summaryrefslogtreecommitdiffstats
path: root/sandbox
diff options
context:
space:
mode:
authorcpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-16 03:36:07 +0000
committercpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-16 03:36:07 +0000
commitc5bc458d56735c5b0d618d053490a8a3a61d303a (patch)
tree1609412cdf30742253672b2ab255afa76441c007 /sandbox
parent55b4759c126c40c0d3bc11a8a067403beb0cc3c8 (diff)
downloadchromium_src-c5bc458d56735c5b0d618d053490a8a3a61d303a.zip
chromium_src-c5bc458d56735c5b0d618d053490a8a3a61d303a.tar.gz
chromium_src-c5bc458d56735c5b0d618d053490a8a3a61d303a.tar.bz2
Third change to port sandbox to 64 bits
- Enable registry, file and event policy - Now sbox_integration_tests.exe runs and all tests pass BUG=27218 TEST=included Review URL: http://codereview.chromium.org/992003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41673 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r--sandbox/sandbox.gyp16
-rw-r--r--sandbox/src/interceptors_64.cc10
-rw-r--r--sandbox/src/named_pipe_policy_test.cc8
-rw-r--r--sandbox/src/sandbox_policy_base.cc22
-rw-r--r--sandbox/src/unload_dll_test.cc7
5 files changed, 28 insertions, 35 deletions
diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp
index 76199bd..3470b16 100644
--- a/sandbox/sandbox.gyp
+++ b/sandbox/sandbox.gyp
@@ -27,6 +27,10 @@
'src/dep.h',
'src/eat_resolver.cc',
'src/eat_resolver.h',
+ 'src/filesystem_dispatcher.cc',
+ 'src/filesystem_dispatcher.h',
+ 'src/filesystem_interception.cc',
+ 'src/filesystem_interception.h',
'src/filesystem_policy.cc',
'src/filesystem_policy.h',
'src/interception.cc',
@@ -64,6 +68,10 @@
'src/process_thread_interception.h',
'src/process_thread_policy.cc',
'src/process_thread_policy.h',
+ 'src/registry_dispatcher.cc',
+ 'src/registry_dispatcher.h',
+ 'src/registry_interception.cc',
+ 'src/registry_interception.h',
'src/registry_policy.cc',
'src/registry_policy.h',
'src/resolver.cc',
@@ -214,14 +222,6 @@
'msvs_guid': '881F6A97-D539-4C48-B401-DF04385B2343',
'sources': [
# Files that are used by the 32-bit version of Windows sandbox only.
- 'src/filesystem_dispatcher.cc',
- 'src/filesystem_dispatcher.h',
- 'src/filesystem_interception.cc',
- 'src/filesystem_interception.h',
- 'src/registry_interception.cc',
- 'src/registry_dispatcher.cc',
- 'src/registry_dispatcher.h',
- 'src/registry_interception.h',
'src/resolver_32.cc',
'src/service_resolver_32.cc',
'src/sidestep_resolver.cc',
diff --git a/sandbox/src/interceptors_64.cc b/sandbox/src/interceptors_64.cc
index 49018a0..29d59143 100644
--- a/sandbox/src/interceptors_64.cc
+++ b/sandbox/src/interceptors_64.cc
@@ -70,9 +70,6 @@ NTSTATUS WINAPI TargetNtOpenThreadTokenEx64(
// -----------------------------------------------------------------------
-#if 0
-// Bug 27218: We don't have IPC yet.
-
SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateFile64(
PHANDLE file, ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status,
@@ -124,8 +121,6 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationFile64(
length, file_information_class);
}
-#endif
-
// -----------------------------------------------------------------------
SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64(
@@ -206,8 +201,7 @@ SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64(
}
// -----------------------------------------------------------------------
-#if 0
-// Bug 27218: We don't have IPC yet.
+
SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64(
PHANDLE key, ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes, ULONG title_index,
@@ -236,8 +230,6 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64(
open_options);
}
-#endif
-
// -----------------------------------------------------------------------
SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64(
diff --git a/sandbox/src/named_pipe_policy_test.cc b/sandbox/src/named_pipe_policy_test.cc
index 4378477..11ddbc3 100644
--- a/sandbox/src/named_pipe_policy_test.cc
+++ b/sandbox/src/named_pipe_policy_test.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -29,8 +29,6 @@ SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {
OVERLAPPED overlapped = {0};
overlapped.hEvent = ::CreateEvent(NULL, TRUE, TRUE, NULL);
BOOL result = ::ConnectNamedPipe(pipe, &overlapped);
- ::CloseHandle(pipe);
- ::CloseHandle(overlapped.hEvent);
if (!result) {
DWORD error = ::GetLastError();
@@ -40,6 +38,10 @@ SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {
}
}
+ if (!::CloseHandle(pipe))
+ return SBOX_TEST_FAILED;
+
+ ::CloseHandle(overlapped.hEvent);
return SBOX_TEST_SUCCEEDED;
}
diff --git a/sandbox/src/sandbox_policy_base.cc b/sandbox/src/sandbox_policy_base.cc
index 4dbfc2d..ec9ffac 100644
--- a/sandbox/src/sandbox_policy_base.cc
+++ b/sandbox/src/sandbox_policy_base.cc
@@ -71,14 +71,7 @@ PolicyBase::PolicyBase()
// Initialize the IPC dispatcher array.
memset(&ipc_targets_, NULL, sizeof(ipc_targets_));
Dispatcher* dispatcher = NULL;
- dispatcher = new ThreadProcessDispatcher(this);
- ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher;
- ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher;
- ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher;
- ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher;
- ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher;
-#if !defined(_WIN64)
- // Bug 27218: We don't have dispatch for some x64 syscalls.
+
dispatcher = new FilesystemDispatcher(this);
ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher;
ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher;
@@ -89,6 +82,13 @@ PolicyBase::PolicyBase()
dispatcher = new NamedPipeDispatcher(this);
ipc_targets_[IPC_CREATENAMEDPIPEW_TAG] = dispatcher;
+ dispatcher = new ThreadProcessDispatcher(this);
+ ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher;
+ ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher;
+ ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher;
+ ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher;
+ ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher;
+
dispatcher = new SyncDispatcher(this);
ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher;
ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher;
@@ -96,7 +96,6 @@ PolicyBase::PolicyBase()
dispatcher = new RegistryDispatcher(this);
ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher;
ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher;
-#endif
}
PolicyBase::~PolicyBase() {
@@ -105,16 +104,13 @@ PolicyBase::~PolicyBase() {
TargetProcess* target = (*it);
delete target;
}
- delete ipc_targets_[IPC_NTOPENTHREAD_TAG];
-#if !defined(_WIN64)
- // Bug 27218: We don't have dispatch for some x64 syscalls.
delete ipc_targets_[IPC_NTCREATEFILE_TAG];
delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG];
+ delete ipc_targets_[IPC_NTOPENTHREAD_TAG];
delete ipc_targets_[IPC_CREATEEVENT_TAG];
delete ipc_targets_[IPC_NTCREATEKEY_TAG];
delete policy_maker_;
delete policy_;
-#endif
::DeleteCriticalSection(&lock_);
}
diff --git a/sandbox/src/unload_dll_test.cc b/sandbox/src/unload_dll_test.cc
index d79534c..b26dfe7 100644
--- a/sandbox/src/unload_dll_test.cc
+++ b/sandbox/src/unload_dll_test.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -26,7 +26,7 @@ SBOX_TESTS_COMMAND int UseOneDLL(int argc, wchar_t **argv) {
if ((option == L'U') || (option == L'B')) {
HMODULE module2 = ::GetModuleHandleW(argv[1]);
- rv = FreeLibrary(module2) ? SBOX_TEST_SUCCEEDED : SBOX_TEST_FAILED;
+ rv = ::FreeLibrary(module2) ? SBOX_TEST_SUCCEEDED : SBOX_TEST_FAILED;
}
return rv;
}
@@ -48,6 +48,9 @@ TEST(UnloadDllTest, BaselineAvicapDll) {
// more than one item in its internal table.
EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC,
TargetPolicy::EVENTS_ALLOW_ANY, L"t0001"));
+
+ // Note for the puzzled: avicap32.dll is a 64-bit dll in 64-bit versions of
+ // windows so this test and the others just work.
EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"UseOneDLL L avicap32.dll"));
EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"UseOneDLL B avicap32.dll"));
}