Source code
Revision control
Copy as Markdown
Other Tools
# HG changeset patch
# User Bob Owen <bobowencode@gmail.com>
# Date 1417281138 0
# Sat Nov 29 17:12:18 2014 +0000
# Node ID 4ea2e332affe4b74bd37fbf2fee8da0b1c94e115
# Parent 5eec91873c96c2cbfc856ba86335fa068c89d6ce
Re-apply - Logging changes to the Chromium interception code. r=tabraldes
Originally landed as changset:
diff --git a/sandbox/win/src/filesystem_interception.cc b/sandbox/win/src/filesystem_interception.cc
--- a/sandbox/win/src/filesystem_interception.cc
+++ b/sandbox/win/src/filesystem_interception.cc
@@ -10,16 +10,17 @@
#include "sandbox/win/src/filesystem_policy.h"
#include "sandbox/win/src/ipc_tags.h"
#include "sandbox/win/src/policy_params.h"
#include "sandbox/win/src/policy_target.h"
#include "sandbox/win/src/sandbox_factory.h"
#include "sandbox/win/src/sandbox_nt_util.h"
#include "sandbox/win/src/sharedmem_ipc_client.h"
#include "sandbox/win/src/target_services.h"
+#include "mozilla/sandboxing/sandboxLogging.h"
// This status occurs when trying to access a network share on the machine from
// which it is shared.
#define STATUS_NETWORK_OPEN_RESTRICTION ((NTSTATUS)0xC0000201L)
namespace sandbox {
NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile,
@@ -75,16 +76,20 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre
NTSTATUS status = orig_CreateFile(
file, desired_access, object_attributes, io_status, allocation_size,
file_attributes, sharing, disposition, options, ea_buffer, ea_length);
if (STATUS_ACCESS_DENIED != status &&
STATUS_NETWORK_OPEN_RESTRICTION != status) {
return status;
}
+ mozilla::sandboxing::LogBlocked("NtCreateFile",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
+
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) {
return status;
}
do {
if (!ValidParameter(file, sizeof(HANDLE), WRITE)) {
break;
@@ -96,16 +101,19 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre
__try {
*file = answer.handle;
io_status->Status = answer.nt_status;
io_status->Information = answer.extended[0].ulong_ptr;
} __except (EXCEPTION_EXECUTE_HANDLER) {
break;
}
+ mozilla::sandboxing::LogAllowed("NtCreateFile",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
} while (false);
return status;
}
NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile,
PHANDLE file,
ACCESS_MASK desired_access,
@@ -115,16 +123,20 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF
ULONG options) {
// Check if the process can open it first.
NTSTATUS status = orig_OpenFile(file, desired_access, object_attributes,
io_status, sharing, options);
if (STATUS_ACCESS_DENIED != status &&
STATUS_NETWORK_OPEN_RESTRICTION != status)
return status;
+ mozilla::sandboxing::LogBlocked("NtOpenFile",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
+
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
do {
if (!ValidParameter(file, sizeof(HANDLE), WRITE))
break;
if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE))
@@ -171,31 +183,38 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF
__try {
*file = answer.handle;
io_status->Status = answer.nt_status;
io_status->Information = answer.extended[0].ulong_ptr;
} __except (EXCEPTION_EXECUTE_HANDLER) {
break;
}
+ mozilla::sandboxing::LogAllowed("NtOpenFile",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
} while (false);
return status;
}
NTSTATUS WINAPI
TargetNtQueryAttributesFile(NtQueryAttributesFileFunction orig_QueryAttributes,
POBJECT_ATTRIBUTES object_attributes,
PFILE_BASIC_INFORMATION file_attributes) {
// Check if the process can query it first.
NTSTATUS status = orig_QueryAttributes(object_attributes, file_attributes);
if (STATUS_ACCESS_DENIED != status &&
STATUS_NETWORK_OPEN_RESTRICTION != status)
return status;
+ mozilla::sandboxing::LogBlocked("NtQueryAttributesFile",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
+
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
do {
if (!ValidParameter(file_attributes, sizeof(FILE_BASIC_INFORMATION), WRITE))
break;
@@ -227,32 +246,39 @@ TargetNtQueryAttributesFile(NtQueryAttri
ResultCode code = CrossCall(ipc, IpcTag::NTQUERYATTRIBUTESFILE, name.get(),
attributes, file_info, &answer);
if (SBOX_ALL_OK != code)
break;
status = answer.nt_status;
+ mozilla::sandboxing::LogAllowed("NtQueryAttributesFile",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
} while (false);
return status;
}
NTSTATUS WINAPI TargetNtQueryFullAttributesFile(
NtQueryFullAttributesFileFunction orig_QueryFullAttributes,
POBJECT_ATTRIBUTES object_attributes,
PFILE_NETWORK_OPEN_INFORMATION file_attributes) {
// Check if the process can query it first.
NTSTATUS status =
orig_QueryFullAttributes(object_attributes, file_attributes);
if (STATUS_ACCESS_DENIED != status &&
STATUS_NETWORK_OPEN_RESTRICTION != status)
return status;
+ mozilla::sandboxing::LogBlocked("NtQueryFullAttributesFile",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
+
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
do {
if (!ValidParameter(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION),
WRITE))
break;
@@ -284,16 +310,20 @@ NTSTATUS WINAPI TargetNtQueryFullAttribu
CrossCallReturn answer = {0};
ResultCode code = CrossCall(ipc, IpcTag::NTQUERYFULLATTRIBUTESFILE,
name.get(), attributes, file_info, &answer);
if (SBOX_ALL_OK != code)
break;
status = answer.nt_status;
+
+ mozilla::sandboxing::LogAllowed("NtQueryFullAttributesFile",
+ object_attributes->ObjectName->Buffer,
+ object_attributes->ObjectName->Length);
} while (false);
return status;
}
NTSTATUS WINAPI
TargetNtSetInformationFile(NtSetInformationFileFunction orig_SetInformationFile,
HANDLE file,
@@ -302,16 +332,18 @@ TargetNtSetInformationFile(NtSetInformat
ULONG length,
FILE_INFORMATION_CLASS file_info_class) {
// Check if the process can open it first.
NTSTATUS status = orig_SetInformationFile(file, io_status, file_info, length,
file_info_class);
if (STATUS_ACCESS_DENIED != status)
return status;
+ mozilla::sandboxing::LogBlocked("NtSetInformationFile");
+
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
do {
void* memory = GetGlobalIPCMemory();
if (!memory)
break;
@@ -366,14 +398,15 @@ TargetNtSetInformationFile(NtSetInformat
ResultCode code =
CrossCall(ipc, IpcTag::NTSETINFO_RENAME, file, io_status_buffer,
file_info_buffer, length, file_info_class, &answer);
if (SBOX_ALL_OK != code)
break;
status = answer.nt_status;
+ mozilla::sandboxing::LogAllowed("NtSetInformationFile");
} while (false);
return status;
}
} // namespace sandbox
diff --git a/sandbox/win/src/process_thread_interception.cc b/sandbox/win/src/process_thread_interception.cc
--- a/sandbox/win/src/process_thread_interception.cc
+++ b/sandbox/win/src/process_thread_interception.cc
@@ -10,16 +10,17 @@
#include "sandbox/win/src/ipc_tags.h"
#include "sandbox/win/src/policy_params.h"
#include "sandbox/win/src/policy_target.h"
#include "sandbox/win/src/sandbox_factory.h"
#include "sandbox/win/src/sandbox_nt_util.h"
#include "sandbox/win/src/sharedmem_ipc_client.h"
#include "sandbox/win/src/target_services.h"
#include "third_party/abseil-cpp/absl/types/optional.h"
+#include "mozilla/sandboxing/sandboxLogging.h"
namespace sandbox {
namespace {
NTSTATUS DuplicateObject(HANDLE handle,
ACCESS_MASK desired_access,
PHANDLE out_handle) {
@@ -59,16 +60,17 @@ CallNtOpenProcessTokenEx(NTSTATUS status,
HANDLE process,
ACCESS_MASK desired_access,
ULONG handle_attributes,
PHANDLE token) {
if (NT_SUCCESS(status)) {
return status;
}
+ mozilla::sandboxing::LogBlocked("NtOpenProcessToken(Ex)");
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) {
return status;
}
if (CURRENT_PROCESS != process ||
!ValidParameter(token, sizeof(HANDLE), WRITE)) {
return status;
}
@@ -92,16 +94,17 @@ CallNtOpenProcessTokenEx(NTSTATUS status,
__try {
// Write the output parameters.
*token = answer.handle;
} __except (EXCEPTION_EXECUTE_HANDLER) {
return status;
}
+ mozilla::sandboxing::LogAllowed("NtOpenProcessTokenEx");
return answer.nt_status;
}
} // namespace
// Hooks NtOpenThread and proxy the call to the broker if it's trying to
// open a thread in the same process.
NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread,
@@ -110,16 +113,17 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpe
POBJECT_ATTRIBUTES object_attributes,
PCLIENT_ID client_id) {
NTSTATUS status =
orig_OpenThread(thread, desired_access, object_attributes, client_id);
if (NT_SUCCESS(status)) {
return status;
}
+ mozilla::sandboxing::LogBlocked("NtOpenThread");
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) {
return status;
}
if (!ValidParameter(thread, sizeof(HANDLE), WRITE) ||
!ValidObjectAttributes(object_attributes)) {
return status;
}
@@ -162,16 +166,17 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpe
__try {
// Write the output parameters.
*thread = answer.handle;
} __except (EXCEPTION_EXECUTE_HANDLER) {
return status;
}
+ mozilla::sandboxing::LogAllowed("NtOpenThread");
return answer.nt_status;
}
// Hooks NtOpenProcess and duplicates the current process handle if opening the
// current process.
NTSTATUS WINAPI TargetNtOpenProcess(NtOpenProcessFunction orig_OpenProcess,
PHANDLE process,
ACCESS_MASK desired_access,
diff --git a/sandbox/win/src/signed_interception.cc b/sandbox/win/src/signed_interception.cc
--- a/sandbox/win/src/signed_interception.cc
+++ b/sandbox/win/src/signed_interception.cc
@@ -10,16 +10,17 @@
#include "sandbox/win/src/crosscall_client.h"
#include "sandbox/win/src/ipc_tags.h"
#include "sandbox/win/src/policy_params.h"
#include "sandbox/win/src/policy_target.h"
#include "sandbox/win/src/sandbox_factory.h"
#include "sandbox/win/src/sandbox_nt_util.h"
#include "sandbox/win/src/sharedmem_ipc_client.h"
#include "sandbox/win/src/target_services.h"
+#include "mozilla/sandboxing/sandboxLogging.h"
namespace sandbox {
// Note that this shim may be called before the heap is available, we must get
// as far as |QueryBroker| without using the heap, for example when AppVerifier
// is enabled.
NTSTATUS WINAPI
TargetNtCreateSection(NtCreateSectionFunction orig_CreateSection,
@@ -38,16 +39,18 @@ TargetNtCreateSection(NtCreateSectionFun
break;
if (maximum_size)
break;
if (section_page_protection != PAGE_EXECUTE)
break;
if (allocation_attributes != SEC_IMAGE)
break;
+ mozilla::sandboxing::LogBlocked("NtCreateSection");
+
// IPC must be fully started.
void* memory = GetGlobalIPCMemory();
if (!memory)
break;
// As mentioned at the top of the function, we need to use the stack here
// because the heap may not be available.
constexpr ULONG path_buffer_size =
@@ -90,16 +93,17 @@ TargetNtCreateSection(NtCreateSectionFun
if (code != SBOX_ALL_OK)
break;
if (!NT_SUCCESS(answer.nt_status))
break;
__try {
*section_handle = answer.handle;
+ mozilla::sandboxing::LogAllowed("NtCreateSection");
return answer.nt_status;
} __except (EXCEPTION_EXECUTE_HANDLER) {
break;
}
} while (false);
// Fall back to the original API in all failure cases.
return orig_CreateSection(section_handle, desired_access, object_attributes,