summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sandbox/sandbox.gyp8
-rw-r--r--sandbox/src/crosscall_client.h44
-rw-r--r--sandbox/src/crosscall_server.cc15
-rw-r--r--sandbox/src/crosscall_server.h9
-rw-r--r--sandbox/src/interceptors_64.cc6
-rw-r--r--sandbox/src/ipc_unittest.cc282
-rw-r--r--sandbox/src/policy_broker.cc5
-rw-r--r--sandbox/src/policy_target_test.cc12
-rw-r--r--sandbox/src/process_thread_dispatcher.cc8
-rw-r--r--sandbox/src/process_thread_dispatcher.h12
-rw-r--r--sandbox/src/process_thread_policy.cc21
-rw-r--r--sandbox/src/process_thread_policy.h20
-rw-r--r--sandbox/src/sandbox_policy_base.cc17
-rw-r--r--sandbox/src/sharedmem_ipc_server.cc11
-rw-r--r--sandbox/src/sharedmem_ipc_server.h11
-rw-r--r--sandbox/tests/validation_tests/commands.cc8
-rw-r--r--sandbox/tests/validation_tests/suite.cc6
17 files changed, 340 insertions, 155 deletions
diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp
index 50094f9..76199bd 100644
--- a/sandbox/sandbox.gyp
+++ b/sandbox/sandbox.gyp
@@ -58,6 +58,10 @@
'src/policy_params.h',
'src/policy_target.cc',
'src/policy_target.h',
+ 'src/process_thread_dispatcher.cc',
+ 'src/process_thread_dispatcher.h',
+ 'src/process_thread_interception.cc',
+ 'src/process_thread_interception.h',
'src/process_thread_policy.cc',
'src/process_thread_policy.h',
'src/registry_policy.cc',
@@ -214,10 +218,6 @@
'src/filesystem_dispatcher.h',
'src/filesystem_interception.cc',
'src/filesystem_interception.h',
- 'src/process_thread_dispatcher.cc',
- 'src/process_thread_dispatcher.h',
- 'src/process_thread_interception.cc',
- 'src/process_thread_interception.h',
'src/registry_interception.cc',
'src/registry_dispatcher.cc',
'src/registry_dispatcher.h',
diff --git a/sandbox/src/crosscall_client.h b/sandbox/src/crosscall_client.h
index c2d3045..e58388c9 100644
--- a/sandbox/src/crosscall_client.h
+++ b/sandbox/src/crosscall_client.h
@@ -1,9 +1,9 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SANDBOX_SRC_CROSSCALL_CLIENT_H__
-#define SANDBOX_SRC_CROSSCALL_CLIENT_H__
+#ifndef SANDBOX_SRC_CROSSCALL_CLIENT_H_
+#define SANDBOX_SRC_CROSSCALL_CLIENT_H_
#include "sandbox/src/crosscall_params.h"
#include "sandbox/src/sandbox.h"
@@ -86,6 +86,44 @@ class CopyHelper {
const T& t_;
};
+// This copy helper template specialization if for the void pointer
+// case both 32 and 64 bit.
+template<>
+class CopyHelper<void*> {
+ public:
+ CopyHelper(void* t) : t_(t) {}
+
+ // Returns the pointer to the start of the input.
+ const void* GetStart() const {
+ return &t_;
+ }
+
+ // Update the stored value with the value in the buffer. This is not
+ // supported for this type.
+ bool Update(void* buffer) {
+ // Not supported;
+ return true;
+ }
+
+ // Returns the size of the input in bytes.
+ size_t GetSize() const {
+ return sizeof(t_);
+ }
+
+ // Returns true if the current type is used as an In or InOut parameter.
+ bool IsInOut() {
+ return false;
+ }
+
+ // Returns this object's type.
+ ArgType GetType() {
+ return VOIDPTR_TYPE;
+ }
+
+ private:
+ const void* t_;
+};
+
// This copy helper template specialization catches the cases where the
// parameter is a pointer to a string.
template<>
diff --git a/sandbox/src/crosscall_server.cc b/sandbox/src/crosscall_server.cc
index 35e80f4..da43c69 100644
--- a/sandbox/src/crosscall_server.cc
+++ b/sandbox/src/crosscall_server.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -176,7 +176,7 @@ void* CrossCallParamsEx::GetRawParameter(size_t index, size_t* size,
}
// Covers common case for 32 bit integers.
-bool CrossCallParamsEx::GetParameter32(size_t index, void* param) {
+bool CrossCallParamsEx::GetParameter32(size_t index, uint32* param) {
size_t size = 0;
ArgType type;
void* start = GetRawParameter(index, &size, &type);
@@ -188,6 +188,17 @@ bool CrossCallParamsEx::GetParameter32(size_t index, void* param) {
return true;
}
+bool CrossCallParamsEx::GetParameterVoidPtr(size_t index, void** param) {
+ size_t size = 0;
+ ArgType type;
+ void* start = GetRawParameter(index, &size, &type);
+ if ((NULL == start) || (sizeof(void*) != size) || (VOIDPTR_TYPE != type)) {
+ return false;
+ }
+ *param = *(reinterpret_cast<void**>(start));
+ return true;
+}
+
// Covers the common case of reading a string. Note that the string is not
// scanned for invalid characters.
bool CrossCallParamsEx::GetParameterStr(size_t index, std::wstring* string) {
diff --git a/sandbox/src/crosscall_server.h b/sandbox/src/crosscall_server.h
index fd0cd4c..06c0e02 100644
--- a/sandbox/src/crosscall_server.h
+++ b/sandbox/src/crosscall_server.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -7,6 +7,7 @@
#include <string>
#include <vector>
+#include "base/basictypes.h"
#include "base/callback.h"
#include "sandbox/src/crosscall_params.h"
@@ -103,7 +104,11 @@ class CrossCallParamsEx : public CrossCallParams {
// Gets a parameter that is four bytes in size.
// Returns false if the parameter does not exist or is not 32 bits wide.
- bool GetParameter32(size_t index, void* param);
+ bool GetParameter32(size_t index, uint32* param);
+
+ // Gets a parameter that is void pointer in size.
+ // Returns false if the parameter does not exist or is not void pointer sized.
+ bool GetParameterVoidPtr(size_t index, void** param);
// Gets a parameter that is a string. Returns false if the parameter does not
// exist.
diff --git a/sandbox/src/interceptors_64.cc b/sandbox/src/interceptors_64.cc
index a63ec33..49018a0 100644
--- a/sandbox/src/interceptors_64.cc
+++ b/sandbox/src/interceptors_64.cc
@@ -141,9 +141,6 @@ SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64(
// -----------------------------------------------------------------------
-#if 0
-// Bug 27218: We don't have IPC yet.
-
SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread64(
PHANDLE thread, ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) {
@@ -209,7 +206,8 @@ SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64(
}
// -----------------------------------------------------------------------
-
+#if 0
+// Bug 27218: We don't have IPC yet.
SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64(
PHANDLE key, ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes, ULONG title_index,
diff --git a/sandbox/src/ipc_unittest.cc b/sandbox/src/ipc_unittest.cc
index 1ba24ab..909f144 100644
--- a/sandbox/src/ipc_unittest.cc
+++ b/sandbox/src/ipc_unittest.cc
@@ -6,9 +6,9 @@
#include "sandbox/src/crosscall_client.h"
#include "sandbox/src/crosscall_server.h"
#include "sandbox/src/sharedmem_ipc_client.h"
+#include "sandbox/src/sharedmem_ipc_server.h"
#include "testing/gtest/include/gtest/gtest.h"
-
namespace sandbox {
// Helper function to make the fake shared memory with some
@@ -18,30 +18,54 @@ IPCControl* MakeChannels(size_t channel_size, size_t total_shared_size,
// Allocate memory
char* mem = new char[total_shared_size];
memset(mem, 0, total_shared_size);
-
// Calculate how many channels we can fit in the shared memory.
total_shared_size -= offsetof(IPCControl, channels);
size_t channel_count =
total_shared_size / (sizeof(ChannelControl) + channel_size);
-
// Calculate the start of the first channel.
*base_start = (sizeof(ChannelControl)* channel_count) +
offsetof(IPCControl, channels);
-
// Setup client structure.
IPCControl* client_control = reinterpret_cast<IPCControl*>(mem);
client_control->channels_count = channel_count;
-
return client_control;
}
-TEST(IPCTest, ChannelMaker) {
- size_t channel_start = 0;
- IPCControl* client_control = MakeChannels(12*64, 4096, &channel_start);
+enum TestFixMode {
+ FIX_NO_EVENTS,
+ FIX_PONG_READY,
+ FIX_PONG_NOT_READY
+};
+void FixChannels(IPCControl* client_control, size_t base_start,
+ size_t channel_size, TestFixMode mode) {
+ for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
+ ChannelControl& channel = client_control->channels[ix];
+ channel.channel_base = base_start;
+ channel.state = kFreeChannel;
+ if (mode != FIX_NO_EVENTS) {
+ BOOL signaled = (FIX_PONG_READY == mode)? TRUE : FALSE;
+ channel.ping_event = ::CreateEventW(NULL, FALSE, FALSE, NULL);
+ channel.pong_event = ::CreateEventW(NULL, FALSE, signaled, NULL);
+ }
+ base_start += channel_size;
+ }
+}
+
+void CloseChannelEvents(IPCControl* client_control) {
+ for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
+ ChannelControl& channel = client_control->channels[ix];
+ ::CloseHandle(channel.ping_event);
+ ::CloseHandle(channel.pong_event);
+ }
+}
+
+TEST(IPCTest, ChannelMaker) {
// Test that our testing rig is computing offsets properly. We should have
// 5 channnels and the offset to the first channel is 108 bytes in 32 bits
// and 216 in 64 bits.
+ size_t channel_start = 0;
+ IPCControl* client_control = MakeChannels(12 * 64, 4096, &channel_start);
ASSERT_TRUE(NULL != client_control);
EXPECT_EQ(5, client_control->channels_count);
#if defined(_WIN64)
@@ -49,23 +73,16 @@ TEST(IPCTest, ChannelMaker) {
#else
EXPECT_EQ(108, channel_start);
#endif
-
- delete [] reinterpret_cast<char*>(client_control);
+ delete[] reinterpret_cast<char*>(client_control);
}
TEST(IPCTest, ClientLockUnlock) {
// Make 7 channels of kIPCChannelSize (1kb) each. Test that we lock and
// unlock channels properly.
- const size_t channel_size = kIPCChannelSize;
size_t base_start = 0;
- IPCControl* client_control = MakeChannels(channel_size, 4096*2, &base_start);
-
- for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
- ChannelControl& channel = client_control->channels[ix];
- channel.channel_base = base_start;
- channel.state = kFreeChannel;
- base_start += channel_size;
- }
+ IPCControl* client_control =
+ MakeChannels(kIPCChannelSize, 4096 * 2, &base_start);
+ FixChannels(client_control, base_start, kIPCChannelSize, FIX_NO_EVENTS);
char* mem = reinterpret_cast<char*>(client_control);
SharedMemIPCClient client(mem);
@@ -124,26 +141,18 @@ TEST(IPCTest, ClientLockUnlock) {
EXPECT_EQ(kFreeChannel, client_control->channels[4].state);
EXPECT_EQ(kFreeChannel, client_control->channels[5].state);
- delete [] reinterpret_cast<char*>(client_control);
+ delete[] reinterpret_cast<char*>(client_control);
}
TEST(IPCTest, CrossCallStrPacking) {
// This test tries the CrossCall object with null and non-null string
- // combination of parameters and verifies that the unpacker can read them
- // properly.
- const size_t channel_size = kIPCChannelSize;
+ // combination of parameters, integer types and verifies that the unpacker
+ // can read them properly.
size_t base_start = 0;
- IPCControl* client_control = MakeChannels(channel_size, 4096*2, &base_start);
+ IPCControl* client_control =
+ MakeChannels(kIPCChannelSize, 4096 * 4, &base_start);
client_control->server_alive = HANDLE(1);
-
- for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
- ChannelControl& channel = client_control->channels[ix];
- channel.channel_base = base_start;
- channel.state = kFreeChannel;
- channel.ping_event = ::CreateEventW(NULL, FALSE, FALSE, NULL);
- channel.pong_event = ::CreateEventW(NULL, FALSE, TRUE, NULL);
- base_start += channel_size;
- }
+ FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_READY);
char* mem = reinterpret_cast<char*>(client_control);
SharedMemIPCClient client(mem);
@@ -212,12 +221,79 @@ TEST(IPCTest, CrossCallStrPacking) {
EXPECT_EQ(0, param_size);
EXPECT_EQ(WCHAR_TYPE, type);
- for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
- ChannelControl& channel = client_control->channels[ix];
- ::CloseHandle(channel.ping_event);
- ::CloseHandle(channel.pong_event);
- }
- delete [] reinterpret_cast<char*>(client_control);
+ CloseChannelEvents(client_control);
+ delete[] reinterpret_cast<char*>(client_control);
+}
+
+TEST(IPCTest, CrossCallIntPacking) {
+ // Check handling for regular 32 bit integers used in Windows.
+ size_t base_start = 0;
+ IPCControl* client_control =
+ MakeChannels(kIPCChannelSize, 4096 * 4, &base_start);
+ client_control->server_alive = HANDLE(1);
+ FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_READY);
+
+ uint32 tag1 = 999;
+ uint32 tag2 = 111;
+ const wchar_t text[] = L"godzilla";
+ CrossCallParamsEx* actual_params;
+
+ char* mem = reinterpret_cast<char*>(client_control);
+ SharedMemIPCClient client(mem);
+
+ CrossCallReturn answer;
+ DWORD dw = 0xE6578;
+ CrossCall(client, tag2, dw, &answer);
+ actual_params = reinterpret_cast<CrossCallParamsEx*>(client.GetBuffer());
+ EXPECT_EQ(1, actual_params->GetParamsCount());
+ EXPECT_EQ(tag2, actual_params->GetTag());
+ ArgType type = INVALID_TYPE;
+ size_t param_size = 1;
+ void* param_addr = actual_params->GetRawParameter(0, &param_size, &type);
+ ASSERT_EQ(sizeof(dw), param_size);
+ EXPECT_EQ(ULONG_TYPE, type);
+ ASSERT_TRUE(NULL != param_addr);
+ EXPECT_EQ(0, memcmp(&dw, param_addr, param_size));
+
+ // Check handling for windows HANDLES.
+ HANDLE h = HANDLE(0x70000500);
+ CrossCall(client, tag1, text, h, &answer);
+ actual_params = reinterpret_cast<CrossCallParamsEx*>(client.GetBuffer());
+ EXPECT_EQ(2, actual_params->GetParamsCount());
+ EXPECT_EQ(tag1, actual_params->GetTag());
+ type = INVALID_TYPE;
+ param_addr = actual_params->GetRawParameter(1, &param_size, &type);
+ ASSERT_EQ(sizeof(h), param_size);
+ EXPECT_EQ(VOIDPTR_TYPE, type);
+ ASSERT_TRUE(NULL != param_addr);
+ EXPECT_EQ(0, memcmp(&h, param_addr, param_size));
+
+ // Check combination of 32 and 64 bits.
+ CrossCall(client, tag2, h, dw, h, &answer);
+ actual_params = reinterpret_cast<CrossCallParamsEx*>(client.GetBuffer());
+ EXPECT_EQ(3, actual_params->GetParamsCount());
+ EXPECT_EQ(tag2, actual_params->GetTag());
+ type = INVALID_TYPE;
+ param_addr = actual_params->GetRawParameter(0, &param_size, &type);
+ ASSERT_EQ(sizeof(h), param_size);
+ EXPECT_EQ(VOIDPTR_TYPE, type);
+ ASSERT_TRUE(NULL != param_addr);
+ EXPECT_EQ(0, memcmp(&h, param_addr, param_size));
+ type = INVALID_TYPE;
+ param_addr = actual_params->GetRawParameter(1, &param_size, &type);
+ ASSERT_EQ(sizeof(dw), param_size);
+ EXPECT_EQ(ULONG_TYPE, type);
+ ASSERT_TRUE(NULL != param_addr);
+ EXPECT_EQ(0, memcmp(&dw, param_addr, param_size));
+ type = INVALID_TYPE;
+ param_addr = actual_params->GetRawParameter(2, &param_size, &type);
+ ASSERT_EQ(sizeof(h), param_size);
+ EXPECT_EQ(VOIDPTR_TYPE, type);
+ ASSERT_TRUE(NULL != param_addr);
+ EXPECT_EQ(0, memcmp(&h, param_addr, param_size));
+
+ CloseChannelEvents(client_control);
+ delete[] reinterpret_cast<char*>(client_control);
}
TEST(IPCTest, CrossCallValidation) {
@@ -297,17 +373,9 @@ void FakeOkAnswerInChannel(void* channel) {
TEST(IPCTest, ClientFastServer) {
const size_t channel_size = kIPCChannelSize;
size_t base_start = 0;
- IPCControl* client_control = MakeChannels(channel_size, 4096*2, &base_start);
-
- for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
- ChannelControl& channel = client_control->channels[ix];
- channel.channel_base = base_start;
- channel.state = kFreeChannel;
- channel.ping_event = ::CreateEventW(NULL, FALSE, FALSE, NULL);
- channel.pong_event = ::CreateEventW(NULL, FALSE, FALSE, NULL);
- base_start += channel_size;
- }
-
+ IPCControl* client_control =
+ MakeChannels(channel_size, 4096 * 2, &base_start);
+ FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_NOT_READY);
client_control->server_alive = ::CreateMutex(NULL, FALSE, NULL);
char* mem = reinterpret_cast<char*>(client_control);
@@ -374,14 +442,10 @@ TEST(IPCTest, ClientFastServer) {
EXPECT_EQ(kFreeChannel, client_control->channels[1].state);
EXPECT_EQ(kFreeChannel, client_control->channels[2].state);
- for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
- ChannelControl& channel = client_control->channels[ix];
- ::CloseHandle(channel.ping_event);
- ::CloseHandle(channel.pong_event);
- }
-
+ CloseChannelEvents(client_control);
::CloseHandle(client_control->server_alive);
- delete [] reinterpret_cast<char*>(client_control);
+
+ delete[] reinterpret_cast<char*>(client_control);
}
// This is the server thread that very slowly answers an IPC and exits. Note
@@ -410,19 +474,10 @@ DWORD WINAPI MainServerThread(PVOID param) {
// to hold locked the server_alive mutex: this signals the client that the
// server is not dead and it retries the wait.
TEST(IPCTest, ClientSlowServer) {
- const size_t channel_size = kIPCChannelSize;
size_t base_start = 0;
- IPCControl* client_control = MakeChannels(channel_size, 4096*2, &base_start);
-
- for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
- ChannelControl& channel = client_control->channels[ix];
- channel.channel_base = base_start;
- channel.state = kFreeChannel;
- channel.ping_event = ::CreateEventW(NULL, FALSE, FALSE, NULL);
- channel.pong_event = ::CreateEventW(NULL, FALSE, FALSE, NULL);
- base_start += channel_size;
- }
-
+ IPCControl* client_control =
+ MakeChannels(kIPCChannelSize, 4096*2, &base_start);
+ FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_NOT_READY);
client_control->server_alive = ::CreateMutex(NULL, FALSE, NULL);
char* mem = reinterpret_cast<char*>(client_control);
@@ -461,13 +516,90 @@ TEST(IPCTest, ClientSlowServer) {
EXPECT_EQ(tag, client_control->channels[0].ipc_tag);
EXPECT_EQ(kFreeChannel, client_control->channels[0].state);
- for (size_t ix = 0; ix != client_control->channels_count; ++ix) {
- ChannelControl& channel = client_control->channels[ix];
- ::CloseHandle(channel.ping_event);
- ::CloseHandle(channel.pong_event);
- }
+ CloseChannelEvents(client_control);
::CloseHandle(client_control->server_alive);
- delete [] reinterpret_cast<char*>(client_control);
+ delete[] reinterpret_cast<char*>(client_control);
+}
+
+// This test-only IPC dispatcher has two handlers with the same signature
+// but only CallOneHandler should be used.
+class UnitTestIPCDispatcher : public Dispatcher {
+ public:
+ enum {
+ CALL_ONE_TAG = 78,
+ CALL_TWO_TAG = 87
+ };
+
+ UnitTestIPCDispatcher();
+ ~UnitTestIPCDispatcher() {};
+
+ virtual bool SetupService(InterceptionManager* manager, int service) {
+ return true;
+ }
+
+ private:
+ bool CallOneHandler(IPCInfo* ipc, HANDLE p1, DWORD p2) {
+ ipc->return_info.extended[0].handle = p1;
+ ipc->return_info.extended[1].unsigned_int = p2;
+ return true;
+ }
+
+ bool CallTwoHandler(IPCInfo* ipc, HANDLE p1, DWORD p2) {
+ return true;
+ }
+};
+
+UnitTestIPCDispatcher::UnitTestIPCDispatcher() {
+ static const IPCCall call_one = {
+ {CALL_ONE_TAG, VOIDPTR_TYPE, ULONG_TYPE},
+ reinterpret_cast<CallbackGeneric>(
+ &UnitTestIPCDispatcher::CallOneHandler)
+ };
+ static const IPCCall call_two = {
+ {CALL_TWO_TAG, VOIDPTR_TYPE, ULONG_TYPE},
+ reinterpret_cast<CallbackGeneric>(
+ &UnitTestIPCDispatcher::CallTwoHandler)
+ };
+ ipc_calls_.push_back(call_one);
+ ipc_calls_.push_back(call_two);
+}
+
+// This test does most of the shared memory IPC client-server roundtrip
+// and tests the packing, unpacking and call dispatching.
+TEST(IPCTest, SharedMemServerTests) {
+ size_t base_start = 0;
+ IPCControl* client_control =
+ MakeChannels(kIPCChannelSize, 4096, &base_start);
+ client_control->server_alive = HANDLE(1);
+ FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_READY);
+
+ char* mem = reinterpret_cast<char*>(client_control);
+ SharedMemIPCClient client(mem);
+
+ CrossCallReturn answer;
+ HANDLE bar = HANDLE(191919);
+ DWORD foo = 6767676;
+ CrossCall(client, UnitTestIPCDispatcher::CALL_ONE_TAG, bar, foo, &answer);
+ void* buff = client.GetBuffer();
+ ASSERT_TRUE(NULL != buff);
+
+ UnitTestIPCDispatcher dispatcher;
+ // Since we are directly calling InvokeCallback, most of this structure
+ // can be set to NULL.
+ sandbox::SharedMemIPCServer::ServerControl srv_control = {
+ NULL, NULL, kIPCChannelSize, NULL,
+ reinterpret_cast<char*>(client_control),
+ NULL, &dispatcher, {0} };
+
+ sandbox::CrossCallReturn call_return = {0};
+ EXPECT_TRUE(SharedMemIPCServer::InvokeCallback(&srv_control, buff,
+ &call_return));
+ EXPECT_EQ(SBOX_ALL_OK, call_return.call_outcome);
+ EXPECT_TRUE(bar == call_return.extended[0].handle);
+ EXPECT_EQ(foo, call_return.extended[1].unsigned_int);
+
+ CloseChannelEvents(client_control);
+ delete[] reinterpret_cast<char*>(client_control);
}
} // namespace sandbox
diff --git a/sandbox/src/policy_broker.cc b/sandbox/src/policy_broker.cc
index 82701ed..f2316b0 100644
--- a/sandbox/src/policy_broker.cc
+++ b/sandbox/src/policy_broker.cc
@@ -88,14 +88,11 @@ bool SetupNtdllImports(TargetProcess *child) {
#undef INIT_GLOBAL_RTL
bool SetupBasicInterceptions(InterceptionManager* manager) {
-#if !defined(_WIN64)
- // Bug 27218: We don't have dispatch for some x64 syscalls.
// Interceptions provided by process_thread_policy, without actual policy.
if (!INTERCEPT_NT(manager, NtOpenThread, OPEN_TREAD_ID, 20) ||
!INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20) ||
!INTERCEPT_NT(manager, NtOpenProcessToken, OPEN_PROCESS_TOKEN_ID, 16))
return false;
-#endif
// Interceptions with neither policy nor IPC.
if (!INTERCEPT_NT(manager, NtSetInformationThread, SET_INFORMATION_THREAD_ID,
@@ -104,13 +101,11 @@ bool SetupBasicInterceptions(InterceptionManager* manager) {
return false;
if (win_util::GetWinVersion() >= win_util::WINVERSION_XP) {
-#if !defined(_WIN64)
// Bug 27218: We don't have dispatch for some x64 syscalls.
// This one is also provided by process_thread_policy.
if (!INTERCEPT_NT(manager, NtOpenProcessTokenEx, OPEN_PROCESS_TOKEN_EX_ID,
20))
return false;
-#endif
return INTERCEPT_NT(manager, NtOpenThreadTokenEx, OPEN_THREAD_TOKEN_EX_ID,
24);
diff --git a/sandbox/src/policy_target_test.cc b/sandbox/src/policy_target_test.cc
index 6a7aebb..d4ffb40 100644
--- a/sandbox/src/policy_target_test.cc
+++ b/sandbox/src/policy_target_test.cc
@@ -150,10 +150,10 @@ SBOX_TESTS_COMMAND int PolicyTargetTest_process(int argc, wchar_t **argv) {
STARTUPINFO startup_info = {0};
startup_info.cb = sizeof(startup_info);
PROCESS_INFORMATION process_info;
- ::CreateProcess(L"foo.exe", L"foo.exe", NULL, NULL, FALSE, 0, NULL, NULL,
- &startup_info, &process_info);
-
- return SBOX_TEST_SUCCEEDED;
+ if (!::CreateProcessW(L"foo.exe", L"foo.exe", NULL, NULL, FALSE, 0,
+ NULL, NULL, &startup_info, &process_info))
+ return SBOX_TEST_SUCCEEDED;
+ return SBOX_TEST_FAILED;
}
TEST(PolicyTargetTest, SetInformationThread) {
@@ -194,8 +194,6 @@ TEST(PolicyTargetTest, OpenThreadTokenEx) {
EXPECT_EQ(ERROR_NO_TOKEN, runner.RunTest(L"PolicyTargetTest_token3"));
}
-#if !defined(_WIN64)
-// Bug 27218: We don't have dispatch for some x64 syscalls.
TEST(PolicyTargetTest, OpenThread) {
TestRunner runner;
EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"PolicyTargetTest_thread")) <<
@@ -211,6 +209,8 @@ TEST(PolicyTargetTest, OpenProcess) {
"Opens a process";
}
+#if !defined(_WIN64)
+
// Launches the app in the sandbox and ask it to wait in an
// infinite loop. Waits for 2 seconds and then check if the
// desktop associated with the app thread is not the same as the
diff --git a/sandbox/src/process_thread_dispatcher.cc b/sandbox/src/process_thread_dispatcher.cc
index bbc1e57..f3badb4 100644
--- a/sandbox/src/process_thread_dispatcher.cc
+++ b/sandbox/src/process_thread_dispatcher.cc
@@ -110,13 +110,13 @@ ThreadProcessDispatcher::ThreadProcessDispatcher(PolicyBase* policy_base)
};
static const IPCCall process_token = {
- {IPC_NTOPENPROCESSTOKEN_TAG, ULONG_TYPE, ULONG_TYPE},
+ {IPC_NTOPENPROCESSTOKEN_TAG, VOIDPTR_TYPE, ULONG_TYPE},
reinterpret_cast<CallbackGeneric>(
&ThreadProcessDispatcher::NtOpenProcessToken)
};
static const IPCCall process_tokenex = {
- {IPC_NTOPENPROCESSTOKENEX_TAG, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE},
+ {IPC_NTOPENPROCESSTOKENEX_TAG, VOIDPTR_TYPE, ULONG_TYPE, ULONG_TYPE},
reinterpret_cast<CallbackGeneric>(
&ThreadProcessDispatcher::NtOpenProcessTokenEx)
};
@@ -178,7 +178,7 @@ bool ThreadProcessDispatcher::NtOpenProcess(IPCInfo* ipc, DWORD desired_access,
return true;
}
-bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, DWORD process,
+bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, HANDLE process,
DWORD desired_access) {
HANDLE handle;
NTSTATUS ret = ProcessPolicy::OpenProcessTokenAction(*ipc->client_info,
@@ -189,7 +189,7 @@ bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, DWORD process,
return true;
}
-bool ThreadProcessDispatcher::NtOpenProcessTokenEx(IPCInfo* ipc, DWORD process,
+bool ThreadProcessDispatcher::NtOpenProcessTokenEx(IPCInfo* ipc, HANDLE process,
DWORD desired_access,
DWORD attributes) {
HANDLE handle;
diff --git a/sandbox/src/process_thread_dispatcher.h b/sandbox/src/process_thread_dispatcher.h
index dfd58c0..0403c50 100644
--- a/sandbox/src/process_thread_dispatcher.h
+++ b/sandbox/src/process_thread_dispatcher.h
@@ -1,9 +1,9 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H__
-#define SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H__
+#ifndef SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H_
+#define SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H_
#include "base/basictypes.h"
#include "sandbox/src/crosscall_server.h"
@@ -28,10 +28,10 @@ class ThreadProcessDispatcher : public Dispatcher {
bool NtOpenProcess(IPCInfo* ipc, DWORD desired_access, DWORD process_id);
// Processes IPC requests from calls to NtOpenProcessToken() in the target.
- bool NtOpenProcessToken(IPCInfo* ipc, DWORD process, DWORD desired_access);
+ bool NtOpenProcessToken(IPCInfo* ipc, HANDLE process, DWORD desired_access);
// Processes IPC requests from calls to NtOpenProcessTokenEx() in the target.
- bool NtOpenProcessTokenEx(IPCInfo* ipc, DWORD process, DWORD desired_access,
+ bool NtOpenProcessTokenEx(IPCInfo* ipc, HANDLE process, DWORD desired_access,
DWORD attributes);
// Processes IPC requests coming from calls to CreateProcessW() in the target.
@@ -44,4 +44,4 @@ class ThreadProcessDispatcher : public Dispatcher {
} // namespace sandbox
-#endif // SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H__
+#endif // SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H_
diff --git a/sandbox/src/process_thread_policy.cc b/sandbox/src/process_thread_policy.cc
index 3abd043..7e4effb 100644
--- a/sandbox/src/process_thread_policy.cc
+++ b/sandbox/src/process_thread_policy.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -103,7 +103,7 @@ bool ProcessPolicy::GenerateRules(const wchar_t* name,
NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info,
uint32 desired_access,
uint32 thread_id,
- HANDLE *handle) {
+ HANDLE* handle) {
*handle = NULL;
NtOpenThreadFunction NtOpenThread = NULL;
@@ -135,7 +135,7 @@ NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info,
NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info,
uint32 desired_access,
uint32 process_id,
- HANDLE *handle) {
+ HANDLE* handle) {
*handle = NULL;
NtOpenProcessFunction NtOpenProcess = NULL;
@@ -165,16 +165,13 @@ NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info,
}
NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info,
- uint32 process_requested,
+ HANDLE process,
uint32 desired_access,
- HANDLE *handle) {
+ HANDLE* handle) {
*handle = NULL;
-
NtOpenProcessTokenFunction NtOpenProcessToken = NULL;
ResolveNTFunctionPtr("NtOpenProcessToken", &NtOpenProcessToken);
- HANDLE process = reinterpret_cast<HANDLE>(
- static_cast<ULONG_PTR>(process_requested));
if (CURRENT_PROCESS != process)
return STATUS_ACCESS_DENIED;
@@ -189,21 +186,18 @@ NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info,
return STATUS_ACCESS_DENIED;
}
}
-
return status;
}
NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info,
- uint32 process_requested,
+ HANDLE process,
uint32 desired_access,
uint32 attributes,
- HANDLE *handle) {
+ HANDLE* handle) {
*handle = NULL;
NtOpenProcessTokenExFunction NtOpenProcessTokenEx = NULL;
ResolveNTFunctionPtr("NtOpenProcessTokenEx", &NtOpenProcessTokenEx);
- HANDLE process = reinterpret_cast<HANDLE>(
- static_cast<ULONG_PTR>(process_requested));
if (CURRENT_PROCESS != process)
return STATUS_ACCESS_DENIED;
@@ -218,7 +212,6 @@ NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info,
return STATUS_ACCESS_DENIED;
}
}
-
return status;
}
diff --git a/sandbox/src/process_thread_policy.h b/sandbox/src/process_thread_policy.h
index 29ea91d..78323cc 100644
--- a/sandbox/src/process_thread_policy.h
+++ b/sandbox/src/process_thread_policy.h
@@ -1,9 +1,9 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SANDBOX_SRC_PROCESS_THREAD_POLICY_H__
-#define SANDBOX_SRC_PROCESS_THREAD_POLICY_H__
+#ifndef SANDBOX_SRC_PROCESS_THREAD_POLICY_H_
+#define SANDBOX_SRC_PROCESS_THREAD_POLICY_H_
#include <string>
@@ -37,7 +37,7 @@ class ProcessPolicy {
static NTSTATUS OpenThreadAction(const ClientInfo& client_info,
uint32 desired_access,
uint32 thread_id,
- HANDLE *handle);
+ HANDLE* handle);
// Opens the process id passed in and returns the duplicated handle to
// the child. We only allow the child processes to open themselves. Any other
@@ -45,24 +45,24 @@ class ProcessPolicy {
static NTSTATUS OpenProcessAction(const ClientInfo& client_info,
uint32 desired_access,
uint32 process_id,
- HANDLE *handle);
+ HANDLE* handle);
// Opens the token associated with the process and returns the duplicated
// handle to the child. We only allow the child processes to open his own
// token (using ::GetCurrentProcess()).
static NTSTATUS OpenProcessTokenAction(const ClientInfo& client_info,
- uint32 process,
+ HANDLE process,
uint32 desired_access,
- HANDLE *handle);
+ HANDLE* handle);
// Opens the token associated with the process and returns the duplicated
// handle to the child. We only allow the child processes to open his own
// token (using ::GetCurrentProcess()).
static NTSTATUS OpenProcessTokenExAction(const ClientInfo& client_info,
- uint32 process,
+ HANDLE process,
uint32 desired_access,
uint32 attributes,
- HANDLE *handle);
+ HANDLE* handle);
// Processes a 'CreateProcessW()' request from the target.
// 'client_info' : the target process that is making the request.
@@ -79,4 +79,4 @@ class ProcessPolicy {
} // namespace sandbox
-#endif // SANDBOX_SRC_PROCESS_THREAD_POLICY_H__
+#endif // SANDBOX_SRC_PROCESS_THREAD_POLICY_H_
diff --git a/sandbox/src/sandbox_policy_base.cc b/sandbox/src/sandbox_policy_base.cc
index d47d5921..4dbfc2d 100644
--- a/sandbox/src/sandbox_policy_base.cc
+++ b/sandbox/src/sandbox_policy_base.cc
@@ -71,6 +71,12 @@ PolicyBase::PolicyBase()
// Initialize the IPC dispatcher array.
memset(&ipc_targets_, NULL, sizeof(ipc_targets_));
Dispatcher* dispatcher = NULL;
+ dispatcher = new ThreadProcessDispatcher(this);
+ ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher;
+ ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher;
+ ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher;
+ ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher;
+ ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher;
#if !defined(_WIN64)
// Bug 27218: We don't have dispatch for some x64 syscalls.
dispatcher = new FilesystemDispatcher(this);
@@ -79,17 +85,14 @@ PolicyBase::PolicyBase()
ipc_targets_[IPC_NTSETINFO_RENAME_TAG] = dispatcher;
ipc_targets_[IPC_NTQUERYATTRIBUTESFILE_TAG] = dispatcher;
ipc_targets_[IPC_NTQUERYFULLATTRIBUTESFILE_TAG] = dispatcher;
- dispatcher = new ThreadProcessDispatcher(this);
- ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher;
- ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher;
- ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher;
- ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher;
- ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher;
+
dispatcher = new NamedPipeDispatcher(this);
ipc_targets_[IPC_CREATENAMEDPIPEW_TAG] = dispatcher;
+
dispatcher = new SyncDispatcher(this);
ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher;
ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher;
+
dispatcher = new RegistryDispatcher(this);
ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher;
ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher;
@@ -102,10 +105,10 @@ PolicyBase::~PolicyBase() {
TargetProcess* target = (*it);
delete target;
}
+ delete ipc_targets_[IPC_NTOPENTHREAD_TAG];
#if !defined(_WIN64)
// Bug 27218: We don't have dispatch for some x64 syscalls.
delete ipc_targets_[IPC_NTCREATEFILE_TAG];
- delete ipc_targets_[IPC_NTOPENTHREAD_TAG];
delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG];
delete ipc_targets_[IPC_CREATEEVENT_TAG];
delete ipc_targets_[IPC_NTCREATEKEY_TAG];
diff --git a/sandbox/src/sharedmem_ipc_server.cc b/sandbox/src/sharedmem_ipc_server.cc
index d835033..b287d21 100644
--- a/sandbox/src/sharedmem_ipc_server.cc
+++ b/sandbox/src/sharedmem_ipc_server.cc
@@ -171,7 +171,7 @@ bool GetArgs(CrossCallParamsEx* params, IPCParams* ipc_params,
break;
}
case ULONG_TYPE: {
- ULONG data;
+ uint32 data;
if (!params->GetParameter32(i, &data)) {
ReleaseArgs(ipc_params, args);
return false;
@@ -180,6 +180,15 @@ bool GetArgs(CrossCallParamsEx* params, IPCParams* ipc_params,
args[i] = ipc_int.AsVoidPtr();
break;
}
+ case VOIDPTR_TYPE : {
+ void* data;
+ if (!params->GetParameterVoidPtr(i, &data)) {
+ ReleaseArgs(ipc_params, args);
+ return false;
+ }
+ args[i] = data;
+ break;
+ }
case INOUTPTR_TYPE: {
if (!args[i]) {
ReleaseArgs(ipc_params, args);
diff --git a/sandbox/src/sharedmem_ipc_server.h b/sandbox/src/sharedmem_ipc_server.h
index 337a221..1041245 100644
--- a/sandbox/src/sharedmem_ipc_server.h
+++ b/sandbox/src/sharedmem_ipc_server.h
@@ -1,9 +1,9 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H__
-#define SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H__
+#ifndef SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H_
+#define SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H_
#include <list>
@@ -12,6 +12,8 @@
#include "sandbox/src/crosscall_server.h"
#include "sandbox/src/sharedmem_ipc_client.h"
+#include "testing/gtest/include/gtest/gtest_prod.h"
+
// IPC transport implementation that uses shared memory.
// This is the server side
//
@@ -51,6 +53,7 @@ class SharedMemIPCServer {
bool Init(void* shared_mem, size_t shared_size, size_t channel_size);
private:
+ FRIEND_TEST(IPCTest, SharedMemServerTests);
// When an event fires (IPC request). A thread from the ThreadProvider
// will call this function. The context parameter should be the same as
// provided when ThreadProvider::RegisterWait was called.
@@ -120,4 +123,4 @@ class SharedMemIPCServer {
} // namespace sandbox
-#endif // SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H__
+#endif // SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H_
diff --git a/sandbox/tests/validation_tests/commands.cc b/sandbox/tests/validation_tests/commands.cc
index 2c9f89b..4d9eba4 100644
--- a/sandbox/tests/validation_tests/commands.cc
+++ b/sandbox/tests/validation_tests/commands.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -87,12 +87,11 @@ int TestValidWindow(HWND window) {
return SBOX_TEST_DENIED;
}
-SBOX_TESTS_COMMAND int OpenProcess(int argc, wchar_t **argv) {
+SBOX_TESTS_COMMAND int OpenProcessCmd(int argc, wchar_t **argv) {
if (1 != argc)
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
DWORD process_id = _wtoi(argv[0]);
-
return TestOpenProcess(process_id);
}
@@ -112,12 +111,11 @@ int TestOpenProcess(DWORD process_id) {
}
}
-SBOX_TESTS_COMMAND int OpenThread(int argc, wchar_t **argv) {
+SBOX_TESTS_COMMAND int OpenThreadCmd(int argc, wchar_t **argv) {
if (1 != argc)
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
DWORD thread_id = _wtoi(argv[0]);
-
return TestOpenThread(thread_id);
}
diff --git a/sandbox/tests/validation_tests/suite.cc b/sandbox/tests/validation_tests/suite.cc
index 7992197..49faf6d 100644
--- a/sandbox/tests/validation_tests/suite.cc
+++ b/sandbox/tests/validation_tests/suite.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -99,7 +99,7 @@ TEST(ValidationSuite, TestProcess) {
TestRunner runner;
wchar_t command[1024] = {0};
- wsprintf(command, L"OpenProcess %d", ::GetCurrentProcessId());
+ wsprintf(command, L"OpenProcessCmd %d", ::GetCurrentProcessId());
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
}
@@ -108,7 +108,7 @@ TEST(ValidationSuite, TestThread) {
TestRunner runner;
wchar_t command[1024] = {0};
- wsprintf(command, L"OpenThread %d", ::GetCurrentThreadId());
+ wsprintf(command, L"OpenThreadCmd %d", ::GetCurrentThreadId());
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command));
}