diff options
| -rw-r--r-- | sandbox/win/src/interception.h | 8 | ||||
| -rw-r--r-- | sandbox/win/src/interceptors_64.cc | 4 | ||||
| -rw-r--r-- | sandbox/win/src/interceptors_64.h | 4 | ||||
| -rw-r--r-- | sandbox/win/src/named_pipe_dispatcher.cc | 4 | ||||
| -rw-r--r-- | sandbox/win/src/named_pipe_interception.cc | 4 | ||||
| -rw-r--r-- | sandbox/win/src/process_thread_dispatcher.cc | 4 | ||||
| -rw-r--r-- | sandbox/win/src/process_thread_interception.cc | 8 | ||||
| -rw-r--r-- | sandbox/win/src/sync_interception.cc | 20 | ||||
| -rw-r--r-- | sandbox/win/src/sync_interception.h | 18 |
9 files changed, 42 insertions, 32 deletions
diff --git a/sandbox/win/src/interception.h b/sandbox/win/src/interception.h index 02fc592..c73b597 100644 --- a/sandbox/win/src/interception.h +++ b/sandbox/win/src/interception.h @@ -241,6 +241,10 @@ class InterceptionManager { ((&Target##service) ? \ manager->ADD_NT_INTERCEPTION(service, id, num_params) : false) +// When intercepting the EAT it is important that the patched version of the +// function not call any functions imported from system libraries unless +// |TargetServices::InitCalled()| returns true, because it is only then that +// we are guaranteed that our IAT has been initialized. #define INTERCEPT_EAT(manager, dll, function, id, num_params) \ ((&Target##function) ? \ manager->AddToPatchedFunctions(dll, #function, sandbox::INTERCEPTION_EAT, \ @@ -262,6 +266,10 @@ class InterceptionManager { #define INTERCEPT_NT(manager, service, id, num_params) \ manager->ADD_NT_INTERCEPTION(service, id, num_params) +// When intercepting the EAT it is important that the patched version of the +// function not call any functions imported from system libraries unless +// |TargetServices::InitCalled()| returns true, because it is only then that +// we are guaranteed that our IAT has been initialized. #define INTERCEPT_EAT(manager, dll, function, id, num_params) \ manager->AddToPatchedFunctions(dll, #function, sandbox::INTERCEPTION_EAT, \ MAKE_SERVICE_NAME(function), id) diff --git a/sandbox/win/src/interceptors_64.cc b/sandbox/win/src/interceptors_64.cc index 45d6b31..a363732 100644 --- a/sandbox/win/src/interceptors_64.cc +++ b/sandbox/win/src/interceptors_64.cc @@ -268,14 +268,14 @@ SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventA64( } SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64( - ACCESS_MASK desired_access, BOOL inherit_handle, LPCWSTR name) { + DWORD desired_access, BOOL inherit_handle, LPCWSTR name) { OpenEventWFunction orig_fn = reinterpret_cast< OpenEventWFunction>(g_originals[OPEN_EVENTW_ID]); return TargetOpenEventW(orig_fn, desired_access, inherit_handle, name); } SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventA64( - ACCESS_MASK desired_access, BOOL inherit_handle, LPCSTR name) { + DWORD desired_access, BOOL inherit_handle, LPCSTR name) { OpenEventAFunction orig_fn = reinterpret_cast< OpenEventAFunction>(g_originals[OPEN_EVENTA_ID]); return TargetOpenEventA(orig_fn, desired_access, inherit_handle, name); diff --git a/sandbox/win/src/interceptors_64.h b/sandbox/win/src/interceptors_64.h index 3e4dad5..717fb6d 100644 --- a/sandbox/win/src/interceptors_64.h +++ b/sandbox/win/src/interceptors_64.h @@ -165,11 +165,11 @@ SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventA64( // Interception of OpenEventW on the child process. SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64( - ACCESS_MASK desired_access, BOOL inherit_handle, LPCWSTR name); + DWORD desired_access, BOOL inherit_handle, LPCWSTR name); // Interception of OpenEventA on the child process. SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventA64( - ACCESS_MASK desired_access, BOOL inherit_handle, LPCSTR name); + DWORD desired_access, BOOL inherit_handle, LPCSTR name); } // extern "C" diff --git a/sandbox/win/src/named_pipe_dispatcher.cc b/sandbox/win/src/named_pipe_dispatcher.cc index aae1096..c3f9851 100644 --- a/sandbox/win/src/named_pipe_dispatcher.cc +++ b/sandbox/win/src/named_pipe_dispatcher.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -33,7 +33,7 @@ NamedPipeDispatcher::NamedPipeDispatcher(PolicyBase* policy_base) bool NamedPipeDispatcher::SetupService(InterceptionManager* manager, int service) { if (IPC_CREATENAMEDPIPEW_TAG == service) - return INTERCEPT_EAT(manager, L"kernel32.dll", CreateNamedPipeW, + return INTERCEPT_EAT(manager, kKerneldllName, CreateNamedPipeW, CREATE_NAMED_PIPE_ID, 36); return false; diff --git a/sandbox/win/src/named_pipe_interception.cc b/sandbox/win/src/named_pipe_interception.cc index f437b1c..c62d093 100644 --- a/sandbox/win/src/named_pipe_interception.cc +++ b/sandbox/win/src/named_pipe_interception.cc @@ -27,12 +27,12 @@ HANDLE WINAPI TargetCreateNamedPipeW( if (INVALID_HANDLE_VALUE != pipe) return pipe; - DWORD original_error = ::GetLastError(); - // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return INVALID_HANDLE_VALUE; + DWORD original_error = ::GetLastError(); + // We don't support specific Security Attributes. if (security_attributes) return INVALID_HANDLE_VALUE; diff --git a/sandbox/win/src/process_thread_dispatcher.cc b/sandbox/win/src/process_thread_dispatcher.cc index b2331b7..4525b83 100644 --- a/sandbox/win/src/process_thread_dispatcher.cc +++ b/sandbox/win/src/process_thread_dispatcher.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -145,7 +145,7 @@ bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager, return false; case IPC_CREATEPROCESSW_TAG: - return INTERCEPT_EAT(manager, L"kernel32.dll", CreateProcessW, + return INTERCEPT_EAT(manager, kKerneldllName, CreateProcessW, CREATE_PROCESSW_ID, 44) && INTERCEPT_EAT(manager, L"kernel32.dll", CreateProcessA, CREATE_PROCESSA_ID, 44); diff --git a/sandbox/win/src/process_thread_interception.cc b/sandbox/win/src/process_thread_interception.cc index cb1017b..d351ee5 100644 --- a/sandbox/win/src/process_thread_interception.cc +++ b/sandbox/win/src/process_thread_interception.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -273,12 +273,13 @@ BOOL WINAPI TargetCreateProcessW(CreateProcessWFunction orig_CreateProcessW, process_information)) { return TRUE; } - DWORD original_error = ::GetLastError(); // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return FALSE; + DWORD original_error = ::GetLastError(); + do { if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION), WRITE)) @@ -331,12 +332,13 @@ BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA, process_information)) { return TRUE; } - DWORD original_error = ::GetLastError(); // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return FALSE; + DWORD original_error = ::GetLastError(); + do { if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION), WRITE)) diff --git a/sandbox/win/src/sync_interception.cc b/sandbox/win/src/sync_interception.cc index 54dbcc14..ddbcc05 100644 --- a/sandbox/win/src/sync_interception.cc +++ b/sandbox/win/src/sync_interception.cc @@ -69,12 +69,12 @@ HANDLE WINAPI TargetCreateEventW(CreateEventWFunction orig_CreateEvent, if (handle || !name) return handle; - DWORD original_error = ::GetLastError(); - // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return NULL; + DWORD original_error = ::GetLastError(); + CrossCallReturn answer = {0}; ResultCode code = ProxyCreateEvent(name, initial_state, manual_reset, &answer); @@ -98,12 +98,12 @@ HANDLE WINAPI TargetCreateEventA(CreateEventAFunction orig_CreateEvent, if (handle || !name) return handle; - DWORD original_error = ::GetLastError(); - // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return NULL; + DWORD original_error = ::GetLastError(); + UNICODE_STRING* wide_name = AnsiToUnicode(name); if (!wide_name) return NULL; @@ -124,7 +124,7 @@ HANDLE WINAPI TargetCreateEventA(CreateEventAFunction orig_CreateEvent, // Interception of OpenEventW on the child process. // It should never be called directly HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent, - ACCESS_MASK desired_access, + DWORD desired_access, BOOL inherit_handle, LPCWSTR name) { // Check if the process can open it first. @@ -132,12 +132,12 @@ HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent, if (handle || !name) return handle; - DWORD original_error = ::GetLastError(); - // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return NULL; + DWORD original_error = ::GetLastError(); + CrossCallReturn answer = {0}; ResultCode code = ProxyOpenEvent(name, desired_access, inherit_handle, @@ -151,7 +151,7 @@ HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent, } HANDLE WINAPI TargetOpenEventA(OpenEventAFunction orig_OpenEvent, - ACCESS_MASK desired_access, + DWORD desired_access, BOOL inherit_handle, LPCSTR name) { // Check if the process can open it first. @@ -159,12 +159,12 @@ HANDLE WINAPI TargetOpenEventA(OpenEventAFunction orig_OpenEvent, if (handle || !name) return handle; - DWORD original_error = ::GetLastError(); - // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return NULL; + DWORD original_error = ::GetLastError(); + UNICODE_STRING* wide_name = AnsiToUnicode(name); if (!wide_name) return NULL; diff --git a/sandbox/win/src/sync_interception.h b/sandbox/win/src/sync_interception.h index c1a8893..19790f7 100644 --- a/sandbox/win/src/sync_interception.h +++ b/sandbox/win/src/sync_interception.h @@ -14,24 +14,24 @@ extern "C" { typedef HANDLE (WINAPI *CreateEventWFunction) ( LPSECURITY_ATTRIBUTES lpEventAttributes, - DWORD dwDesiredAccess, - BOOL bInheritHandle, + BOOL bManualReset, + BOOL bInitialState, LPCWSTR lpName); typedef HANDLE (WINAPI *CreateEventAFunction) ( LPSECURITY_ATTRIBUTES lpEventAttributes, - DWORD dwDesiredAccess, - BOOL bInheritHandle, + BOOL bManualReset, + BOOL bInitialState, LPCSTR lpName); typedef HANDLE (WINAPI *OpenEventWFunction) ( - BOOL bManualReset, + DWORD dwDesiredAccess, BOOL bInitialState, LPCWSTR lpName); typedef HANDLE (WINAPI *OpenEventAFunction) ( - BOOL bManualReset, - BOOL bInitialState, + DWORD dwDesiredAccess, + BOOL bInheritHandle, LPCSTR lpName); // Interceptors for CreateEventW/A @@ -52,13 +52,13 @@ SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventA( // Interceptors for OpenEventW/A SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW( OpenEventWFunction orig_OpenEvent, - ACCESS_MASK desired_access, + DWORD desired_access, BOOL inherit_handle, LPCWSTR name); SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventA( OpenEventAFunction orig_OpenEvent, - ACCESS_MASK desired_access, + DWORD desired_access, BOOL inherit_handle, LPCSTR name); |