func && - g_path_is_prefix_func && g_get_folder_func) { - return true; - } - - // Get the addresses of the functions we need and store them for future use. - // These handles are intentionally leaked to ensure that these modules do not - // get unloaded. - HMODULE shell32 = ::LoadLibrary(L"shell32.dll"); - HMODULE shlwapi = ::LoadLibrary(L"shlwapi.dll"); - - if (!shlwapi || !shell32) - return false; - - g_path_is_unc_func = reinterpret_cast<PathIsUNCFunction>( - ::GetProcAddress(shlwapi, "PathIsUNCW")); - g_path_append_func = reinterpret_cast<PathAppendFunction>( - ::GetProcAddress(shlwapi, "PathAppendW")); - g_path_is_prefix_func = reinterpret_cast<PathIsPrefixFunction>( - ::GetProcAddress(shlwapi, "PathIsPrefixW")); - g_path_find_filename_func = reinterpret_cast<PathFindFileName>( - ::GetProcAddress(shlwapi, "PathFindFileNameW")); - g_get_folder_func = reinterpret_cast<SHGetFolderPathFunction>( - ::GetProcAddress(shell32, "SHGetFolderPathW")); - - return g_path_is_unc_func && g_path_append_func && g_path_is_prefix_func && - g_path_find_filename_func && g_get_folder_func; -} - -} // namespace - -// Turn off optimization to make sure these calls don't get inlined. -#pragma optimize("", off) -// Wrapper method for kernel32!CreateFile, to avoid setting off caller -// mitigation detectors. -HANDLE CreateFileWImpl(LPCWSTR file_name, - DWORD desired_access, - DWORD share_mode, - LPSECURITY_ATTRIBUTES security_attributes, - DWORD creation_disposition, - DWORD flags_and_attributes, - HANDLE template_file) { - return CreateFile(file_name, - desired_access, - share_mode, - security_attributes, - creation_disposition, - flags_and_attributes, - template_file); - -} - -HANDLE WINAPI CreateFileWRedirect( - LPCWSTR file_name, - DWORD desired_access, - DWORD share_mode, - LPSECURITY_ATTRIBUTES security_attributes, - DWORD creation_disposition, - DWORD flags_and_attributes, - HANDLE template_file) { - if (ShouldBypass(file_name)) { - ++g_redirect_count; - return CreateFileNTDLL(file_name, - desired_access, - share_mode, - security_attributes, - creation_disposition, - flags_and_attributes, - template_file); - } - return CreateFileWImpl(file_name, - desired_access, - share_mode, - security_attributes, - creation_disposition, - flags_and_attributes, - template_file); -} -#pragma optimize("", on) - -int GetRedirectCount() { - return g_redirect_count; -} - -HANDLE CreateFileNTDLL( - LPCWSTR file_name, - DWORD desired_access, - DWORD share_mode, - LPSECURITY_ATTRIBUTES security_attributes, - DWORD creation_disposition, - DWORD flags_and_attributes, - HANDLE template_file) { - HANDLE file_handle = INVALID_HANDLE_VALUE; - NTSTATUS result = STATUS_UNSUCCESSFUL; - IO_STATUS_BLOCK io_status_block = {}; - ULONG flags = 0; - - // Convert from Win32 domain to to NT creation disposition values. - switch (creation_disposition) { - case CREATE_NEW: - creation_disposition = FILE_CREATE; - break; - case CREATE_ALWAYS: - creation_disposition = FILE_OVERWRITE_IF; - break; - case OPEN_EXISTING: - creation_disposition = FILE_OPEN; - break; - case OPEN_ALWAYS: - creation_disposition = FILE_OPEN_IF; - break; - case TRUNCATE_EXISTING: - creation_disposition = FILE_OVERWRITE; - break; - default: - SetLastError(ERROR_INVALID_PARAMETER); - return INVALID_HANDLE_VALUE; - } - - // Translate the flags that need no validation: - if (!(flags_and_attributes & FILE_FLAG_OVERLAPPED)) - flags |= FILE_SYNCHRONOUS_IO_NONALERT; - - if (flags_and_attributes & FILE_FLAG_WRITE_THROUGH) - flags |= FILE_WRITE_THROUGH; - - if (flags_and_attributes & FILE_FLAG_RANDOM_ACCESS) - flags |= FILE_RANDOM_ACCESS; - - if (flags_and_attributes & FILE_FLAG_SEQUENTIAL_SCAN) - flags |= FILE_SEQUENTIAL_ONLY; - - if (flags_and_attributes & FILE_FLAG_DELETE_ON_CLOSE) { - flags |= FILE_DELETE_ON_CLOSE; - desired_access |= DELETE; - } - - if (flags_and_attributes & FILE_FLAG_BACKUP_SEMANTICS) - flags |= FILE_OPEN_FOR_BACKUP_INTENT; - else - flags |= FILE_NON_DIRECTORY_FILE; - - - if (flags_and_attributes & FILE_FLAG_OPEN_REPARSE_POINT) - flags |= FILE_OPEN_REPARSE_POINT; - - if (flags_and_attributes & FILE_FLAG_OPEN_NO_RECALL) - flags |= FILE_OPEN_NO_RECALL; - - if (!g_ntdll_lookup["RtlInitUnicodeString"]) - return INVALID_HANDLE_VALUE; - - NtCreateFileFunction create_file; - char thunk_buffer[sizeof(sandbox::ThunkData)] = {}; - - if (g_nt_thunk_storage.data[0] != 0) { - create_file = reinterpret_cast<NtCreateFileFunction>(&g_nt_thunk_storage); - // Copy the thunk data to a buffer on the stack for debugging purposes. - memcpy(&thunk_buffer, &g_nt_thunk_storage, sizeof(sandbox::ThunkData)); - } else if (g_ntdll_lookup["NtCreateFile"]) { - create_file = - reinterpret_cast<NtCreateFileFunction>(g_ntdll_lookup["NtCreateFile"]); - } else { - return INVALID_HANDLE_VALUE; - } - - RtlInitUnicodeStringFunction init_unicode_string = - reinterpret_cast<RtlInitUnicodeStringFunction>( - g_ntdll_lookup["RtlInitUnicodeString"]); - - UNICODE_STRING path_unicode_string; - - // Format the path into an NT path. Arguably this should be done with - // RtlDosPathNameToNtPathName_U, but afaict this is equivalent for - // local paths. Using this with a UNC path name will almost certainly - // break in interesting ways. - base::string16 filename_string(L"\\??\\"); - filename_string += file_name; - - init_unicode_string(&path_unicode_string, filename_string.c_str()); - - OBJECT_ATTRIBUTES path_attributes = {}; - InitializeObjectAttributes(&path_attributes, - &path_unicode_string, - OBJ_CASE_INSENSITIVE, - NULL, // No Root Directory - NULL); // No Security Descriptor - - // Set desired_access, and flags_and_attributes to match those - // set by kernel32!CreateFile. - desired_access |= 0x100080; - flags_and_attributes &= 0x2FFA7; - - result = create_file(&file_handle, - desired_access, - &path_attributes, - &io_status_block, - 0, // Allocation size - flags_and_attributes, - share_mode, - creation_disposition, - flags, - NULL, - 0); - - if (result != STATUS_SUCCESS) { - if (result == STATUS_OBJECT_NAME_COLLISION && - creation_disposition == FILE_CREATE) { - SetLastError(ERROR_FILE_EXISTS); - } - return INVALID_HANDLE_VALUE; - } - - if (creation_disposition == FILE_OPEN_IF) { - SetLastError(io_status_block.Information == FILE_OPENED ? - ERROR_ALREADY_EXISTS : ERROR_SUCCESS); - } else if (creation_disposition == FILE_OVERWRITE_IF) { - SetLastError(io_status_block.Information == FILE_OVERWRITTEN ? - ERROR_ALREADY_EXISTS : ERROR_SUCCESS); - } else { - SetLastError(ERROR_SUCCESS); - } - - return file_handle; -} - -bool ShouldBypass(LPCWSTR file_path) { - // Do not redirect in non-browser processes. - if (IsNonBrowserProcess()) - return false; - - // If the shell functions are not present, forward the call to kernel32. - if (!PopulateShellFunctions()) - return false; - - // Forward all UNC filepaths to kernel32. - if (g_path_is_unc_func(file_path)) - return false; - - wchar_t local_appdata_path[MAX_PATH]; - - // Get the %LOCALAPPDATA% Path and append the location of our UserData - // directory to it. - HRESULT appdata_result = g_get_folder_func( - NULL, CSIDL_LOCAL_APPDATA, NULL, 0, local_appdata_path); - - wchar_t buffer[MAX_PATH] = {}; - if (!GetModuleFileNameW(NULL, buffer, MAX_PATH)) - return false; - - bool is_canary = IsCanary(buffer); - - // If getting the %LOCALAPPDATA% path or appending to it failed, then forward - // the call to kernel32. - if (!SUCCEEDED(appdata_result) || - !g_path_append_func(local_appdata_path, is_canary ? - kCanaryAppDataDirName : kAppDataDirName) || - !g_path_append_func(local_appdata_path, kUserDataDirName)) { - return false; - } - - LPCWSTR file_name = g_path_find_filename_func(file_path); - - bool in_userdata_dir = !!g_path_is_prefix_func(local_appdata_path, file_path); - bool is_settings_file = wcscmp(file_name, kPreferencesFilename) == 0 || - wcscmp(file_name, kLocalStateFilename) == 0; - - // Check if we are trying to access the Preferences in the UserData dir. If - // so, then redirect the call to bypass kernel32. - return in_userdata_dir && is_settings_file; -} diff --git a/chrome_elf/create_file/chrome_create_file.h b/chrome_elf/create_file/chrome_create_file.h deleted file mode 100644 index f9f15c3..0000000 --- a/chrome_elf/create_file/chrome_create_file.h +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_ELF_CREATE_FILE_CHROME_CREATE_FILE_H_ -#define CHROME_ELF_CREATE_FILE_CHROME_CREATE_FILE_H_ - -#include <windows.h> - -#include "chrome_elf/chrome_elf_types.h" - -// A CreateFileW replacement that will call NTCreateFile directly when the -// criteria defined in ShouldBypass() are satisfied for |lp_file_name|. -extern "C" HANDLE WINAPI CreateFileWRedirect( - LPCWSTR file_name, - DWORD desired_access, - DWORD share_mode, - LPSECURITY_ATTRIBUTES security_attributes, - DWORD creation_disposition, - DWORD flags_and_attributes, - HANDLE template_file); - -// Returns the count of CreateFile calls redirected so far. -extern "C" int GetRedirectCount(); - -// Partial reimplementation of kernel32!CreateFile (very partial: only handles -// reading and writing to files in the User Data directory). -HANDLE CreateFileNTDLL( - LPCWSTR file_name, - DWORD desired_access, - DWORD share_mode, - LPSECURITY_ATTRIBUTES security_attributes, - DWORD creation_disposition, - DWORD flags_and_attributes, - HANDLE template_file); - -// Determines whether or not we should use our version of CreateFile, or the -// system version (only uses ours if we're writing to the user data directory). -bool ShouldBypass(LPCWSTR file_name); - -#endif // CHROME_ELF_CREATE_FILE_CHROME_CREATE_FILE_H_ diff --git a/chrome_elf/create_file/chrome_create_file_unittest.cc b/chrome_elf/create_file/chrome_create_file_unittest.cc deleted file mode 100644 index 8b0331f..0000000 --- a/chrome_elf/create_file/chrome_create_file_unittest.cc +++ /dev/null @@ -1,409 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome_elf/create_file/chrome_create_file.h" - -#include <windows.h> - -#include <bitset> -#include <string> - -#include "base/base_paths_win.h" -#include "base/files/file_path.h" -#include "base/files/file_util.h" -#include "base/files/scoped_temp_dir.h" -#include "base/path_service.h" -#include "base/threading/platform_thread.h" -#include "base/win/iat_patch_function.h" -#include "base/win/scoped_handle.h" -#include "base/win/windows_version.h" -#include "chrome_elf/chrome_elf_constants.h" -#include "chrome_elf/ntdll_cache.h" -#include "sandbox/win/src/interception_internal.h" -#include "sandbox/win/src/nt_internals.h" -#include "testing/gtest/include/gtest/gtest.h" -#include "testing/platform_test.h" - - -namespace { - -// Test fixtures ------------------------------------------------------------- - -class ChromeCreateFileTest : public PlatformTest { - protected: - struct NtCreateFileParams { - ACCESS_MASK desired_access; - OBJECT_ATTRIBUTES object_attributes; - PLARGE_INTEGER allocation_size; - ULONG file_attributes; - ULONG share_access; - ULONG create_disposition; - ULONG create_options; - PVOID ea_buffer; - ULONG ea_length; - }; - - enum CallPath { - ELF, - KERNEL - }; - - template<CallPath path> - static NTSTATUS WINAPI FakeNtCreateFile( - PHANDLE file_handle, - ACCESS_MASK desired_access, - POBJECT_ATTRIBUTES object_attributes, - PIO_STATUS_BLOCK io_status_block, - PLARGE_INTEGER allocation_size, - ULONG file_attributes, - ULONG share_access, - ULONG create_disposition, - ULONG create_options, - PVOID ea_buffer, - ULONG ea_length) { - return self_->HandleCreateFileCall(file_handle, - desired_access, - object_attributes, - io_status_block, - allocation_size, - file_attributes, - share_access, - create_disposition, - create_options, - ea_buffer, - ea_length, - path); - } - - void SetUp() override { - original_thread_ = base::PlatformThread::CurrentId(); - InitCache(); - PlatformTest::SetUp(); - - base::FilePath user_data_dir; - PathService::Get(base::DIR_LOCAL_APP_DATA, &user_data_dir); - ASSERT_TRUE(temp_dir_.CreateUniqueTempDirUnderPath(user_data_dir)); - ASSERT_TRUE(temp_dir2_.CreateUniqueTempDir()); - self_ = this; - } - - void UnsetThunkStorage() { - DWORD old_protect = 0; - EXPECT_TRUE(::VirtualProtect(&g_nt_thunk_storage, - sizeof(g_nt_thunk_storage), - PAGE_EXECUTE_READWRITE, - &old_protect)); - memset(&g_nt_thunk_storage, 0, sizeof(g_nt_thunk_storage)); - - EXPECT_TRUE(::VirtualProtect(&g_nt_thunk_storage, - sizeof(g_nt_thunk_storage), - PAGE_EXECUTE_READ, - &old_protect)); - } - - void RedirectNtCreateFileCalls() { - UnsetThunkStorage(); - old_func_ptr_ = - reinterpret_cast<NtCreateFileFunction>(g_ntdll_lookup["NtCreateFile"]); - - // KernelBase.dll only exists for Win7 and later, prior to that, kernel32 - // imports from ntdll directly. - if (base::win::GetVersion() < base::win::VERSION_WIN7) { - patcher_.Patch(L"kernel32.dll", "ntdll.dll", "NtCreateFile", - reinterpret_cast<void(*)()>(&FakeNtCreateFile<KERNEL>)); - } else { - patcher_.Patch(L"kernelbase.dll", "ntdll.dll", "NtCreateFile", - reinterpret_cast<void(*)()>(&FakeNtCreateFile<KERNEL>)); - } - - g_ntdll_lookup["NtCreateFile"] = reinterpret_cast<void(*)()>( - &ChromeCreateFileTest::FakeNtCreateFile<ELF>); - } - - void ResetNtCreateFileCalls() { - g_ntdll_lookup["NtCreateFile"] = reinterpret_cast<void*>(old_func_ptr_); - patcher_.Unpatch(); - } - - NTSTATUS HandleCreateFileCall(PHANDLE file_handle, - ACCESS_MASK desired_access, - POBJECT_ATTRIBUTES object_attributes, - PIO_STATUS_BLOCK io_status_block, - PLARGE_INTEGER allocation_size, - ULONG file_attributes, - ULONG share_access, - ULONG create_disposition, - ULONG create_options, - PVOID ea_buffer, - ULONG ea_length, - CallPath call_path) { - if (original_thread_ == base::PlatformThread::CurrentId()) { - SetParams(desired_access, - object_attributes, - allocation_size, - file_attributes, - share_access, - create_disposition, - create_options, - ea_buffer, - ea_length, - call_path == ELF ? &elf_params_ : &kernel_params_); - } - - // Forward the call to the real NTCreateFile. - return old_func_ptr_(file_handle, - desired_access, - object_attributes, - io_status_block, - allocation_size, - file_attributes, - share_access, - create_disposition, - create_options, - ea_buffer, - ea_length); - } - - void SetParams(ACCESS_MASK desired_access, - POBJECT_ATTRIBUTES object_attributes, - PLARGE_INTEGER allocation_size, - ULONG file_attributes, - ULONG share_access, - ULONG create_disposition, - ULONG create_options, - PVOID ea_buffer, - ULONG ea_length, - NtCreateFileParams* params) { - params->desired_access = desired_access; - params->object_attributes.Length = object_attributes->Length; - params->object_attributes.ObjectName = object_attributes->ObjectName; - params->object_attributes.RootDirectory = object_attributes->RootDirectory; - params->object_attributes.Attributes = object_attributes->Attributes; - params->object_attributes.SecurityDescriptor = - object_attributes->SecurityDescriptor; - params->object_attributes.SecurityQualityOfService = - object_attributes->SecurityQualityOfService; - params->allocation_size = allocation_size; - params->file_attributes = file_attributes; - params->share_access = share_access; - params->create_disposition = create_disposition; - params->create_options = create_options; - params->ea_buffer = ea_buffer; - params->ea_length = ea_length; - } - - void CheckParams() { - std::bitset<32> elf((int) elf_params_.desired_access); - std::bitset<32> ker((int) kernel_params_.desired_access); - - EXPECT_EQ(kernel_params_.desired_access, elf_params_.desired_access) - << elf << "\n" << ker; - EXPECT_EQ(kernel_params_.object_attributes.Length, - elf_params_.object_attributes.Length); - EXPECT_EQ(kernel_params_.object_attributes.RootDirectory, - elf_params_.object_attributes.RootDirectory); - EXPECT_EQ(kernel_params_.object_attributes.Attributes, - elf_params_.object_attributes.Attributes); - EXPECT_EQ(kernel_params_.object_attributes.SecurityDescriptor, - elf_params_.object_attributes.SecurityDescriptor); - EXPECT_EQ(kernel_params_.allocation_size, elf_params_.allocation_size); - EXPECT_EQ(kernel_params_.file_attributes, elf_params_.file_attributes); - EXPECT_EQ(kernel_params_.share_access, elf_params_.share_access); - EXPECT_EQ(kernel_params_.create_disposition, - elf_params_.create_disposition); - EXPECT_EQ(kernel_params_.create_options, elf_params_.create_options); - EXPECT_EQ(kernel_params_.ea_buffer, elf_params_.ea_buffer); - EXPECT_EQ(kernel_params_.ea_length, elf_params_.ea_length); - } - - void DoWriteCheck(const base::FilePath& path, DWORD flag, bool is_system) { - base::win::ScopedHandle file_handle; - const char kTestData[] = "0123456789"; - int buffer_size = sizeof(kTestData) - 1; - DWORD bytes_written; - - if (is_system) { - file_handle.Set(::CreateFileW(path.value().c_str(), - GENERIC_WRITE, - FILE_SHARE_READ, - NULL, - CREATE_ALWAYS, - FILE_ATTRIBUTE_NORMAL | flag, - NULL)); - } else { - file_handle.Set(CreateFileNTDLL(path.value().c_str(), - GENERIC_WRITE, - FILE_SHARE_READ, - NULL, - CREATE_ALWAYS, - FILE_ATTRIBUTE_NORMAL | flag, - NULL)); - } - - - EXPECT_TRUE(file_handle.IsValid()); - ::WriteFile(file_handle.Get(), kTestData, buffer_size, &bytes_written, - NULL); - EXPECT_EQ(buffer_size, bytes_written); - } - - void DoReadCheck(const base::FilePath& path, DWORD flag, bool is_system) { - base::win::ScopedHandle file_handle; - const char kTestData[] = "0123456789"; - int buffer_size = sizeof(kTestData) - 1; - DWORD bytes_read; - char read_buffer[10]; - - if (is_system) { - file_handle.Set(::CreateFileW(path.value().c_str(), - GENERIC_READ, - 0, - NULL, - OPEN_ALWAYS, - FILE_ATTRIBUTE_NORMAL | flag, - NULL)); - } else { - file_handle.Set(CreateFileNTDLL(path.value().c_str(), - GENERIC_READ, - 0, - NULL, - OPEN_ALWAYS, - FILE_ATTRIBUTE_NORMAL | flag, - NULL)); - } - - EXPECT_TRUE(file_handle.IsValid()); - ::ReadFile(file_handle.Get(), read_buffer, buffer_size, &bytes_read, NULL); - EXPECT_EQ(buffer_size, bytes_read); - EXPECT_EQ(0, memcmp(kTestData, read_buffer, bytes_read)); - } - - void RunChecks(DWORD flag, bool check_reads) { - // Make sure we can write to this file handle when called via the system. - base::FilePath junk_path_1 = temp_dir_.path().Append(L"junk_1.txt"); - base::FilePath junk_path_2 = temp_dir_.path().Append(L"junk_2.txt"); - DoWriteCheck(junk_path_1, flag, true); - DoWriteCheck(junk_path_2, flag, false); - CheckParams(); - - if (check_reads) { - // Make sure we can read from this file handle when called via the system. - DoReadCheck(junk_path_1, flag, true); - DoReadCheck(junk_path_2, flag, false); - CheckParams(); - } - base::DeleteFile(junk_path_1, false); - base::DeleteFile(junk_path_2, false); - - } - - static ChromeCreateFileTest* self_; - - NtCreateFileFunction old_func_ptr_; - base::ScopedTempDir temp_dir_; - base::ScopedTempDir temp_dir2_; - base::win::IATPatchFunction patcher_; - NtCreateFileParams kernel_params_; - NtCreateFileParams elf_params_; - base::PlatformThreadId original_thread_; -}; - -ChromeCreateFileTest* ChromeCreateFileTest::self_ = NULL; - -// Tests --------------------------------------------------------------------- -TEST_F(ChromeCreateFileTest, CheckParams_FILE_ATTRIBUTE_NORMAL) { - RedirectNtCreateFileCalls(); - RunChecks(FILE_ATTRIBUTE_NORMAL, true); - ResetNtCreateFileCalls(); -} - -TEST_F(ChromeCreateFileTest, CheckParams_FILE_FLAG_WRITE_THROUGH) { - RedirectNtCreateFileCalls(); - RunChecks(FILE_FLAG_WRITE_THROUGH, true); - ResetNtCreateFileCalls(); -} - -TEST_F(ChromeCreateFileTest, CheckParams_FILE_FLAG_RANDOM_ACCESS) { - RedirectNtCreateFileCalls(); - RunChecks(FILE_FLAG_RANDOM_ACCESS, true); - ResetNtCreateFileCalls(); -} - -TEST_F(ChromeCreateFileTest, CheckParams_FILE_FLAG_SEQUENTIAL_SCAN) { - RedirectNtCreateFileCalls(); - RunChecks(FILE_FLAG_SEQUENTIAL_SCAN, true); - ResetNtCreateFileCalls(); -} - -TEST_F(ChromeCreateFileTest, CheckParams_FILE_FLAG_DELETE_ON_CLOSE) { - RedirectNtCreateFileCalls(); - RunChecks(FILE_FLAG_DELETE_ON_CLOSE, false); - ResetNtCreateFileCalls(); -} - -TEST_F(ChromeCreateFileTest, CheckParams_FILE_FLAG_BACKUP_SEMANTICS) { - RedirectNtCreateFileCalls(); - RunChecks(FILE_FLAG_BACKUP_SEMANTICS, true); - ResetNtCreateFileCalls(); -} - -TEST_F(ChromeCreateFileTest, CheckParams_FILE_FLAG_OPEN_REPARSE_POINT) { - RedirectNtCreateFileCalls(); - RunChecks(FILE_FLAG_OPEN_REPARSE_POINT, true); - ResetNtCreateFileCalls(); -} - -TEST_F(ChromeCreateFileTest, CheckParams_FILE_FLAG_OPEN_NO_RECALL) { - RedirectNtCreateFileCalls(); - RunChecks(FILE_FLAG_OPEN_NO_RECALL, true); - ResetNtCreateFileCalls(); -} - -TEST_F(ChromeCreateFileTest, BypassTest) { - std::wstring UNC_filepath_file(L"\\\\.\\some_file.txt"); - - base::FilePath local_path; - PathService::Get(base::DIR_LOCAL_APP_DATA, &local_path); - - base::FilePath local_prefs_path = local_path.Append(kAppDataDirName).Append( - kUserDataDirName).Append(L"default\\Preferences"); - base::FilePath local_state_path = local_path.Append(kAppDataDirName).Append( - kUserDataDirName).Append(L"ninja\\Local State"); - base::FilePath local_junk_path = local_path.Append(kAppDataDirName).Append( - kUserDataDirName).Append(L"default\\Junk"); - - base::FilePath desktop_path; - PathService::Get(base::DIR_USER_DESKTOP, &desktop_path); - base::FilePath desktop_junk_path = - desktop_path.Append(L"Downloads\\junk.txt"); - base::FilePath desktop_prefs_path = - desktop_path.Append(L"Downloads\\Preferences"); - - // Don't redirect UNC files. - EXPECT_FALSE(ShouldBypass(UNC_filepath_file.c_str())); - - // Don't redirect if file is not in UserData directory. - EXPECT_FALSE(ShouldBypass(desktop_junk_path.value().c_str())); - EXPECT_FALSE(ShouldBypass(desktop_prefs_path.value().c_str())); - - // Only redirect "Preferences" and "Local State" files. - EXPECT_TRUE(ShouldBypass(local_prefs_path.value().c_str())); - EXPECT_TRUE(ShouldBypass(local_state_path.value().c_str())); - EXPECT_FALSE(ShouldBypass(local_junk_path.value().c_str())); -} - -TEST_F(ChromeCreateFileTest, ReadWriteFromNtDll) { - UnsetThunkStorage(); - base::FilePath file_name = temp_dir_.path().Append(L"some_file.txt"); - DoWriteCheck(file_name, FILE_ATTRIBUTE_NORMAL, false); - DoReadCheck(file_name, FILE_ATTRIBUTE_NORMAL, false); -} - -TEST_F(ChromeCreateFileTest, ReadWriteFromThunk) { - base::FilePath file_name = temp_dir_.path().Append(L"some_file.txt"); - DoWriteCheck(file_name, FILE_ATTRIBUTE_NORMAL, false); - DoReadCheck(file_name, FILE_ATTRIBUTE_NORMAL, false); -} - -} // namespace diff --git a/chrome_elf/ntdll_cache.cc b/chrome_elf/ntdll_cache.cc deleted file mode 100644 index a0429a4..0000000 --- a/chrome_elf/ntdll_cache.cc +++ /dev/null @@ -1,89 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome_elf/ntdll_cache.h" - -#include <stdint.h> -#include <windows.h> - -#include "base/basictypes.h" -#include "base/memory/scoped_ptr.h" -#include "base/win/pe_image.h" -#include "chrome_elf/thunk_getter.h" -#include "sandbox/win/src/interception_internal.h" -#include "sandbox/win/src/internal_types.h" -#include "sandbox/win/src/service_resolver.h" - -FunctionLookupTable g_ntdll_lookup; - -// Allocate storage for thunks in a page of this module to save on doing -// an extra allocation at run time. -#pragma section(".crthunk",read,execute) -__declspec(allocate(".crthunk")) sandbox::ThunkData g_nt_thunk_storage; - - - -namespace { - -bool EnumExportsCallback(const base::win::PEImage& image, - DWORD ordinal, - DWORD hint, - LPCSTR name, - PVOID function_addr, - LPCSTR forward, - PVOID cookie) { - // Our lookup only cares about named functions that are in ntdll, so skip - // unnamed or forwarded exports. - if (name && function_addr) - g_ntdll_lookup[std::string(name)] = function_addr; - - return true; -} - -} // namespace - -void InitCache() { - HMODULE ntdll_handle = ::GetModuleHandle(L"ntdll.dll"); - - base::win::PEImage ntdll_image(ntdll_handle); - - ntdll_image.EnumExports(EnumExportsCallback, NULL); - - // If ntdll has already been patched, don't copy it. - const bool kRelaxed = false; - - // Create a thunk via the appropriate ServiceResolver instance. - scoped_ptr<sandbox::ServiceResolverThunk> thunk(GetThunk(kRelaxed)); - - if (thunk.get()) { - BYTE* thunk_storage = reinterpret_cast<BYTE*>(&g_nt_thunk_storage); - - // Mark the thunk storage as readable and writeable, since we - // are ready to write to it. - DWORD old_protect = 0; - if (!::VirtualProtect(&g_nt_thunk_storage, - sizeof(g_nt_thunk_storage), - PAGE_EXECUTE_READWRITE, - &old_protect)) { - return; - } - - size_t storage_used = 0; - NTSTATUS ret = thunk->CopyThunk(::GetModuleHandle(sandbox::kNtdllName), - "NtCreateFile", - thunk_storage, - sizeof(sandbox::ThunkData), - &storage_used); - - if (!NT_SUCCESS(ret)) { - memset(&g_nt_thunk_storage, 0, sizeof(g_nt_thunk_storage)); - } - - // Ensure that the pointer to the old function can't be changed. - ::VirtualProtect(&g_nt_thunk_storage, - sizeof(g_nt_thunk_storage), - PAGE_EXECUTE_READ, - &old_protect); - } -} diff --git a/chrome_elf/ntdll_cache.h b/chrome_elf/ntdll_cache.h deleted file mode 100644 index 5e4fb2b..0000000 --- a/chrome_elf/ntdll_cache.h +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_ELF_NTDLL_CACHE_H_ -#define CHROME_ELF_NTDLL_CACHE_H_ - -#include "chrome_elf/chrome_elf_types.h" - -namespace sandbox { -struct ThunkData; -} - -// Caches the addresses of all functions exported by ntdll in |g_ntdll_lookup|. -void InitCache(); - -extern FunctionLookupTable g_ntdll_lookup; - -extern sandbox::ThunkData g_nt_thunk_storage; - -#endif // CHROME_ELF_NTDLL_CACHE_H_ diff --git a/chrome_elf/ntdll_cache_unittest.cc b/chrome_elf/ntdll_cache_unittest.cc deleted file mode 100644 index d3f3555a..0000000 --- a/chrome_elf/ntdll_cache_unittest.cc +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <windows.h> - -#include "base/basictypes.h" -#include "base/compiler_specific.h" -#include "chrome_elf/ntdll_cache.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace { - -class NTDLLCacheTest : public testing::Test { - protected: - void SetUp() override { - InitCache(); - } - -}; - -TEST_F(NTDLLCacheTest, NtDLLCacheSanityCheck) { - HMODULE ntdll_handle = ::GetModuleHandle(L"ntdll.dll"); - // Grab a couple random entries from the cache and make sure they match the - // addresses exported by ntdll. - EXPECT_EQ(::GetProcAddress(ntdll_handle, "A_SHAFinal"), - g_ntdll_lookup["A_SHAFinal"]); - EXPECT_EQ(::GetProcAddress(ntdll_handle, "ZwTraceControl"), - g_ntdll_lookup["ZwTraceControl"]); -} - -} // namespace |