summaryrefslogtreecommitdiff
path: root/chromium/sandbox
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@qt.io>2017-01-04 14:17:57 +0100
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2017-01-05 10:05:06 +0000
commit39d357e3248f80abea0159765ff39554affb40db (patch)
treeaba0e6bfb76de0244bba0f5fdbd64b830dd6e621 /chromium/sandbox
parent87778abf5a1f89266f37d1321b92a21851d8244d (diff)
downloadqtwebengine-chromium-39d357e3248f80abea0159765ff39554affb40db.tar.gz
BASELINE: Update Chromium to 55.0.2883.105
And updates ninja to 1.7.2 Change-Id: I20d43c737f82764d857ada9a55586901b18b9243 Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/sandbox')
-rw-r--r--chromium/sandbox/linux/BUILD.gn48
-rw-r--r--chromium/sandbox/linux/sandbox_linux.gypi434
-rw-r--r--chromium/sandbox/linux/sandbox_linux_nacl_nonsfi.gyp87
-rw-r--r--chromium/sandbox/linux/sandbox_linux_test_sources.gypi93
-rw-r--r--chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc4
-rw-r--r--chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc26
-rw-r--r--chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc5
-rw-r--r--chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc10
-rw-r--r--chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h4
-rw-r--r--chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc3
-rw-r--r--chromium/sandbox/linux/services/credentials.cc6
-rw-r--r--chromium/sandbox/linux/services/credentials.h3
-rw-r--r--chromium/sandbox/linux/services/credentials_unittest.cc3
-rw-r--r--chromium/sandbox/linux/services/syscall_wrappers.cc4
-rw-r--r--chromium/sandbox/linux/services/syscall_wrappers.h4
-rw-r--r--chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc18
-rw-r--r--chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h4
-rw-r--r--chromium/sandbox/linux/system_headers/mips_linux_syscalls.h4
-rw-r--r--chromium/sandbox/mac/bootstrap_sandbox.cc2
-rw-r--r--chromium/sandbox/mac/bootstrap_sandbox_unittest.mm33
-rw-r--r--chromium/sandbox/mac/launchd_interception_server.cc2
-rw-r--r--chromium/sandbox/mac/os_compatibility.cc6
-rw-r--r--chromium/sandbox/mac/pre_exec_delegate.cc5
-rw-r--r--chromium/sandbox/mac/sandbox_mac.gypi104
-rw-r--r--chromium/sandbox/mac/seatbelt.cc11
-rw-r--r--chromium/sandbox/mac/seatbelt.h10
-rw-r--r--chromium/sandbox/sandbox.gyp35
-rw-r--r--chromium/sandbox/sandbox_linux_unittests.isolate23
-rw-r--r--chromium/sandbox/sandbox_linux_unittests_apk.isolate19
-rw-r--r--chromium/sandbox/sandbox_mac_unittests.isolate9
-rw-r--r--chromium/sandbox/sbox_integration_tests.isolate37
-rw-r--r--chromium/sandbox/sbox_unittests.isolate28
-rw-r--r--chromium/sandbox/sbox_validation_tests.isolate28
-rw-r--r--chromium/sandbox/win/BUILD.gn25
-rw-r--r--chromium/sandbox/win/PRESUBMIT.py2
-rw-r--r--chromium/sandbox/win/sandbox_win.gypi432
-rw-r--r--chromium/sandbox/win/src/address_sanitizer_test.cc3
-rw-r--r--chromium/sandbox/win/src/broker_services.cc2
-rw-r--r--chromium/sandbox/win/src/handle_closer_agent.cc2
-rw-r--r--chromium/sandbox/win/src/handle_closer_test.cc2
-rw-r--r--chromium/sandbox/win/src/handle_inheritance_test.cc3
-rw-r--r--chromium/sandbox/win/src/nt_internals.h93
-rw-r--r--chromium/sandbox/win/src/process_mitigations_test.cc22
-rw-r--r--chromium/sandbox/win/src/sandbox.vcproj10
-rw-r--r--chromium/sandbox/win/src/sandbox_nt_util.cc99
-rw-r--r--chromium/sandbox/win/src/sandbox_nt_util_unittest.cc148
-rw-r--r--chromium/sandbox/win/src/sandbox_types.h7
-rw-r--r--chromium/sandbox/win/src/security_level.h11
-rw-r--r--chromium/sandbox/win/src/sharedmem_ipc_server.cc2
-rw-r--r--chromium/sandbox/win/src/target_process.cc48
-rw-r--r--chromium/sandbox/win/src/win_utils.cc86
-rw-r--r--chromium/sandbox/win/src/win_utils.h8
-rw-r--r--chromium/sandbox/win/src/win_utils_unittest.cc87
-rw-r--r--chromium/sandbox/win/wow_helper.sln19
-rw-r--r--chromium/sandbox/win/wow_helper/service64_resolver.cc347
-rw-r--r--chromium/sandbox/win/wow_helper/service64_resolver.h75
-rw-r--r--chromium/sandbox/win/wow_helper/target_code.cc34
-rw-r--r--chromium/sandbox/win/wow_helper/target_code.h41
-rw-r--r--chromium/sandbox/win/wow_helper/wow_helper.cc87
-rwxr-xr-xchromium/sandbox/win/wow_helper/wow_helper.exebin67072 -> 0 bytes
-rw-r--r--chromium/sandbox/win/wow_helper/wow_helper.pdbbin699392 -> 0 bytes
-rw-r--r--chromium/sandbox/win/wow_helper/wow_helper.vcproj215
62 files changed, 669 insertions, 2353 deletions
diff --git a/chromium/sandbox/linux/BUILD.gn b/chromium/sandbox/linux/BUILD.gn
index 76eef666ac1..1e6d7a1c813 100644
--- a/chromium/sandbox/linux/BUILD.gn
+++ b/chromium/sandbox/linux/BUILD.gn
@@ -41,10 +41,7 @@ group("sandbox") {
public_deps += [ ":suid_sandbox_client" ]
}
if (use_seccomp_bpf || is_nacl_nonsfi) {
- public_deps += [
- ":seccomp_bpf",
- ":seccomp_bpf_helpers",
- ]
+ public_deps += [ ":seccomp_bpf" ]
}
}
@@ -221,6 +218,14 @@ component("seccomp_bpf") {
"bpf_dsl/syscall_set.cc",
"bpf_dsl/syscall_set.h",
"bpf_dsl/trap_registry.h",
+ "seccomp-bpf-helpers/baseline_policy.cc",
+ "seccomp-bpf-helpers/baseline_policy.h",
+ "seccomp-bpf-helpers/sigsys_handlers.cc",
+ "seccomp-bpf-helpers/sigsys_handlers.h",
+ "seccomp-bpf-helpers/syscall_parameters_restrictions.cc",
+ "seccomp-bpf-helpers/syscall_parameters_restrictions.h",
+ "seccomp-bpf-helpers/syscall_sets.cc",
+ "seccomp-bpf-helpers/syscall_sets.h",
"seccomp-bpf/die.cc",
"seccomp-bpf/die.h",
"seccomp-bpf/sandbox_bpf.cc",
@@ -250,31 +255,6 @@ component("seccomp_bpf") {
"bpf_dsl/linux_syscall_ranges.h",
"bpf_dsl/seccomp_macros.h",
"bpf_dsl/trap_registry.h",
- ]
- }
-}
-
-component("seccomp_bpf_helpers") {
- sources = [
- "seccomp-bpf-helpers/baseline_policy.cc",
- "seccomp-bpf-helpers/baseline_policy.h",
- "seccomp-bpf-helpers/sigsys_handlers.cc",
- "seccomp-bpf-helpers/sigsys_handlers.h",
- "seccomp-bpf-helpers/syscall_parameters_restrictions.cc",
- "seccomp-bpf-helpers/syscall_parameters_restrictions.h",
- "seccomp-bpf-helpers/syscall_sets.cc",
- "seccomp-bpf-helpers/syscall_sets.h",
- ]
- defines = [ "SANDBOX_IMPLEMENTATION" ]
-
- deps = [
- ":sandbox_services",
- ":seccomp_bpf",
- "//base",
- ]
-
- if (is_nacl_nonsfi) {
- sources -= [
"seccomp-bpf-helpers/baseline_policy.cc",
"seccomp-bpf-helpers/baseline_policy.h",
"seccomp-bpf-helpers/syscall_sets.cc",
@@ -306,7 +286,7 @@ if (is_linux) {
import("//build/config/compiler/compiler.gni")
import("//build/config/sanitizers/sanitizers.gni")
- if (is_component_build && !using_sanitizer) {
+ if (is_component_build || using_sanitizer) {
# WARNING! We remove this config so that we don't accidentally
# pick up the //build/config:rpath_for_built_shared_libraries
# sub-config. However, this means that we need to duplicate any
@@ -317,9 +297,11 @@ if (is_linux) {
}
}
- deps = [
- "//build/config/sanitizers:deps",
- ]
+ # We also do not want to pick up any of the other sanitizer
+ # flags (i.e. we do not want to build w/ the sanitizers at all).
+ # This is safe to delete unconditionally, because it is part of the
+ # default configs and empty when not using the sanitizers.
+ configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
}
}
diff --git a/chromium/sandbox/linux/sandbox_linux.gypi b/chromium/sandbox/linux/sandbox_linux.gypi
deleted file mode 100644
index c19bdb1c5f6..00000000000
--- a/chromium/sandbox/linux/sandbox_linux.gypi
+++ /dev/null
@@ -1,434 +0,0 @@
-# Copyright (c) 2012 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
- 'variables': {
- 'conditions': [
- ['OS=="linux"', {
- 'compile_suid_client': 1,
- 'compile_credentials': 1,
- 'use_base_test_suite': 1,
- }, {
- 'compile_suid_client': 0,
- 'compile_credentials': 0,
- 'use_base_test_suite': 0,
- }],
- ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or '
- 'target_arch=="mipsel")', {
- 'compile_seccomp_bpf_demo': 1,
- }, {
- 'compile_seccomp_bpf_demo': 0,
- }],
- ],
- },
- 'target_defaults': {
- 'target_conditions': [
- # All linux/ files will automatically be excluded on Android
- # so make sure we re-include them explicitly.
- ['OS == "android"', {
- 'sources/': [
- ['include', '^linux/'],
- ],
- }],
- ],
- },
- 'targets': [
- # We have two principal targets: sandbox and sandbox_linux_unittests
- # All other targets are listed as dependencies.
- # There is one notable exception: for historical reasons, chrome_sandbox is
- # the setuid sandbox and is its own target.
- {
- 'target_name': 'sandbox',
- 'type': 'none',
- 'dependencies': [
- 'sandbox_services',
- ],
- 'conditions': [
- [ 'compile_suid_client==1', {
- 'dependencies': [
- 'suid_sandbox_client',
- ],
- }],
- # Compile seccomp BPF when we support it.
- [ 'use_seccomp_bpf==1', {
- 'dependencies': [
- 'seccomp_bpf',
- 'seccomp_bpf_helpers',
- ],
- }],
- ],
- },
- {
- 'target_name': 'sandbox_linux_test_utils',
- 'type': 'static_library',
- 'dependencies': [
- '../testing/gtest.gyp:gtest',
- ],
- 'include_dirs': [
- '../..',
- ],
- 'sources': [
- 'tests/sandbox_test_runner.cc',
- 'tests/sandbox_test_runner.h',
- 'tests/sandbox_test_runner_function_pointer.cc',
- 'tests/sandbox_test_runner_function_pointer.h',
- 'tests/test_utils.cc',
- 'tests/test_utils.h',
- 'tests/unit_tests.cc',
- 'tests/unit_tests.h',
- ],
- 'conditions': [
- [ 'use_seccomp_bpf==1', {
- 'sources': [
- 'seccomp-bpf/bpf_tester_compatibility_delegate.h',
- 'seccomp-bpf/bpf_tests.h',
- 'seccomp-bpf/sandbox_bpf_test_runner.cc',
- 'seccomp-bpf/sandbox_bpf_test_runner.h',
- ],
- 'dependencies': [
- 'seccomp_bpf',
- ]
- }],
- [ 'use_base_test_suite==1', {
- 'dependencies': [
- '../base/base.gyp:test_support_base',
- ],
- 'defines': [
- 'SANDBOX_USES_BASE_TEST_SUITE',
- ],
- }],
- ],
- },
- {
- # The main sandboxing test target.
- 'target_name': 'sandbox_linux_unittests',
- 'includes': [
- 'sandbox_linux_test_sources.gypi',
- ],
- 'type': 'executable',
- 'conditions': [
- [ 'OS == "android"', {
- 'variables': {
- 'test_type': 'gtest',
- 'test_suite_name': '<(_target_name)',
- },
- 'includes': [
- '../../build/android/test_runner.gypi',
- ],
- }]
- ]
- },
- {
- 'target_name': 'seccomp_bpf',
- 'type': '<(component)',
- 'sources': [
- 'bpf_dsl/bpf_dsl.cc',
- 'bpf_dsl/bpf_dsl.h',
- 'bpf_dsl/bpf_dsl_forward.h',
- 'bpf_dsl/bpf_dsl_impl.h',
- 'bpf_dsl/codegen.cc',
- 'bpf_dsl/codegen.h',
- 'bpf_dsl/cons.h',
- 'bpf_dsl/errorcode.h',
- 'bpf_dsl/linux_syscall_ranges.h',
- 'bpf_dsl/policy.cc',
- 'bpf_dsl/policy.h',
- 'bpf_dsl/policy_compiler.cc',
- 'bpf_dsl/policy_compiler.h',
- 'bpf_dsl/seccomp_macros.h',
- 'bpf_dsl/seccomp_macros.h',
- 'bpf_dsl/syscall_set.cc',
- 'bpf_dsl/syscall_set.h',
- 'bpf_dsl/trap_registry.h',
- 'seccomp-bpf/die.cc',
- 'seccomp-bpf/die.h',
- 'seccomp-bpf/sandbox_bpf.cc',
- 'seccomp-bpf/sandbox_bpf.h',
- 'seccomp-bpf/syscall.cc',
- 'seccomp-bpf/syscall.h',
- 'seccomp-bpf/trap.cc',
- 'seccomp-bpf/trap.h',
- ],
- 'dependencies': [
- '../base/base.gyp:base',
- 'sandbox_services',
- 'sandbox_services_headers',
- ],
- 'defines': [
- 'SANDBOX_IMPLEMENTATION',
- ],
- 'includes': [
- # Disable LTO due to compiler bug
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57703
- '../../build/android/disable_gcc_lto.gypi',
- ],
- 'include_dirs': [
- '../..',
- ],
- },
- {
- 'target_name': 'seccomp_bpf_helpers',
- 'type': '<(component)',
- 'sources': [
- 'seccomp-bpf-helpers/baseline_policy.cc',
- 'seccomp-bpf-helpers/baseline_policy.h',
- 'seccomp-bpf-helpers/sigsys_handlers.cc',
- 'seccomp-bpf-helpers/sigsys_handlers.h',
- 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
- 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
- 'seccomp-bpf-helpers/syscall_sets.cc',
- 'seccomp-bpf-helpers/syscall_sets.h',
- ],
- 'dependencies': [
- '../base/base.gyp:base',
- 'sandbox_services',
- 'seccomp_bpf',
- ],
- 'defines': [
- 'SANDBOX_IMPLEMENTATION',
- ],
- 'include_dirs': [
- '../..',
- ],
- },
- {
- # The setuid sandbox, for Linux
- 'target_name': 'chrome_sandbox',
- 'type': 'executable',
- 'sources': [
- 'suid/common/sandbox.h',
- 'suid/common/suid_unsafe_environment_variables.h',
- 'suid/process_util.h',
- 'suid/process_util_linux.c',
- 'suid/sandbox.c',
- ],
- 'cflags': [
- # For ULLONG_MAX
- '-std=gnu99',
- ],
- 'include_dirs': [
- '../..',
- ],
- # Do not use any sanitizer tools with this binary. http://crbug.com/382766
- 'cflags/': [
- ['exclude', '-fsanitize'],
- ],
- 'ldflags/': [
- ['exclude', '-fsanitize'],
- ],
- },
- { 'target_name': 'sandbox_services',
- 'type': '<(component)',
- 'sources': [
- 'services/init_process_reaper.cc',
- 'services/init_process_reaper.h',
- 'services/proc_util.cc',
- 'services/proc_util.h',
- 'services/resource_limits.cc',
- 'services/resource_limits.h',
- 'services/scoped_process.cc',
- 'services/scoped_process.h',
- 'services/syscall_wrappers.cc',
- 'services/syscall_wrappers.h',
- 'services/thread_helpers.cc',
- 'services/thread_helpers.h',
- 'services/yama.cc',
- 'services/yama.h',
- 'syscall_broker/broker_channel.cc',
- 'syscall_broker/broker_channel.h',
- 'syscall_broker/broker_client.cc',
- 'syscall_broker/broker_client.h',
- 'syscall_broker/broker_common.h',
- 'syscall_broker/broker_file_permission.cc',
- 'syscall_broker/broker_file_permission.h',
- 'syscall_broker/broker_host.cc',
- 'syscall_broker/broker_host.h',
- 'syscall_broker/broker_policy.cc',
- 'syscall_broker/broker_policy.h',
- 'syscall_broker/broker_process.cc',
- 'syscall_broker/broker_process.h',
- ],
- 'dependencies': [
- '../base/base.gyp:base',
- ],
- 'defines': [
- 'SANDBOX_IMPLEMENTATION',
- ],
- 'conditions': [
- ['compile_credentials==1', {
- 'sources': [
- 'services/credentials.cc',
- 'services/credentials.h',
- 'services/namespace_sandbox.cc',
- 'services/namespace_sandbox.h',
- 'services/namespace_utils.cc',
- 'services/namespace_utils.h',
- ],
- 'dependencies': [
- # for capability.h.
- 'sandbox_services_headers',
- ],
- }],
- ],
- 'include_dirs': [
- '..',
- ],
- },
- { 'target_name': 'sandbox_services_headers',
- 'type': 'none',
- 'sources': [
- 'system_headers/arm64_linux_syscalls.h',
- 'system_headers/arm64_linux_ucontext.h',
- 'system_headers/arm_linux_syscalls.h',
- 'system_headers/arm_linux_ucontext.h',
- 'system_headers/capability.h',
- 'system_headers/i386_linux_ucontext.h',
- 'system_headers/linux_futex.h',
- 'system_headers/linux_seccomp.h',
- 'system_headers/linux_syscalls.h',
- 'system_headers/linux_time.h',
- 'system_headers/linux_ucontext.h',
- 'system_headers/mips_linux_syscalls.h',
- 'system_headers/mips_linux_ucontext.h',
- 'system_headers/x86_32_linux_syscalls.h',
- 'system_headers/x86_64_linux_syscalls.h',
- ],
- 'include_dirs': [
- '..',
- ],
- },
- {
- 'target_name': 'suid_sandbox_client',
- 'type': '<(component)',
- 'sources': [
- 'suid/common/sandbox.h',
- 'suid/common/suid_unsafe_environment_variables.h',
- 'suid/client/setuid_sandbox_client.cc',
- 'suid/client/setuid_sandbox_client.h',
- 'suid/client/setuid_sandbox_host.cc',
- 'suid/client/setuid_sandbox_host.h',
- ],
- 'defines': [
- 'SANDBOX_IMPLEMENTATION',
- ],
- 'dependencies': [
- '../base/base.gyp:base',
- 'sandbox_services',
- ],
- 'include_dirs': [
- '..',
- ],
- },
- {
- 'target_name': 'bpf_dsl_golden',
- 'type': 'none',
- 'actions': [
- {
- 'action_name': 'generate',
- 'inputs': [
- 'bpf_dsl/golden/generate.py',
- 'bpf_dsl/golden/i386/ArgSizePolicy.txt',
- 'bpf_dsl/golden/i386/BasicPolicy.txt',
- 'bpf_dsl/golden/i386/ElseIfPolicy.txt',
- 'bpf_dsl/golden/i386/MaskingPolicy.txt',
- 'bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt',
- 'bpf_dsl/golden/i386/NegativeConstantsPolicy.txt',
- 'bpf_dsl/golden/i386/SwitchPolicy.txt',
- 'bpf_dsl/golden/x86-64/ArgSizePolicy.txt',
- 'bpf_dsl/golden/x86-64/BasicPolicy.txt',
- 'bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt',
- 'bpf_dsl/golden/x86-64/ElseIfPolicy.txt',
- 'bpf_dsl/golden/x86-64/MaskingPolicy.txt',
- 'bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt',
- 'bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt',
- 'bpf_dsl/golden/x86-64/SwitchPolicy.txt',
- ],
- 'outputs': [
- '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_files.h',
- ],
- 'action': [
- 'python',
- 'linux/bpf_dsl/golden/generate.py',
- '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_files.h',
- 'linux/bpf_dsl/golden/i386/ArgSizePolicy.txt',
- 'linux/bpf_dsl/golden/i386/BasicPolicy.txt',
- 'linux/bpf_dsl/golden/i386/ElseIfPolicy.txt',
- 'linux/bpf_dsl/golden/i386/MaskingPolicy.txt',
- 'linux/bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt',
- 'linux/bpf_dsl/golden/i386/NegativeConstantsPolicy.txt',
- 'linux/bpf_dsl/golden/i386/SwitchPolicy.txt',
- 'linux/bpf_dsl/golden/x86-64/ArgSizePolicy.txt',
- 'linux/bpf_dsl/golden/x86-64/BasicPolicy.txt',
- 'linux/bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt',
- 'linux/bpf_dsl/golden/x86-64/ElseIfPolicy.txt',
- 'linux/bpf_dsl/golden/x86-64/MaskingPolicy.txt',
- 'linux/bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt',
- 'linux/bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt',
- 'linux/bpf_dsl/golden/x86-64/SwitchPolicy.txt',
- ],
- 'message': 'Generating header from golden files ...',
- },
- ],
- },
- ],
- 'conditions': [
- [ 'OS=="android"', {
- 'targets': [
- {
- 'target_name': 'sandbox_linux_unittests_deps',
- 'type': 'none',
- 'dependencies': [
- 'sandbox_linux_unittests',
- ],
- 'variables': {
- 'output_dir': '<(PRODUCT_DIR)/sandbox_linux_unittests__dist/',
- 'native_binary': '<(PRODUCT_DIR)/sandbox_linux_unittests',
- 'include_main_binary': 1,
- },
- 'includes': [
- '../../build/android/native_app_dependencies.gypi'
- ],
- }],
- }],
- [ 'OS=="android"', {
- 'conditions': [
- ['test_isolation_mode != "noop"', {
- 'targets': [
- {
- 'target_name': 'sandbox_linux_unittests_apk_run',
- 'type': 'none',
- 'dependencies': [
- 'sandbox_linux_unittests',
- ],
- 'includes': [
- '../../build/isolate.gypi',
- ],
- 'sources': [
- '../sandbox_linux_unittests_apk.isolate',
- ],
- },
- ],
- },
- ],
- ],
- }],
- ['test_isolation_mode != "noop"', {
- 'targets': [
- {
- 'target_name': 'sandbox_linux_unittests_run',
- 'type': 'none',
- 'dependencies': [
- 'sandbox_linux_unittests',
- ],
- 'includes': [
- '../../build/isolate.gypi',
- ],
- 'sources': [
- '../sandbox_linux_unittests.isolate',
- ],
- },
- ],
- }],
- ],
-}
diff --git a/chromium/sandbox/linux/sandbox_linux_nacl_nonsfi.gyp b/chromium/sandbox/linux/sandbox_linux_nacl_nonsfi.gyp
deleted file mode 100644
index 50e637c360b..00000000000
--- a/chromium/sandbox/linux/sandbox_linux_nacl_nonsfi.gyp
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 2015 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
- 'variables': {
- 'chromium_code': 1,
- },
- 'includes': [
- '../../build/common_untrusted.gypi',
- ],
- 'conditions': [
- ['disable_nacl==0 and disable_nacl_untrusted==0', {
- 'targets': [
- {
- 'target_name': 'sandbox_linux_nacl_nonsfi',
- 'type': 'none',
- 'variables': {
- 'nacl_untrusted_build': 1,
- 'nlib_target': 'libsandbox_linux_nacl_nonsfi.a',
- 'build_glibc': 0,
- 'build_newlib': 0,
- 'build_irt': 0,
- 'build_pnacl_newlib': 0,
- 'build_nonsfi_helper': 1,
- 'compile_flags': [
- '-fgnu-inline-asm',
- ],
- 'sources': [
- # This is the subset of linux build target, needed for
- # nacl_helper_nonsfi's sandbox implementation.
- 'bpf_dsl/bpf_dsl.cc',
- 'bpf_dsl/codegen.cc',
- 'bpf_dsl/policy.cc',
- 'bpf_dsl/policy_compiler.cc',
- 'bpf_dsl/syscall_set.cc',
- 'seccomp-bpf-helpers/sigsys_handlers.cc',
- 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
- 'seccomp-bpf/die.cc',
- 'seccomp-bpf/sandbox_bpf.cc',
- 'seccomp-bpf/syscall.cc',
- 'seccomp-bpf/trap.cc',
- 'services/credentials.cc',
- 'services/namespace_sandbox.cc',
- 'services/namespace_utils.cc',
- 'services/proc_util.cc',
- 'services/resource_limits.cc',
- 'services/syscall_wrappers.cc',
- 'services/thread_helpers.cc',
- 'suid/client/setuid_sandbox_client.cc',
- ],
- },
- 'dependencies': [
- '../../base/base_nacl.gyp:base_nacl_nonsfi',
- ],
- },
- ],
- }],
-
- ['disable_nacl==0 and disable_nacl_untrusted==0 and enable_nacl_nonsfi_test==1', {
- 'targets': [
- {
- 'target_name': 'sandbox_linux_test_utils_nacl_nonsfi',
- 'type': 'none',
- 'variables': {
- 'nacl_untrusted_build': 1,
- 'nlib_target': 'libsandbox_linux_test_utils_nacl_nonsfi.a',
- 'build_glibc': 0,
- 'build_newlib': 0,
- 'build_irt': 0,
- 'build_pnacl_newlib': 0,
- 'build_nonsfi_helper': 1,
-
- 'sources': [
- 'seccomp-bpf/sandbox_bpf_test_runner.cc',
- 'tests/sandbox_test_runner.cc',
- 'tests/unit_tests.cc',
- ],
- },
- 'dependencies': [
- '../../testing/gtest_nacl.gyp:gtest_nacl',
- ],
- },
- ],
- }],
- ],
-}
diff --git a/chromium/sandbox/linux/sandbox_linux_test_sources.gypi b/chromium/sandbox/linux/sandbox_linux_test_sources.gypi
deleted file mode 100644
index 612814e1d48..00000000000
--- a/chromium/sandbox/linux/sandbox_linux_test_sources.gypi
+++ /dev/null
@@ -1,93 +0,0 @@
-# Copyright (c) 2012 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# Tests need to be compiled in the same link unit, so we have to list them
-# in a separate .gypi file.
-{
- 'dependencies': [
- 'sandbox',
- 'sandbox_linux_test_utils',
- 'sandbox_services',
- '../base/base.gyp:base',
- '../testing/gtest.gyp:gtest',
- ],
- 'include_dirs': [
- '../..',
- ],
- 'sources': [
- 'services/proc_util_unittest.cc',
- 'services/scoped_process_unittest.cc',
- 'services/resource_limits_unittests.cc',
- 'services/syscall_wrappers_unittest.cc',
- 'services/thread_helpers_unittests.cc',
- 'services/yama_unittests.cc',
- 'syscall_broker/broker_file_permission_unittest.cc',
- 'syscall_broker/broker_process_unittest.cc',
- 'tests/main.cc',
- 'tests/scoped_temporary_file.cc',
- 'tests/scoped_temporary_file.h',
- 'tests/scoped_temporary_file_unittest.cc',
- 'tests/test_utils_unittest.cc',
- 'tests/unit_tests_unittest.cc',
- ],
- 'conditions': [
- [ 'compile_suid_client==1', {
- 'sources': [
- 'suid/client/setuid_sandbox_client_unittest.cc',
- 'suid/client/setuid_sandbox_host_unittest.cc',
- ],
- }],
- [ 'use_seccomp_bpf==1', {
- 'sources': [
- 'bpf_dsl/bpf_dsl_unittest.cc',
- 'bpf_dsl/codegen_unittest.cc',
- 'bpf_dsl/cons_unittest.cc',
- 'bpf_dsl/dump_bpf.cc',
- 'bpf_dsl/dump_bpf.h',
- 'bpf_dsl/syscall_set_unittest.cc',
- 'bpf_dsl/test_trap_registry.cc',
- 'bpf_dsl/test_trap_registry.h',
- 'bpf_dsl/test_trap_registry_unittest.cc',
- 'bpf_dsl/verifier.cc',
- 'bpf_dsl/verifier.h',
- 'integration_tests/bpf_dsl_seccomp_unittest.cc',
- 'integration_tests/seccomp_broker_process_unittest.cc',
- 'seccomp-bpf-helpers/baseline_policy_unittest.cc',
- 'seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc',
- 'seccomp-bpf/bpf_tests_unittest.cc',
- 'seccomp-bpf/sandbox_bpf_unittest.cc',
- 'seccomp-bpf/syscall_unittest.cc',
- 'seccomp-bpf/trap_unittest.cc',
- ],
- 'dependencies': [
- 'bpf_dsl_golden',
- ],
- }],
- [ 'compile_credentials==1', {
- 'sources': [
- 'integration_tests/namespace_unix_domain_socket_unittest.cc',
- 'services/credentials_unittest.cc',
- 'services/namespace_utils_unittest.cc',
- ],
- 'dependencies': [
- '../build/linux/system.gyp:libcap'
- ],
- 'conditions': [
- [ 'use_base_test_suite==1', {
- 'sources': [
- 'services/namespace_sandbox_unittest.cc',
- ]
- }]
- ],
- }],
- [ 'use_base_test_suite==1', {
- 'dependencies': [
- '../base/base.gyp:test_support_base',
- ],
- 'defines': [
- 'SANDBOX_USES_BASE_TEST_SUITE',
- ],
- }],
- ],
-}
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 2bf572c0b3c..af472695e0c 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -169,6 +169,10 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
if (sysno == __NR_getpriority || sysno ==__NR_setpriority)
return RestrictGetSetpriority(current_pid);
+ if (sysno == __NR_getrandom) {
+ return RestrictGetRandom();
+ }
+
if (sysno == __NR_madvise) {
// Only allow MADV_DONTNEED (aka MADV_FREE).
const Arg<int> advice(2);
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
index f0392b1a002..ca812d8a1ed 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
@@ -168,6 +168,21 @@ BPF_TEST_C(BaselinePolicy, Socketpair, BaselinePolicy) {
TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1]));
}
+#if !defined(GRND_NONBLOCK)
+#define GRND_NONBLOCK 1
+#endif
+
+BPF_TEST_C(BaselinePolicy, GetRandom, BaselinePolicy) {
+ char buf[1];
+
+ // Many systems do not yet support getrandom(2) so ENOSYS is a valid result
+ // here.
+ int ret = HANDLE_EINTR(syscall(__NR_getrandom, buf, sizeof(buf), 0));
+ BPF_ASSERT((ret == -1 && errno == ENOSYS) || ret == 1);
+ ret = HANDLE_EINTR(syscall(__NR_getrandom, buf, sizeof(buf), GRND_NONBLOCK));
+ BPF_ASSERT((ret == -1 && (errno == ENOSYS || errno == EAGAIN)) || ret == 1);
+}
+
// Not all architectures can restrict the domain for socketpair().
#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
BPF_DEATH_TEST_C(BaselinePolicy,
@@ -349,6 +364,17 @@ BPF_DEATH_TEST_C(BaselinePolicy,
clock_gettime(CLOCK_MONOTONIC_RAW, &ts);
}
+#if !defined(GRND_RANDOM)
+#define GRND_RANDOM 2
+#endif
+
+BPF_DEATH_TEST_C(BaselinePolicy,
+ GetRandomOfDevRandomCrashes,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ BaselinePolicy) {
+ syscall(__NR_getrandom, NULL, 0, GRND_RANDOM);
+}
+
#if !defined(__i386__)
BPF_DEATH_TEST_C(BaselinePolicy,
GetSockOptWrongLevelSigsys,
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
index 077bc61f38d..ff730180019 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
@@ -49,7 +49,8 @@ void WriteToStdErr(const char* error_message, size_t size) {
while (size > 0) {
// TODO(jln): query the current policy to check if send() is available and
// use it to perform a non-blocking write.
- const int ret = HANDLE_EINTR(write(STDERR_FILENO, error_message, size));
+ const int ret = HANDLE_EINTR(
+ sandbox::sys_write(STDERR_FILENO, error_message, size));
// We can't handle any type of error here.
if (ret <= 0 || static_cast<size_t>(ret) > size) break;
size -= ret;
@@ -105,7 +106,7 @@ void PrintSyscallError(uint32_t sysno) {
WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1);
}
-} // namespace.
+} // namespace
namespace sandbox {
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 56c4cb387da..43f633ed78e 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -351,4 +351,14 @@ ResultExpr RestrictClockID() {
.Default(CrashSIGSYS());
}
+#if !defined(GRND_NONBLOCK)
+#define GRND_NONBLOCK 1
+#endif
+
+ResultExpr RestrictGetRandom() {
+ const Arg<unsigned int> flags(2);
+ const unsigned int kGoodFlags = GRND_NONBLOCK;
+ return If((flags & ~kGoodFlags) == 0, Allow()).Else(CrashSIGSYS());
+}
+
} // namespace sandbox.
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
index b96fe20e35f..d2a6faadb6d 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
@@ -94,6 +94,10 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictGetrusage();
// about the state of the host OS.
SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictClockID();
+// Restrict the flags argument to getrandom() to allow only no flags, or
+// GRND_NONBLOCK.
+SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictGetRandom();
+
} // namespace sandbox.
#endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_PARAMETERS_RESTRICTIONS_H_
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
index 804a8fea1e7..c068cd2d04f 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
@@ -13,6 +13,7 @@
#include <unistd.h>
#include "base/bind.h"
+#include "base/single_thread_task_runner.h"
#include "base/synchronization/waitable_event.h"
#include "base/sys_info.h"
#include "base/threading/thread.h"
@@ -164,7 +165,7 @@ BPF_TEST_C(ParameterRestrictions,
// different.
base::Thread getparam_thread("sched_getparam_thread");
BPF_ASSERT(getparam_thread.Start());
- getparam_thread.message_loop()->PostTask(
+ getparam_thread.task_runner()->PostTask(
FROM_HERE, base::Bind(&SchedGetParamThread, &thread_run));
BPF_ASSERT(thread_run.TimedWait(base::TimeDelta::FromMilliseconds(5000)));
getparam_thread.Stop();
diff --git a/chromium/sandbox/linux/services/credentials.cc b/chromium/sandbox/linux/services/credentials.cc
index 0c617d4b2f1..803af159704 100644
--- a/chromium/sandbox/linux/services/credentials.cc
+++ b/chromium/sandbox/linux/services/credentials.cc
@@ -315,12 +315,16 @@ bool Credentials::DropFileSystemAccess(int proc_fd) {
CHECK_LE(0, proc_fd);
CHECK(ChrootToSafeEmptyDir());
- CHECK(!base::DirectoryExists(base::FilePath("/proc")));
+ CHECK(!HasFileSystemAccess());
CHECK(!ProcUtil::HasOpenDirectory(proc_fd));
// We never let this function fail.
return true;
}
+bool Credentials::HasFileSystemAccess() {
+ return base::DirectoryExists(base::FilePath("/proc"));
+}
+
pid_t Credentials::ForkAndDropCapabilitiesInChild() {
pid_t pid = fork();
if (pid != 0) {
diff --git a/chromium/sandbox/linux/services/credentials.h b/chromium/sandbox/linux/services/credentials.h
index b89a6aa7cf6..157c8e75e8f 100644
--- a/chromium/sandbox/linux/services/credentials.h
+++ b/chromium/sandbox/linux/services/credentials.h
@@ -94,6 +94,9 @@ class SANDBOX_EXPORT Credentials {
// - DropAllCapabilities() must be called to prevent escapes.
static bool DropFileSystemAccess(int proc_fd) WARN_UNUSED_RESULT;
+ // This function returns true if the process can still access the filesystem.
+ static bool HasFileSystemAccess();
+
// Forks and drops capabilities in the child.
static pid_t ForkAndDropCapabilitiesInChild();
diff --git a/chromium/sandbox/linux/services/credentials_unittest.cc b/chromium/sandbox/linux/services/credentials_unittest.cc
index b95ba0bab27..661e096850f 100644
--- a/chromium/sandbox/linux/services/credentials_unittest.cc
+++ b/chromium/sandbox/linux/services/credentials_unittest.cc
@@ -145,11 +145,12 @@ SANDBOX_TEST(Credentials, CanDetectRoot) {
// Disabled on ASAN because of crbug.com/451603.
SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessIsSafe)) {
+ CHECK(Credentials::HasFileSystemAccess());
CHECK(Credentials::DropAllCapabilities());
// Probably missing kernel support.
if (!Credentials::MoveToNewUserNS()) return;
CHECK(Credentials::DropFileSystemAccess(ProcUtil::OpenProc().get()));
- CHECK(!base::DirectoryExists(base::FilePath("/proc")));
+ CHECK(!Credentials::HasFileSystemAccess());
CHECK(WorkingDirectoryIsRoot());
CHECK(base::IsDirectoryEmpty(base::FilePath("/")));
// We want the chroot to never have a subdirectory. A subdirectory
diff --git a/chromium/sandbox/linux/services/syscall_wrappers.cc b/chromium/sandbox/linux/services/syscall_wrappers.cc
index 7132d2ade95..9c7727cee50 100644
--- a/chromium/sandbox/linux/services/syscall_wrappers.cc
+++ b/chromium/sandbox/linux/services/syscall_wrappers.cc
@@ -32,6 +32,10 @@ pid_t sys_gettid(void) {
return syscall(__NR_gettid);
}
+ssize_t sys_write(int fd, const char* buffer, size_t buffer_size) {
+ return syscall(__NR_write, fd, buffer, buffer_size);
+}
+
long sys_clone(unsigned long flags,
std::nullptr_t child_stack,
pid_t* ptid,
diff --git a/chromium/sandbox/linux/services/syscall_wrappers.h b/chromium/sandbox/linux/services/syscall_wrappers.h
index 057e4c87f47..1975bfbd88a 100644
--- a/chromium/sandbox/linux/services/syscall_wrappers.h
+++ b/chromium/sandbox/linux/services/syscall_wrappers.h
@@ -28,6 +28,10 @@ SANDBOX_EXPORT pid_t sys_getpid(void);
SANDBOX_EXPORT pid_t sys_gettid(void);
+SANDBOX_EXPORT ssize_t sys_write(int fd,
+ const char* buffer,
+ size_t buffer_size);
+
SANDBOX_EXPORT long sys_clone(unsigned long flags);
// |regs| is not supported and must be passed as nullptr. |child_stack| must be
diff --git a/chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc b/chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc
index b58a901cde6..f79fa92ffe9 100644
--- a/chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc
+++ b/chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc
@@ -46,10 +46,17 @@ SANDBOX_TEST(BrokerFilePermission, CreateGoodRecursive) {
BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(kPath);
}
+#if defined(OS_ANDROID) && defined(OFFICIAL_BUILD) && defined(NDEBUG)
+#define DEATH_BY_SIGILL(msg) DEATH_BY_SIGNAL(SIGILL)
+#else
+#define DEATH_BY_SIGILL(msg) DEATH_MESSAGE(msg)
+#endif
+
SANDBOX_DEATH_TEST(
BrokerFilePermission,
CreateBad,
- DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) {
+ DEATH_BY_SIGILL(BrokerFilePermissionTester::GetErrorMessage())
+) {
const char kPath[] = "/tmp/bad/";
BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath);
}
@@ -57,7 +64,8 @@ SANDBOX_DEATH_TEST(
SANDBOX_DEATH_TEST(
BrokerFilePermission,
CreateBadRecursive,
- DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) {
+ DEATH_BY_SIGILL(BrokerFilePermissionTester::GetErrorMessage())
+) {
const char kPath[] = "/tmp/bad";
BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(kPath);
}
@@ -65,7 +73,8 @@ SANDBOX_DEATH_TEST(
SANDBOX_DEATH_TEST(
BrokerFilePermission,
CreateBadNotAbs,
- DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) {
+ DEATH_BY_SIGILL(BrokerFilePermissionTester::GetErrorMessage())
+) {
const char kPath[] = "tmp/bad";
BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath);
}
@@ -73,7 +82,8 @@ SANDBOX_DEATH_TEST(
SANDBOX_DEATH_TEST(
BrokerFilePermission,
CreateBadEmpty,
- DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) {
+ DEATH_BY_SIGILL(BrokerFilePermissionTester::GetErrorMessage())
+) {
const char kPath[] = "";
BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath);
}
diff --git a/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h b/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
index d0031242841..5a179b07357 100644
--- a/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
+++ b/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
@@ -1263,4 +1263,8 @@
#define __NR_seccomp (__NR_Linux + 312)
#endif
+#if !defined(__NR_getrandom)
+#define __NR_getrandom (__NR_Linux + 313)
+#endif
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_
diff --git a/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h b/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
index eb1717aad97..819f9eb38b5 100644
--- a/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
+++ b/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
@@ -1425,4 +1425,8 @@
#define __NR_seccomp (__NR_Linux + 352)
#endif
+#if !defined(__NR_getrandom)
+#define __NR_getrandom (__NR_Linux + 353)
+#endif
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_
diff --git a/chromium/sandbox/mac/bootstrap_sandbox.cc b/chromium/sandbox/mac/bootstrap_sandbox.cc
index 4b3a1c6cce3..a48cb5d91d3 100644
--- a/chromium/sandbox/mac/bootstrap_sandbox.cc
+++ b/chromium/sandbox/mac/bootstrap_sandbox.cc
@@ -158,7 +158,7 @@ std::unique_ptr<PreExecDelegate> BootstrapSandbox::NewClient(
}
awaiting_processes_[token] = sandbox_policy_id;
- return base::WrapUnique(new PreExecDelegate(server_bootstrap_name_, token));
+ return base::MakeUnique<PreExecDelegate>(server_bootstrap_name_, token);
}
void BootstrapSandbox::RevokeToken(uint64_t token) {
diff --git a/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm b/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm
index f81cd114eec..a6225a91c32 100644
--- a/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm
+++ b/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm
@@ -138,6 +138,11 @@ TEST_F(BootstrapSandboxTest, DistributedNotifications_Unsandboxed) {
// Run the test with the sandbox enabled without notifications on the policy
// whitelist.
TEST_F(BootstrapSandboxTest, DistributedNotifications_SandboxDeny) {
+ if (base::mac::IsAtLeastOS10_12()) {
+ LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later.";
+ return;
+ }
+
base::scoped_nsobject<DistributedNotificationObserver> observer(
[[DistributedNotificationObserver alloc] init]);
@@ -151,6 +156,11 @@ TEST_F(BootstrapSandboxTest, DistributedNotifications_SandboxDeny) {
// Run the test with notifications permitted.
TEST_F(BootstrapSandboxTest, DistributedNotifications_SandboxAllow) {
+ if (base::mac::IsAtLeastOS10_12()) {
+ LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later.";
+ return;
+ }
+
base::scoped_nsobject<DistributedNotificationObserver> observer(
[[DistributedNotificationObserver alloc] init]);
@@ -181,6 +191,10 @@ MULTIPROCESS_TEST_MAIN(PostNotification) {
const char kTestServer[] = "org.chromium.test_bootstrap_server";
TEST_F(BootstrapSandboxTest, PolicyDenyError) {
+ if (base::mac::IsAtLeastOS10_12()) {
+ LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later.";
+ return;
+ }
BootstrapSandboxPolicy policy(BaselinePolicy());
policy.rules[kTestServer] = Rule(POLICY_DENY_ERROR);
sandbox_->RegisterSandboxPolicy(1, policy);
@@ -204,6 +218,10 @@ MULTIPROCESS_TEST_MAIN(PolicyDenyError) {
}
TEST_F(BootstrapSandboxTest, PolicyDenyDummyPort) {
+ if (base::mac::IsAtLeastOS10_12()) {
+ LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later.";
+ return;
+ }
BootstrapSandboxPolicy policy(BaselinePolicy());
policy.rules[kTestServer] = Rule(POLICY_DENY_DUMMY_PORT);
sandbox_->RegisterSandboxPolicy(1, policy);
@@ -232,6 +250,11 @@ struct SubstitutePortAckRecv : public SubstitutePortAckSend {
const char kSubstituteAck[] = "Hello, this is doge!";
TEST_F(BootstrapSandboxTest, PolicySubstitutePort) {
+ if (base::mac::IsAtLeastOS10_12()) {
+ LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later.";
+ return;
+ }
+
mach_port_t task = mach_task_self();
mach_port_t port;
@@ -348,6 +371,11 @@ const char kDefaultRuleTestDeny[] =
"org.chromium.sandbox.test.DefaultRuleAllow.Deny";
TEST_F(BootstrapSandboxTest, DefaultRuleAllow) {
+ if (base::mac::IsAtLeastOS10_12()) {
+ LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later.";
+ return;
+ }
+
mach_port_t task = mach_task_self();
mach_port_t port;
@@ -415,6 +443,11 @@ MULTIPROCESS_TEST_MAIN(DefaultRuleAllow) {
}
TEST_F(BootstrapSandboxTest, ChildOutliveSandbox) {
+ if (base::mac::IsAtLeastOS10_12()) {
+ LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later.";
+ return;
+ }
+
const int kTestPolicyId = 1;
mach_port_t task = mach_task_self();
diff --git a/chromium/sandbox/mac/launchd_interception_server.cc b/chromium/sandbox/mac/launchd_interception_server.cc
index 69231b59508..167fbab5828 100644
--- a/chromium/sandbox/mac/launchd_interception_server.cc
+++ b/chromium/sandbox/mac/launchd_interception_server.cc
@@ -54,7 +54,7 @@ bool LaunchdInterceptionServer::Initialize(mach_port_t server_receive_right) {
}
sandbox_send_port_.reset(sandbox_port_.get());
- if (base::mac::IsOSYosemiteOrLater()) {
+ if (base::mac::IsAtLeastOS10_10()) {
message_server_.reset(new XPCMessageServer(this, server_receive_right));
xpc_launchd_ = true;
} else {
diff --git a/chromium/sandbox/mac/os_compatibility.cc b/chromium/sandbox/mac/os_compatibility.cc
index 0e8d08f5d75..1e0ba5be76f 100644
--- a/chromium/sandbox/mac/os_compatibility.cc
+++ b/chromium/sandbox/mac/os_compatibility.cc
@@ -96,7 +96,7 @@ class OSCompatibility_10_7 : public OSCompatibility {
void WriteServiceLookUpReply(IPCMessage message,
mach_port_t service_port) override {
- auto reply = reinterpret_cast<look_up2_reply_10_7*>(message.mach);
+ auto* reply = reinterpret_cast<look_up2_reply_10_7*>(message.mach);
reply->Head.msgh_size = sizeof(*reply);
reply->Head.msgh_bits =
MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND_ONCE) |
@@ -108,7 +108,7 @@ class OSCompatibility_10_7 : public OSCompatibility {
}
bool IsSwapIntegerReadOnly(const IPCMessage message) override {
- auto request =
+ auto* request =
reinterpret_cast<const swap_integer_request_10_7*>(message.mach);
return request->inkey == 0 && request->inval == 0 && request->outkey != 0;
}
@@ -181,7 +181,7 @@ class OSCompatibility_10_10 : public OSCompatibility {
// static
std::unique_ptr<OSCompatibility> OSCompatibility::CreateForPlatform() {
- if (base::mac::IsOSMavericks())
+ if (base::mac::IsOS10_9())
return base::WrapUnique(new OSCompatibility_10_7());
else
return base::WrapUnique(new OSCompatibility_10_10());
diff --git a/chromium/sandbox/mac/pre_exec_delegate.cc b/chromium/sandbox/mac/pre_exec_delegate.cc
index 9d777d3f4d0..1aac68be87e 100644
--- a/chromium/sandbox/mac/pre_exec_delegate.cc
+++ b/chromium/sandbox/mac/pre_exec_delegate.cc
@@ -22,9 +22,8 @@ PreExecDelegate::PreExecDelegate(
sandbox_server_bootstrap_name_ptr_(
sandbox_server_bootstrap_name_.c_str()),
sandbox_token_(sandbox_token),
- is_yosemite_or_later_(base::mac::IsOSYosemiteOrLater()),
- look_up_message_(CreateBootstrapLookUpMessage()) {
-}
+ is_yosemite_or_later_(base::mac::IsAtLeastOS10_10()),
+ look_up_message_(CreateBootstrapLookUpMessage()) {}
PreExecDelegate::~PreExecDelegate() {}
diff --git a/chromium/sandbox/mac/sandbox_mac.gypi b/chromium/sandbox/mac/sandbox_mac.gypi
deleted file mode 100644
index 79740e5a846..00000000000
--- a/chromium/sandbox/mac/sandbox_mac.gypi
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 2014 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
- 'targets': [
- {
- 'target_name': 'seatbelt',
- 'type' : '<(component)',
- 'sources': [
- 'seatbelt.cc',
- 'seatbelt.h',
- 'seatbelt_export.h',
- ],
- 'defines': [
- 'SEATBELT_IMPLEMENTATION',
- ],
- 'include_dirs': [
- '../..',
- ],
- 'link_settings': {
- 'libraries': [
- '$(SDKROOT)/usr/lib/libsandbox.dylib',
- ],
- }
- },
- {
- 'target_name': 'sandbox',
- 'type': '<(component)',
- 'sources': [
- 'bootstrap_sandbox.cc',
- 'bootstrap_sandbox.h',
- 'launchd_interception_server.cc',
- 'launchd_interception_server.h',
- 'mach_message_server.cc',
- 'mach_message_server.h',
- 'message_server.h',
- 'os_compatibility.cc',
- 'os_compatibility.h',
- 'policy.cc',
- 'policy.h',
- 'pre_exec_delegate.cc',
- 'pre_exec_delegate.h',
- 'xpc.h',
- 'xpc_message_server.cc',
- 'xpc_message_server.h',
- ],
- 'dependencies': [
- '../base/base.gyp:base',
- ],
- 'include_dirs': [
- '..',
- '<(SHARED_INTERMEDIATE_DIR)',
- ],
- 'defines': [
- 'SANDBOX_IMPLEMENTATION',
- ],
- 'link_settings': {
- 'libraries': [
- '$(SDKROOT)/usr/lib/libbsm.dylib',
- ],
- },
- },
- {
- 'target_name': 'sandbox_mac_unittests',
- 'type': 'executable',
- 'sources': [
- 'bootstrap_sandbox_unittest.mm',
- 'policy_unittest.cc',
- 'xpc_message_server_unittest.cc',
- ],
- 'dependencies': [
- 'sandbox',
- '../base/base.gyp:base',
- '../base/base.gyp:run_all_unittests',
- '../testing/gtest.gyp:gtest',
- ],
- 'include_dirs': [
- '..',
- ],
- 'link_settings': {
- 'libraries': [
- '$(SDKROOT)/System/Library/Frameworks/CoreFoundation.framework',
- '$(SDKROOT)/System/Library/Frameworks/Foundation.framework',
- ],
- },
- },
- ],
- 'conditions': [
- ['test_isolation_mode != "noop"', {
- 'targets': [
- {
- 'target_name': 'sandbox_mac_unittests_run',
- 'type': 'none',
- 'dependencies': [
- 'sandbox_mac_unittests',
- ],
- 'includes': [ '../../build/isolate.gypi' ],
- 'sources': [ '../sandbox_mac_unittests.isolate' ],
- },
- ],
- }],
- ],
-}
diff --git a/chromium/sandbox/mac/seatbelt.cc b/chromium/sandbox/mac/seatbelt.cc
index c2028d5bb33..0987faee7aa 100644
--- a/chromium/sandbox/mac/seatbelt.cc
+++ b/chromium/sandbox/mac/seatbelt.cc
@@ -15,6 +15,17 @@ int sandbox_init_with_parameters(const char* profile,
namespace sandbox {
+// Initialize the static member variables.
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+const char* Seatbelt::kProfileNoInternet = kSBXProfileNoInternet;
+const char* Seatbelt::kProfileNoNetwork = kSBXProfileNoNetwork;
+const char* Seatbelt::kProfileNoWrite = kSBXProfileNoWrite;
+const char* Seatbelt::kProfileNoWriteExceptTemporary =
+ kSBXProfileNoWriteExceptTemporary;
+const char* Seatbelt::kProfilePureComputation = kSBXProfilePureComputation;
+#pragma clang diagnostic pop
+
// static
int Seatbelt::Init(const char* profile, uint64_t flags, char** errorbuf) {
// OS X deprecated these functions, but did not provide a suitable replacement,
diff --git a/chromium/sandbox/mac/seatbelt.h b/chromium/sandbox/mac/seatbelt.h
index c5dd386bfe2..2a5db08e4b6 100644
--- a/chromium/sandbox/mac/seatbelt.h
+++ b/chromium/sandbox/mac/seatbelt.h
@@ -26,6 +26,16 @@ class SEATBELT_EXPORT Seatbelt {
static void FreeError(char* errorbuf);
+ static const char* kProfileNoInternet;
+
+ static const char* kProfileNoNetwork;
+
+ static const char* kProfileNoWrite;
+
+ static const char* kProfileNoWriteExceptTemporary;
+
+ static const char* kProfilePureComputation;
+
private:
Seatbelt();
DISALLOW_COPY_AND_ASSIGN(Seatbelt);
diff --git a/chromium/sandbox/sandbox.gyp b/chromium/sandbox/sandbox.gyp
deleted file mode 100644
index f93fa1862a7..00000000000
--- a/chromium/sandbox/sandbox.gyp
+++ /dev/null
@@ -1,35 +0,0 @@
-# Copyright (c) 2012 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
- 'variables': {
- 'chromium_code': 1,
- },
- 'conditions': [
- [ 'OS=="win"', {
- 'includes': [
- 'win/sandbox_win.gypi',
- ],
- }],
- [ 'OS=="linux" or OS=="android"', {
- 'includes': [
- 'linux/sandbox_linux.gypi',
- ],
- }],
- [ 'OS=="mac" and OS!="ios"', {
- 'includes': [
- 'mac/sandbox_mac.gypi',
- ],
- }],
- [ 'OS!="win" and OS!="mac" and OS!="linux" and OS!="android"', {
- # A 'default' to accomodate the "sandbox" target.
- 'targets': [
- {
- 'target_name': 'sandbox',
- 'type': 'none',
- }
- ]
- }],
- ],
-}
diff --git a/chromium/sandbox/sandbox_linux_unittests.isolate b/chromium/sandbox/sandbox_linux_unittests.isolate
deleted file mode 100644
index 2b7c2a73af3..00000000000
--- a/chromium/sandbox/sandbox_linux_unittests.isolate
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright 2014 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# Because of a limitation in isolate_driver.py, this file needs to be in
-# the same directory as the main .gyp file.
-
-{
- 'conditions': [
- ['OS=="android" or OS=="linux"', {
- 'variables': {
- 'command': [
- '<(PRODUCT_DIR)/sandbox_linux_unittests',
- ],
- },
- }],
- ],
- 'includes': [
- # This is needed because of base/ dependencies on
- # icudtl.dat.
- '../base/base.isolate',
- ],
-}
diff --git a/chromium/sandbox/sandbox_linux_unittests_apk.isolate b/chromium/sandbox/sandbox_linux_unittests_apk.isolate
deleted file mode 100644
index b9aaf51ba0d..00000000000
--- a/chromium/sandbox/sandbox_linux_unittests_apk.isolate
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright 2015 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-{
- 'includes': [
- '../build/android/android.isolate',
- 'sandbox_linux_unittests.isolate',
- ],
- 'variables': {
- 'command': [
- '<(PRODUCT_DIR)/bin/run_sandbox_linux_unittests',
- '--logcat-output-dir', '${ISOLATED_OUTDIR}/logcats',
- ],
- 'files': [
- '<(PRODUCT_DIR)/bin/run_sandbox_linux_unittests',
- '<(PRODUCT_DIR)/sandbox_linux_unittests',
- ]
- },
-}
diff --git a/chromium/sandbox/sandbox_mac_unittests.isolate b/chromium/sandbox/sandbox_mac_unittests.isolate
deleted file mode 100644
index a202a9be748..00000000000
--- a/chromium/sandbox/sandbox_mac_unittests.isolate
+++ /dev/null
@@ -1,9 +0,0 @@
-# Copyright (c) 2015 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-{
- 'variables': {
- 'command': [ '<(PRODUCT_DIR)/sandbox_mac_unittests' ],
- },
- 'includes': [ '../base/base.isolate' ],
-}
diff --git a/chromium/sandbox/sbox_integration_tests.isolate b/chromium/sandbox/sbox_integration_tests.isolate
deleted file mode 100644
index 719cd389083..00000000000
--- a/chromium/sandbox/sbox_integration_tests.isolate
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright 2015 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# Because of a limitation in isolate_driver.py, this file needs to be in
-# the same directory as the main .gyp file.
-
-{
- 'conditions': [
- ['OS=="win"', {
- 'variables': {
- 'command': [
- '<(PRODUCT_DIR)/sbox_integration_tests.exe',
- ],
- },
- }],
- ['OS=="win" and target_arch=="ia32"', {
- 'variables': {
- 'files': [
- '<(PRODUCT_DIR)/wow_helper.exe',
- ],
- },
- }],
- # These PDBs are needed in order to get reasonable stack traces if
- # an assertion fires or a crash occurs. Add more as necessary.
- ['OS=="win" and (fastbuild==0 or fastbuild==1)', {
- 'variables': {
- 'files': [
- '<(PRODUCT_DIR)/sbox_integration_tests.exe.pdb',
- ],
- },
- }],
- ],
- 'includes': [
- '../base/base.isolate',
- ],
-}
diff --git a/chromium/sandbox/sbox_unittests.isolate b/chromium/sandbox/sbox_unittests.isolate
deleted file mode 100644
index e6dec256348..00000000000
--- a/chromium/sandbox/sbox_unittests.isolate
+++ /dev/null
@@ -1,28 +0,0 @@
-# Copyright 2015 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# Because of a limitation in isolate_driver.py, this file needs to be in
-# the same directory as the main .gyp file.
-
-{
- 'conditions': [
- ['OS=="win"', {
- 'variables': {
- 'command': [
- '<(PRODUCT_DIR)/sbox_unittests.exe',
- ],
- },
- }],
- ['OS=="win" and target_arch=="ia32"', {
- 'variables': {
- 'files': [
- '<(PRODUCT_DIR)/wow_helper.exe',
- ],
- },
- }],
- ],
- 'includes': [
- '../base/base.isolate',
- ],
-}
diff --git a/chromium/sandbox/sbox_validation_tests.isolate b/chromium/sandbox/sbox_validation_tests.isolate
deleted file mode 100644
index 4daee6bd67d..00000000000
--- a/chromium/sandbox/sbox_validation_tests.isolate
+++ /dev/null
@@ -1,28 +0,0 @@
-# Copyright 2015 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# Because of a limitation in isolate_driver.py, this file needs to be in
-# the same directory as the main .gyp file.
-
-{
- 'conditions': [
- ['OS=="win"', {
- 'variables': {
- 'command': [
- '<(PRODUCT_DIR)/sbox_validation_tests.exe',
- ],
- },
- }],
- ['OS=="win" and target_arch=="ia32"', {
- 'variables': {
- 'files': [
- '<(PRODUCT_DIR)/wow_helper.exe',
- ],
- },
- }],
- ],
- 'includes': [
- '../base/base.isolate',
- ],
-}
diff --git a/chromium/sandbox/win/BUILD.gn b/chromium/sandbox/win/BUILD.gn
index 60bb499af3d..ac679f4d439 100644
--- a/chromium/sandbox/win/BUILD.gn
+++ b/chromium/sandbox/win/BUILD.gn
@@ -154,31 +154,18 @@ static_library("sandbox") {
]
}
+ # Disable sanitizer coverage in the sandbox code. The sandbox code runs before
+ # sanitizer coverage can initialize. http://crbug.com/484711
+ configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
+ configs +=
+ [ "//build/config/sanitizers:default_sanitizer_flags_but_coverage" ]
+
configs += [ "//build/config:precompiled_headers" ]
deps = [
"//base",
"//base:base_static",
]
- if (current_cpu == "x86") {
- deps += [ ":copy_wow_helper" ]
- }
-}
-
-if (current_cpu == "x86") {
- # Make a target that copies the wow_helper files to the out dir.
- #
- # TODO(brettw) we can probably just build this now that we have proper
- # toolchain support.
- copy("copy_wow_helper") {
- sources = [
- "wow_helper/wow_helper.exe",
- "wow_helper/wow_helper.pdb",
- ]
- outputs = [
- "$root_out_dir/{{source_file_part}}",
- ]
- }
}
test("sbox_integration_tests") {
diff --git a/chromium/sandbox/win/PRESUBMIT.py b/chromium/sandbox/win/PRESUBMIT.py
index e03c9d1089d..0dee5656470 100644
--- a/chromium/sandbox/win/PRESUBMIT.py
+++ b/chromium/sandbox/win/PRESUBMIT.py
@@ -23,7 +23,7 @@ def PostUploadHook(cl, change, output_api):
return []
bots = [
- 'tryserver.chromium.win:win10_chromium_x64_rel_ng',
+ 'master.tryserver.chromium.win:win10_chromium_x64_rel_ng',
]
results = []
diff --git a/chromium/sandbox/win/sandbox_win.gypi b/chromium/sandbox/win/sandbox_win.gypi
deleted file mode 100644
index e9673aa9a1b..00000000000
--- a/chromium/sandbox/win/sandbox_win.gypi
+++ /dev/null
@@ -1,432 +0,0 @@
-# Copyright (c) 2012 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
- 'target_defaults': {
- 'variables': {
- 'sandbox_windows_target': 0,
- 'target_arch%': 'ia32',
- },
- 'target_conditions': [
- ['sandbox_windows_target==1', {
- # Files that are shared between the 32-bit and the 64-bit versions
- # of the Windows sandbox library.
- 'sources': [
- 'src/acl.cc',
- 'src/acl.h',
- 'src/broker_services.cc',
- 'src/broker_services.h',
- 'src/crosscall_client.h',
- 'src/crosscall_params.h',
- 'src/crosscall_server.cc',
- 'src/crosscall_server.h',
- 'src/eat_resolver.cc',
- 'src/eat_resolver.h',
- 'src/filesystem_dispatcher.cc',
- 'src/filesystem_dispatcher.h',
- 'src/filesystem_interception.cc',
- 'src/filesystem_interception.h',
- 'src/filesystem_policy.cc',
- 'src/filesystem_policy.h',
- 'src/handle_closer.cc',
- 'src/handle_closer.h',
- 'src/handle_closer_agent.cc',
- 'src/handle_closer_agent.h',
- 'src/interception.cc',
- 'src/interception.h',
- 'src/interception_agent.cc',
- 'src/interception_agent.h',
- 'src/interception_internal.h',
- 'src/interceptors.h',
- 'src/internal_types.h',
- 'src/ipc_tags.h',
- 'src/job.cc',
- 'src/job.h',
- 'src/named_pipe_dispatcher.cc',
- 'src/named_pipe_dispatcher.h',
- 'src/named_pipe_interception.cc',
- 'src/named_pipe_interception.h',
- 'src/named_pipe_policy.cc',
- 'src/named_pipe_policy.h',
- 'src/nt_internals.h',
- 'src/policy_broker.cc',
- 'src/policy_broker.h',
- 'src/policy_engine_opcodes.cc',
- 'src/policy_engine_opcodes.h',
- 'src/policy_engine_params.h',
- 'src/policy_engine_processor.cc',
- 'src/policy_engine_processor.h',
- 'src/policy_low_level.cc',
- 'src/policy_low_level.h',
- 'src/policy_params.h',
- 'src/policy_target.cc',
- 'src/policy_target.h',
- 'src/process_mitigations.cc',
- 'src/process_mitigations.h',
- 'src/process_mitigations_win32k_dispatcher.cc',
- 'src/process_mitigations_win32k_dispatcher.h',
- 'src/process_mitigations_win32k_interception.cc',
- 'src/process_mitigations_win32k_interception.h',
- 'src/process_mitigations_win32k_policy.cc',
- 'src/process_mitigations_win32k_policy.h',
- 'src/process_thread_dispatcher.cc',
- 'src/process_thread_dispatcher.h',
- 'src/process_thread_interception.cc',
- 'src/process_thread_interception.h',
- 'src/process_thread_policy.cc',
- 'src/process_thread_policy.h',
- 'src/registry_dispatcher.cc',
- 'src/registry_dispatcher.h',
- 'src/registry_interception.cc',
- 'src/registry_interception.h',
- 'src/registry_policy.cc',
- 'src/registry_policy.h',
- 'src/resolver.cc',
- 'src/resolver.h',
- 'src/restricted_token_utils.cc',
- 'src/restricted_token_utils.h',
- 'src/restricted_token.cc',
- 'src/restricted_token.h',
- 'src/sandbox_factory.h',
- 'src/sandbox_globals.cc',
- 'src/sandbox_nt_types.h',
- 'src/sandbox_nt_util.cc',
- 'src/sandbox_nt_util.h',
- 'src/sandbox_policy_base.cc',
- 'src/sandbox_policy_base.h',
- 'src/sandbox_policy.h',
- 'src/sandbox_rand.cc',
- 'src/sandbox_rand.h',
- 'src/sandbox_types.h',
- 'src/sandbox_utils.cc',
- 'src/sandbox_utils.h',
- 'src/sandbox.cc',
- 'src/sandbox.h',
- 'src/security_level.h',
- 'src/service_resolver.cc',
- 'src/service_resolver.h',
- 'src/sharedmem_ipc_client.cc',
- 'src/sharedmem_ipc_client.h',
- 'src/sharedmem_ipc_server.cc',
- 'src/sharedmem_ipc_server.h',
- 'src/sid.cc',
- 'src/sid.h',
- 'src/sync_dispatcher.cc',
- 'src/sync_dispatcher.h',
- 'src/sync_interception.cc',
- 'src/sync_interception.h',
- 'src/sync_policy.cc',
- 'src/sync_policy.h',
- 'src/target_interceptions.cc',
- 'src/target_interceptions.h',
- 'src/target_process.cc',
- 'src/target_process.h',
- 'src/target_services.cc',
- 'src/target_services.h',
- 'src/top_level_dispatcher.cc',
- 'src/top_level_dispatcher.h',
- 'src/win_utils.cc',
- 'src/win_utils.h',
- 'src/win2k_threadpool.cc',
- 'src/win2k_threadpool.h',
- 'src/window.cc',
- 'src/window.h',
- ],
- 'target_conditions': [
- ['target_arch=="x64"', {
- 'sources': [
- 'src/interceptors_64.cc',
- 'src/interceptors_64.h',
- 'src/resolver_64.cc',
- 'src/service_resolver_64.cc',
- ],
- }],
- ['target_arch=="ia32"', {
- 'sources': [
- 'src/resolver_32.cc',
- 'src/service_resolver_32.cc',
- 'src/sidestep_resolver.cc',
- 'src/sidestep_resolver.h',
- 'src/sidestep\ia32_modrm_map.cpp',
- 'src/sidestep\ia32_opcode_map.cpp',
- 'src/sidestep\mini_disassembler_types.h',
- 'src/sidestep\mini_disassembler.cpp',
- 'src/sidestep\mini_disassembler.h',
- 'src/sidestep\preamble_patcher_with_stub.cpp',
- 'src/sidestep\preamble_patcher.h',
- ],
- }],
- ],
- }],
- ],
- },
- 'targets': [
- {
- 'target_name': 'sandbox',
- 'type': 'static_library',
- 'variables': {
- 'sandbox_windows_target': 1,
- },
- 'dependencies': [
- '../base/base.gyp:base',
- '../base/base.gyp:base_static',
- ],
- 'export_dependent_settings': [
- '../base/base.gyp:base',
- ],
- 'include_dirs': [
- '../..',
- ],
- 'target_conditions': [
- ['target_arch=="ia32"', {
- 'copies': [
- {
- 'destination': '<(PRODUCT_DIR)',
- 'files': [
- 'wow_helper/wow_helper.exe',
- 'wow_helper/wow_helper.pdb',
- ],
- },
- ],
- }],
- ],
- },
- {
- 'target_name': 'sbox_integration_tests',
- 'type': 'executable',
- 'dependencies': [
- 'sandbox',
- 'sbox_integration_test_hook_dll',
- 'sbox_integration_test_win_proc',
- '../base/base.gyp:test_support_base',
- '../testing/gtest.gyp:gtest',
- ],
- 'sources': [
- 'src/address_sanitizer_test.cc',
- 'src/app_container_test.cc',
- 'src/file_policy_test.cc',
- 'src/handle_inheritance_test.cc',
- 'tests/integration_tests/integration_tests_test.cc',
- 'src/handle_closer_test.cc',
- 'src/integrity_level_test.cc',
- 'src/ipc_ping_test.cc',
- 'src/lpc_policy_test.cc',
- 'src/named_pipe_policy_test.cc',
- 'src/policy_target_test.cc',
- 'src/process_mitigations_test.cc',
- 'src/process_policy_test.cc',
- 'src/registry_policy_test.cc',
- 'src/restricted_token_test.cc',
- 'src/sync_policy_test.cc',
- 'src/sync_policy_test.h',
- 'src/unload_dll_test.cc',
- 'tests/common/controller.cc',
- 'tests/common/controller.h',
- 'tests/common/test_utils.cc',
- 'tests/common/test_utils.h',
- 'tests/integration_tests/integration_tests.cc',
- 'tests/integration_tests/integration_tests_common.h',
- ],
- 'link_settings': {
- 'libraries': [
- '-ldxva2.lib',
- ],
- },
- },
- {
- 'target_name': 'sbox_integration_test_hook_dll',
- 'type': 'shared_library',
- 'dependencies': [
- ],
- 'sources': [
- 'tests/integration_tests/hooking_dll.cc',
- 'tests/integration_tests/integration_tests_common.h',
- ],
- },
- {
- 'target_name': 'sbox_integration_test_win_proc',
- 'type': 'executable',
- 'dependencies': [
- ],
- 'sources': [
- 'tests/integration_tests/hooking_win_proc.cc',
- 'tests/integration_tests/integration_tests_common.h',
- ],
- 'msvs_settings': {
- 'VCLinkerTool': {
- 'SubSystem': '2', # Set /SUBSYSTEM:WINDOWS
- },
- },
- },
- {
- 'target_name': 'sbox_validation_tests',
- 'type': 'executable',
- 'dependencies': [
- 'sandbox',
- '../base/base.gyp:test_support_base',
- '../testing/gtest.gyp:gtest',
- ],
- 'sources': [
- 'tests/common/controller.cc',
- 'tests/common/controller.h',
- 'tests/validation_tests/unit_tests.cc',
- 'tests/validation_tests/commands.cc',
- 'tests/validation_tests/commands.h',
- 'tests/validation_tests/suite.cc',
- ],
- 'link_settings': {
- 'libraries': [
- '-lshlwapi.lib',
- ],
- },
- },
- {
- 'target_name': 'sbox_unittests',
- 'type': 'executable',
- 'dependencies': [
- 'sandbox',
- '../base/base.gyp:test_support_base',
- '../testing/gtest.gyp:gtest',
- ],
- 'sources': [
- 'src/interception_unittest.cc',
- 'src/service_resolver_unittest.cc',
- 'src/restricted_token_unittest.cc',
- 'src/job_unittest.cc',
- 'src/sid_unittest.cc',
- 'src/policy_engine_unittest.cc',
- 'src/policy_low_level_unittest.cc',
- 'src/policy_opcodes_unittest.cc',
- 'src/ipc_unittest.cc',
- 'src/sandbox_nt_util_unittest.cc',
- 'src/threadpool_unittest.cc',
- 'src/win_utils_unittest.cc',
- 'tests/common/test_utils.cc',
- 'tests/common/test_utils.h',
- 'tests/unit_tests/unit_tests.cc',
- ],
- },
- {
- 'target_name': 'sandbox_poc',
- 'type': 'executable',
- 'dependencies': [
- 'sandbox',
- 'pocdll',
- ],
- 'sources': [
- 'sandbox_poc/main_ui_window.cc',
- 'sandbox_poc/main_ui_window.h',
- 'sandbox_poc/resource.h',
- 'sandbox_poc/sandbox.cc',
- 'sandbox_poc/sandbox.h',
- 'sandbox_poc/sandbox.ico',
- 'sandbox_poc/sandbox.rc',
- ],
- 'link_settings': {
- 'libraries': [
- '-lcomctl32.lib',
- ],
- },
- 'msvs_settings': {
- 'VCLinkerTool': {
- 'SubSystem': '2', # Set /SUBSYSTEM:WINDOWS
- },
- },
- },
- {
- 'target_name': 'pocdll',
- 'type': 'shared_library',
- 'sources': [
- 'sandbox_poc/pocdll/exports.h',
- 'sandbox_poc/pocdll/fs.cc',
- 'sandbox_poc/pocdll/handles.cc',
- 'sandbox_poc/pocdll/invasive.cc',
- 'sandbox_poc/pocdll/network.cc',
- 'sandbox_poc/pocdll/pocdll.cc',
- 'sandbox_poc/pocdll/processes_and_threads.cc',
- 'sandbox_poc/pocdll/registry.cc',
- 'sandbox_poc/pocdll/spyware.cc',
- 'sandbox_poc/pocdll/utils.h',
- ],
- 'defines': [
- 'POCDLL_EXPORTS',
- ],
- 'include_dirs': [
- '../..',
- ],
- },
- ],
- 'conditions': [
- ['OS=="win" and target_arch=="ia32"', {
- 'targets': [
- {
- 'target_name': 'sandbox_win64',
- 'type': 'static_library',
- 'variables': {
- 'sandbox_windows_target': 1,
- 'target_arch': 'x64',
- },
- 'dependencies': [
- '../base/base.gyp:base_win64',
- '../base/base.gyp:base_static_win64',
- ],
- 'configurations': {
- 'Common_Base': {
- 'msvs_target_platform': 'x64',
- },
- },
- 'include_dirs': [
- '../..',
- ],
- 'defines': [
- '<@(nacl_win64_defines)',
- ]
- },
- ],
- }],
- ['test_isolation_mode != "noop"', {
- 'targets': [
- {
- 'target_name': 'sbox_integration_tests_run',
- 'type': 'none',
- 'dependencies': [
- 'sbox_integration_tests',
- ],
- 'includes': [
- '../../build/isolate.gypi',
- ],
- 'sources': [
- '../sbox_integration_tests.isolate',
- ],
- },
- {
- 'target_name': 'sbox_unittests_run',
- 'type': 'none',
- 'dependencies': [
- 'sbox_unittests',
- ],
- 'includes': [
- '../../build/isolate.gypi',
- ],
- 'sources': [
- '../sbox_unittests.isolate',
- ],
- },
- {
- 'target_name': 'sbox_validation_tests_run',
- 'type': 'none',
- 'dependencies': [
- 'sbox_validation_tests',
- ],
- 'includes': [
- '../../build/isolate.gypi',
- ],
- 'sources': [
- '../sbox_validation_tests.isolate',
- ],
- },
- ],
- }],
- ],
-}
diff --git a/chromium/sandbox/win/src/address_sanitizer_test.cc b/chromium/sandbox/win/src/address_sanitizer_test.cc
index 75fb0eb6431..0800cdebe3c 100644
--- a/chromium/sandbox/win/src/address_sanitizer_test.cc
+++ b/chromium/sandbox/win/src/address_sanitizer_test.cc
@@ -62,7 +62,8 @@ TEST_F(AddressSanitizerTests, TestAddressSanitizer) {
base::ScopedTempDir temp_directory;
base::FilePath temp_file_name;
ASSERT_TRUE(temp_directory.CreateUniqueTempDir());
- ASSERT_TRUE(CreateTemporaryFileInDir(temp_directory.path(), &temp_file_name));
+ ASSERT_TRUE(
+ CreateTemporaryFileInDir(temp_directory.GetPath(), &temp_file_name));
SECURITY_ATTRIBUTES attrs = {};
attrs.nLength = sizeof(attrs);
diff --git a/chromium/sandbox/win/src/broker_services.cc b/chromium/sandbox/win/src/broker_services.cc
index 64a0afeca31..b33889dcd3f 100644
--- a/chromium/sandbox/win/src/broker_services.cc
+++ b/chromium/sandbox/win/src/broker_services.cc
@@ -136,7 +136,7 @@ BrokerServicesBase::~BrokerServicesBase() {
return;
}
- STLDeleteElements(&tracker_list_);
+ base::STLDeleteElements(&tracker_list_);
delete thread_pool_;
::DeleteCriticalSection(&lock_);
diff --git a/chromium/sandbox/win/src/handle_closer_agent.cc b/chromium/sandbox/win/src/handle_closer_agent.cc
index 6b17f6547a8..c18fef4e370 100644
--- a/chromium/sandbox/win/src/handle_closer_agent.cc
+++ b/chromium/sandbox/win/src/handle_closer_agent.cc
@@ -82,7 +82,7 @@ bool HandleCloserAgent::AttemptToStuffHandleSlot(HANDLE closed_handle,
reinterpret_cast<uintptr_t>(dup_dummy) <
reinterpret_cast<uintptr_t>(closed_handle));
- for (auto h : to_close)
+ for (HANDLE h : to_close)
::CloseHandle(h);
// Useful to know when we're not able to stuff handles.
diff --git a/chromium/sandbox/win/src/handle_closer_test.cc b/chromium/sandbox/win/src/handle_closer_test.cc
index ceba818a7f4..1e0ab498394 100644
--- a/chromium/sandbox/win/src/handle_closer_test.cc
+++ b/chromium/sandbox/win/src/handle_closer_test.cc
@@ -145,7 +145,7 @@ SBOX_TESTS_COMMAND int CheckForEventHandles(int argc, wchar_t** argv) {
return SBOX_TEST_SUCCEEDED;
case AFTER_REVERT:
- for (auto handle : to_check) {
+ for (HANDLE handle : to_check) {
// Set up buffers for the type info and the name.
std::vector<BYTE> type_info_buffer(sizeof(OBJECT_TYPE_INFORMATION) +
32 * sizeof(wchar_t));
diff --git a/chromium/sandbox/win/src/handle_inheritance_test.cc b/chromium/sandbox/win/src/handle_inheritance_test.cc
index 939ace67cb5..e7c69030449 100644
--- a/chromium/sandbox/win/src/handle_inheritance_test.cc
+++ b/chromium/sandbox/win/src/handle_inheritance_test.cc
@@ -23,7 +23,8 @@ TEST(HandleInheritanceTests, TestStdoutInheritance) {
base::ScopedTempDir temp_directory;
base::FilePath temp_file_name;
ASSERT_TRUE(temp_directory.CreateUniqueTempDir());
- ASSERT_TRUE(CreateTemporaryFileInDir(temp_directory.path(), &temp_file_name));
+ ASSERT_TRUE(
+ CreateTemporaryFileInDir(temp_directory.GetPath(), &temp_file_name));
SECURITY_ATTRIBUTES attrs = {};
attrs.nLength = sizeof(attrs);
diff --git a/chromium/sandbox/win/src/nt_internals.h b/chromium/sandbox/win/src/nt_internals.h
index a206e94d159..6469c2bf34b 100644
--- a/chromium/sandbox/win/src/nt_internals.h
+++ b/chromium/sandbox/win/src/nt_internals.h
@@ -333,18 +333,18 @@ typedef struct _PROCESS_BASIC_INFORMATION {
};
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
-typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)(
- IN HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- OUT PVOID ProcessInformation,
- IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)(
- HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- IN PVOID ProcessInformation,
- IN ULONG ProcessInformationLength);
+typedef NTSTATUS(WINAPI* NtQueryInformationProcessFunction)(
+ IN HANDLE ProcessHandle,
+ IN PROCESSINFOCLASS ProcessInformationClass,
+ OUT PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength,
+ OUT PULONG ReturnLength OPTIONAL);
+
+typedef NTSTATUS(WINAPI* NtSetInformationProcessFunction)(
+ HANDLE ProcessHandle,
+ IN PROCESSINFOCLASS ProcessInformationClass,
+ IN PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength);
typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) (
IN HANDLE ThreadHandle,
@@ -370,21 +370,50 @@ typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) (
IN ULONG HandleAttributes,
OUT PHANDLE TokenHandle);
-typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)(
- IN HANDLE Process,
- IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
- IN BOOLEAN CreateSuspended,
- IN ULONG ZeroBits,
- IN SIZE_T MaximumStackSize,
- IN SIZE_T CommittedStackSize,
- IN LPTHREAD_START_ROUTINE StartAddress,
- IN PVOID Parameter,
- OUT PHANDLE Thread,
- OUT PCLIENT_ID ClientId);
+typedef NTSTATUS(WINAPI* NtQueryInformationTokenFunction)(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength,
+ OUT PULONG ReturnLength);
+
+typedef NTSTATUS(WINAPI* RtlCreateUserThreadFunction)(
+ IN HANDLE Process,
+ IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
+ IN BOOLEAN CreateSuspended,
+ IN ULONG ZeroBits,
+ IN SIZE_T MaximumStackSize,
+ IN SIZE_T CommittedStackSize,
+ IN LPTHREAD_START_ROUTINE StartAddress,
+ IN PVOID Parameter,
+ OUT PHANDLE Thread,
+ OUT PCLIENT_ID ClientId);
+
+typedef NTSTATUS(WINAPI* RtlConvertSidToUnicodeStringFunction)(
+ OUT PUNICODE_STRING UnicodeString,
+ IN PSID Sid,
+ IN BOOLEAN AllocateDestinationString);
+
+typedef VOID(WINAPI* RtlFreeUnicodeStringFunction)(
+ IN OUT PUNICODE_STRING UnicodeString);
// -----------------------------------------------------------------------
// Registry
+typedef enum _KEY_VALUE_INFORMATION_CLASS {
+ KeyValueFullInformation = 1
+} KEY_VALUE_INFORMATION_CLASS,
+ *PKEY_VALUE_INFORMATION_CLASS;
+
+typedef struct _KEY_VALUE_FULL_INFORMATION {
+ ULONG TitleIndex;
+ ULONG Type;
+ ULONG DataOffset;
+ ULONG DataLength;
+ ULONG NameLength;
+ WCHAR Name[1];
+} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
+
typedef NTSTATUS (WINAPI *NtCreateKeyFunction)(
OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
@@ -408,6 +437,24 @@ typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)(
IN HANDLE KeyHandle);
+typedef NTSTATUS(WINAPI* RtlFormatCurrentUserKeyPathFunction)(
+ OUT PUNICODE_STRING RegistryPath);
+
+typedef NTSTATUS(WINAPI* NtQueryValueKeyFunction)(IN HANDLE KeyHandle,
+ IN PUNICODE_STRING ValueName,
+ IN KEY_VALUE_INFORMATION_CLASS
+ KeyValueInformationClass,
+ OUT PVOID KeyValueInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength);
+
+typedef NTSTATUS(WINAPI* NtSetValueKeyFunction)(IN HANDLE KeyHandle,
+ IN PUNICODE_STRING ValueName,
+ IN ULONG TitleIndex OPTIONAL,
+ IN ULONG Type,
+ IN PVOID Data,
+ IN ULONG DataSize);
+
// -----------------------------------------------------------------------
// Memory
diff --git a/chromium/sandbox/win/src/process_mitigations_test.cc b/chromium/sandbox/win/src/process_mitigations_test.cc
index bf89a9ad987..7aae5964bec 100644
--- a/chromium/sandbox/win/src/process_mitigations_test.cc
+++ b/chromium/sandbox/win/src/process_mitigations_test.cc
@@ -70,7 +70,6 @@ bool CheckWin8DepPolicy() {
}
#endif // !defined(_WIN64)
-#if defined(NDEBUG)
bool CheckWin8AslrPolicy() {
PROCESS_MITIGATION_ASLR_POLICY policy = {};
if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessASLRPolicy,
@@ -79,7 +78,6 @@ bool CheckWin8AslrPolicy() {
}
return policy.EnableForceRelocateImages && policy.DisallowStrippedImages;
}
-#endif // defined(NDEBUG)
bool CheckWin8StrictHandlePolicy() {
PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY policy = {};
@@ -393,7 +391,7 @@ void TestWin8ExtensionPointAppInitWrapper(bool is_success_test) {
ADD_FAILURE();
all_good = false;
} else {
- for (auto module : modules) {
+ for (HMODULE module : modules) {
wchar_t name[MAX_PATH] = {};
if (::GetModuleFileNameExW(proc_info.hProcess, module, name,
MAX_PATH) &&
@@ -479,7 +477,7 @@ void TestWin10ImageLoadLowLabel(bool is_success_test) {
base::ScopedTempDir temp_dir;
ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
- base::FilePath new_path = temp_dir.path();
+ base::FilePath new_path = temp_dir.GetPath();
new_path = new_path.Append(L"lowIL_calc.exe");
// Test file will be cleaned up by the ScopedTempDir.
@@ -843,7 +841,7 @@ SBOX_TESTS_COMMAND int TestChildProcess(int argc, wchar_t** argv) {
//------------------------------------------------------------------------------
// Win8 Checks:
// MITIGATION_DEP(_NO_ATL_THUNK)
-// MITIGATION_RELOCATE_IMAGE(_REQUIRED) - ASLR, release only
+// MITIGATION_RELOCATE_IMAGE(_REQUIRED) - ASLR
// MITIGATION_STRICT_HANDLE_CHECKS
// >= Win8
//------------------------------------------------------------------------------
@@ -860,10 +858,8 @@ SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t** argv) {
return SBOX_TEST_FIRST_ERROR;
#endif
-#if defined(NDEBUG) // ASLR cannot be forced in debug builds.
if (!CheckWin8AslrPolicy())
return SBOX_TEST_SECOND_ERROR;
-#endif
if (!CheckWin8StrictHandlePolicy())
return SBOX_TEST_THIRD_ERROR;
@@ -878,16 +874,24 @@ TEST(ProcessMitigationsTest, CheckWin8) {
TestRunner runner;
sandbox::TargetPolicy* policy = runner.GetPolicy();
+ // ASLR cannot be forced on start in debug builds.
+ constexpr sandbox::MitigationFlags kDebugDelayedMitigations =
+ MITIGATION_RELOCATE_IMAGE | MITIGATION_RELOCATE_IMAGE_REQUIRED;
+
sandbox::MitigationFlags mitigations =
MITIGATION_DEP | MITIGATION_DEP_NO_ATL_THUNK;
-#if defined(NDEBUG) // ASLR cannot be forced in debug builds.
- mitigations |= MITIGATION_RELOCATE_IMAGE | MITIGATION_RELOCATE_IMAGE_REQUIRED;
+#if defined(NDEBUG)
+ mitigations |= kDebugDelayedMitigations;
#endif
EXPECT_EQ(policy->SetProcessMitigations(mitigations), SBOX_ALL_OK);
mitigations |= MITIGATION_STRICT_HANDLE_CHECKS;
+#if !defined(NDEBUG)
+ mitigations |= kDebugDelayedMitigations;
+#endif
+
EXPECT_EQ(policy->SetDelayedProcessMitigations(mitigations), SBOX_ALL_OK);
EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8"));
diff --git a/chromium/sandbox/win/src/sandbox.vcproj b/chromium/sandbox/win/src/sandbox.vcproj
index f206e01a1f2..229441cbd50 100644
--- a/chromium/sandbox/win/src/sandbox.vcproj
+++ b/chromium/sandbox/win/src/sandbox.vcproj
@@ -64,11 +64,6 @@
<Tool
Name="VCFxCopTool"
/>
- <Tool
- Name="VCPostBuildEventTool"
- Description="Copy wow_helper to output directory"
- CommandLine="copy $(ProjectDir)\..\wow_helper\wow_helper.exe $(OutDir) &amp;&amp; copy $(ProjectDir)\..\wow_helper\wow_helper.pdb $(OutDir)"
- />
</Configuration>
<Configuration
Name="Release|Win32"
@@ -118,11 +113,6 @@
<Tool
Name="VCFxCopTool"
/>
- <Tool
- Name="VCPostBuildEventTool"
- Description="Copy wow_helper to output directory"
- CommandLine="copy $(ProjectDir)\..\wow_helper\wow_helper.exe $(OutDir) &amp;&amp; copy $(ProjectDir)\..\wow_helper\wow_helper.pdb $(OutDir)"
- />
</Configuration>
</Configurations>
<References>
diff --git a/chromium/sandbox/win/src/sandbox_nt_util.cc b/chromium/sandbox/win/src/sandbox_nt_util.cc
index 62f2422ca43..ac73fc11c3f 100644
--- a/chromium/sandbox/win/src/sandbox_nt_util.cc
+++ b/chromium/sandbox/win/src/sandbox_nt_util.cc
@@ -23,58 +23,67 @@ SANDBOX_INTERCEPT NtExports g_nt;
namespace {
#if defined(_WIN64)
+// Align a pointer to the next allocation granularity boundary.
+inline char* AlignToBoundary(void* ptr, size_t increment) {
+ const size_t kAllocationGranularity = (64 * 1024) - 1;
+ uintptr_t ptr_int = reinterpret_cast<uintptr_t>(ptr);
+ uintptr_t ret_ptr =
+ (ptr_int + increment + kAllocationGranularity) & ~kAllocationGranularity;
+ // Check for overflow.
+ if (ret_ptr < ptr_int)
+ return nullptr;
+ return reinterpret_cast<char*>(ret_ptr);
+}
+
+// Allocate a memory block somewhere within 2GiB of a specified base address.
+// This is used for the DLL hooking code to get a valid trampoline location
+// which must be within +/- 2GiB of the base. We only consider +2GiB for now.
void* AllocateNearTo(void* source, size_t size) {
using sandbox::g_nt;
-
- // Start with 1 GB above the source.
- const size_t kOneGB = 0x40000000;
- void* base = reinterpret_cast<char*>(source) + kOneGB;
- SIZE_T actual_size = size;
- ULONG_PTR zero_bits = 0; // Not the correct type if used.
- ULONG type = MEM_RESERVE;
-
- NTSTATUS ret;
- int attempts = 0;
- for (; attempts < 41; attempts++) {
- ret = g_nt.AllocateVirtualMemory(NtCurrentProcess, &base, zero_bits,
- &actual_size, type, PAGE_READWRITE);
- if (NT_SUCCESS(ret)) {
- if (base < source ||
- base >= reinterpret_cast<char*>(source) + 4 * kOneGB) {
- // We won't be able to patch this dll.
- VERIFY_SUCCESS(g_nt.FreeVirtualMemory(NtCurrentProcess, &base, &size,
- MEM_RELEASE));
- return NULL;
- }
+ // 2GiB, maximum upper bound the allocation address must be within.
+ const size_t kMaxSize = 0x80000000ULL;
+ // We don't support null as a base as this would just pick an arbitrary
+ // address when passed to NtAllocateVirtualMemory.
+ if (source == nullptr)
+ return nullptr;
+ // Ignore an allocation which is larger than the maximum.
+ if (size > kMaxSize)
+ return nullptr;
+
+ // Ensure base address is aligned to the allocation granularity boundary.
+ char* base = AlignToBoundary(source, 0);
+ if (base == nullptr)
+ return nullptr;
+ // Set top address to be base + 2GiB.
+ const char* top_address = base + kMaxSize;
+
+ while (base < top_address) {
+ MEMORY_BASIC_INFORMATION mem_info;
+ NTSTATUS status =
+ g_nt.QueryVirtualMemory(NtCurrentProcess, base, MemoryBasicInformation,
+ &mem_info, sizeof(mem_info), nullptr);
+ if (!NT_SUCCESS(status))
break;
- }
- if (attempts == 30) {
- // Try the first GB.
- base = reinterpret_cast<char*>(source);
- } else if (attempts == 40) {
- // Try the highest available address.
- base = NULL;
- type |= MEM_TOP_DOWN;
+ if ((mem_info.State == MEM_FREE) && (mem_info.RegionSize >= size)) {
+ // We've found a valid free block, try and allocate it for use.
+ // Note that we need to both commit and reserve the block for the
+ // allocation to succeed as per Windows virtual memory requirements.
+ void* ret_base = mem_info.BaseAddress;
+ status =
+ g_nt.AllocateVirtualMemory(NtCurrentProcess, &ret_base, 0, &size,
+ MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+ // Shouldn't fail, but if it does we'll just continue and try next block.
+ if (NT_SUCCESS(status))
+ return ret_base;
}
- // Try 100 MB higher.
- base = reinterpret_cast<char*>(base) + 100 * 0x100000;
- }
-
- if (attempts == 41)
- return NULL;
-
- ret = g_nt.AllocateVirtualMemory(NtCurrentProcess, &base, zero_bits,
- &actual_size, MEM_COMMIT, PAGE_READWRITE);
-
- if (!NT_SUCCESS(ret)) {
- VERIFY_SUCCESS(g_nt.FreeVirtualMemory(NtCurrentProcess, &base, &size,
- MEM_RELEASE));
- base = NULL;
+ // Update base past current allocation region.
+ base = AlignToBoundary(mem_info.BaseAddress, mem_info.RegionSize);
+ if (base == nullptr)
+ break;
}
-
- return base;
+ return nullptr;
}
#else // defined(_WIN64).
void* AllocateNearTo(void* source, size_t size) {
diff --git a/chromium/sandbox/win/src/sandbox_nt_util_unittest.cc b/chromium/sandbox/win/src/sandbox_nt_util_unittest.cc
index 0fbea668024..b916e3d5ea2 100644
--- a/chromium/sandbox/win/src/sandbox_nt_util_unittest.cc
+++ b/chromium/sandbox/win/src/sandbox_nt_util_unittest.cc
@@ -2,7 +2,9 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include <memory>
#include <windows.h>
+#include <vector>
#include "base/win/scoped_handle.h"
#include "base/win/scoped_process_information.h"
@@ -43,5 +45,151 @@ TEST(SandboxNtUtil, IsSameProcessDifferentProcess) {
EXPECT_TRUE(TerminateProcess(process_info.process_handle(), 0));
}
+#if defined(_WIN64)
+struct VirtualMemDeleter {
+ void operator()(char* p) { ::VirtualFree(p, 0, MEM_RELEASE); }
+};
+
+typedef std::unique_ptr<char, VirtualMemDeleter> unique_ptr_vmem;
+
+void AllocateBlock(SIZE_T size,
+ SIZE_T free_size,
+ char** base_address,
+ std::vector<unique_ptr_vmem>* mem_range) {
+ unique_ptr_vmem ptr(static_cast<char*>(::VirtualAlloc(
+ *base_address, size - free_size, MEM_RESERVE, PAGE_READWRITE)));
+ ASSERT_NE(nullptr, ptr.get());
+ mem_range->push_back(std::move(ptr));
+ *base_address += size;
+}
+
+#define KIB(x) ((x)*1024ULL)
+#define MIB(x) (KIB(x) * 1024ULL)
+#define GIB(x) (MIB(x) * 1024ULL)
+// Construct a basic memory layout to do the test. We reserve first to get a
+// base address then reallocate with the following pattern.
+// |512MiB-64KiB Free|512MiB-128Kib Free|512MiB-256Kib Free|512MiB+512KiB Free|
+// The purpose of this is leave a couple of free memory regions within a 2GiB
+// block of reserved memory that we can test the searching allocator.
+void AllocateTestRange(std::vector<unique_ptr_vmem>* mem_range) {
+ // Ensure we preallocate enough space in the vector to prevent unexpected
+ // allocations.
+ mem_range->reserve(5);
+ SIZE_T total_size =
+ MIB(512) + MIB(512) + MIB(512) + MIB(512) + KIB(512) + KIB(64);
+ unique_ptr_vmem ptr(static_cast<char*>(
+ ::VirtualAlloc(nullptr, total_size, MEM_RESERVE, PAGE_READWRITE)));
+ ASSERT_NE(nullptr, ptr.get());
+ char* base_address = ptr.get();
+ char* orig_base = base_address;
+ ptr.reset();
+ AllocateBlock(MIB(512), KIB(64), &base_address, mem_range);
+ AllocateBlock(MIB(512), KIB(128), &base_address, mem_range);
+ AllocateBlock(MIB(512), KIB(256), &base_address, mem_range);
+ AllocateBlock(MIB(512) + KIB(512), KIB(512), &base_address, mem_range);
+ // Allocate a memory block at end to act as an upper bound.
+ AllocateBlock(KIB(64), 0, &base_address, mem_range);
+ ASSERT_EQ(total_size, static_cast<SIZE_T>(base_address - orig_base));
+}
+
+// Test we can allocate appropriate blocks.
+void TestAlignedRange(char* base_address) {
+ unique_ptr_vmem ptr_256k(new (sandbox::NT_PAGE, base_address) char[KIB(256)]);
+ EXPECT_EQ(base_address + GIB(1) + MIB(512) - KIB(256), ptr_256k.get());
+ unique_ptr_vmem ptr_64k(new (sandbox::NT_PAGE, base_address) char[KIB(64)]);
+ EXPECT_EQ(base_address + MIB(512) - KIB(64), ptr_64k.get());
+ unique_ptr_vmem ptr_128k(new (sandbox::NT_PAGE, base_address) char[KIB(128)]);
+ EXPECT_EQ(base_address + GIB(1) - KIB(128), ptr_128k.get());
+ // We will have run out of space here so should also fail.
+ unique_ptr_vmem ptr_64k_noalloc(
+ new (sandbox::NT_PAGE, base_address) char[KIB(64)]);
+ EXPECT_EQ(nullptr, ptr_64k_noalloc.get());
+}
+
+// Test the 512k block which exists at the end of the maximum allocation
+// boundary.
+void Test512kBlock(char* base_address) {
+ // This should fail as it'll just be out of range.
+ unique_ptr_vmem ptr_512k_noalloc(
+ new (sandbox::NT_PAGE, base_address) char[KIB(512)]);
+ EXPECT_EQ(nullptr, ptr_512k_noalloc.get());
+ // Check that moving base address we can allocate the 512k block.
+ unique_ptr_vmem ptr_512k(
+ new (sandbox::NT_PAGE, base_address + GIB(1)) char[KIB(512)]);
+ EXPECT_EQ(base_address + GIB(2), ptr_512k.get());
+ // Free pointer first.
+ ptr_512k.reset();
+ ptr_512k.reset(new (sandbox::NT_PAGE, base_address + GIB(2)) char[KIB(512)]);
+ EXPECT_EQ(base_address + GIB(2), ptr_512k.get());
+}
+
+// Test we can allocate appropriate blocks even when starting at an unaligned
+// address.
+void TestUnalignedRange(char* base_address) {
+ char* unaligned_base = base_address + 123456;
+ unique_ptr_vmem ptr_256k(
+ new (sandbox::NT_PAGE, unaligned_base) char[KIB(256)]);
+ EXPECT_EQ(base_address + GIB(1) + MIB(512) - KIB(256), ptr_256k.get());
+ unique_ptr_vmem ptr_64k(new (sandbox::NT_PAGE, unaligned_base) char[KIB(64)]);
+ EXPECT_EQ(base_address + MIB(512) - KIB(64), ptr_64k.get());
+ unique_ptr_vmem ptr_128k(
+ new (sandbox::NT_PAGE, unaligned_base) char[KIB(128)]);
+ EXPECT_EQ(base_address + GIB(1) - KIB(128), ptr_128k.get());
+}
+
+// Test maximum number of available allocations within the predefined pattern.
+void TestMaxAllocations(char* base_address) {
+ // There's only 7 64k blocks in the first 2g which we can fill.
+ unique_ptr_vmem ptr_1(new (sandbox::NT_PAGE, base_address) char[1]);
+ EXPECT_NE(nullptr, ptr_1.get());
+ unique_ptr_vmem ptr_2(new (sandbox::NT_PAGE, base_address) char[1]);
+ EXPECT_NE(nullptr, ptr_2.get());
+ unique_ptr_vmem ptr_3(new (sandbox::NT_PAGE, base_address) char[1]);
+ EXPECT_NE(nullptr, ptr_3.get());
+ unique_ptr_vmem ptr_4(new (sandbox::NT_PAGE, base_address) char[1]);
+ EXPECT_NE(nullptr, ptr_4.get());
+ unique_ptr_vmem ptr_5(new (sandbox::NT_PAGE, base_address) char[1]);
+ EXPECT_NE(nullptr, ptr_5.get());
+ unique_ptr_vmem ptr_6(new (sandbox::NT_PAGE, base_address) char[1]);
+ EXPECT_NE(nullptr, ptr_6.get());
+ unique_ptr_vmem ptr_7(new (sandbox::NT_PAGE, base_address) char[1]);
+ EXPECT_NE(nullptr, ptr_7.get());
+ unique_ptr_vmem ptr_8(new (sandbox::NT_PAGE, base_address) char[1]);
+ EXPECT_EQ(nullptr, ptr_8.get());
+}
+
+// Test extreme allocations we know should fail.
+void TestExtremes() {
+ unique_ptr_vmem ptr_null(new (sandbox::NT_PAGE, nullptr) char[1]);
+ EXPECT_EQ(nullptr, ptr_null.get());
+ unique_ptr_vmem ptr_too_large(
+ new (sandbox::NT_PAGE, reinterpret_cast<void*>(0x1000000)) char[GIB(4)]);
+ EXPECT_EQ(nullptr, ptr_too_large.get());
+ unique_ptr_vmem ptr_overflow(
+ new (sandbox::NT_PAGE, reinterpret_cast<void*>(SIZE_MAX)) char[1]);
+ EXPECT_EQ(nullptr, ptr_overflow.get());
+ unique_ptr_vmem ptr_invalid(new (
+ sandbox::NT_PAGE, reinterpret_cast<void*>(SIZE_MAX - 0x1000000)) char[1]);
+ EXPECT_EQ(nullptr, ptr_invalid.get());
+}
+
+// Test nearest allocator, only do this for 64 bit. We test through the exposed
+// new operator as we can't call the AllocateNearTo function directly.
+TEST(SandboxNtUtil, NearestAllocator) {
+ InitGlobalNt();
+ std::vector<unique_ptr_vmem> mem_range;
+ AllocateTestRange(&mem_range);
+ ASSERT_LT(0U, mem_range.size());
+ char* base_address = static_cast<char*>(mem_range[0].get());
+
+ TestAlignedRange(base_address);
+ Test512kBlock(base_address);
+ TestUnalignedRange(base_address);
+ TestMaxAllocations(base_address);
+ TestExtremes();
+}
+
+#endif // defined(_WIN64)
+
} // namespace
} // namespace sandbox
diff --git a/chromium/sandbox/win/src/sandbox_types.h b/chromium/sandbox/win/src/sandbox_types.h
index 919086a828e..ae36ef5c95f 100644
--- a/chromium/sandbox/win/src/sandbox_types.h
+++ b/chromium/sandbox/win/src/sandbox_types.h
@@ -5,6 +5,7 @@
#ifndef SANDBOX_WIN_SRC_SANDBOX_TYPES_H_
#define SANDBOX_WIN_SRC_SANDBOX_TYPES_H_
+#include "base/process/kill.h"
#include "base/process/launch.h"
namespace sandbox {
@@ -103,6 +104,8 @@ enum ResultCode : int {
SBOX_ERROR_CANNOT_RESOLVE_INTERCEPTION_THUNK = 41,
// Cannot write interception thunk to child process.
SBOX_ERROR_CANNOT_WRITE_INTERCEPTION_THUNK = 42,
+ // Cannot find the base address of the new process.
+ SBOX_ERROR_CANNOT_FIND_BASE_ADDRESS = 43,
// Placeholder for last item of the enum.
SBOX_ERROR_LAST
};
@@ -121,6 +124,10 @@ enum TerminationCodes {
SBOX_FATAL_LAST
};
+static_assert(SBOX_FATAL_MEMORY_EXCEEDED ==
+ base::win::kSandboxFatalMemoryExceeded,
+ "Value for SBOX_FATAL_MEMORY_EXCEEDED must match base.");
+
class BrokerServices;
class TargetServices;
diff --git a/chromium/sandbox/win/src/security_level.h b/chromium/sandbox/win/src/security_level.h
index d8524c1facc..ecca64d8fc7 100644
--- a/chromium/sandbox/win/src/security_level.h
+++ b/chromium/sandbox/win/src/security_level.h
@@ -154,11 +154,13 @@ const MitigationFlags MITIGATION_DEP_NO_ATL_THUNK = 0x00000002;
// PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE.
const MitigationFlags MITIGATION_SEHOP = 0x00000004;
-// Forces ASLR on all images in the child process. Corresponds to
+// Forces ASLR on all images in the child process. In debug builds, must be
+// enabled after startup. Corresponds to
// PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON .
const MitigationFlags MITIGATION_RELOCATE_IMAGE = 0x00000008;
-// Refuses to load DLLs that cannot support ASLR. Corresponds to
+// Refuses to load DLLs that cannot support ASLR. In debug builds, must be
+// enabled after startup. Corresponds to
// PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS.
const MitigationFlags MITIGATION_RELOCATE_IMAGE_REQUIRED = 0x00000010;
@@ -185,6 +187,11 @@ const MitigationFlags MITIGATION_STRICT_HANDLE_CHECKS = 0x00000100;
// Prevents the process from making Win32k calls. Corresponds to
// PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON.
+//
+// Applications linked to user32.dll or gdi32.dll make Win32k calls during
+// setup, even if Win32k is not otherwise used. So they also need to add a rule
+// with SUBSYS_WIN32K_LOCKDOWN and semantics FAKE_USER_GDI_INIT to allow the
+// initialization to succeed.
const MitigationFlags MITIGATION_WIN32K_DISABLE = 0x00000200;
// Prevents certain built-in third party extension points from being used.
diff --git a/chromium/sandbox/win/src/sharedmem_ipc_server.cc b/chromium/sandbox/win/src/sharedmem_ipc_server.cc
index 672abfacb7a..fbe85f176af 100644
--- a/chromium/sandbox/win/src/sharedmem_ipc_server.cc
+++ b/chromium/sandbox/win/src/sharedmem_ipc_server.cc
@@ -60,7 +60,7 @@ SharedMemIPCServer::~SharedMemIPCServer() {
// Better to leak than to crash.
return;
}
- STLDeleteElements(&server_contexts_);
+ base::STLDeleteElements(&server_contexts_);
if (client_control_)
::UnmapViewOfFile(client_control_);
diff --git a/chromium/sandbox/win/src/target_process.cc b/chromium/sandbox/win/src/target_process.cc
index 7fddffb4c41..72e2780c8c3 100644
--- a/chromium/sandbox/win/src/target_process.cc
+++ b/chromium/sandbox/win/src/target_process.cc
@@ -12,7 +12,6 @@
#include "base/macros.h"
#include "base/memory/free_deleter.h"
-#include "base/win/pe_image.h"
#include "base/win/startup_information.h"
#include "base/win/windows_version.h"
#include "sandbox/win/src/crosscall_client.h"
@@ -50,26 +49,6 @@ SANDBOX_INTERCEPT HANDLE g_shared_section;
SANDBOX_INTERCEPT size_t g_shared_IPC_size;
SANDBOX_INTERCEPT size_t g_shared_policy_size;
-// Returns the address of the main exe module in memory taking in account
-// address space layout randomization.
-void* GetBaseAddress(const wchar_t* exe_name, void* entry_point) {
- HMODULE exe = ::LoadLibrary(exe_name);
- if (NULL == exe)
- return exe;
-
- base::win::PEImage pe(exe);
- if (!pe.VerifyMagic()) {
- ::FreeLibrary(exe);
- return exe;
- }
- PIMAGE_NT_HEADERS nt_header = pe.GetNTHeaders();
- char* base = reinterpret_cast<char*>(entry_point) -
- nt_header->OptionalHeader.AddressOfEntryPoint;
-
- ::FreeLibrary(exe);
- return base;
-}
-
TargetProcess::TargetProcess(base::win::ScopedHandle initial_token,
base::win::ScopedHandle lockdown_token,
HANDLE job,
@@ -180,31 +159,20 @@ ResultCode TargetProcess::Create(
initial_token_.Close();
}
- CONTEXT context;
- context.ContextFlags = CONTEXT_ALL;
- if (!::GetThreadContext(process_info.thread_handle(), &context)) {
- *win_error = ::GetLastError();
- ::TerminateProcess(process_info.process_handle(), 0);
- return SBOX_ERROR_GET_THREAD_CONTEXT;
- }
-
-#if defined(_WIN64)
- void* entry_point = reinterpret_cast<void*>(context.Rcx);
-#else
-#pragma warning(push)
-#pragma warning(disable: 4312)
- // This cast generates a warning because it is 32 bit specific.
- void* entry_point = reinterpret_cast<void*>(context.Eax);
-#pragma warning(pop)
-#endif // _WIN64
-
if (!target_info->DuplicateFrom(process_info)) {
*win_error = ::GetLastError(); // This may or may not be correct.
::TerminateProcess(process_info.process_handle(), 0);
return SBOX_ERROR_DUPLICATE_TARGET_INFO;
}
- base_address_ = GetBaseAddress(exe_path, entry_point);
+ base_address_ = GetProcessBaseAddress(process_info.process_handle());
+ DCHECK(base_address_);
+ if (!base_address_) {
+ *win_error = ::GetLastError();
+ ::TerminateProcess(process_info.process_handle(), 0);
+ return SBOX_ERROR_CANNOT_FIND_BASE_ADDRESS;
+ }
+
sandbox_process_info_.Set(process_info.Take());
return SBOX_ALL_OK;
}
diff --git a/chromium/sandbox/win/src/win_utils.cc b/chromium/sandbox/win/src/win_utils.cc
index c31c25e3af5..9dfb2c9fb92 100644
--- a/chromium/sandbox/win/src/win_utils.cc
+++ b/chromium/sandbox/win/src/win_utils.cc
@@ -4,12 +4,17 @@
#include "sandbox/win/src/win_utils.h"
+#include <psapi.h>
#include <stddef.h>
+#include <stdint.h>
#include <map>
#include <memory>
+#include <vector>
#include "base/macros.h"
+#include "base/numerics/safe_math.h"
+#include "base/strings/string16.h"
#include "base/strings/string_util.h"
#include "base/win/pe_image.h"
#include "sandbox/win/src/internal_types.h"
@@ -104,6 +109,45 @@ void RemoveImpliedDevice(base::string16* path) {
*path = path->substr(kNTDotPrefixLen);
}
+// Get the native path to the process.
+bool GetProcessPath(HANDLE process, base::string16* path) {
+ wchar_t process_name[MAX_PATH];
+ DWORD size = MAX_PATH;
+ if (::QueryFullProcessImageNameW(process, PROCESS_NAME_NATIVE, process_name,
+ &size)) {
+ *path = process_name;
+ return true;
+ }
+ // Process name is potentially greater than MAX_PATH, try larger max size.
+ std::vector<wchar_t> process_name_buffer(SHRT_MAX);
+ size = SHRT_MAX;
+ if (::QueryFullProcessImageNameW(process, PROCESS_NAME_NATIVE,
+ &process_name_buffer[0], &size)) {
+ *path = &process_name_buffer[0];
+ return true;
+ }
+ return false;
+}
+
+// Get the native path for a mapped file.
+bool GetImageFilePath(HANDLE process,
+ void* base_address,
+ base::string16* path) {
+ wchar_t mapped_path[MAX_PATH];
+ if (::GetMappedFileNameW(process, base_address, mapped_path, MAX_PATH)) {
+ *path = mapped_path;
+ return true;
+ }
+ // Image name is potentially greater than MAX_PATH, try larger max size.
+ std::vector<wchar_t> mapped_path_buffer(SHRT_MAX);
+ if (::GetMappedFileNameW(process, base_address, &mapped_path_buffer[0],
+ SHRT_MAX)) {
+ *path = &mapped_path_buffer[0];
+ return true;
+ }
+ return false;
+}
+
} // namespace
namespace sandbox {
@@ -410,6 +454,47 @@ DWORD GetLastErrorFromNtStatus(NTSTATUS status) {
return NtStatusToDosError(status);
}
+// This function walks the virtual memory map using VirtualQueryEx to find
+// the main executable's image section. We attempt to find the first image
+// section which matches the path returned for the process. This shouldn't
+// be a major performance problem because a new process has a very limited
+// amount of memory allocated so the majority of the valid range should be
+// skipped immediately. However if it turns out to be the case it could be
+// optimized in the specific case of the process being the same as the
+// current process, which due to ASLR rules the image load address will almost
+// always match the current process's load address.
+void* GetProcessBaseAddress(HANDLE process) {
+ MEMORY_BASIC_INFORMATION mem_info = {};
+ // Start 64KiB above zero page.
+ void* current = reinterpret_cast<void*>(0x10000);
+ base::string16 process_path;
+
+ if (!GetProcessPath(process, &process_path))
+ return nullptr;
+
+ // Walk the virtual memory mappings trying to find image sections.
+ // VirtualQueryEx will return false if it encounters a location outside of
+ // the user memory range.
+ while (::VirtualQueryEx(process, current, &mem_info, sizeof(mem_info))) {
+ base::string16 image_path;
+ if (mem_info.Type == MEM_IMAGE &&
+ GetImageFilePath(process, mem_info.BaseAddress, &image_path) &&
+ EqualPath(process_path, image_path)) {
+ return mem_info.BaseAddress;
+ }
+ // VirtualQueryEx should fail before overflow, but just in case we'll check
+ // to prevent an infinite loop.
+ base::CheckedNumeric<uintptr_t> next_base =
+ reinterpret_cast<uintptr_t>(mem_info.BaseAddress);
+ next_base += mem_info.RegionSize;
+ if (!next_base.IsValid())
+ return nullptr;
+ current = reinterpret_cast<void*>(next_base.ValueOrDie());
+ }
+
+ return nullptr;
+}
+
}; // namespace sandbox
void ResolveNTFunctionPtr(const char* name, void* ptr) {
@@ -423,7 +508,6 @@ void ResolveNTFunctionPtr(const char* name, void* ptr) {
// Race-safe way to set static ntdll.
::InterlockedCompareExchangePointer(
reinterpret_cast<PVOID volatile*>(&ntdll), ntdll_local, NULL);
-
}
CHECK_NT(ntdll);
diff --git a/chromium/sandbox/win/src/win_utils.h b/chromium/sandbox/win/src/win_utils.h
index 13dc569c10a..b88b08c63c1 100644
--- a/chromium/sandbox/win/src/win_utils.h
+++ b/chromium/sandbox/win/src/win_utils.h
@@ -112,6 +112,14 @@ bool IsPipe(const base::string16& path);
// Converts a NTSTATUS code to a Win32 error code.
DWORD GetLastErrorFromNtStatus(NTSTATUS status);
+// Returns the address of the main exe module in memory taking in account
+// address space layout randomization. While it will work on running processes
+// it's recommended to only call this for a suspended process. Ideally also
+// a process which has not been started. There's a slim chance that a process
+// could map its own executables file multiple times, but this is pretty
+// unlikely to occur in practice.
+void* GetProcessBaseAddress(HANDLE process);
+
} // namespace sandbox
// Resolves a function name in NTDLL to a function pointer. The second parameter
diff --git a/chromium/sandbox/win/src/win_utils_unittest.cc b/chromium/sandbox/win/src/win_utils_unittest.cc
index 7500798102a..50ded519153 100644
--- a/chromium/sandbox/win/src/win_utils_unittest.cc
+++ b/chromium/sandbox/win/src/win_utils_unittest.cc
@@ -3,13 +3,55 @@
// found in the LICENSE file.
#include <windows.h>
+#include <psapi.h>
+#include <vector>
+
+#include "base/numerics/safe_conversions.h"
#include "base/win/scoped_handle.h"
+#include "base/win/scoped_process_information.h"
#include "sandbox/win/src/nt_internals.h"
#include "sandbox/win/src/win_utils.h"
#include "sandbox/win/tests/common/test_utils.h"
#include "testing/gtest/include/gtest/gtest.h"
+namespace {
+
+class ScopedTerminateProcess {
+ public:
+ ScopedTerminateProcess(HANDLE process) : process_(process) {}
+
+ ~ScopedTerminateProcess() { ::TerminateProcess(process_, 0); }
+
+ private:
+ HANDLE process_;
+};
+
+bool GetModuleList(HANDLE process, std::vector<HMODULE>* result) {
+ std::vector<HMODULE> modules(256);
+ DWORD size_needed = 0;
+ if (EnumProcessModules(
+ process, &modules[0],
+ base::checked_cast<DWORD>(modules.size() * sizeof(HMODULE)),
+ &size_needed)) {
+ result->assign(modules.begin(),
+ modules.begin() + (size_needed / sizeof(HMODULE)));
+ return true;
+ }
+ modules.resize(size_needed / sizeof(HMODULE));
+ if (EnumProcessModules(
+ process, &modules[0],
+ base::checked_cast<DWORD>(modules.size() * sizeof(HMODULE)),
+ &size_needed)) {
+ result->assign(modules.begin(),
+ modules.begin() + (size_needed / sizeof(HMODULE)));
+ return true;
+ }
+ return false;
+}
+
+} // namespace
+
TEST(WinUtils, IsReparsePoint) {
using sandbox::IsReparsePoint;
@@ -122,3 +164,48 @@ TEST(WinUtils, NtStatusToWin32Error) {
EXPECT_EQ(static_cast<DWORD>(ERROR_ACCESS_DENIED),
GetLastErrorFromNtStatus(STATUS_ACCESS_DENIED));
}
+
+TEST(WinUtils, GetProcessBaseAddress) {
+ using sandbox::GetProcessBaseAddress;
+ STARTUPINFO start_info = {};
+ PROCESS_INFORMATION proc_info = {};
+ WCHAR command_line[] = L"notepad";
+ start_info.cb = sizeof(start_info);
+ start_info.dwFlags = STARTF_USESHOWWINDOW;
+ start_info.wShowWindow = SW_HIDE;
+ EXPECT_TRUE(::CreateProcessW(nullptr, command_line, nullptr, nullptr, FALSE,
+ CREATE_SUSPENDED, nullptr, nullptr, &start_info,
+ &proc_info));
+ base::win::ScopedProcessInformation scoped_proc_info(proc_info);
+ ScopedTerminateProcess process_terminate(scoped_proc_info.process_handle());
+ void* base_address = GetProcessBaseAddress(scoped_proc_info.process_handle());
+ EXPECT_NE(nullptr, base_address);
+ EXPECT_NE(static_cast<DWORD>(-1),
+ ::ResumeThread(scoped_proc_info.thread_handle()));
+ ::WaitForInputIdle(scoped_proc_info.process_handle(), 1000);
+ EXPECT_NE(static_cast<DWORD>(-1),
+ ::SuspendThread(scoped_proc_info.thread_handle()));
+ // Check again, the process will have done some more memory initialization.
+ EXPECT_EQ(base_address,
+ GetProcessBaseAddress(scoped_proc_info.process_handle()));
+
+ std::vector<HMODULE> modules;
+ // Compare against the loader's module list (which should now be initialized).
+ // GetModuleList could fail if the target process hasn't fully initialized.
+ // If so skip this check and log it as a warning.
+ if (GetModuleList(scoped_proc_info.process_handle(), &modules) &&
+ modules.size() > 0) {
+ // First module should be the main executable.
+ EXPECT_EQ(base_address, modules[0]);
+ } else {
+ LOG(WARNING) << "Couldn't test base address against module list";
+ }
+ // Fill in some of the virtual memory with 10MiB chunks and try again.
+ for (int count = 0; count < 100; ++count) {
+ EXPECT_NE(nullptr,
+ ::VirtualAllocEx(scoped_proc_info.process_handle(), nullptr,
+ 10 * 1024 * 1024, MEM_RESERVE, PAGE_NOACCESS));
+ }
+ EXPECT_EQ(base_address,
+ GetProcessBaseAddress(scoped_proc_info.process_handle()));
+} \ No newline at end of file
diff --git a/chromium/sandbox/win/wow_helper.sln b/chromium/sandbox/win/wow_helper.sln
deleted file mode 100644
index 26d0da25262..00000000000
--- a/chromium/sandbox/win/wow_helper.sln
+++ /dev/null
@@ -1,19 +0,0 @@
-Microsoft Visual Studio Solution File, Format Version 9.00
-# Visual Studio 2005
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wow_helper", "wow_helper\wow_helper.vcproj", "{BCF3A457-39F1-4DAA-9A65-93CFCD559036}"
-EndProject
-Global
- GlobalSection(SolutionConfigurationPlatforms) = preSolution
- Debug|x64 = Debug|x64
- Release|x64 = Release|x64
- EndGlobalSection
- GlobalSection(ProjectConfigurationPlatforms) = postSolution
- {BCF3A457-39F1-4DAA-9A65-93CFCD559036}.Debug|x64.ActiveCfg = Debug|x64
- {BCF3A457-39F1-4DAA-9A65-93CFCD559036}.Debug|x64.Build.0 = Debug|x64
- {BCF3A457-39F1-4DAA-9A65-93CFCD559036}.Release|x64.ActiveCfg = Release|x64
- {BCF3A457-39F1-4DAA-9A65-93CFCD559036}.Release|x64.Build.0 = Release|x64
- EndGlobalSection
- GlobalSection(SolutionProperties) = preSolution
- HideSolutionNode = FALSE
- EndGlobalSection
-EndGlobal
diff --git a/chromium/sandbox/win/wow_helper/service64_resolver.cc b/chromium/sandbox/win/wow_helper/service64_resolver.cc
deleted file mode 100644
index 1e71b50d783..00000000000
--- a/chromium/sandbox/win/wow_helper/service64_resolver.cc
+++ /dev/null
@@ -1,347 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/win/wow_helper/service64_resolver.h"
-
-#include <limits.h>
-#include <stddef.h>
-
-#include <memory>
-
-#include "base/bit_cast.h"
-#include "sandbox/win/wow_helper/target_code.h"
-
-namespace {
-#pragma pack(push, 1)
-
-const BYTE kMovEax = 0xB8;
-const BYTE kMovEdx = 0xBA;
-const USHORT kCallPtrEdx = 0x12FF;
-const BYTE kRet = 0xC2;
-const BYTE kNop = 0x90;
-const USHORT kJmpEdx = 0xE2FF;
-const USHORT kXorEcx = 0xC933;
-const ULONG kLeaEdx = 0x0424548D;
-const ULONG kCallFs1 = 0xC015FF64;
-const ULONG kCallFs2Ret = 0xC2000000;
-const BYTE kPopEdx = 0x5A;
-const BYTE kPushEdx = 0x52;
-const BYTE kPush32 = 0x68;
-
-const ULONG kMmovR10EcxMovEax = 0xB8D18B4C;
-const USHORT kSyscall = 0x050F;
-const BYTE kRetNp = 0xC3;
-const BYTE kPad = 0x66;
-const USHORT kNop16 = 0x9066;
-const BYTE kRelJmp = 0xE9;
-
-const ULONG kXorRaxMovEax = 0xB8C03148;
-const ULONG kSaveRcx = 0x10488948;
-const ULONG kMovRcxRaxJmp = 0xE9C88B48;
-
-// Service code for 64 bit systems.
-struct ServiceEntry {
- // this struct contains roughly the following code:
- // mov r10,rcx
- // mov eax,52h
- // syscall
- // ret
- // xchg ax,ax
- // xchg ax,ax
-
- ULONG mov_r10_ecx_mov_eax; // = 4C 8B D1 B8
- ULONG service_id;
- USHORT syscall; // = 0F 05
- BYTE ret; // = C3
- BYTE pad; // = 66
- USHORT xchg_ax_ax1; // = 66 90
- USHORT xchg_ax_ax2; // = 66 90
-};
-
-struct Redirected {
- // this struct contains roughly the following code:
- // jmp relative_32
- // xchg ax,ax // 3 byte nop
-
- Redirected() {
- jmp = kRelJmp;
- relative = 0;
- pad = kPad;
- xchg_ax_ax = kNop16;
- };
- BYTE jmp; // = E9
- ULONG relative;
- BYTE pad; // = 66
- USHORT xchg_ax_ax; // = 66 90
-};
-
-struct InternalThunk {
- // this struct contains roughly the following code:
- // xor rax,rax
- // mov eax, 0x00080000 // Thunk storage.
- // mov [rax]PatchInfo.service, rcx // Save first argument.
- // mov rcx, rax
- // jmp relative_to_interceptor
-
- InternalThunk() {
- xor_rax_mov_eax = kXorRaxMovEax;
- patch_info = 0;
- save_rcx = kSaveRcx;
- mov_rcx_rax_jmp = kMovRcxRaxJmp;
- relative = 0;
- };
- ULONG xor_rax_mov_eax; // = 48 31 C0 B8
- ULONG patch_info;
- ULONG save_rcx; // = 48 89 48 10
- ULONG mov_rcx_rax_jmp; // = 48 8b c8 e9
- ULONG relative;
-};
-
-struct ServiceFullThunk {
- sandbox::PatchInfo patch_info;
- ServiceEntry original;
- InternalThunk internal_thunk;
-};
-
-#pragma pack(pop)
-
-// Simple utility function to write to a buffer on the child, if the memery has
-// write protection attributes.
-// Arguments:
-// child_process (in): process to write to.
-// address (out): memory position on the child to write to.
-// buffer (in): local buffer with the data to write .
-// length (in): number of bytes to write.
-// Returns true on success.
-bool WriteProtectedChildMemory(HANDLE child_process,
- void* address,
- const void* buffer,
- size_t length) {
- // first, remove the protections
- DWORD old_protection;
- if (!::VirtualProtectEx(child_process, address, length,
- PAGE_WRITECOPY, &old_protection))
- return false;
-
- SIZE_T written;
- bool ok = ::WriteProcessMemory(child_process, address, buffer, length,
- &written) && (length == written);
-
- // always attempt to restore the original protection
- if (!::VirtualProtectEx(child_process, address, length,
- old_protection, &old_protection))
- return false;
-
- return ok;
-}
-
-// Get pointers to the functions that we need from ntdll.dll.
-NTSTATUS ResolveNtdll(sandbox::PatchInfo* patch_info) {
- wchar_t* ntdll_name = L"ntdll.dll";
- HMODULE ntdll = ::GetModuleHandle(ntdll_name);
- if (!ntdll)
- return STATUS_PROCEDURE_NOT_FOUND;
-
- void* signal = ::GetProcAddress(ntdll, "NtSignalAndWaitForSingleObject");
- if (!signal)
- return STATUS_PROCEDURE_NOT_FOUND;
-
- patch_info->signal_and_wait =
- reinterpret_cast<NtSignalAndWaitForSingleObjectFunction>(signal);
-
- return STATUS_SUCCESS;
-}
-
-}; // namespace
-
-namespace sandbox {
-
-NTSTATUS ResolverThunk::Init(const void* target_module,
- const void* interceptor_module,
- const char* target_name,
- const char* interceptor_name,
- const void* interceptor_entry_point,
- void* thunk_storage,
- size_t storage_bytes) {
- if (NULL == thunk_storage || 0 == storage_bytes ||
- NULL == target_module || NULL == target_name)
- return STATUS_INVALID_PARAMETER;
-
- if (storage_bytes < GetThunkSize())
- return STATUS_BUFFER_TOO_SMALL;
-
- NTSTATUS ret = STATUS_SUCCESS;
- if (NULL == interceptor_entry_point) {
- ret = ResolveInterceptor(interceptor_module, interceptor_name,
- &interceptor_entry_point);
- if (!NT_SUCCESS(ret))
- return ret;
- }
-
- ret = ResolveTarget(target_module, target_name, &target_);
- if (!NT_SUCCESS(ret))
- return ret;
-
- interceptor_ = interceptor_entry_point;
-
- return ret;
-}
-
-NTSTATUS ResolverThunk::ResolveInterceptor(const void* interceptor_module,
- const char* interceptor_name,
- const void** address) {
- return STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS ResolverThunk::ResolveTarget(const void* module,
- const char* function_name,
- void** address) {
- return STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS Service64ResolverThunk::Setup(const void* target_module,
- const void* interceptor_module,
- const char* target_name,
- const char* interceptor_name,
- const void* interceptor_entry_point,
- void* thunk_storage,
- size_t storage_bytes,
- size_t* storage_used) {
- NTSTATUS ret = Init(target_module, interceptor_module, target_name,
- interceptor_name, interceptor_entry_point,
- thunk_storage, storage_bytes);
- if (!NT_SUCCESS(ret))
- return ret;
-
- size_t thunk_bytes = GetThunkSize();
- std::unique_ptr<char[]> thunk_buffer(new char[thunk_bytes]);
- ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>(
- thunk_buffer.get());
-
- if (!IsFunctionAService(&thunk->original))
- return STATUS_UNSUCCESSFUL;
-
- ret = PerformPatch(thunk, thunk_storage);
-
- if (NULL != storage_used)
- *storage_used = thunk_bytes;
-
- return ret;
-}
-
-NTSTATUS Service64ResolverThunk::ResolveInterceptor(
- const void* interceptor_module,
- const char* interceptor_name,
- const void** address) {
- // After all, we are using a locally mapped version of the exe, so the
- // action is the same as for a target function.
- return ResolveTarget(interceptor_module, interceptor_name,
- const_cast<void**>(address));
-}
-
-// In this case all the work is done from the parent, so resolve is
-// just a simple GetProcAddress.
-NTSTATUS Service64ResolverThunk::ResolveTarget(const void* module,
- const char* function_name,
- void** address) {
- if (NULL == module)
- return STATUS_UNSUCCESSFUL;
-
- *address = ::GetProcAddress(bit_cast<HMODULE>(module), function_name);
-
- if (NULL == *address)
- return STATUS_UNSUCCESSFUL;
-
- return STATUS_SUCCESS;
-}
-
-size_t Service64ResolverThunk::GetThunkSize() const {
- return sizeof(ServiceFullThunk);
-}
-
-bool Service64ResolverThunk::IsFunctionAService(void* local_thunk) const {
- ServiceEntry function_code;
- SIZE_T read;
- if (!::ReadProcessMemory(process_, target_, &function_code,
- sizeof(function_code), &read))
- return false;
-
- if (sizeof(function_code) != read)
- return false;
-
- if (kMmovR10EcxMovEax != function_code.mov_r10_ecx_mov_eax ||
- kSyscall != function_code.syscall || kRetNp != function_code.ret)
- return false;
-
- // Save the verified code
- memcpy(local_thunk, &function_code, sizeof(function_code));
-
- return true;
-}
-
-NTSTATUS Service64ResolverThunk::PerformPatch(void* local_thunk,
- void* remote_thunk) {
- ServiceFullThunk* full_local_thunk = reinterpret_cast<ServiceFullThunk*>(
- local_thunk);
- ServiceFullThunk* full_remote_thunk = reinterpret_cast<ServiceFullThunk*>(
- remote_thunk);
-
- // If the source or target are above 4GB we cannot do this relative jump.
- if (reinterpret_cast<ULONG_PTR>(full_remote_thunk) >
- static_cast<ULONG_PTR>(ULONG_MAX))
- return STATUS_CONFLICTING_ADDRESSES;
-
- if (reinterpret_cast<ULONG_PTR>(target_) > static_cast<ULONG_PTR>(ULONG_MAX))
- return STATUS_CONFLICTING_ADDRESSES;
-
- // Patch the original code.
- Redirected local_service;
- Redirected* remote_service = reinterpret_cast<Redirected*>(target_);
- ULONG_PTR diff = reinterpret_cast<BYTE*>(&full_remote_thunk->internal_thunk) -
- &remote_service->pad;
- local_service.relative = static_cast<ULONG>(diff);
-
- // Setup the PatchInfo structure.
- SIZE_T actual;
- if (!::ReadProcessMemory(process_, remote_thunk, local_thunk,
- sizeof(PatchInfo), &actual))
- return STATUS_UNSUCCESSFUL;
- if (sizeof(PatchInfo) != actual)
- return STATUS_UNSUCCESSFUL;
-
- full_local_thunk->patch_info.orig_MapViewOfSection = reinterpret_cast<
- NtMapViewOfSectionFunction>(&full_remote_thunk->original);
- full_local_thunk->patch_info.patch_location = target_;
- NTSTATUS ret = ResolveNtdll(&full_local_thunk->patch_info);
- if (!NT_SUCCESS(ret))
- return ret;
-
- // Setup the thunk. The jump out is performed from right after the end of the
- // thunk (full_remote_thunk + 1).
- InternalThunk my_thunk;
- ULONG_PTR patch_info = reinterpret_cast<ULONG_PTR>(remote_thunk);
- my_thunk.patch_info = static_cast<ULONG>(patch_info);
- diff = reinterpret_cast<const BYTE*>(interceptor_) -
- reinterpret_cast<BYTE*>(full_remote_thunk + 1);
- my_thunk.relative = static_cast<ULONG>(diff);
-
- memcpy(&full_local_thunk->internal_thunk, &my_thunk, sizeof(my_thunk));
-
- // copy the local thunk buffer to the child
- if (!::WriteProcessMemory(process_, remote_thunk, local_thunk,
- sizeof(ServiceFullThunk), &actual))
- return STATUS_UNSUCCESSFUL;
-
- if (sizeof(ServiceFullThunk) != actual)
- return STATUS_UNSUCCESSFUL;
-
- // and now change the function to intercept, on the child
- if (!::WriteProtectedChildMemory(process_, target_, &local_service,
- sizeof(local_service)))
- return STATUS_UNSUCCESSFUL;
-
- return STATUS_SUCCESS;
-}
-
-} // namespace sandbox
diff --git a/chromium/sandbox/win/wow_helper/service64_resolver.h b/chromium/sandbox/win/wow_helper/service64_resolver.h
deleted file mode 100644
index 32ee46f8e67..00000000000
--- a/chromium/sandbox/win/wow_helper/service64_resolver.h
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__
-#define SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__
-
-#include <stddef.h>
-
-#include "base/macros.h"
-#include "sandbox/win/src/nt_internals.h"
-#include "sandbox/win/src/resolver.h"
-
-namespace sandbox {
-
-// This is the concrete resolver used to perform service-call type functions
-// inside ntdll.dll (64-bit).
-class Service64ResolverThunk : public ResolverThunk {
- public:
- // The service resolver needs a child process to write to.
- explicit Service64ResolverThunk(HANDLE process)
- : process_(process), ntdll_base_(NULL) {}
- virtual ~Service64ResolverThunk() {}
-
- // Implementation of Resolver::Setup.
- virtual NTSTATUS Setup(const void* target_module,
- const void* interceptor_module,
- const char* target_name,
- const char* interceptor_name,
- const void* interceptor_entry_point,
- void* thunk_storage,
- size_t storage_bytes,
- size_t* storage_used);
-
- // Implementation of Resolver::ResolveInterceptor.
- virtual NTSTATUS ResolveInterceptor(const void* module,
- const char* function_name,
- const void** address);
-
- // Implementation of Resolver::ResolveTarget.
- virtual NTSTATUS ResolveTarget(const void* module,
- const char* function_name,
- void** address);
-
- // Implementation of Resolver::GetThunkSize.
- virtual size_t GetThunkSize() const;
-
- protected:
- // The unit test will use this member to allow local patch on a buffer.
- HMODULE ntdll_base_;
-
- // Handle of the child process.
- HANDLE process_;
-
- private:
- // Returns true if the code pointer by target_ corresponds to the expected
- // type of function. Saves that code on the first part of the thunk pointed
- // by local_thunk (should be directly accessible from the parent).
- virtual bool IsFunctionAService(void* local_thunk) const;
-
- // Performs the actual patch of target_.
- // local_thunk must be already fully initialized, and the first part must
- // contain the original code. The real type of this buffer is ServiceFullThunk
- // (yes, private). remote_thunk (real type ServiceFullThunk), must be
- // allocated on the child, and will contain the thunk data, after this call.
- // Returns the apropriate status code.
- virtual NTSTATUS PerformPatch(void* local_thunk, void* remote_thunk);
-
- DISALLOW_COPY_AND_ASSIGN(Service64ResolverThunk);
-};
-
-} // namespace sandbox
-
-
-#endif // SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__
diff --git a/chromium/sandbox/win/wow_helper/target_code.cc b/chromium/sandbox/win/wow_helper/target_code.cc
deleted file mode 100644
index 8da27cc5764..00000000000
--- a/chromium/sandbox/win/wow_helper/target_code.cc
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/win/wow_helper/target_code.h"
-
-namespace sandbox {
-
-// Hooks NtMapViewOfSection to detect the load of dlls.
-NTSTATUS WINAPI TargetNtMapViewOfSection(
- PatchInfo *patch_info, HANDLE process, PVOID *base, ULONG_PTR zero_bits,
- SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size,
- SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) {
- NTSTATUS ret = patch_info->orig_MapViewOfSection(patch_info->section, process,
- base, zero_bits, commit_size,
- offset, view_size, inherit,
- allocation_type, protect);
-
- LARGE_INTEGER timeout;
- timeout.QuadPart = -(5 * 10000000); // 5 seconds.
-
- // The wait is alertable.
- patch_info->signal_and_wait(patch_info->dll_load, patch_info->continue_load,
- TRUE, &timeout);
-
- return ret;
-}
-
-// Marks the end of the code to copy to the target process.
-NTSTATUS WINAPI TargetEnd() {
- return STATUS_SUCCESS;
-}
-
-} // namespace sandbox
diff --git a/chromium/sandbox/win/wow_helper/target_code.h b/chromium/sandbox/win/wow_helper/target_code.h
deleted file mode 100644
index c198a852e2d..00000000000
--- a/chromium/sandbox/win/wow_helper/target_code.h
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_WOW_HELPER_TARGET_CODE_H__
-#define SANDBOX_WOW_HELPER_TARGET_CODE_H__
-
-#include "sandbox/win/src/nt_internals.h"
-
-namespace sandbox {
-
-extern "C" {
-
-// Holds the information needed for the interception of NtMapViewOfSection.
-// Changes of this structure must be synchronized with changes of PatchInfo32
-// on sandbox/win/src/wow64.cc.
-struct PatchInfo {
- HANDLE dll_load; // Event to signal the broker.
- HANDLE continue_load; // Event to wait for the broker.
- HANDLE section; // First argument of the call.
- NtMapViewOfSectionFunction orig_MapViewOfSection;
- NtSignalAndWaitForSingleObjectFunction signal_and_wait;
- void* patch_location;
-};
-
-// Interception of NtMapViewOfSection on the child process.
-// It should never be called directly. This function provides the means to
-// detect dlls being loaded, so we can patch them if needed.
-NTSTATUS WINAPI TargetNtMapViewOfSection(
- PatchInfo* patch_info, HANDLE process, PVOID* base, ULONG_PTR zero_bits,
- SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size,
- SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect);
-
-// Marker of the end of TargetNtMapViewOfSection.
-NTSTATUS WINAPI TargetEnd();
-
-} // extern "C"
-
-} // namespace sandbox
-
-#endif // SANDBOX_WOW_HELPER_TARGET_CODE_H__
diff --git a/chromium/sandbox/win/wow_helper/wow_helper.cc b/chromium/sandbox/win/wow_helper/wow_helper.cc
deleted file mode 100644
index af76cbc1358..00000000000
--- a/chromium/sandbox/win/wow_helper/wow_helper.cc
+++ /dev/null
@@ -1,87 +0,0 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Wow_helper.exe is a simple Win32 64-bit executable designed to help to
-// sandbox a 32 bit application running on a 64 bit OS. The basic idea is to
-// perform a 64 bit interception of the target process and notify the 32-bit
-// broker process whenever a DLL is being loaded. This allows the broker to
-// setup the interceptions (32-bit) properly on the target.
-
-#include <windows.h>
-#include <stddef.h>
-
-#include <string>
-
-#include "sandbox/win/wow_helper/service64_resolver.h"
-#include "sandbox/win/wow_helper/target_code.h"
-
-namespace sandbox {
-
-// Performs the interception of NtMapViewOfSection on the 64-bit version of
-// ntdll.dll. 'thunk' is the buffer on the address space of process 'child',
-// that will be used to store the information about the patch.
-int PatchNtdll(HANDLE child, void* thunk, size_t thunk_bytes) {
- wchar_t* ntdll_name = L"ntdll.dll";
- HMODULE ntdll_base = ::GetModuleHandle(ntdll_name);
- if (!ntdll_base)
- return 100;
-
- Service64ResolverThunk resolver(child);
- size_t used = resolver.GetThunkSize();
- char* code = reinterpret_cast<char*>(thunk) + used;
- NTSTATUS ret = resolver.Setup(ntdll_base, NULL, "NtMapViewOfSection", NULL,
- code, thunk, thunk_bytes, NULL);
- if (!NT_SUCCESS(ret))
- return 101;
-
- size_t size = reinterpret_cast<char*>(&TargetEnd) -
- reinterpret_cast<char*>(&TargetNtMapViewOfSection);
-
- if (size + used > thunk_bytes)
- return 102;
-
- SIZE_T written;
- if (!::WriteProcessMemory(child, code, &TargetNtMapViewOfSection, size,
- &written))
- return 103;
-
- if (size != written)
- return 104;
-
- return 0;
-}
-
-} // namespace sandbox
-
-// We must receive two arguments: the process id of the target to intercept and
-// the address of a page of memory on that process that will be used for the
-// interception. We receive the address because the broker will cleanup the
-// patch when the work is performed.
-//
-// It should be noted that we don't wait until the real work is done; this
-// program quits as soon as the 64-bit interception is performed.
-int wWinMain(HINSTANCE, HINSTANCE, wchar_t* command_line, int) {
- static_assert(sizeof(void*) > sizeof(DWORD), "unsupported 32 bits");
- if (!command_line)
- return 1;
-
- wchar_t* next;
- DWORD process_id = wcstoul(command_line, &next, 0);
- if (!process_id)
- return 2;
-
- DWORD access = PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE;
- HANDLE child = ::OpenProcess(access, FALSE, process_id);
- if (!child)
- return 3;
-
- DWORD buffer = wcstoul(next, NULL, 0);
- if (!buffer)
- return 4;
-
- void* thunk = reinterpret_cast<void*>(static_cast<ULONG_PTR>(buffer));
-
- const size_t kPageSize = 4096;
- return sandbox::PatchNtdll(child, thunk, kPageSize);
-}
diff --git a/chromium/sandbox/win/wow_helper/wow_helper.exe b/chromium/sandbox/win/wow_helper/wow_helper.exe
deleted file mode 100755
index f9bfb4bbdde..00000000000
--- a/chromium/sandbox/win/wow_helper/wow_helper.exe
+++ /dev/null
Binary files differ
diff --git a/chromium/sandbox/win/wow_helper/wow_helper.pdb b/chromium/sandbox/win/wow_helper/wow_helper.pdb
deleted file mode 100644
index 9cb67d001df..00000000000
--- a/chromium/sandbox/win/wow_helper/wow_helper.pdb
+++ /dev/null
Binary files differ
diff --git a/chromium/sandbox/win/wow_helper/wow_helper.vcproj b/chromium/sandbox/win/wow_helper/wow_helper.vcproj
deleted file mode 100644
index c8e7c9ebffe..00000000000
--- a/chromium/sandbox/win/wow_helper/wow_helper.vcproj
+++ /dev/null
@@ -1,215 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>
-<VisualStudioProject
- ProjectType="Visual C++"
- Version="8.00"
- Name="wow_helper"
- ProjectGUID="{BCF3A457-39F1-4DAA-9A65-93CFCD559036}"
- RootNamespace="wow_helper"
- Keyword="Win32Proj"
- >
- <Platforms>
- <Platform
- Name="x64"
- />
- </Platforms>
- <ToolFiles>
- </ToolFiles>
- <Configurations>
- <Configuration
- Name="Debug|x64"
- OutputDirectory="$(ProjectDir)"
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
- ConfigurationType="1"
- CharacterSet="1"
- >
- <Tool
- Name="VCPreBuildEventTool"
- />
- <Tool
- Name="VCCustomBuildTool"
- />
- <Tool
- Name="VCXMLDataGeneratorTool"
- />
- <Tool
- Name="VCWebServiceProxyGeneratorTool"
- />
- <Tool
- Name="VCMIDLTool"
- TargetEnvironment="3"
- />
- <Tool
- Name="VCCLCompilerTool"
- Optimization="0"
- AdditionalIncludeDirectories="$(SolutionDir)..;$(SolutionDir)..\third_party\platformsdk_win2008_6_1\files\Include;$(VSInstallDir)\VC\atlmfc\include"
- PreprocessorDefinitions="_WIN32_WINNT=0x0501;WINVER=0x0501;WIN32;_DEBUG"
- MinimalRebuild="true"
- BasicRuntimeChecks="0"
- RuntimeLibrary="1"
- BufferSecurityCheck="false"
- RuntimeTypeInfo="false"
- UsePrecompiledHeader="0"
- WarningLevel="3"
- Detect64BitPortabilityProblems="true"
- DebugInformationFormat="3"
- />
- <Tool
- Name="VCManagedResourceCompilerTool"
- />
- <Tool
- Name="VCResourceCompilerTool"
- />
- <Tool
- Name="VCPreLinkEventTool"
- />
- <Tool
- Name="VCLinkerTool"
- LinkIncremental="1"
- GenerateDebugInformation="true"
- SubSystem="2"
- TargetMachine="17"
- />
- <Tool
- Name="VCALinkTool"
- />
- <Tool
- Name="VCManifestTool"
- />
- <Tool
- Name="VCXDCMakeTool"
- />
- <Tool
- Name="VCBscMakeTool"
- />
- <Tool
- Name="VCFxCopTool"
- />
- <Tool
- Name="VCAppVerifierTool"
- />
- <Tool
- Name="VCWebDeploymentTool"
- />
- <Tool
- Name="VCPostBuildEventTool"
- />
- </Configuration>
- <Configuration
- Name="Release|x64"
- OutputDirectory="$(ProjectDir)"
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
- ConfigurationType="1"
- CharacterSet="1"
- WholeProgramOptimization="1"
- >
- <Tool
- Name="VCPreBuildEventTool"
- />
- <Tool
- Name="VCCustomBuildTool"
- />
- <Tool
- Name="VCXMLDataGeneratorTool"
- />
- <Tool
- Name="VCWebServiceProxyGeneratorTool"
- />
- <Tool
- Name="VCMIDLTool"
- TargetEnvironment="3"
- />
- <Tool
- Name="VCCLCompilerTool"
- AdditionalIncludeDirectories="$(SolutionDir)..;$(SolutionDir)..\third_party\platformsdk_win2008_6_1\files\Include;$(VSInstallDir)\VC\atlmfc\include"
- PreprocessorDefinitions="_WIN32_WINNT=0x0501;WINVER=0x0501;WIN32;NDEBUG"
- RuntimeLibrary="0"
- BufferSecurityCheck="false"
- RuntimeTypeInfo="false"
- UsePrecompiledHeader="0"
- WarningLevel="3"
- Detect64BitPortabilityProblems="true"
- DebugInformationFormat="3"
- />
- <Tool
- Name="VCManagedResourceCompilerTool"
- />
- <Tool
- Name="VCResourceCompilerTool"
- />
- <Tool
- Name="VCPreLinkEventTool"
- />
- <Tool
- Name="VCLinkerTool"
- LinkIncremental="1"
- GenerateDebugInformation="true"
- SubSystem="2"
- OptimizeReferences="2"
- EnableCOMDATFolding="2"
- TargetMachine="17"
- />
- <Tool
- Name="VCALinkTool"
- />
- <Tool
- Name="VCManifestTool"
- />
- <Tool
- Name="VCXDCMakeTool"
- />
- <Tool
- Name="VCBscMakeTool"
- />
- <Tool
- Name="VCFxCopTool"
- />
- <Tool
- Name="VCAppVerifierTool"
- />
- <Tool
- Name="VCWebDeploymentTool"
- />
- <Tool
- Name="VCPostBuildEventTool"
- />
- </Configuration>
- </Configurations>
- <References>
- </References>
- <Files>
- <Filter
- Name="sandbox"
- >
- <File
- RelativePath="..\src\nt_internals.h"
- >
- </File>
- <File
- RelativePath="..\src\resolver.h"
- >
- </File>
- </Filter>
- <File
- RelativePath=".\service64_resolver.cc"
- >
- </File>
- <File
- RelativePath=".\service64_resolver.h"
- >
- </File>
- <File
- RelativePath=".\target_code.cc"
- >
- </File>
- <File
- RelativePath=".\target_code.h"
- >
- </File>
- <File
- RelativePath=".\wow_helper.cc"
- >
- </File>
- </Files>
- <Globals>
- </Globals>
-</VisualStudioProject>