diff options
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/sandbox.gyp | 8 | ||||
| -rw-r--r-- | sandbox/src/crosscall_client.h | 44 | ||||
| -rw-r--r-- | sandbox/src/crosscall_server.cc | 15 | ||||
| -rw-r--r-- | sandbox/src/crosscall_server.h | 9 | ||||
| -rw-r--r-- | sandbox/src/interceptors_64.cc | 6 | ||||
| -rw-r--r-- | sandbox/src/ipc_unittest.cc | 282 | ||||
| -rw-r--r-- | sandbox/src/policy_broker.cc | 5 | ||||
| -rw-r--r-- | sandbox/src/policy_target_test.cc | 12 | ||||
| -rw-r--r-- | sandbox/src/process_thread_dispatcher.cc | 8 | ||||
| -rw-r--r-- | sandbox/src/process_thread_dispatcher.h | 12 | ||||
| -rw-r--r-- | sandbox/src/process_thread_policy.cc | 21 | ||||
| -rw-r--r-- | sandbox/src/process_thread_policy.h | 20 | ||||
| -rw-r--r-- | sandbox/src/sandbox_policy_base.cc | 17 | ||||
| -rw-r--r-- | sandbox/src/sharedmem_ipc_server.cc | 11 | ||||
| -rw-r--r-- | sandbox/src/sharedmem_ipc_server.h | 11 | ||||
| -rw-r--r-- | sandbox/tests/validation_tests/commands.cc | 8 | ||||
| -rw-r--r-- | sandbox/tests/validation_tests/suite.cc | 6 |
17 files changed, 155 insertions, 340 deletions
diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp index 76199bd..50094f9 100644 --- a/sandbox/sandbox.gyp +++ b/sandbox/sandbox.gyp @@ -58,10 +58,6 @@ 'src/policy_params.h', 'src/policy_target.cc', 'src/policy_target.h', - 'src/process_thread_dispatcher.cc', - 'src/process_thread_dispatcher.h', - 'src/process_thread_interception.cc', - 'src/process_thread_interception.h', 'src/process_thread_policy.cc', 'src/process_thread_policy.h', 'src/registry_policy.cc', @@ -218,6 +214,10 @@ 'src/filesystem_dispatcher.h', 'src/filesystem_interception.cc', 'src/filesystem_interception.h', + 'src/process_thread_dispatcher.cc', + 'src/process_thread_dispatcher.h', + 'src/process_thread_interception.cc', + 'src/process_thread_interception.h', 'src/registry_interception.cc', 'src/registry_dispatcher.cc', 'src/registry_dispatcher.h', diff --git a/sandbox/src/crosscall_client.h b/sandbox/src/crosscall_client.h index e58388c9..c2d3045 100644 --- a/sandbox/src/crosscall_client.h +++ b/sandbox/src/crosscall_client.h @@ -1,9 +1,9 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_SRC_CROSSCALL_CLIENT_H_ -#define SANDBOX_SRC_CROSSCALL_CLIENT_H_ +#ifndef SANDBOX_SRC_CROSSCALL_CLIENT_H__ +#define SANDBOX_SRC_CROSSCALL_CLIENT_H__ #include "sandbox/src/crosscall_params.h" #include "sandbox/src/sandbox.h" @@ -86,44 +86,6 @@ class CopyHelper { const T& t_; }; -// This copy helper template specialization if for the void pointer -// case both 32 and 64 bit. -template<> -class CopyHelper<void*> { - public: - CopyHelper(void* t) : t_(t) {} - - // Returns the pointer to the start of the input. - const void* GetStart() const { - return &t_; - } - - // Update the stored value with the value in the buffer. This is not - // supported for this type. - bool Update(void* buffer) { - // Not supported; - return true; - } - - // Returns the size of the input in bytes. - size_t GetSize() const { - return sizeof(t_); - } - - // Returns true if the current type is used as an In or InOut parameter. - bool IsInOut() { - return false; - } - - // Returns this object's type. - ArgType GetType() { - return VOIDPTR_TYPE; - } - - private: - const void* t_; -}; - // This copy helper template specialization catches the cases where the // parameter is a pointer to a string. template<> diff --git a/sandbox/src/crosscall_server.cc b/sandbox/src/crosscall_server.cc index da43c69..35e80f4 100644 --- a/sandbox/src/crosscall_server.cc +++ b/sandbox/src/crosscall_server.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -176,7 +176,7 @@ void* CrossCallParamsEx::GetRawParameter(size_t index, size_t* size, } // Covers common case for 32 bit integers. -bool CrossCallParamsEx::GetParameter32(size_t index, uint32* param) { +bool CrossCallParamsEx::GetParameter32(size_t index, void* param) { size_t size = 0; ArgType type; void* start = GetRawParameter(index, &size, &type); @@ -188,17 +188,6 @@ bool CrossCallParamsEx::GetParameter32(size_t index, uint32* param) { return true; } -bool CrossCallParamsEx::GetParameterVoidPtr(size_t index, void** param) { - size_t size = 0; - ArgType type; - void* start = GetRawParameter(index, &size, &type); - if ((NULL == start) || (sizeof(void*) != size) || (VOIDPTR_TYPE != type)) { - return false; - } - *param = *(reinterpret_cast<void**>(start)); - return true; -} - // Covers the common case of reading a string. Note that the string is not // scanned for invalid characters. bool CrossCallParamsEx::GetParameterStr(size_t index, std::wstring* string) { diff --git a/sandbox/src/crosscall_server.h b/sandbox/src/crosscall_server.h index 06c0e02..fd0cd4c 100644 --- a/sandbox/src/crosscall_server.h +++ b/sandbox/src/crosscall_server.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -7,7 +7,6 @@ #include <string> #include <vector> -#include "base/basictypes.h" #include "base/callback.h" #include "sandbox/src/crosscall_params.h" @@ -104,11 +103,7 @@ class CrossCallParamsEx : public CrossCallParams { // Gets a parameter that is four bytes in size. // Returns false if the parameter does not exist or is not 32 bits wide. - bool GetParameter32(size_t index, uint32* param); - - // Gets a parameter that is void pointer in size. - // Returns false if the parameter does not exist or is not void pointer sized. - bool GetParameterVoidPtr(size_t index, void** param); + bool GetParameter32(size_t index, void* param); // Gets a parameter that is a string. Returns false if the parameter does not // exist. diff --git a/sandbox/src/interceptors_64.cc b/sandbox/src/interceptors_64.cc index 49018a0..a63ec33 100644 --- a/sandbox/src/interceptors_64.cc +++ b/sandbox/src/interceptors_64.cc @@ -141,6 +141,9 @@ SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64( // ----------------------------------------------------------------------- +#if 0 +// Bug 27218: We don't have IPC yet. + SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread64( PHANDLE thread, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) { @@ -206,8 +209,7 @@ SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64( } // ----------------------------------------------------------------------- -#if 0 -// Bug 27218: We don't have IPC yet. + SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64( PHANDLE key, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, ULONG title_index, diff --git a/sandbox/src/ipc_unittest.cc b/sandbox/src/ipc_unittest.cc index 909f144..1ba24ab 100644 --- a/sandbox/src/ipc_unittest.cc +++ b/sandbox/src/ipc_unittest.cc @@ -6,9 +6,9 @@ #include "sandbox/src/crosscall_client.h" #include "sandbox/src/crosscall_server.h" #include "sandbox/src/sharedmem_ipc_client.h" -#include "sandbox/src/sharedmem_ipc_server.h" #include "testing/gtest/include/gtest/gtest.h" + namespace sandbox { // Helper function to make the fake shared memory with some @@ -18,54 +18,30 @@ IPCControl* MakeChannels(size_t channel_size, size_t total_shared_size, // Allocate memory char* mem = new char[total_shared_size]; memset(mem, 0, total_shared_size); + // Calculate how many channels we can fit in the shared memory. total_shared_size -= offsetof(IPCControl, channels); size_t channel_count = total_shared_size / (sizeof(ChannelControl) + channel_size); + // Calculate the start of the first channel. *base_start = (sizeof(ChannelControl)* channel_count) + offsetof(IPCControl, channels); + // Setup client structure. IPCControl* client_control = reinterpret_cast<IPCControl*>(mem); client_control->channels_count = channel_count; - return client_control; -} - -enum TestFixMode { - FIX_NO_EVENTS, - FIX_PONG_READY, - FIX_PONG_NOT_READY -}; -void FixChannels(IPCControl* client_control, size_t base_start, - size_t channel_size, TestFixMode mode) { - for (size_t ix = 0; ix != client_control->channels_count; ++ix) { - ChannelControl& channel = client_control->channels[ix]; - channel.channel_base = base_start; - channel.state = kFreeChannel; - if (mode != FIX_NO_EVENTS) { - BOOL signaled = (FIX_PONG_READY == mode)? TRUE : FALSE; - channel.ping_event = ::CreateEventW(NULL, FALSE, FALSE, NULL); - channel.pong_event = ::CreateEventW(NULL, FALSE, signaled, NULL); - } - base_start += channel_size; - } -} - -void CloseChannelEvents(IPCControl* client_control) { - for (size_t ix = 0; ix != client_control->channels_count; ++ix) { - ChannelControl& channel = client_control->channels[ix]; - ::CloseHandle(channel.ping_event); - ::CloseHandle(channel.pong_event); - } + return client_control; } TEST(IPCTest, ChannelMaker) { + size_t channel_start = 0; + IPCControl* client_control = MakeChannels(12*64, 4096, &channel_start); + // Test that our testing rig is computing offsets properly. We should have // 5 channnels and the offset to the first channel is 108 bytes in 32 bits // and 216 in 64 bits. - size_t channel_start = 0; - IPCControl* client_control = MakeChannels(12 * 64, 4096, &channel_start); ASSERT_TRUE(NULL != client_control); EXPECT_EQ(5, client_control->channels_count); #if defined(_WIN64) @@ -73,16 +49,23 @@ TEST(IPCTest, ChannelMaker) { #else EXPECT_EQ(108, channel_start); #endif - delete[] reinterpret_cast<char*>(client_control); + + delete [] reinterpret_cast<char*>(client_control); } TEST(IPCTest, ClientLockUnlock) { // Make 7 channels of kIPCChannelSize (1kb) each. Test that we lock and // unlock channels properly. + const size_t channel_size = kIPCChannelSize; size_t base_start = 0; - IPCControl* client_control = - MakeChannels(kIPCChannelSize, 4096 * 2, &base_start); - FixChannels(client_control, base_start, kIPCChannelSize, FIX_NO_EVENTS); + IPCControl* client_control = MakeChannels(channel_size, 4096*2, &base_start); + + for (size_t ix = 0; ix != client_control->channels_count; ++ix) { + ChannelControl& channel = client_control->channels[ix]; + channel.channel_base = base_start; + channel.state = kFreeChannel; + base_start += channel_size; + } char* mem = reinterpret_cast<char*>(client_control); SharedMemIPCClient client(mem); @@ -141,18 +124,26 @@ TEST(IPCTest, ClientLockUnlock) { EXPECT_EQ(kFreeChannel, client_control->channels[4].state); EXPECT_EQ(kFreeChannel, client_control->channels[5].state); - delete[] reinterpret_cast<char*>(client_control); + delete [] reinterpret_cast<char*>(client_control); } TEST(IPCTest, CrossCallStrPacking) { // This test tries the CrossCall object with null and non-null string - // combination of parameters, integer types and verifies that the unpacker - // can read them properly. + // combination of parameters and verifies that the unpacker can read them + // properly. + const size_t channel_size = kIPCChannelSize; size_t base_start = 0; - IPCControl* client_control = - MakeChannels(kIPCChannelSize, 4096 * 4, &base_start); + IPCControl* client_control = MakeChannels(channel_size, 4096*2, &base_start); client_control->server_alive = HANDLE(1); - FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_READY); + + for (size_t ix = 0; ix != client_control->channels_count; ++ix) { + ChannelControl& channel = client_control->channels[ix]; + channel.channel_base = base_start; + channel.state = kFreeChannel; + channel.ping_event = ::CreateEventW(NULL, FALSE, FALSE, NULL); + channel.pong_event = ::CreateEventW(NULL, FALSE, TRUE, NULL); + base_start += channel_size; + } char* mem = reinterpret_cast<char*>(client_control); SharedMemIPCClient client(mem); @@ -221,79 +212,12 @@ TEST(IPCTest, CrossCallStrPacking) { EXPECT_EQ(0, param_size); EXPECT_EQ(WCHAR_TYPE, type); - CloseChannelEvents(client_control); - delete[] reinterpret_cast<char*>(client_control); -} - -TEST(IPCTest, CrossCallIntPacking) { - // Check handling for regular 32 bit integers used in Windows. - size_t base_start = 0; - IPCControl* client_control = - MakeChannels(kIPCChannelSize, 4096 * 4, &base_start); - client_control->server_alive = HANDLE(1); - FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_READY); - - uint32 tag1 = 999; - uint32 tag2 = 111; - const wchar_t text[] = L"godzilla"; - CrossCallParamsEx* actual_params; - - char* mem = reinterpret_cast<char*>(client_control); - SharedMemIPCClient client(mem); - - CrossCallReturn answer; - DWORD dw = 0xE6578; - CrossCall(client, tag2, dw, &answer); - actual_params = reinterpret_cast<CrossCallParamsEx*>(client.GetBuffer()); - EXPECT_EQ(1, actual_params->GetParamsCount()); - EXPECT_EQ(tag2, actual_params->GetTag()); - ArgType type = INVALID_TYPE; - size_t param_size = 1; - void* param_addr = actual_params->GetRawParameter(0, ¶m_size, &type); - ASSERT_EQ(sizeof(dw), param_size); - EXPECT_EQ(ULONG_TYPE, type); - ASSERT_TRUE(NULL != param_addr); - EXPECT_EQ(0, memcmp(&dw, param_addr, param_size)); - - // Check handling for windows HANDLES. - HANDLE h = HANDLE(0x70000500); - CrossCall(client, tag1, text, h, &answer); - actual_params = reinterpret_cast<CrossCallParamsEx*>(client.GetBuffer()); - EXPECT_EQ(2, actual_params->GetParamsCount()); - EXPECT_EQ(tag1, actual_params->GetTag()); - type = INVALID_TYPE; - param_addr = actual_params->GetRawParameter(1, ¶m_size, &type); - ASSERT_EQ(sizeof(h), param_size); - EXPECT_EQ(VOIDPTR_TYPE, type); - ASSERT_TRUE(NULL != param_addr); - EXPECT_EQ(0, memcmp(&h, param_addr, param_size)); - - // Check combination of 32 and 64 bits. - CrossCall(client, tag2, h, dw, h, &answer); - actual_params = reinterpret_cast<CrossCallParamsEx*>(client.GetBuffer()); - EXPECT_EQ(3, actual_params->GetParamsCount()); - EXPECT_EQ(tag2, actual_params->GetTag()); - type = INVALID_TYPE; - param_addr = actual_params->GetRawParameter(0, ¶m_size, &type); - ASSERT_EQ(sizeof(h), param_size); - EXPECT_EQ(VOIDPTR_TYPE, type); - ASSERT_TRUE(NULL != param_addr); - EXPECT_EQ(0, memcmp(&h, param_addr, param_size)); - type = INVALID_TYPE; - param_addr = actual_params->GetRawParameter(1, ¶m_size, &type); - ASSERT_EQ(sizeof(dw), param_size); - EXPECT_EQ(ULONG_TYPE, type); - ASSERT_TRUE(NULL != param_addr); - EXPECT_EQ(0, memcmp(&dw, param_addr, param_size)); - type = INVALID_TYPE; - param_addr = actual_params->GetRawParameter(2, ¶m_size, &type); - ASSERT_EQ(sizeof(h), param_size); - EXPECT_EQ(VOIDPTR_TYPE, type); - ASSERT_TRUE(NULL != param_addr); - EXPECT_EQ(0, memcmp(&h, param_addr, param_size)); - - CloseChannelEvents(client_control); - delete[] reinterpret_cast<char*>(client_control); + for (size_t ix = 0; ix != client_control->channels_count; ++ix) { + ChannelControl& channel = client_control->channels[ix]; + ::CloseHandle(channel.ping_event); + ::CloseHandle(channel.pong_event); + } + delete [] reinterpret_cast<char*>(client_control); } TEST(IPCTest, CrossCallValidation) { @@ -373,9 +297,17 @@ void FakeOkAnswerInChannel(void* channel) { TEST(IPCTest, ClientFastServer) { const size_t channel_size = kIPCChannelSize; size_t base_start = 0; - IPCControl* client_control = - MakeChannels(channel_size, 4096 * 2, &base_start); - FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_NOT_READY); + IPCControl* client_control = MakeChannels(channel_size, 4096*2, &base_start); + + for (size_t ix = 0; ix != client_control->channels_count; ++ix) { + ChannelControl& channel = client_control->channels[ix]; + channel.channel_base = base_start; + channel.state = kFreeChannel; + channel.ping_event = ::CreateEventW(NULL, FALSE, FALSE, NULL); + channel.pong_event = ::CreateEventW(NULL, FALSE, FALSE, NULL); + base_start += channel_size; + } + client_control->server_alive = ::CreateMutex(NULL, FALSE, NULL); char* mem = reinterpret_cast<char*>(client_control); @@ -442,10 +374,14 @@ TEST(IPCTest, ClientFastServer) { EXPECT_EQ(kFreeChannel, client_control->channels[1].state); EXPECT_EQ(kFreeChannel, client_control->channels[2].state); - CloseChannelEvents(client_control); - ::CloseHandle(client_control->server_alive); + for (size_t ix = 0; ix != client_control->channels_count; ++ix) { + ChannelControl& channel = client_control->channels[ix]; + ::CloseHandle(channel.ping_event); + ::CloseHandle(channel.pong_event); + } - delete[] reinterpret_cast<char*>(client_control); + ::CloseHandle(client_control->server_alive); + delete [] reinterpret_cast<char*>(client_control); } // This is the server thread that very slowly answers an IPC and exits. Note @@ -474,10 +410,19 @@ DWORD WINAPI MainServerThread(PVOID param) { // to hold locked the server_alive mutex: this signals the client that the // server is not dead and it retries the wait. TEST(IPCTest, ClientSlowServer) { + const size_t channel_size = kIPCChannelSize; size_t base_start = 0; - IPCControl* client_control = - MakeChannels(kIPCChannelSize, 4096*2, &base_start); - FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_NOT_READY); + IPCControl* client_control = MakeChannels(channel_size, 4096*2, &base_start); + + for (size_t ix = 0; ix != client_control->channels_count; ++ix) { + ChannelControl& channel = client_control->channels[ix]; + channel.channel_base = base_start; + channel.state = kFreeChannel; + channel.ping_event = ::CreateEventW(NULL, FALSE, FALSE, NULL); + channel.pong_event = ::CreateEventW(NULL, FALSE, FALSE, NULL); + base_start += channel_size; + } + client_control->server_alive = ::CreateMutex(NULL, FALSE, NULL); char* mem = reinterpret_cast<char*>(client_control); @@ -516,90 +461,13 @@ TEST(IPCTest, ClientSlowServer) { EXPECT_EQ(tag, client_control->channels[0].ipc_tag); EXPECT_EQ(kFreeChannel, client_control->channels[0].state); - CloseChannelEvents(client_control); - ::CloseHandle(client_control->server_alive); - delete[] reinterpret_cast<char*>(client_control); -} - -// This test-only IPC dispatcher has two handlers with the same signature -// but only CallOneHandler should be used. -class UnitTestIPCDispatcher : public Dispatcher { - public: - enum { - CALL_ONE_TAG = 78, - CALL_TWO_TAG = 87 - }; - - UnitTestIPCDispatcher(); - ~UnitTestIPCDispatcher() {}; - - virtual bool SetupService(InterceptionManager* manager, int service) { - return true; - } - - private: - bool CallOneHandler(IPCInfo* ipc, HANDLE p1, DWORD p2) { - ipc->return_info.extended[0].handle = p1; - ipc->return_info.extended[1].unsigned_int = p2; - return true; - } - - bool CallTwoHandler(IPCInfo* ipc, HANDLE p1, DWORD p2) { - return true; + for (size_t ix = 0; ix != client_control->channels_count; ++ix) { + ChannelControl& channel = client_control->channels[ix]; + ::CloseHandle(channel.ping_event); + ::CloseHandle(channel.pong_event); } -}; - -UnitTestIPCDispatcher::UnitTestIPCDispatcher() { - static const IPCCall call_one = { - {CALL_ONE_TAG, VOIDPTR_TYPE, ULONG_TYPE}, - reinterpret_cast<CallbackGeneric>( - &UnitTestIPCDispatcher::CallOneHandler) - }; - static const IPCCall call_two = { - {CALL_TWO_TAG, VOIDPTR_TYPE, ULONG_TYPE}, - reinterpret_cast<CallbackGeneric>( - &UnitTestIPCDispatcher::CallTwoHandler) - }; - ipc_calls_.push_back(call_one); - ipc_calls_.push_back(call_two); -} - -// This test does most of the shared memory IPC client-server roundtrip -// and tests the packing, unpacking and call dispatching. -TEST(IPCTest, SharedMemServerTests) { - size_t base_start = 0; - IPCControl* client_control = - MakeChannels(kIPCChannelSize, 4096, &base_start); - client_control->server_alive = HANDLE(1); - FixChannels(client_control, base_start, kIPCChannelSize, FIX_PONG_READY); - - char* mem = reinterpret_cast<char*>(client_control); - SharedMemIPCClient client(mem); - - CrossCallReturn answer; - HANDLE bar = HANDLE(191919); - DWORD foo = 6767676; - CrossCall(client, UnitTestIPCDispatcher::CALL_ONE_TAG, bar, foo, &answer); - void* buff = client.GetBuffer(); - ASSERT_TRUE(NULL != buff); - - UnitTestIPCDispatcher dispatcher; - // Since we are directly calling InvokeCallback, most of this structure - // can be set to NULL. - sandbox::SharedMemIPCServer::ServerControl srv_control = { - NULL, NULL, kIPCChannelSize, NULL, - reinterpret_cast<char*>(client_control), - NULL, &dispatcher, {0} }; - - sandbox::CrossCallReturn call_return = {0}; - EXPECT_TRUE(SharedMemIPCServer::InvokeCallback(&srv_control, buff, - &call_return)); - EXPECT_EQ(SBOX_ALL_OK, call_return.call_outcome); - EXPECT_TRUE(bar == call_return.extended[0].handle); - EXPECT_EQ(foo, call_return.extended[1].unsigned_int); - - CloseChannelEvents(client_control); - delete[] reinterpret_cast<char*>(client_control); + ::CloseHandle(client_control->server_alive); + delete [] reinterpret_cast<char*>(client_control); } } // namespace sandbox diff --git a/sandbox/src/policy_broker.cc b/sandbox/src/policy_broker.cc index f2316b0..82701ed 100644 --- a/sandbox/src/policy_broker.cc +++ b/sandbox/src/policy_broker.cc @@ -88,11 +88,14 @@ bool SetupNtdllImports(TargetProcess *child) { #undef INIT_GLOBAL_RTL bool SetupBasicInterceptions(InterceptionManager* manager) { +#if !defined(_WIN64) + // Bug 27218: We don't have dispatch for some x64 syscalls. // Interceptions provided by process_thread_policy, without actual policy. if (!INTERCEPT_NT(manager, NtOpenThread, OPEN_TREAD_ID, 20) || !INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20) || !INTERCEPT_NT(manager, NtOpenProcessToken, OPEN_PROCESS_TOKEN_ID, 16)) return false; +#endif // Interceptions with neither policy nor IPC. if (!INTERCEPT_NT(manager, NtSetInformationThread, SET_INFORMATION_THREAD_ID, @@ -101,11 +104,13 @@ bool SetupBasicInterceptions(InterceptionManager* manager) { return false; if (win_util::GetWinVersion() >= win_util::WINVERSION_XP) { +#if !defined(_WIN64) // Bug 27218: We don't have dispatch for some x64 syscalls. // This one is also provided by process_thread_policy. if (!INTERCEPT_NT(manager, NtOpenProcessTokenEx, OPEN_PROCESS_TOKEN_EX_ID, 20)) return false; +#endif return INTERCEPT_NT(manager, NtOpenThreadTokenEx, OPEN_THREAD_TOKEN_EX_ID, 24); diff --git a/sandbox/src/policy_target_test.cc b/sandbox/src/policy_target_test.cc index d4ffb40..6a7aebb 100644 --- a/sandbox/src/policy_target_test.cc +++ b/sandbox/src/policy_target_test.cc @@ -150,10 +150,10 @@ SBOX_TESTS_COMMAND int PolicyTargetTest_process(int argc, wchar_t **argv) { STARTUPINFO startup_info = {0}; startup_info.cb = sizeof(startup_info); PROCESS_INFORMATION process_info; - if (!::CreateProcessW(L"foo.exe", L"foo.exe", NULL, NULL, FALSE, 0, - NULL, NULL, &startup_info, &process_info)) - return SBOX_TEST_SUCCEEDED; - return SBOX_TEST_FAILED; + ::CreateProcess(L"foo.exe", L"foo.exe", NULL, NULL, FALSE, 0, NULL, NULL, + &startup_info, &process_info); + + return SBOX_TEST_SUCCEEDED; } TEST(PolicyTargetTest, SetInformationThread) { @@ -194,6 +194,8 @@ TEST(PolicyTargetTest, OpenThreadTokenEx) { EXPECT_EQ(ERROR_NO_TOKEN, runner.RunTest(L"PolicyTargetTest_token3")); } +#if !defined(_WIN64) +// Bug 27218: We don't have dispatch for some x64 syscalls. TEST(PolicyTargetTest, OpenThread) { TestRunner runner; EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"PolicyTargetTest_thread")) << @@ -209,8 +211,6 @@ TEST(PolicyTargetTest, OpenProcess) { "Opens a process"; } -#if !defined(_WIN64) - // Launches the app in the sandbox and ask it to wait in an // infinite loop. Waits for 2 seconds and then check if the // desktop associated with the app thread is not the same as the diff --git a/sandbox/src/process_thread_dispatcher.cc b/sandbox/src/process_thread_dispatcher.cc index f3badb4..bbc1e57 100644 --- a/sandbox/src/process_thread_dispatcher.cc +++ b/sandbox/src/process_thread_dispatcher.cc @@ -110,13 +110,13 @@ ThreadProcessDispatcher::ThreadProcessDispatcher(PolicyBase* policy_base) }; static const IPCCall process_token = { - {IPC_NTOPENPROCESSTOKEN_TAG, VOIDPTR_TYPE, ULONG_TYPE}, + {IPC_NTOPENPROCESSTOKEN_TAG, ULONG_TYPE, ULONG_TYPE}, reinterpret_cast<CallbackGeneric>( &ThreadProcessDispatcher::NtOpenProcessToken) }; static const IPCCall process_tokenex = { - {IPC_NTOPENPROCESSTOKENEX_TAG, VOIDPTR_TYPE, ULONG_TYPE, ULONG_TYPE}, + {IPC_NTOPENPROCESSTOKENEX_TAG, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE}, reinterpret_cast<CallbackGeneric>( &ThreadProcessDispatcher::NtOpenProcessTokenEx) }; @@ -178,7 +178,7 @@ bool ThreadProcessDispatcher::NtOpenProcess(IPCInfo* ipc, DWORD desired_access, return true; } -bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, HANDLE process, +bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, DWORD process, DWORD desired_access) { HANDLE handle; NTSTATUS ret = ProcessPolicy::OpenProcessTokenAction(*ipc->client_info, @@ -189,7 +189,7 @@ bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, HANDLE process, return true; } -bool ThreadProcessDispatcher::NtOpenProcessTokenEx(IPCInfo* ipc, HANDLE process, +bool ThreadProcessDispatcher::NtOpenProcessTokenEx(IPCInfo* ipc, DWORD process, DWORD desired_access, DWORD attributes) { HANDLE handle; diff --git a/sandbox/src/process_thread_dispatcher.h b/sandbox/src/process_thread_dispatcher.h index 0403c50..dfd58c0 100644 --- a/sandbox/src/process_thread_dispatcher.h +++ b/sandbox/src/process_thread_dispatcher.h @@ -1,9 +1,9 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H_ -#define SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H_ +#ifndef SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H__ +#define SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H__ #include "base/basictypes.h" #include "sandbox/src/crosscall_server.h" @@ -28,10 +28,10 @@ class ThreadProcessDispatcher : public Dispatcher { bool NtOpenProcess(IPCInfo* ipc, DWORD desired_access, DWORD process_id); // Processes IPC requests from calls to NtOpenProcessToken() in the target. - bool NtOpenProcessToken(IPCInfo* ipc, HANDLE process, DWORD desired_access); + bool NtOpenProcessToken(IPCInfo* ipc, DWORD process, DWORD desired_access); // Processes IPC requests from calls to NtOpenProcessTokenEx() in the target. - bool NtOpenProcessTokenEx(IPCInfo* ipc, HANDLE process, DWORD desired_access, + bool NtOpenProcessTokenEx(IPCInfo* ipc, DWORD process, DWORD desired_access, DWORD attributes); // Processes IPC requests coming from calls to CreateProcessW() in the target. @@ -44,4 +44,4 @@ class ThreadProcessDispatcher : public Dispatcher { } // namespace sandbox -#endif // SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H_ +#endif // SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H__ diff --git a/sandbox/src/process_thread_policy.cc b/sandbox/src/process_thread_policy.cc index 7e4effb..3abd043 100644 --- a/sandbox/src/process_thread_policy.cc +++ b/sandbox/src/process_thread_policy.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -103,7 +103,7 @@ bool ProcessPolicy::GenerateRules(const wchar_t* name, NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info, uint32 desired_access, uint32 thread_id, - HANDLE* handle) { + HANDLE *handle) { *handle = NULL; NtOpenThreadFunction NtOpenThread = NULL; @@ -135,7 +135,7 @@ NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info, NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info, uint32 desired_access, uint32 process_id, - HANDLE* handle) { + HANDLE *handle) { *handle = NULL; NtOpenProcessFunction NtOpenProcess = NULL; @@ -165,13 +165,16 @@ NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info, } NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info, - HANDLE process, + uint32 process_requested, uint32 desired_access, - HANDLE* handle) { + HANDLE *handle) { *handle = NULL; + NtOpenProcessTokenFunction NtOpenProcessToken = NULL; ResolveNTFunctionPtr("NtOpenProcessToken", &NtOpenProcessToken); + HANDLE process = reinterpret_cast<HANDLE>( + static_cast<ULONG_PTR>(process_requested)); if (CURRENT_PROCESS != process) return STATUS_ACCESS_DENIED; @@ -186,18 +189,21 @@ NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info, return STATUS_ACCESS_DENIED; } } + return status; } NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info, - HANDLE process, + uint32 process_requested, uint32 desired_access, uint32 attributes, - HANDLE* handle) { + HANDLE *handle) { *handle = NULL; NtOpenProcessTokenExFunction NtOpenProcessTokenEx = NULL; ResolveNTFunctionPtr("NtOpenProcessTokenEx", &NtOpenProcessTokenEx); + HANDLE process = reinterpret_cast<HANDLE>( + static_cast<ULONG_PTR>(process_requested)); if (CURRENT_PROCESS != process) return STATUS_ACCESS_DENIED; @@ -212,6 +218,7 @@ NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info, return STATUS_ACCESS_DENIED; } } + return status; } diff --git a/sandbox/src/process_thread_policy.h b/sandbox/src/process_thread_policy.h index 78323cc..29ea91d 100644 --- a/sandbox/src/process_thread_policy.h +++ b/sandbox/src/process_thread_policy.h @@ -1,9 +1,9 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_SRC_PROCESS_THREAD_POLICY_H_ -#define SANDBOX_SRC_PROCESS_THREAD_POLICY_H_ +#ifndef SANDBOX_SRC_PROCESS_THREAD_POLICY_H__ +#define SANDBOX_SRC_PROCESS_THREAD_POLICY_H__ #include <string> @@ -37,7 +37,7 @@ class ProcessPolicy { static NTSTATUS OpenThreadAction(const ClientInfo& client_info, uint32 desired_access, uint32 thread_id, - HANDLE* handle); + HANDLE *handle); // Opens the process id passed in and returns the duplicated handle to // the child. We only allow the child processes to open themselves. Any other @@ -45,24 +45,24 @@ class ProcessPolicy { static NTSTATUS OpenProcessAction(const ClientInfo& client_info, uint32 desired_access, uint32 process_id, - HANDLE* handle); + HANDLE *handle); // Opens the token associated with the process and returns the duplicated // handle to the child. We only allow the child processes to open his own // token (using ::GetCurrentProcess()). static NTSTATUS OpenProcessTokenAction(const ClientInfo& client_info, - HANDLE process, + uint32 process, uint32 desired_access, - HANDLE* handle); + HANDLE *handle); // Opens the token associated with the process and returns the duplicated // handle to the child. We only allow the child processes to open his own // token (using ::GetCurrentProcess()). static NTSTATUS OpenProcessTokenExAction(const ClientInfo& client_info, - HANDLE process, + uint32 process, uint32 desired_access, uint32 attributes, - HANDLE* handle); + HANDLE *handle); // Processes a 'CreateProcessW()' request from the target. // 'client_info' : the target process that is making the request. @@ -79,4 +79,4 @@ class ProcessPolicy { } // namespace sandbox -#endif // SANDBOX_SRC_PROCESS_THREAD_POLICY_H_ +#endif // SANDBOX_SRC_PROCESS_THREAD_POLICY_H__ diff --git a/sandbox/src/sandbox_policy_base.cc b/sandbox/src/sandbox_policy_base.cc index 4dbfc2d..d47d5921 100644 --- a/sandbox/src/sandbox_policy_base.cc +++ b/sandbox/src/sandbox_policy_base.cc @@ -71,12 +71,6 @@ PolicyBase::PolicyBase() // Initialize the IPC dispatcher array. memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); Dispatcher* dispatcher = NULL; - dispatcher = new ThreadProcessDispatcher(this); - ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher; - ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher; - ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher; - ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; - ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; #if !defined(_WIN64) // Bug 27218: We don't have dispatch for some x64 syscalls. dispatcher = new FilesystemDispatcher(this); @@ -85,14 +79,17 @@ PolicyBase::PolicyBase() ipc_targets_[IPC_NTSETINFO_RENAME_TAG] = dispatcher; ipc_targets_[IPC_NTQUERYATTRIBUTESFILE_TAG] = dispatcher; ipc_targets_[IPC_NTQUERYFULLATTRIBUTESFILE_TAG] = dispatcher; - + dispatcher = new ThreadProcessDispatcher(this); + ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher; + ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher; + ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher; + ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; + ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; dispatcher = new NamedPipeDispatcher(this); ipc_targets_[IPC_CREATENAMEDPIPEW_TAG] = dispatcher; - dispatcher = new SyncDispatcher(this); ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; - dispatcher = new RegistryDispatcher(this); ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; @@ -105,10 +102,10 @@ PolicyBase::~PolicyBase() { TargetProcess* target = (*it); delete target; } - delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; #if !defined(_WIN64) // Bug 27218: We don't have dispatch for some x64 syscalls. delete ipc_targets_[IPC_NTCREATEFILE_TAG]; + delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG]; delete ipc_targets_[IPC_CREATEEVENT_TAG]; delete ipc_targets_[IPC_NTCREATEKEY_TAG]; diff --git a/sandbox/src/sharedmem_ipc_server.cc b/sandbox/src/sharedmem_ipc_server.cc index b287d21..d835033 100644 --- a/sandbox/src/sharedmem_ipc_server.cc +++ b/sandbox/src/sharedmem_ipc_server.cc @@ -171,7 +171,7 @@ bool GetArgs(CrossCallParamsEx* params, IPCParams* ipc_params, break; } case ULONG_TYPE: { - uint32 data; + ULONG data; if (!params->GetParameter32(i, &data)) { ReleaseArgs(ipc_params, args); return false; @@ -180,15 +180,6 @@ bool GetArgs(CrossCallParamsEx* params, IPCParams* ipc_params, args[i] = ipc_int.AsVoidPtr(); break; } - case VOIDPTR_TYPE : { - void* data; - if (!params->GetParameterVoidPtr(i, &data)) { - ReleaseArgs(ipc_params, args); - return false; - } - args[i] = data; - break; - } case INOUTPTR_TYPE: { if (!args[i]) { ReleaseArgs(ipc_params, args); diff --git a/sandbox/src/sharedmem_ipc_server.h b/sandbox/src/sharedmem_ipc_server.h index 1041245..337a221 100644 --- a/sandbox/src/sharedmem_ipc_server.h +++ b/sandbox/src/sharedmem_ipc_server.h @@ -1,9 +1,9 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H_ -#define SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H_ +#ifndef SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H__ +#define SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H__ #include <list> @@ -12,8 +12,6 @@ #include "sandbox/src/crosscall_server.h" #include "sandbox/src/sharedmem_ipc_client.h" -#include "testing/gtest/include/gtest/gtest_prod.h" - // IPC transport implementation that uses shared memory. // This is the server side // @@ -53,7 +51,6 @@ class SharedMemIPCServer { bool Init(void* shared_mem, size_t shared_size, size_t channel_size); private: - FRIEND_TEST(IPCTest, SharedMemServerTests); // When an event fires (IPC request). A thread from the ThreadProvider // will call this function. The context parameter should be the same as // provided when ThreadProvider::RegisterWait was called. @@ -123,4 +120,4 @@ class SharedMemIPCServer { } // namespace sandbox -#endif // SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H_ +#endif // SANDBOX_SRC_SHAREDMEM_IPC_SERVER_H__ diff --git a/sandbox/tests/validation_tests/commands.cc b/sandbox/tests/validation_tests/commands.cc index 4d9eba4..2c9f89b 100644 --- a/sandbox/tests/validation_tests/commands.cc +++ b/sandbox/tests/validation_tests/commands.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -87,11 +87,12 @@ int TestValidWindow(HWND window) { return SBOX_TEST_DENIED; } -SBOX_TESTS_COMMAND int OpenProcessCmd(int argc, wchar_t **argv) { +SBOX_TESTS_COMMAND int OpenProcess(int argc, wchar_t **argv) { if (1 != argc) return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; DWORD process_id = _wtoi(argv[0]); + return TestOpenProcess(process_id); } @@ -111,11 +112,12 @@ int TestOpenProcess(DWORD process_id) { } } -SBOX_TESTS_COMMAND int OpenThreadCmd(int argc, wchar_t **argv) { +SBOX_TESTS_COMMAND int OpenThread(int argc, wchar_t **argv) { if (1 != argc) return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; DWORD thread_id = _wtoi(argv[0]); + return TestOpenThread(thread_id); } diff --git a/sandbox/tests/validation_tests/suite.cc b/sandbox/tests/validation_tests/suite.cc index 49faf6d..7992197 100644 --- a/sandbox/tests/validation_tests/suite.cc +++ b/sandbox/tests/validation_tests/suite.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -99,7 +99,7 @@ TEST(ValidationSuite, TestProcess) { TestRunner runner; wchar_t command[1024] = {0}; - wsprintf(command, L"OpenProcessCmd %d", ::GetCurrentProcessId()); + wsprintf(command, L"OpenProcess %d", ::GetCurrentProcessId()); EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); } @@ -108,7 +108,7 @@ TEST(ValidationSuite, TestThread) { TestRunner runner; wchar_t command[1024] = {0}; - wsprintf(command, L"OpenThreadCmd %d", ::GetCurrentThreadId()); + wsprintf(command, L"OpenThread %d", ::GetCurrentThreadId()); EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(command)); } |