diff options
| author | gregoryd@google.com <gregoryd@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-17 10:18:53 +0000 |
|---|---|---|
| committer | gregoryd@google.com <gregoryd@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-17 10:18:53 +0000 |
| commit | 7fd9f2a37792d9105e26a5e233cf8f911efd51f9 (patch) | |
| tree | ead731f6ae10131e780e8ac76504fe5cb62c271c /sandbox | |
| parent | 382abc2bc90652b921c092e3342e8920f0603b17 (diff) | |
| download | chromium_src-7fd9f2a37792d9105e26a5e233cf8f911efd51f9.zip chromium_src-7fd9f2a37792d9105e26a5e233cf8f911efd51f9.tar.gz chromium_src-7fd9f2a37792d9105e26a5e233cf8f911efd51f9.tar.bz2 | |
Prepare the sandbox for integration with NaCl broker for 64-bit Windows. The broker currently launches with --no-sandbox, so the 64-bit version of the sandbox library is there only to allow successful build.
BUG=27218
TEST=none
Review URL: http://codereview.chromium.org/543058
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36469 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/sandbox.gyp | 210 | ||||
| -rw-r--r-- | sandbox/src/sandbox.cc | 3 | ||||
| -rw-r--r-- | sandbox/src/sandbox_policy_base.cc | 3 | ||||
| -rw-r--r-- | sandbox/src/target_process.cc | 5 |
4 files changed, 137 insertions, 84 deletions
diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp index e457661..1574e5d 100644 --- a/sandbox/sandbox.gyp +++ b/sandbox/sandbox.gyp @@ -3,6 +3,101 @@ # found in the LICENSE file. { + 'target_defaults': { + 'variables': { + 'sandbox_windows_target': 0, + }, + 'target_conditions': [ + ['sandbox_windows_target==1', { + # Files that are shared between the 32-bit and the 64-bit versions + # of the Windows sandbox library. + 'sources': [ + 'src/acl.cc', + 'src/acl.h', + 'src/broker_services.cc', + 'src/broker_services.h', + 'src/crosscall_client.h', + 'src/crosscall_params.h', + 'src/crosscall_server.cc', + 'src/crosscall_server.h', + 'src/dep.cc', + 'src/dep.h', + 'src/eat_resolver.cc', + 'src/eat_resolver.h', + 'src/filesystem_dispatcher.cc', + 'src/filesystem_dispatcher.h', + 'src/filesystem_policy.cc', + 'src/filesystem_policy.h', + 'src/internal_types.h', + 'src/ipc_tags.h', + 'src/job.cc', + 'src/job.h', + 'src/named_pipe_dispatcher.cc', + 'src/named_pipe_dispatcher.h', + 'src/named_pipe_policy.cc', + 'src/named_pipe_policy.h', + 'src/nt_internals.h', + 'src/policy_broker.cc', + 'src/policy_broker.h', + 'src/policy_engine_opcodes.cc', + 'src/policy_engine_opcodes.h', + 'src/policy_engine_params.h', + 'src/policy_engine_processor.cc', + 'src/policy_engine_processor.h', + 'src/policy_low_level.cc', + 'src/policy_low_level.h', + 'src/policy_params.h', + 'src/policy_target.cc', + 'src/policy_target.h', + 'src/process_thread_dispatcher.cc', + 'src/process_thread_dispatcher.h', + 'src/process_thread_policy.cc', + 'src/process_thread_policy.h', + 'src/registry_dispatcher.cc', + 'src/registry_dispatcher.h', + 'src/registry_policy.cc', + 'src/registry_policy.h', + 'src/resolver.cc', + 'src/resolver.h', + 'src/restricted_token_utils.cc', + 'src/restricted_token_utils.h', + 'src/restricted_token.cc', + 'src/restricted_token.h', + 'src/sandbox_factory.h', + 'src/sandbox_nt_types.h', + 'src/sandbox_nt_util.cc', + 'src/sandbox_nt_util.h', + 'src/sandbox_policy_base.cc', + 'src/sandbox_policy_base.h', + 'src/sandbox_policy.h', + 'src/sandbox_types.h', + 'src/sandbox_utils.cc', + 'src/sandbox_utils.h', + 'src/sandbox.cc', + 'src/sandbox.h', + 'src/security_level.h', + 'src/shared_handles.cc', + 'src/shared_handles.h', + 'src/sid.cc', + 'src/sid.h', + 'src/sync_dispatcher.cc', + 'src/sync_dispatcher.h', + 'src/sync_policy.cc', + 'src/sync_policy.h', + 'src/target_process.cc', + 'src/target_process.h', + 'src/target_services.cc', + 'src/target_services.h', + 'src/win_utils.cc', + 'src/win_utils.h', + 'src/win2k_threadpool.cc', + 'src/win2k_threadpool.h', + 'src/window.cc', + 'src/window.h', + ], + }], + ], + }, 'conditions': [ [ 'OS=="linux" and selinux==0', { 'targets': [ @@ -88,99 +183,35 @@ { 'target_name': 'sandbox', 'type': '<(library)', + 'variables': { + 'sandbox_windows_target': 1, + }, 'dependencies': [ '../testing/gtest.gyp:gtest', '../base/base.gyp:base', ], 'msvs_guid': '881F6A97-D539-4C48-B401-DF04385B2343', 'sources': [ - 'src/acl.cc', - 'src/acl.h', - 'src/broker_services.cc', - 'src/broker_services.h', - 'src/crosscall_client.h', - 'src/crosscall_params.h', - 'src/crosscall_server.cc', - 'src/crosscall_server.h', - 'src/dep.cc', - 'src/dep.h', - 'src/eat_resolver.cc', - 'src/eat_resolver.h', - 'src/filesystem_dispatcher.cc', - 'src/filesystem_dispatcher.h', + # Files that are used by the 32-bit version of Windows sandbox only. 'src/filesystem_interception.cc', 'src/filesystem_interception.h', - 'src/filesystem_policy.cc', - 'src/filesystem_policy.h', 'src/interception_agent.cc', 'src/interception_agent.h', 'src/interception_internal.h', 'src/interception.cc', 'src/interception.h', - 'src/internal_types.h', - 'src/ipc_tags.h', - 'src/job.cc', - 'src/job.h', - 'src/named_pipe_dispatcher.cc', - 'src/named_pipe_dispatcher.h', 'src/named_pipe_interception.cc', 'src/named_pipe_interception.h', - 'src/named_pipe_policy.cc', - 'src/named_pipe_policy.h', - 'src/nt_internals.h', - 'src/policy_broker.cc', - 'src/policy_broker.h', - 'src/policy_engine_opcodes.cc', - 'src/policy_engine_opcodes.h', - 'src/policy_engine_params.h', - 'src/policy_engine_processor.cc', - 'src/policy_engine_processor.h', - 'src/policy_low_level.cc', - 'src/policy_low_level.h', - 'src/policy_params.h', - 'src/policy_target.cc', - 'src/policy_target.h', - 'src/process_thread_dispatcher.cc', - 'src/process_thread_dispatcher.h', 'src/process_thread_interception.cc', 'src/process_thread_interception.h', - 'src/process_thread_policy.cc', - 'src/process_thread_policy.h', - 'src/registry_dispatcher.cc', - 'src/registry_dispatcher.h', 'src/registry_interception.cc', 'src/registry_interception.h', - 'src/registry_policy.cc', - 'src/registry_policy.h', - 'src/resolver.cc', - 'src/resolver.h', - 'src/restricted_token_utils.cc', - 'src/restricted_token_utils.h', - 'src/restricted_token.cc', - 'src/restricted_token.h', - 'src/sandbox_factory.h', - 'src/sandbox_nt_types.h', - 'src/sandbox_nt_util.cc', - 'src/sandbox_nt_util.h', - 'src/sandbox_policy_base.cc', - 'src/sandbox_policy_base.h', - 'src/sandbox_policy.h', - 'src/sandbox_types.h', - 'src/sandbox_utils.cc', - 'src/sandbox_utils.h', - 'src/sandbox.cc', - 'src/sandbox.h', - 'src/security_level.h', 'src/service_resolver.cc', 'src/service_resolver.h', - 'src/shared_handles.cc', - 'src/shared_handles.h', 'src/sharedmem_ipc_client.cc', 'src/sharedmem_ipc_client.h', 'src/sharedmem_ipc_server.cc', 'src/sharedmem_ipc_server.h', - 'src/sid.cc', - 'src/sid.h', 'src/sidestep_resolver.cc', 'src/sidestep_resolver.h', 'src/sidestep\ia32_modrm_map.cpp', @@ -190,24 +221,10 @@ 'src/sidestep\mini_disassembler.h', 'src/sidestep\preamble_patcher_with_stub.cpp', 'src/sidestep\preamble_patcher.h', - 'src/sync_dispatcher.cc', - 'src/sync_dispatcher.h', 'src/sync_interception.cc', 'src/sync_interception.h', - 'src/sync_policy.cc', - 'src/sync_policy.h', 'src/target_interceptions.cc', 'src/target_interceptions.h', - 'src/target_process.cc', - 'src/target_process.h', - 'src/target_services.cc', - 'src/target_services.h', - 'src/win_utils.cc', - 'src/win_utils.h', - 'src/win2k_threadpool.cc', - 'src/win2k_threadpool.h', - 'src/window.cc', - 'src/window.h', 'src/Wow64.cc', 'src/Wow64.h', ], @@ -231,6 +248,35 @@ }, }, { + 'target_name': 'sandbox_win64', + 'type': '<(library)', + 'variables': { + 'sandbox_windows_target': 1, + }, + 'dependencies': [ + '../testing/gtest.gyp:gtest', + '../base/base.gyp:base_nacl_win64', + ], + 'configurations': { + 'Common_Base': { + 'msvs_target_platform': 'x64', + }, + }, + 'msvs_guid': 'BE3468E6-B314-4310-B449-6FC0C52EE155', + 'include_dirs': [ + '..', + ], + 'direct_dependent_settings': { + 'include_dirs': [ + 'src', + '..', + ], + }, + 'defines': [ + '<@(nacl_win64_defines)', + ] + }, + { 'target_name': 'sbox_integration_tests', 'type': 'executable', 'dependencies': [ diff --git a/sandbox/src/sandbox.cc b/sandbox/src/sandbox.cc index f0b42bf..d8dceee 100644 --- a/sandbox/src/sandbox.cc +++ b/sandbox/src/sandbox.cc @@ -9,7 +9,8 @@ #include "sandbox/src/broker_services.h" #include "sandbox/src/target_services.h" -#ifdef _WIN64 +#if defined(_WIN64) && !defined(NACL_WIN64) +// We allow building this code for Win64 as part of NaCl to enable development #error Sandbox code was not tested on 64-bit Windows. See \ http://code.google.com/p/chromium/issues/detail?id=27218 for details \ and progress log. diff --git a/sandbox/src/sandbox_policy_base.cc b/sandbox/src/sandbox_policy_base.cc index ca41591a5..c294db9 100644 --- a/sandbox/src/sandbox_policy_base.cc +++ b/sandbox/src/sandbox_policy_base.cc @@ -389,6 +389,8 @@ bool PolicyBase::Ping(IPCInfo* ipc, void* arg1) { uint32 tag = ipc->ipc_tag; switch (tag) { +#ifndef _WIN64 // TODO(gregoryd): To build this code for 64-bits Windows we + // need to make sure IPC is fully ported to Win64. case IPC_PING1_TAG: { uint32 cookie = bit_cast<uint32>(arg1); COMPILE_ASSERT(sizeof(cookie) == sizeof(arg1), breaks_with_64_bit); @@ -398,6 +400,7 @@ bool PolicyBase::Ping(IPCInfo* ipc, void* arg1) { ipc->return_info.extended[1].unsigned_int = 2 * cookie; return true; } +#endif case IPC_PING2_TAG: { CountedBuffer* io_buffer = reinterpret_cast<CountedBuffer*>(arg1); if (sizeof(uint32) != io_buffer->Size()) diff --git a/sandbox/src/target_process.cc b/sandbox/src/target_process.cc index fd65fea..1ba1885 100644 --- a/sandbox/src/target_process.cc +++ b/sandbox/src/target_process.cc @@ -184,13 +184,16 @@ DWORD TargetProcess::Create(const wchar_t* exe_path, sandbox_thread_ = process_info.hThread; sandbox_process_id_ = process_info.dwProcessId; +#ifndef _WIN64 // TODO(gregoryd): This code does not build for Win64. + // It is safe to disable it since base_address_ is used for + // interception that is not supported on Win64 yet. #pragma warning(push) #pragma warning(disable: 4312) // This cast generates a warning because it is 32 bit specific. void* entry_point = reinterpret_cast<void*>(context.Eax); #pragma warning(pop) base_address_ = GetBaseAddress(exe_path, entry_point); - +#endif // _WIN64 *target_info = process_info; return win_result; } |