diff options
author | Torne (Richard Coles) <torne@google.com> | 2013-10-31 11:16:26 +0000 |
---|---|---|
committer | Torne (Richard Coles) <torne@google.com> | 2013-10-31 11:16:26 +0000 |
commit | 1e9bf3e0803691d0a228da41fc608347b6db4340 (patch) | |
tree | ab2e5565f71b4219b3da406e19f16fe306704ef5 /sandbox | |
parent | f10b58d5bc6ae3e74076fc4ccca14cbc57ef805c (diff) | |
download | chromium_org-1e9bf3e0803691d0a228da41fc608347b6db4340.tar.gz |
Merge from Chromium at DEPS revision 232015
This commit was generated by merge_to_master.py.
Change-Id: If86767ad396b9e2e1a4c1e9df1427daea29703ef
Diffstat (limited to 'sandbox')
28 files changed, 408 insertions, 375 deletions
diff --git a/sandbox/linux/suid/common/sandbox.h b/sandbox/linux/suid/common/sandbox.h index aad4ff8bd3..9345287815 100644 --- a/sandbox/linux/suid/common/sandbox.h +++ b/sandbox/linux/suid/common/sandbox.h @@ -12,9 +12,6 @@ namespace sandbox { // These are command line switches that may be used by other programs // (e.g. Chrome) to construct a command line for the sandbox. static const char kAdjustOOMScoreSwitch[] = "--adjust-oom-score"; -#if defined(OS_CHROMEOS) -static const char kAdjustLowMemMarginSwitch[] = "--adjust-low-mem"; -#endif static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D"; static const char kSandboxHelperPidEnvironmentVarName[] = "SBX_HELPER_PID"; diff --git a/sandbox/linux/suid/process_util_linux.c b/sandbox/linux/suid/process_util_linux.c index 5e6b33b60f..78c27ef507 100644 --- a/sandbox/linux/suid/process_util_linux.c +++ b/sandbox/linux/suid/process_util_linux.c @@ -24,10 +24,6 @@ static const int kMaxOomScore = 1000; static const int kMaxOldOomScore = 15; -// Kernel pseudo-file that allows setting of the low memory margin. -static const char kLowMemMarginFile[] = - "/sys/kernel/mm/chromeos-low_mem/margin"; - // NOTE: This is not the only version of this function in the source: // the base library (in process_util_linux.cc) also has its own C++ version. bool AdjustOOMScore(pid_t process, int score) { @@ -77,30 +73,3 @@ bool AdjustOOMScore(pid_t process, int score) { close(fd); return (bytes_written == len); } - -bool AdjustLowMemoryMargin(int64_t margin_mb) { - int file_descriptor = open(kLowMemMarginFile, O_WRONLY); - if (file_descriptor < 0) - return false; - - // Only allow those values which are reasonable, to prevent mischief. - char value[21]; - switch (margin_mb) { - case -1L: - snprintf(value, sizeof(value), "off"); - break; - case 0L: - case 25L: - case 50L: - case 100L: - case 200L: - snprintf(value, sizeof(value), "%lld", (long long int)margin_mb); - break; - default: - return false; - } - - bool success = (write(file_descriptor, value, strlen(value)) >= 0); - close(file_descriptor); - return success; -} diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c index 32435a7ad8..a161e1932d 100644 --- a/sandbox/linux/suid/sandbox.c +++ b/sandbox/linux/suid/sandbox.c @@ -450,16 +450,6 @@ int main(int argc, char **argv) { return 1; return AdjustOOMScore(pid, score); } -#if defined(OS_CHROMEOS) - if (argc == 3 && (0 == strcmp(argv[1], kAdjustLowMemMarginSwitch))) { - char* endptr = NULL; - errno = 0; - unsigned long margin_mb = strtoul(argv[2], &endptr, 10); - if (!endptr || *endptr || errno != 0) - return 1; - return AdjustLowMemoryMargin(margin_mb); - } -#endif // Protect the core setuid sandbox functionality with an API version if (!CheckAndExportApiVersion()) { diff --git a/sandbox/sandbox_services.target.darwin-arm.mk b/sandbox/sandbox_services.target.darwin-arm.mk index 236dc9d0fc..48e606a9f7 100644 --- a/sandbox/sandbox_services.target.darwin-arm.mk +++ b/sandbox/sandbox_services.target.darwin-arm.mk @@ -63,13 +63,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -144,13 +144,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services.target.darwin-mips.mk b/sandbox/sandbox_services.target.darwin-mips.mk index b909d1aaf0..4b72b5724c 100644 --- a/sandbox/sandbox_services.target.darwin-mips.mk +++ b/sandbox/sandbox_services.target.darwin-mips.mk @@ -62,13 +62,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -142,13 +142,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services.target.darwin-x86.mk b/sandbox/sandbox_services.target.darwin-x86.mk index 4ef19f672e..5ee4316421 100644 --- a/sandbox/sandbox_services.target.darwin-x86.mk +++ b/sandbox/sandbox_services.target.darwin-x86.mk @@ -65,13 +65,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -149,13 +149,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services.target.linux-arm.mk b/sandbox/sandbox_services.target.linux-arm.mk index 236dc9d0fc..48e606a9f7 100644 --- a/sandbox/sandbox_services.target.linux-arm.mk +++ b/sandbox/sandbox_services.target.linux-arm.mk @@ -63,13 +63,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -144,13 +144,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services.target.linux-mips.mk b/sandbox/sandbox_services.target.linux-mips.mk index b909d1aaf0..4b72b5724c 100644 --- a/sandbox/sandbox_services.target.linux-mips.mk +++ b/sandbox/sandbox_services.target.linux-mips.mk @@ -62,13 +62,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -142,13 +142,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services.target.linux-x86.mk b/sandbox/sandbox_services.target.linux-x86.mk index 4ef19f672e..5ee4316421 100644 --- a/sandbox/sandbox_services.target.linux-x86.mk +++ b/sandbox/sandbox_services.target.linux-x86.mk @@ -65,13 +65,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -149,13 +149,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services_headers.target.darwin-arm.mk b/sandbox/sandbox_services_headers.target.darwin-arm.mk index cf0d956961..c98bec3f18 100644 --- a/sandbox/sandbox_services_headers.target.darwin-arm.mk +++ b/sandbox/sandbox_services_headers.target.darwin-arm.mk @@ -62,13 +62,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -141,13 +141,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services_headers.target.darwin-x86.mk b/sandbox/sandbox_services_headers.target.darwin-x86.mk index 06425c6bf4..5d24e9eb5b 100644 --- a/sandbox/sandbox_services_headers.target.darwin-x86.mk +++ b/sandbox/sandbox_services_headers.target.darwin-x86.mk @@ -64,13 +64,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -146,13 +146,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services_headers.target.linux-arm.mk b/sandbox/sandbox_services_headers.target.linux-arm.mk index cf0d956961..c98bec3f18 100644 --- a/sandbox/sandbox_services_headers.target.linux-arm.mk +++ b/sandbox/sandbox_services_headers.target.linux-arm.mk @@ -62,13 +62,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -141,13 +141,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/sandbox_services_headers.target.linux-x86.mk b/sandbox/sandbox_services_headers.target.linux-x86.mk index 06425c6bf4..5d24e9eb5b 100644 --- a/sandbox/sandbox_services_headers.target.linux-x86.mk +++ b/sandbox/sandbox_services_headers.target.linux-x86.mk @@ -64,13 +64,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -146,13 +146,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/seccomp_bpf.target.darwin-arm.mk b/sandbox/seccomp_bpf.target.darwin-arm.mk index 9e27cc9f7c..3777c9df72 100644 --- a/sandbox/seccomp_bpf.target.darwin-arm.mk +++ b/sandbox/seccomp_bpf.target.darwin-arm.mk @@ -72,13 +72,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -152,13 +152,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/seccomp_bpf.target.darwin-x86.mk b/sandbox/seccomp_bpf.target.darwin-x86.mk index bb32741c23..037dd953eb 100644 --- a/sandbox/seccomp_bpf.target.darwin-x86.mk +++ b/sandbox/seccomp_bpf.target.darwin-x86.mk @@ -74,13 +74,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -157,13 +157,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/seccomp_bpf.target.linux-arm.mk b/sandbox/seccomp_bpf.target.linux-arm.mk index 9e27cc9f7c..3777c9df72 100644 --- a/sandbox/seccomp_bpf.target.linux-arm.mk +++ b/sandbox/seccomp_bpf.target.linux-arm.mk @@ -72,13 +72,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -152,13 +152,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/seccomp_bpf.target.linux-x86.mk b/sandbox/seccomp_bpf.target.linux-x86.mk index bb32741c23..037dd953eb 100644 --- a/sandbox/seccomp_bpf.target.linux-x86.mk +++ b/sandbox/seccomp_bpf.target.linux-x86.mk @@ -74,13 +74,13 @@ MY_DEFS_Debug := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ @@ -157,13 +157,13 @@ MY_DEFS_Release := \ '-DANGLE_DX11' \ '-D_FILE_OFFSET_BITS=64' \ '-DNO_TCMALLOC' \ - '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ - '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DDISABLE_NACL' \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ + '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ diff --git a/sandbox/win/src/interceptors.h b/sandbox/win/src/interceptors.h index 2e6dc8ddcb..43126d005a 100644 --- a/sandbox/win/src/interceptors.h +++ b/sandbox/win/src/interceptors.h @@ -39,10 +39,8 @@ enum InterceptorId { OPEN_KEY_ID, OPEN_KEY_EX_ID, // Sync dispatcher: - CREATE_EVENTW_ID, - CREATE_EVENTA_ID, - OPEN_EVENTW_ID, - OPEN_EVENTA_ID, + CREATE_EVENT_ID, + OPEN_EVENT_ID, // CSRSS bypasses for HandleCloser: CREATE_THREAD_ID, GET_USER_DEFAULT_LCID_ID, diff --git a/sandbox/win/src/interceptors_64.cc b/sandbox/win/src/interceptors_64.cc index a36373279a..c71d5a2803 100644 --- a/sandbox/win/src/interceptors_64.cc +++ b/sandbox/win/src/interceptors_64.cc @@ -249,36 +249,23 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64( // ----------------------------------------------------------------------- -SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64( - LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset, - BOOL initial_state, LPCWSTR name) { - CreateEventWFunction orig_fn = reinterpret_cast< - CreateEventWFunction>(g_originals[CREATE_EVENTW_ID]); - return TargetCreateEventW(orig_fn, security_attributes, manual_reset, - initial_state, name); +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent64( + PHANDLE event_handle, ACCESS_MASK desired_access, + POBJECT_ATTRIBUTES object_attributes, EVENT_TYPE event_type, + BOOLEAN initial_state) { + NtCreateEventFunction orig_fn = reinterpret_cast< + NtCreateEventFunction>(g_originals[CREATE_EVENT_ID]); + return TargetNtCreateEvent(orig_fn, event_handle, desired_access, + object_attributes, event_type, initial_state); } -SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventA64( - LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset, - BOOL initial_state, LPCSTR name) { - CreateEventAFunction orig_fn = reinterpret_cast< - CreateEventAFunction>(g_originals[CREATE_EVENTA_ID]); - return TargetCreateEventA(orig_fn, security_attributes, manual_reset, - initial_state, name); -} - -SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64( - DWORD desired_access, BOOL inherit_handle, LPCWSTR name) { - OpenEventWFunction orig_fn = reinterpret_cast< - OpenEventWFunction>(g_originals[OPEN_EVENTW_ID]); - return TargetOpenEventW(orig_fn, desired_access, inherit_handle, name); -} - -SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventA64( - DWORD desired_access, BOOL inherit_handle, LPCSTR name) { - OpenEventAFunction orig_fn = reinterpret_cast< - OpenEventAFunction>(g_originals[OPEN_EVENTA_ID]); - return TargetOpenEventA(orig_fn, desired_access, inherit_handle, name); +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent64( + PHANDLE event_handle, ACCESS_MASK desired_access, + POBJECT_ATTRIBUTES object_attributes) { + NtOpenEventFunction orig_fn = reinterpret_cast< + NtOpenEventFunction>(g_originals[OPEN_EVENT_ID]); + return TargetNtOpenEvent(orig_fn, event_handle, desired_access, + object_attributes); } } // namespace sandbox diff --git a/sandbox/win/src/interceptors_64.h b/sandbox/win/src/interceptors_64.h index 717fb6d636..ef2c10d412 100644 --- a/sandbox/win/src/interceptors_64.h +++ b/sandbox/win/src/interceptors_64.h @@ -153,23 +153,15 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64( // ----------------------------------------------------------------------- // Interceptors handled by the sync dispatcher. -// Interception of CreateEventW on the child process. -SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64( - LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset, - BOOL initial_state, LPCWSTR name); - -// Interception of CreateEventA on the child process. -SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventA64( - LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset, - BOOL initial_state, LPCSTR name); - -// Interception of OpenEventW on the child process. -SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64( - DWORD desired_access, BOOL inherit_handle, LPCWSTR name); - -// Interception of OpenEventA on the child process. -SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventA64( - DWORD desired_access, BOOL inherit_handle, LPCSTR name); +// Interception of NtCreateEvent/NtOpenEvent on the child process. +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent64( + PHANDLE event_handle, ACCESS_MASK desired_access, + POBJECT_ATTRIBUTES object_attributes, EVENT_TYPE event_type, + BOOLEAN initial_state); + +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent64( + PHANDLE event_handle, ACCESS_MASK desired_access, + POBJECT_ATTRIBUTES object_attributes); } // extern "C" diff --git a/sandbox/win/src/nt_internals.h b/sandbox/win/src/nt_internals.h index c9aaf92732..1423be4937 100644 --- a/sandbox/win/src/nt_internals.h +++ b/sandbox/win/src/nt_internals.h @@ -615,5 +615,31 @@ typedef VOID (WINAPI *RtlInitUnicodeStringFunction) ( IN OUT PUNICODE_STRING DestinationString, IN PCWSTR SourceString); +typedef enum _EVENT_TYPE { + NotificationEvent, + SynchronizationEvent +} EVENT_TYPE, *PEVENT_TYPE; + +typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) ( + PHANDLE DirectoryHandle, + ACCESS_MASK DesiredAccess, + POBJECT_ATTRIBUTES ObjectAttributes); + +typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) ( + HANDLE LinkHandle, + PUNICODE_STRING LinkTarget, + PULONG ReturnedLength); + +typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) ( + PHANDLE LinkHandle, + ACCESS_MASK DesiredAccess, + POBJECT_ATTRIBUTES ObjectAttributes); + +#define DIRECTORY_QUERY 0x0001 +#define DIRECTORY_TRAVERSE 0x0002 +#define DIRECTORY_CREATE_OBJECT 0x0004 +#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 +#define DIRECTORY_ALL_ACCESS 0x000F + #endif // SANDBOX_WIN_SRC_NT_INTERNALS_H__ diff --git a/sandbox/win/src/sync_dispatcher.cc b/sandbox/win/src/sync_dispatcher.cc index 6897daccc3..3769fc6c67 100644 --- a/sandbox/win/src/sync_dispatcher.cc +++ b/sandbox/win/src/sync_dispatcher.cc @@ -25,7 +25,7 @@ SyncDispatcher::SyncDispatcher(PolicyBase* policy_base) }; static const IPCCall open_params = { - {IPC_OPENEVENT_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE}, + {IPC_OPENEVENT_TAG, WCHAR_TYPE, ULONG_TYPE}, reinterpret_cast<CallbackGeneric>(&SyncDispatcher::OpenEvent) }; @@ -35,33 +35,16 @@ SyncDispatcher::SyncDispatcher(PolicyBase* policy_base) bool SyncDispatcher::SetupService(InterceptionManager* manager, int service) { - bool ret = false; - // We need to intercept kernelbase.dll on Windows 7 and beyond and - // kernel32.dll for earlier versions. - static const wchar_t* kWin32SyncDllName = - base::win::GetVersion() >= base::win::VERSION_WIN7 ? kKernelBasedllName : - kKerneldllName; - if (IPC_CREATEEVENT_TAG == service) { - ret = INTERCEPT_EAT(manager, kWin32SyncDllName, CreateEventW, - CREATE_EVENTW_ID, 20); - if (ret) { - ret = INTERCEPT_EAT(manager, kWin32SyncDllName, CreateEventA, - CREATE_EVENTA_ID, 20); - } + return INTERCEPT_NT(manager, NtCreateEvent, CREATE_EVENT_ID, 24); } else if (IPC_OPENEVENT_TAG == service) { - ret = INTERCEPT_EAT(manager, kWin32SyncDllName, OpenEventW, OPEN_EVENTW_ID, - 16); - if (ret) { - ret = INTERCEPT_EAT(manager, kWin32SyncDllName, OpenEventA, - OPEN_EVENTA_ID, 16); - } + return INTERCEPT_NT(manager, NtOpenEvent, OPEN_EVENT_ID, 16); } - return ret; + return false; } bool SyncDispatcher::CreateEvent(IPCInfo* ipc, std::wstring* name, - DWORD manual_reset, DWORD initial_state) { + DWORD event_type, DWORD initial_state) { const wchar_t* event_name = name->c_str(); CountedParameterSet<NameBased> params; params[NameBased::NAME] = ParamPickerMake(event_name); @@ -70,16 +53,16 @@ bool SyncDispatcher::CreateEvent(IPCInfo* ipc, std::wstring* name, params.GetBase()); HANDLE handle = NULL; DWORD ret = SyncPolicy::CreateEventAction(result, *ipc->client_info, *name, - manual_reset, initial_state, + event_type, initial_state, &handle); // Return operation status on the IPC. - ipc->return_info.win32_result = ret; + ipc->return_info.nt_status = ret; ipc->return_info.handle = handle; return true; } bool SyncDispatcher::OpenEvent(IPCInfo* ipc, std::wstring* name, - DWORD desired_access, DWORD inherit_handle) { + DWORD desired_access) { const wchar_t* event_name = name->c_str(); CountedParameterSet<OpenEventParams> params; @@ -90,8 +73,7 @@ bool SyncDispatcher::OpenEvent(IPCInfo* ipc, std::wstring* name, params.GetBase()); HANDLE handle = NULL; DWORD ret = SyncPolicy::OpenEventAction(result, *ipc->client_info, *name, - desired_access, inherit_handle, - &handle); + desired_access, &handle); // Return operation status on the IPC. ipc->return_info.win32_result = ret; ipc->return_info.handle = handle; diff --git a/sandbox/win/src/sync_dispatcher.h b/sandbox/win/src/sync_dispatcher.h index 13c8b9d31a..1d1b978c9a 100644 --- a/sandbox/win/src/sync_dispatcher.h +++ b/sandbox/win/src/sync_dispatcher.h @@ -22,12 +22,11 @@ class SyncDispatcher : public Dispatcher { private: // Processes IPC requests coming from calls to CreateEvent in the target. - bool CreateEvent(IPCInfo* ipc, std::wstring* name, DWORD manual_reset, + bool CreateEvent(IPCInfo* ipc, std::wstring* name, DWORD event_type, DWORD initial_state); // Processes IPC requests coming from calls to OpenEvent in the target. - bool OpenEvent(IPCInfo* ipc, std::wstring* name, DWORD desired_access, - DWORD inherit_handle); + bool OpenEvent(IPCInfo* ipc, std::wstring* name, DWORD desired_access); PolicyBase* policy_base_; DISALLOW_COPY_AND_ASSIGN(SyncDispatcher); diff --git a/sandbox/win/src/sync_interception.cc b/sandbox/win/src/sync_interception.cc index ddbcc05440..cafbcb0cc5 100644 --- a/sandbox/win/src/sync_interception.cc +++ b/sandbox/win/src/sync_interception.cc @@ -17,33 +17,25 @@ namespace sandbox { ResultCode ProxyCreateEvent(LPCWSTR name, BOOL initial_state, - BOOL manual_reset, + EVENT_TYPE event_type, + void* ipc_memory, CrossCallReturn* answer) { - void* memory = GetGlobalIPCMemory(); - if (!memory) - return SBOX_ERROR_GENERIC; - CountedParameterSet<NameBased> params; params[NameBased::NAME] = ParamPickerMake(name); if (!QueryBroker(IPC_CREATEEVENT_TAG, params.GetBase())) return SBOX_ERROR_GENERIC; - SharedMemIPCClient ipc(memory); - ResultCode code = CrossCall(ipc, IPC_CREATEEVENT_TAG, name, manual_reset, + SharedMemIPCClient ipc(ipc_memory); + ResultCode code = CrossCall(ipc, IPC_CREATEEVENT_TAG, name, event_type, initial_state, answer); return code; } ResultCode ProxyOpenEvent(LPCWSTR name, ACCESS_MASK desired_access, - BOOL inherit_handle, + void* ipc_memory, CrossCallReturn* answer) { - void* memory = GetGlobalIPCMemory(); - if (!memory) - return SBOX_ERROR_GENERIC; - - uint32 inherit_handle_ipc = inherit_handle; CountedParameterSet<OpenEventParams> params; params[OpenEventParams::NAME] = ParamPickerMake(name); params[OpenEventParams::ACCESS] = ParamPickerMake(desired_access); @@ -51,135 +43,119 @@ ResultCode ProxyOpenEvent(LPCWSTR name, if (!QueryBroker(IPC_OPENEVENT_TAG, params.GetBase())) return SBOX_ERROR_GENERIC; - SharedMemIPCClient ipc(memory); + SharedMemIPCClient ipc(ipc_memory); ResultCode code = CrossCall(ipc, IPC_OPENEVENT_TAG, name, desired_access, - inherit_handle_ipc, answer); + answer); return code; } -HANDLE WINAPI TargetCreateEventW(CreateEventWFunction orig_CreateEvent, - LPSECURITY_ATTRIBUTES security_attributes, - BOOL manual_reset, - BOOL initial_state, - LPCWSTR name) { - // Check if the process can create it first. - HANDLE handle = orig_CreateEvent(security_attributes, manual_reset, - initial_state, name); - if (handle || !name) - return handle; - - // We don't trust that the IPC can work this early. - if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) - return NULL; - - DWORD original_error = ::GetLastError(); - - CrossCallReturn answer = {0}; - ResultCode code = ProxyCreateEvent(name, initial_state, manual_reset, - &answer); - - if (code == SBOX_ALL_OK) { - ::SetLastError(answer.win32_result); - return answer.handle; - } - ::SetLastError(original_error); - return NULL; -} - -HANDLE WINAPI TargetCreateEventA(CreateEventAFunction orig_CreateEvent, - LPSECURITY_ATTRIBUTES security_attributes, - BOOL manual_reset, - BOOL initial_state, - LPCSTR name) { - // Check if the process can create it first. - HANDLE handle = orig_CreateEvent(security_attributes, manual_reset, - initial_state, name); - if (handle || !name) - return handle; - - // We don't trust that the IPC can work this early. - if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) - return NULL; - - DWORD original_error = ::GetLastError(); - - UNICODE_STRING* wide_name = AnsiToUnicode(name); - if (!wide_name) - return NULL; - - CrossCallReturn answer = {0}; - ResultCode code = ProxyCreateEvent(wide_name->Buffer, initial_state, - manual_reset, &answer); - operator delete(wide_name, NT_ALLOC); - - if (code == SBOX_ALL_OK) { - ::SetLastError(answer.win32_result); - return answer.handle; - } - ::SetLastError(original_error); - return NULL; -} - -// Interception of OpenEventW on the child process. -// It should never be called directly -HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent, - DWORD desired_access, - BOOL inherit_handle, - LPCWSTR name) { - // Check if the process can open it first. - HANDLE handle = orig_OpenEvent(desired_access, inherit_handle, name); - if (handle || !name) - return handle; +NTSTATUS WINAPI TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent, + PHANDLE event_handle, + ACCESS_MASK desired_access, + POBJECT_ATTRIBUTES object_attributes, + EVENT_TYPE event_type, + BOOLEAN initial_state) { + NTSTATUS status = orig_CreateEvent(event_handle, desired_access, + object_attributes, event_type, + initial_state); + if (status != STATUS_ACCESS_DENIED || !object_attributes) + return status; // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) - return NULL; - - DWORD original_error = ::GetLastError(); - - CrossCallReturn answer = {0}; - - ResultCode code = ProxyOpenEvent(name, desired_access, inherit_handle, - &answer); - if (code == SBOX_ALL_OK) { - ::SetLastError(answer.win32_result); - return answer.handle; - } - ::SetLastError(original_error); - return NULL; + return status; + + do { + if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) + break; + + void* memory = GetGlobalIPCMemory(); + if (memory == NULL) + break; + + OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes; + // The RootDirectory points to BaseNamedObjects. We can ignore it. + object_attribs_copy.RootDirectory = NULL; + + wchar_t* name = NULL; + uint32 attributes = 0; + NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes, + NULL); + if (!NT_SUCCESS(ret) || name == NULL) + break; + + CrossCallReturn answer = {0}; + answer.nt_status = status; + ResultCode code = ProxyCreateEvent(name, initial_state, event_type, memory, + &answer); + operator delete(name, NT_ALLOC); + + if (code != SBOX_ALL_OK) { + status = answer.nt_status; + break; + } + __try { + *event_handle = answer.handle; + status = STATUS_SUCCESS; + } __except(EXCEPTION_EXECUTE_HANDLER) { + break; + } + } while (false); + + return status; } -HANDLE WINAPI TargetOpenEventA(OpenEventAFunction orig_OpenEvent, - DWORD desired_access, - BOOL inherit_handle, - LPCSTR name) { - // Check if the process can open it first. - HANDLE handle = orig_OpenEvent(desired_access, inherit_handle, name); - if (handle || !name) - return handle; +NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent, + PHANDLE event_handle, + ACCESS_MASK desired_access, + POBJECT_ATTRIBUTES object_attributes) { + NTSTATUS status = orig_OpenEvent(event_handle, desired_access, + object_attributes); + if (status != STATUS_ACCESS_DENIED || !object_attributes) + return status; // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) - return NULL; - - DWORD original_error = ::GetLastError(); - - UNICODE_STRING* wide_name = AnsiToUnicode(name); - if (!wide_name) - return NULL; - - CrossCallReturn answer = {0}; - ResultCode code = ProxyOpenEvent(wide_name->Buffer, desired_access, - inherit_handle, &answer); - operator delete(wide_name, NT_ALLOC); - - if (code == SBOX_ALL_OK) { - ::SetLastError(answer.win32_result); - return answer.handle; - } - ::SetLastError(original_error); - return NULL; + return status; + + do { + if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) + break; + + void* memory = GetGlobalIPCMemory(); + if (memory == NULL) + break; + + OBJECT_ATTRIBUTES object_attribs_copy = *object_attributes; + // The RootDirectory points to BaseNamedObjects. We can ignore it. + object_attribs_copy.RootDirectory = NULL; + + wchar_t* name = NULL; + uint32 attributes = 0; + NTSTATUS ret = AllocAndCopyName(&object_attribs_copy, &name, &attributes, + NULL); + if (!NT_SUCCESS(ret) || name == NULL) + break; + + CrossCallReturn answer = {0}; + answer.nt_status = status; + ResultCode code = ProxyOpenEvent(name, desired_access, memory, &answer); + operator delete(name, NT_ALLOC); + + if (code != SBOX_ALL_OK) { + status = answer.nt_status; + break; + } + __try { + *event_handle = answer.handle; + status = STATUS_SUCCESS; + } __except(EXCEPTION_EXECUTE_HANDLER) { + break; + } + } while (false); + + return status; } } // namespace sandbox diff --git a/sandbox/win/src/sync_interception.h b/sandbox/win/src/sync_interception.h index 19790f7cdf..0f985a8edc 100644 --- a/sandbox/win/src/sync_interception.h +++ b/sandbox/win/src/sync_interception.h @@ -12,55 +12,32 @@ namespace sandbox { extern "C" { -typedef HANDLE (WINAPI *CreateEventWFunction) ( - LPSECURITY_ATTRIBUTES lpEventAttributes, - BOOL bManualReset, - BOOL bInitialState, - LPCWSTR lpName); - -typedef HANDLE (WINAPI *CreateEventAFunction) ( - LPSECURITY_ATTRIBUTES lpEventAttributes, - BOOL bManualReset, - BOOL bInitialState, - LPCSTR lpName); - -typedef HANDLE (WINAPI *OpenEventWFunction) ( - DWORD dwDesiredAccess, - BOOL bInitialState, - LPCWSTR lpName); - -typedef HANDLE (WINAPI *OpenEventAFunction) ( - DWORD dwDesiredAccess, - BOOL bInheritHandle, - LPCSTR lpName); - -// Interceptors for CreateEventW/A -SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW( - CreateEventWFunction orig_CreateEvent, - LPSECURITY_ATTRIBUTES security_attributes, - BOOL manual_reset, - BOOL initial_state, - LPCWSTR name); - -SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventA( - CreateEventAFunction orig_CreateEvent, - LPSECURITY_ATTRIBUTES security_attributes, - BOOL manual_reset, - BOOL initial_state, - LPCSTR name); - -// Interceptors for OpenEventW/A -SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW( - OpenEventWFunction orig_OpenEvent, - DWORD desired_access, - BOOL inherit_handle, - LPCWSTR name); - -SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventA( - OpenEventAFunction orig_OpenEvent, - DWORD desired_access, - BOOL inherit_handle, - LPCSTR name); +typedef NTSTATUS (WINAPI* NtCreateEventFunction) ( + PHANDLE EventHandle, + ACCESS_MASK DesiredAccess, + POBJECT_ATTRIBUTES ObjectAttributes, + EVENT_TYPE EventType, + BOOLEAN InitialState); + +typedef NTSTATUS (WINAPI *NtOpenEventFunction) ( + PHANDLE EventHandle, + ACCESS_MASK DesiredAccess, + POBJECT_ATTRIBUTES ObjectAttributes); + +// Interceptors for NtCreateEvent/NtOpenEvent +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent( + NtCreateEventFunction orig_CreateEvent, + PHANDLE event_handle, + ACCESS_MASK desired_access, + POBJECT_ATTRIBUTES object_attributes, + EVENT_TYPE event_type, + BOOLEAN initial_state); + +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent( + NtOpenEventFunction orig_OpenEvent, + PHANDLE event_handle, + ACCESS_MASK desired_access, + POBJECT_ATTRIBUTES object_attributes); } // extern "C" diff --git a/sandbox/win/src/sync_policy.cc b/sandbox/win/src/sync_policy.cc index 87ef0bdd15..e3b6530a14 100644 --- a/sandbox/win/src/sync_policy.cc +++ b/sandbox/win/src/sync_policy.cc @@ -7,14 +7,129 @@ #include "sandbox/win/src/sync_policy.h" #include "base/logging.h" +#include "base/strings/stringprintf.h" #include "sandbox/win/src/ipc_tags.h" +#include "sandbox/win/src/nt_internals.h" #include "sandbox/win/src/policy_engine_opcodes.h" #include "sandbox/win/src/policy_params.h" #include "sandbox/win/src/sandbox_types.h" #include "sandbox/win/src/sandbox_utils.h" +#include "sandbox/win/src/sync_interception.h" +#include "sandbox/win/src/win_utils.h" namespace sandbox { +// Provides functionality to resolve a symbolic link within the object +// directory passed in. +NTSTATUS ResolveSymbolicLink(const std::wstring& directory_name, + const std::wstring& name, + std::wstring* target) { + NtOpenDirectoryObjectFunction NtOpenDirectoryObject = NULL; + ResolveNTFunctionPtr("NtOpenDirectoryObject", &NtOpenDirectoryObject); + + NtQuerySymbolicLinkObjectFunction NtQuerySymbolicLinkObject = NULL; + ResolveNTFunctionPtr("NtQuerySymbolicLinkObject", + &NtQuerySymbolicLinkObject); + + NtOpenSymbolicLinkObjectFunction NtOpenSymbolicLinkObject = NULL; + ResolveNTFunctionPtr("NtOpenSymbolicLinkObject", &NtOpenSymbolicLinkObject); + + NtCloseFunction NtClose = NULL; + ResolveNTFunctionPtr("NtClose", &NtClose); + + OBJECT_ATTRIBUTES symbolic_link_directory_attributes = {}; + UNICODE_STRING symbolic_link_directory_string = {}; + InitObjectAttribs(directory_name, OBJ_CASE_INSENSITIVE, NULL, + &symbolic_link_directory_attributes, + &symbolic_link_directory_string); + + HANDLE symbolic_link_directory = NULL; + NTSTATUS status = NtOpenDirectoryObject(&symbolic_link_directory, + DIRECTORY_QUERY, + &symbolic_link_directory_attributes); + if (status != STATUS_SUCCESS) { + DLOG(ERROR) << "Failed to open symbolic link directory. Error: " + << status; + return status; + } + + OBJECT_ATTRIBUTES symbolic_link_attributes = {}; + UNICODE_STRING name_string = {}; + InitObjectAttribs(name, OBJ_CASE_INSENSITIVE, symbolic_link_directory, + &symbolic_link_attributes, &name_string); + + HANDLE symbolic_link = NULL; + status = NtOpenSymbolicLinkObject(&symbolic_link, GENERIC_READ, + &symbolic_link_attributes); + NtClose(symbolic_link_directory); + if (status != STATUS_SUCCESS) { + DLOG(ERROR) << "Failed to open symbolic link Error: " << status; + return status; + } + + UNICODE_STRING target_path = {}; + unsigned long target_length = 0; + status = NtQuerySymbolicLinkObject(symbolic_link, &target_path, + &target_length); + if (status != STATUS_BUFFER_TOO_SMALL) { + NtClose(symbolic_link); + DLOG(ERROR) << "Failed to get length for symbolic link target. Error: " + << status; + return status; + } + + target_path.Buffer = new wchar_t[target_length + 1]; + target_path.Length = 0; + target_path.MaximumLength = target_length; + status = NtQuerySymbolicLinkObject(symbolic_link, &target_path, + &target_length); + if (status == STATUS_SUCCESS) { + target->assign(target_path.Buffer, target_length); + } else { + DLOG(ERROR) << "Failed to resolve symbolic link. Error: " << status; + } + + NtClose(symbolic_link); + delete[] target_path.Buffer; + return status; +} + +NTSTATUS GetBaseNamedObjectsDirectory(HANDLE* directory) { + static HANDLE base_named_objects_handle = NULL; + if (base_named_objects_handle) { + *directory = base_named_objects_handle; + return STATUS_SUCCESS; + } + + NtOpenDirectoryObjectFunction NtOpenDirectoryObject = NULL; + ResolveNTFunctionPtr("NtOpenDirectoryObject", &NtOpenDirectoryObject); + + DWORD session_id = 0; + ProcessIdToSessionId(::GetCurrentProcessId(), &session_id); + + std::wstring base_named_objects_path; + + NTSTATUS status = ResolveSymbolicLink(L"\\Sessions\\BNOLINKS", + base::StringPrintf(L"%d", session_id), + &base_named_objects_path); + if (status != STATUS_SUCCESS) { + DLOG(ERROR) << "Failed to resolve BaseNamedObjects path. Error: " + << status; + return status; + } + + UNICODE_STRING directory_name = {}; + OBJECT_ATTRIBUTES object_attributes = {}; + InitObjectAttribs(base_named_objects_path, OBJ_CASE_INSENSITIVE, NULL, + &object_attributes, &directory_name); + status = NtOpenDirectoryObject(&base_named_objects_handle, + DIRECTORY_ALL_ACCESS, + &object_attributes); + if (status == STATUS_SUCCESS) + *directory = base_named_objects_handle; + return status; +} + bool SyncPolicy::GenerateRules(const wchar_t* name, TargetPolicy::Semantics semantics, LowLevelPolicy* policy) { @@ -64,49 +179,75 @@ bool SyncPolicy::GenerateRules(const wchar_t* name, DWORD SyncPolicy::CreateEventAction(EvalResult eval_result, const ClientInfo& client_info, const std::wstring &event_name, - uint32 manual_reset, + uint32 event_type, uint32 initial_state, HANDLE *handle) { + NtCreateEventFunction NtCreateEvent = NULL; + ResolveNTFunctionPtr("NtCreateEvent", &NtCreateEvent); + // The only action supported is ASK_BROKER which means create the requested // file as specified. if (ASK_BROKER != eval_result) return false; - HANDLE local_handle = ::CreateEvent(NULL, manual_reset, initial_state, - event_name.c_str()); + HANDLE object_directory = NULL; + NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); + if (status != STATUS_SUCCESS) + return status; + + UNICODE_STRING unicode_event_name = {}; + OBJECT_ATTRIBUTES object_attributes = {}; + InitObjectAttribs(event_name, OBJ_CASE_INSENSITIVE, object_directory, + &object_attributes, &unicode_event_name); + + HANDLE local_handle = NULL; + status = NtCreateEvent(&local_handle, EVENT_ALL_ACCESS, &object_attributes, + static_cast<EVENT_TYPE>(event_type), initial_state); if (NULL == local_handle) - return ::GetLastError(); + return status; if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, client_info.process, handle, 0, FALSE, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { - return ERROR_ACCESS_DENIED; + return STATUS_ACCESS_DENIED; } - return ERROR_SUCCESS; + return status; } DWORD SyncPolicy::OpenEventAction(EvalResult eval_result, const ClientInfo& client_info, const std::wstring &event_name, uint32 desired_access, - uint32 inherit_handle, HANDLE *handle) { + NtOpenEventFunction NtOpenEvent = NULL; + ResolveNTFunctionPtr("NtOpenEvent", &NtOpenEvent); + // The only action supported is ASK_BROKER which means create the requested - // file as specified. + // event as specified. if (ASK_BROKER != eval_result) return false; - HANDLE local_handle = ::OpenEvent(desired_access, FALSE, - event_name.c_str()); + HANDLE object_directory = NULL; + NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); + if (status != STATUS_SUCCESS) + return status; + + UNICODE_STRING unicode_event_name = {}; + OBJECT_ATTRIBUTES object_attributes = {}; + InitObjectAttribs(event_name, OBJ_CASE_INSENSITIVE, object_directory, + &object_attributes, &unicode_event_name); + + HANDLE local_handle = NULL; + status = NtOpenEvent(&local_handle, desired_access, &object_attributes); if (NULL == local_handle) - return ::GetLastError(); + return status; if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, - client_info.process, handle, 0, inherit_handle, + client_info.process, handle, 0, FALSE, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { - return ERROR_ACCESS_DENIED; + return STATUS_ACCESS_DENIED; } - return ERROR_SUCCESS; + return status; } } // namespace sandbox diff --git a/sandbox/win/src/sync_policy.h b/sandbox/win/src/sync_policy.h index 2b8b422702..93aef64af6 100644 --- a/sandbox/win/src/sync_policy.h +++ b/sandbox/win/src/sync_policy.h @@ -35,14 +35,13 @@ class SyncPolicy { static DWORD CreateEventAction(EvalResult eval_result, const ClientInfo& client_info, const std::wstring &event_name, - uint32 manual_reset, + uint32 event_type, uint32 initial_state, HANDLE *handle); static DWORD OpenEventAction(EvalResult eval_result, const ClientInfo& client_info, const std::wstring &event_name, uint32 desired_access, - uint32 inherit_handle, HANDLE *handle); }; diff --git a/sandbox/win/src/sync_policy_test.cc b/sandbox/win/src/sync_policy_test.cc index 87d03f1028..ced5498f53 100644 --- a/sandbox/win/src/sync_policy_test.cc +++ b/sandbox/win/src/sync_policy_test.cc @@ -87,7 +87,7 @@ SBOX_TESTS_COMMAND int Event_CreateOpen(int argc, wchar_t **argv) { } // Tests the creation of events using all the possible combinations. -TEST(SyncPolicyTest, TestEvent) { +TEST(SyncPolicyTest, DISABLED_TestEvent) { TestRunner runner; EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC, TargetPolicy::EVENTS_ALLOW_ANY, @@ -111,7 +111,7 @@ TEST(SyncPolicyTest, TestEvent) { } // Tests opening events with read only access. -TEST(SyncPolicyTest, TestEventReadOnly) { +TEST(SyncPolicyTest, DISABLED_TestEventReadOnly) { TestRunner runner; EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_SYNC, TargetPolicy::EVENTS_ALLOW_READONLY, |