Close all open ALPC client ports at lockdown.

Close out the CSRSS and LSASS ALPC client ports that are opened during initialization.

BUG=58069
TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.RunThreadPool
Review URL: http://codereview.chromium.org/7490002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93827 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 17 insertions, 0 deletions

diff --git a/sandbox/src/handle_closer.cc b/sandbox/src/handle_closer.cc
index 4a08d2f..3ac802e 100644
--- a/sandbox/src/handle_closer.cc
+++ b/sandbox/src/handle_closer.cc
@@ -6,7 +6,11 @@
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/win/windows_version.h"
+#include "sandbox/src/interceptors.h"
+#include "sandbox/src/internal_types.h"
 #include "sandbox/src/nt_internals.h"
+#include "sandbox/src/process_thread_interception.h"
 #include "sandbox/src/win_utils.h"
 
 namespace {
@@ -149,6 +153,19 @@ bool HandleCloser::SetupHandleList(void* buffer, size_t buffer_bytes) {
   return output <= end;
 }
 
+bool HandleCloser::SetupHandleInterceptions(InterceptionManager* manager) {
+  // We need to intercept CreateThread if we're closing ALPC port clients.
+  HandleMap::iterator names = handles_to_close_.find(L"ALPC Port");
+  if (base::win::GetVersion() >= base::win::VERSION_VISTA &&
+      names != handles_to_close_.end() &&
+      (names->second.empty() || names->second.size() == 0)) {
+    return INTERCEPT_EAT(manager, kKerneldllName, CreateThread,
+                         CREATE_THREAD_ID, 28);
+  }
+
+  return true;
+}
+
 bool GetHandleName(HANDLE handle, string16* handle_name) {
   static NtQueryObject QueryObject = NULL;
   if (!QueryObject)