diff options
author | cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-16 03:36:07 +0000 |
---|---|---|
committer | cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-16 03:36:07 +0000 |
commit | c5bc458d56735c5b0d618d053490a8a3a61d303a (patch) | |
tree | 1609412cdf30742253672b2ab255afa76441c007 /sandbox | |
parent | 55b4759c126c40c0d3bc11a8a067403beb0cc3c8 (diff) | |
download | chromium_src-c5bc458d56735c5b0d618d053490a8a3a61d303a.zip chromium_src-c5bc458d56735c5b0d618d053490a8a3a61d303a.tar.gz chromium_src-c5bc458d56735c5b0d618d053490a8a3a61d303a.tar.bz2 |
Third change to port sandbox to 64 bits
- Enable registry, file and event policy
- Now sbox_integration_tests.exe runs and all tests pass
BUG=27218
TEST=included
Review URL: http://codereview.chromium.org/992003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41673 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r-- | sandbox/sandbox.gyp | 16 | ||||
-rw-r--r-- | sandbox/src/interceptors_64.cc | 10 | ||||
-rw-r--r-- | sandbox/src/named_pipe_policy_test.cc | 8 | ||||
-rw-r--r-- | sandbox/src/sandbox_policy_base.cc | 22 | ||||
-rw-r--r-- | sandbox/src/unload_dll_test.cc | 7 |
5 files changed, 28 insertions, 35 deletions
diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp index 76199bd..3470b16 100644 --- a/sandbox/sandbox.gyp +++ b/sandbox/sandbox.gyp @@ -27,6 +27,10 @@ 'src/dep.h', 'src/eat_resolver.cc', 'src/eat_resolver.h', + 'src/filesystem_dispatcher.cc', + 'src/filesystem_dispatcher.h', + 'src/filesystem_interception.cc', + 'src/filesystem_interception.h', 'src/filesystem_policy.cc', 'src/filesystem_policy.h', 'src/interception.cc', @@ -64,6 +68,10 @@ 'src/process_thread_interception.h', 'src/process_thread_policy.cc', 'src/process_thread_policy.h', + 'src/registry_dispatcher.cc', + 'src/registry_dispatcher.h', + 'src/registry_interception.cc', + 'src/registry_interception.h', 'src/registry_policy.cc', 'src/registry_policy.h', 'src/resolver.cc', @@ -214,14 +222,6 @@ 'msvs_guid': '881F6A97-D539-4C48-B401-DF04385B2343', 'sources': [ # Files that are used by the 32-bit version of Windows sandbox only. - 'src/filesystem_dispatcher.cc', - 'src/filesystem_dispatcher.h', - 'src/filesystem_interception.cc', - 'src/filesystem_interception.h', - 'src/registry_interception.cc', - 'src/registry_dispatcher.cc', - 'src/registry_dispatcher.h', - 'src/registry_interception.h', 'src/resolver_32.cc', 'src/service_resolver_32.cc', 'src/sidestep_resolver.cc', diff --git a/sandbox/src/interceptors_64.cc b/sandbox/src/interceptors_64.cc index 49018a0..29d59143 100644 --- a/sandbox/src/interceptors_64.cc +++ b/sandbox/src/interceptors_64.cc @@ -70,9 +70,6 @@ NTSTATUS WINAPI TargetNtOpenThreadTokenEx64( // ----------------------------------------------------------------------- -#if 0 -// Bug 27218: We don't have IPC yet. - SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateFile64( PHANDLE file, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, @@ -124,8 +121,6 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationFile64( length, file_information_class); } -#endif - // ----------------------------------------------------------------------- SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64( @@ -206,8 +201,7 @@ SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64( } // ----------------------------------------------------------------------- -#if 0 -// Bug 27218: We don't have IPC yet. + SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64( PHANDLE key, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, ULONG title_index, @@ -236,8 +230,6 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64( open_options); } -#endif - // ----------------------------------------------------------------------- SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64( diff --git a/sandbox/src/named_pipe_policy_test.cc b/sandbox/src/named_pipe_policy_test.cc index 4378477..11ddbc3 100644 --- a/sandbox/src/named_pipe_policy_test.cc +++ b/sandbox/src/named_pipe_policy_test.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -29,8 +29,6 @@ SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) { OVERLAPPED overlapped = {0}; overlapped.hEvent = ::CreateEvent(NULL, TRUE, TRUE, NULL); BOOL result = ::ConnectNamedPipe(pipe, &overlapped); - ::CloseHandle(pipe); - ::CloseHandle(overlapped.hEvent); if (!result) { DWORD error = ::GetLastError(); @@ -40,6 +38,10 @@ SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) { } } + if (!::CloseHandle(pipe)) + return SBOX_TEST_FAILED; + + ::CloseHandle(overlapped.hEvent); return SBOX_TEST_SUCCEEDED; } diff --git a/sandbox/src/sandbox_policy_base.cc b/sandbox/src/sandbox_policy_base.cc index 4dbfc2d..ec9ffac 100644 --- a/sandbox/src/sandbox_policy_base.cc +++ b/sandbox/src/sandbox_policy_base.cc @@ -71,14 +71,7 @@ PolicyBase::PolicyBase() // Initialize the IPC dispatcher array. memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); Dispatcher* dispatcher = NULL; - dispatcher = new ThreadProcessDispatcher(this); - ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher; - ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher; - ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher; - ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; - ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; -#if !defined(_WIN64) - // Bug 27218: We don't have dispatch for some x64 syscalls. + dispatcher = new FilesystemDispatcher(this); ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; @@ -89,6 +82,13 @@ PolicyBase::PolicyBase() dispatcher = new NamedPipeDispatcher(this); ipc_targets_[IPC_CREATENAMEDPIPEW_TAG] = dispatcher; + dispatcher = new ThreadProcessDispatcher(this); + ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher; + ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher; + ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher; + ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; + ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; + dispatcher = new SyncDispatcher(this); ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; @@ -96,7 +96,6 @@ PolicyBase::PolicyBase() dispatcher = new RegistryDispatcher(this); ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; -#endif } PolicyBase::~PolicyBase() { @@ -105,16 +104,13 @@ PolicyBase::~PolicyBase() { TargetProcess* target = (*it); delete target; } - delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; -#if !defined(_WIN64) - // Bug 27218: We don't have dispatch for some x64 syscalls. delete ipc_targets_[IPC_NTCREATEFILE_TAG]; delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG]; + delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; delete ipc_targets_[IPC_CREATEEVENT_TAG]; delete ipc_targets_[IPC_NTCREATEKEY_TAG]; delete policy_maker_; delete policy_; -#endif ::DeleteCriticalSection(&lock_); } diff --git a/sandbox/src/unload_dll_test.cc b/sandbox/src/unload_dll_test.cc index d79534c..b26dfe7 100644 --- a/sandbox/src/unload_dll_test.cc +++ b/sandbox/src/unload_dll_test.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -26,7 +26,7 @@ SBOX_TESTS_COMMAND int UseOneDLL(int argc, wchar_t **argv) { if ((option == L'U') || (option == L'B')) { HMODULE module2 = ::GetModuleHandleW(argv[1]); - rv = FreeLibrary(module2) ? SBOX_TEST_SUCCEEDED : SBOX_TEST_FAILED; + rv = ::FreeLibrary(module2) ? SBOX_TEST_SUCCEEDED : SBOX_TEST_FAILED; } return rv; } @@ -48,6 +48,9 @@ TEST(UnloadDllTest, BaselineAvicapDll) { // more than one item in its internal table. EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC, TargetPolicy::EVENTS_ALLOW_ANY, L"t0001")); + + // Note for the puzzled: avicap32.dll is a 64-bit dll in 64-bit versions of + // windows so this test and the others just work. EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"UseOneDLL L avicap32.dll")); EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"UseOneDLL B avicap32.dll")); } |