diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-01-04 14:17:57 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-01-05 10:05:06 +0000 |
commit | 39d357e3248f80abea0159765ff39554affb40db (patch) | |
tree | aba0e6bfb76de0244bba0f5fdbd64b830dd6e621 /chromium/sandbox | |
parent | 87778abf5a1f89266f37d1321b92a21851d8244d (diff) | |
download | qtwebengine-chromium-39d357e3248f80abea0159765ff39554affb40db.tar.gz |
BASELINE: Update Chromium to 55.0.2883.105
And updates ninja to 1.7.2
Change-Id: I20d43c737f82764d857ada9a55586901b18b9243
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/sandbox')
62 files changed, 669 insertions, 2353 deletions
diff --git a/chromium/sandbox/linux/BUILD.gn b/chromium/sandbox/linux/BUILD.gn index 76eef666ac1..1e6d7a1c813 100644 --- a/chromium/sandbox/linux/BUILD.gn +++ b/chromium/sandbox/linux/BUILD.gn @@ -41,10 +41,7 @@ group("sandbox") { public_deps += [ ":suid_sandbox_client" ] } if (use_seccomp_bpf || is_nacl_nonsfi) { - public_deps += [ - ":seccomp_bpf", - ":seccomp_bpf_helpers", - ] + public_deps += [ ":seccomp_bpf" ] } } @@ -221,6 +218,14 @@ component("seccomp_bpf") { "bpf_dsl/syscall_set.cc", "bpf_dsl/syscall_set.h", "bpf_dsl/trap_registry.h", + "seccomp-bpf-helpers/baseline_policy.cc", + "seccomp-bpf-helpers/baseline_policy.h", + "seccomp-bpf-helpers/sigsys_handlers.cc", + "seccomp-bpf-helpers/sigsys_handlers.h", + "seccomp-bpf-helpers/syscall_parameters_restrictions.cc", + "seccomp-bpf-helpers/syscall_parameters_restrictions.h", + "seccomp-bpf-helpers/syscall_sets.cc", + "seccomp-bpf-helpers/syscall_sets.h", "seccomp-bpf/die.cc", "seccomp-bpf/die.h", "seccomp-bpf/sandbox_bpf.cc", @@ -250,31 +255,6 @@ component("seccomp_bpf") { "bpf_dsl/linux_syscall_ranges.h", "bpf_dsl/seccomp_macros.h", "bpf_dsl/trap_registry.h", - ] - } -} - -component("seccomp_bpf_helpers") { - sources = [ - "seccomp-bpf-helpers/baseline_policy.cc", - "seccomp-bpf-helpers/baseline_policy.h", - "seccomp-bpf-helpers/sigsys_handlers.cc", - "seccomp-bpf-helpers/sigsys_handlers.h", - "seccomp-bpf-helpers/syscall_parameters_restrictions.cc", - "seccomp-bpf-helpers/syscall_parameters_restrictions.h", - "seccomp-bpf-helpers/syscall_sets.cc", - "seccomp-bpf-helpers/syscall_sets.h", - ] - defines = [ "SANDBOX_IMPLEMENTATION" ] - - deps = [ - ":sandbox_services", - ":seccomp_bpf", - "//base", - ] - - if (is_nacl_nonsfi) { - sources -= [ "seccomp-bpf-helpers/baseline_policy.cc", "seccomp-bpf-helpers/baseline_policy.h", "seccomp-bpf-helpers/syscall_sets.cc", @@ -306,7 +286,7 @@ if (is_linux) { import("//build/config/compiler/compiler.gni") import("//build/config/sanitizers/sanitizers.gni") - if (is_component_build && !using_sanitizer) { + if (is_component_build || using_sanitizer) { # WARNING! We remove this config so that we don't accidentally # pick up the //build/config:rpath_for_built_shared_libraries # sub-config. However, this means that we need to duplicate any @@ -317,9 +297,11 @@ if (is_linux) { } } - deps = [ - "//build/config/sanitizers:deps", - ] + # We also do not want to pick up any of the other sanitizer + # flags (i.e. we do not want to build w/ the sanitizers at all). + # This is safe to delete unconditionally, because it is part of the + # default configs and empty when not using the sanitizers. + configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ] } } diff --git a/chromium/sandbox/linux/sandbox_linux.gypi b/chromium/sandbox/linux/sandbox_linux.gypi deleted file mode 100644 index c19bdb1c5f6..00000000000 --- a/chromium/sandbox/linux/sandbox_linux.gypi +++ /dev/null @@ -1,434 +0,0 @@ -# Copyright (c) 2012 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -{ - 'variables': { - 'conditions': [ - ['OS=="linux"', { - 'compile_suid_client': 1, - 'compile_credentials': 1, - 'use_base_test_suite': 1, - }, { - 'compile_suid_client': 0, - 'compile_credentials': 0, - 'use_base_test_suite': 0, - }], - ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or ' - 'target_arch=="mipsel")', { - 'compile_seccomp_bpf_demo': 1, - }, { - 'compile_seccomp_bpf_demo': 0, - }], - ], - }, - 'target_defaults': { - 'target_conditions': [ - # All linux/ files will automatically be excluded on Android - # so make sure we re-include them explicitly. - ['OS == "android"', { - 'sources/': [ - ['include', '^linux/'], - ], - }], - ], - }, - 'targets': [ - # We have two principal targets: sandbox and sandbox_linux_unittests - # All other targets are listed as dependencies. - # There is one notable exception: for historical reasons, chrome_sandbox is - # the setuid sandbox and is its own target. - { - 'target_name': 'sandbox', - 'type': 'none', - 'dependencies': [ - 'sandbox_services', - ], - 'conditions': [ - [ 'compile_suid_client==1', { - 'dependencies': [ - 'suid_sandbox_client', - ], - }], - # Compile seccomp BPF when we support it. - [ 'use_seccomp_bpf==1', { - 'dependencies': [ - 'seccomp_bpf', - 'seccomp_bpf_helpers', - ], - }], - ], - }, - { - 'target_name': 'sandbox_linux_test_utils', - 'type': 'static_library', - 'dependencies': [ - '../testing/gtest.gyp:gtest', - ], - 'include_dirs': [ - '../..', - ], - 'sources': [ - 'tests/sandbox_test_runner.cc', - 'tests/sandbox_test_runner.h', - 'tests/sandbox_test_runner_function_pointer.cc', - 'tests/sandbox_test_runner_function_pointer.h', - 'tests/test_utils.cc', - 'tests/test_utils.h', - 'tests/unit_tests.cc', - 'tests/unit_tests.h', - ], - 'conditions': [ - [ 'use_seccomp_bpf==1', { - 'sources': [ - 'seccomp-bpf/bpf_tester_compatibility_delegate.h', - 'seccomp-bpf/bpf_tests.h', - 'seccomp-bpf/sandbox_bpf_test_runner.cc', - 'seccomp-bpf/sandbox_bpf_test_runner.h', - ], - 'dependencies': [ - 'seccomp_bpf', - ] - }], - [ 'use_base_test_suite==1', { - 'dependencies': [ - '../base/base.gyp:test_support_base', - ], - 'defines': [ - 'SANDBOX_USES_BASE_TEST_SUITE', - ], - }], - ], - }, - { - # The main sandboxing test target. - 'target_name': 'sandbox_linux_unittests', - 'includes': [ - 'sandbox_linux_test_sources.gypi', - ], - 'type': 'executable', - 'conditions': [ - [ 'OS == "android"', { - 'variables': { - 'test_type': 'gtest', - 'test_suite_name': '<(_target_name)', - }, - 'includes': [ - '../../build/android/test_runner.gypi', - ], - }] - ] - }, - { - 'target_name': 'seccomp_bpf', - 'type': '<(component)', - 'sources': [ - 'bpf_dsl/bpf_dsl.cc', - 'bpf_dsl/bpf_dsl.h', - 'bpf_dsl/bpf_dsl_forward.h', - 'bpf_dsl/bpf_dsl_impl.h', - 'bpf_dsl/codegen.cc', - 'bpf_dsl/codegen.h', - 'bpf_dsl/cons.h', - 'bpf_dsl/errorcode.h', - 'bpf_dsl/linux_syscall_ranges.h', - 'bpf_dsl/policy.cc', - 'bpf_dsl/policy.h', - 'bpf_dsl/policy_compiler.cc', - 'bpf_dsl/policy_compiler.h', - 'bpf_dsl/seccomp_macros.h', - 'bpf_dsl/seccomp_macros.h', - 'bpf_dsl/syscall_set.cc', - 'bpf_dsl/syscall_set.h', - 'bpf_dsl/trap_registry.h', - 'seccomp-bpf/die.cc', - 'seccomp-bpf/die.h', - 'seccomp-bpf/sandbox_bpf.cc', - 'seccomp-bpf/sandbox_bpf.h', - 'seccomp-bpf/syscall.cc', - 'seccomp-bpf/syscall.h', - 'seccomp-bpf/trap.cc', - 'seccomp-bpf/trap.h', - ], - 'dependencies': [ - '../base/base.gyp:base', - 'sandbox_services', - 'sandbox_services_headers', - ], - 'defines': [ - 'SANDBOX_IMPLEMENTATION', - ], - 'includes': [ - # Disable LTO due to compiler bug - # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57703 - '../../build/android/disable_gcc_lto.gypi', - ], - 'include_dirs': [ - '../..', - ], - }, - { - 'target_name': 'seccomp_bpf_helpers', - 'type': '<(component)', - 'sources': [ - 'seccomp-bpf-helpers/baseline_policy.cc', - 'seccomp-bpf-helpers/baseline_policy.h', - 'seccomp-bpf-helpers/sigsys_handlers.cc', - 'seccomp-bpf-helpers/sigsys_handlers.h', - 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc', - 'seccomp-bpf-helpers/syscall_parameters_restrictions.h', - 'seccomp-bpf-helpers/syscall_sets.cc', - 'seccomp-bpf-helpers/syscall_sets.h', - ], - 'dependencies': [ - '../base/base.gyp:base', - 'sandbox_services', - 'seccomp_bpf', - ], - 'defines': [ - 'SANDBOX_IMPLEMENTATION', - ], - 'include_dirs': [ - '../..', - ], - }, - { - # The setuid sandbox, for Linux - 'target_name': 'chrome_sandbox', - 'type': 'executable', - 'sources': [ - 'suid/common/sandbox.h', - 'suid/common/suid_unsafe_environment_variables.h', - 'suid/process_util.h', - 'suid/process_util_linux.c', - 'suid/sandbox.c', - ], - 'cflags': [ - # For ULLONG_MAX - '-std=gnu99', - ], - 'include_dirs': [ - '../..', - ], - # Do not use any sanitizer tools with this binary. http://crbug.com/382766 - 'cflags/': [ - ['exclude', '-fsanitize'], - ], - 'ldflags/': [ - ['exclude', '-fsanitize'], - ], - }, - { 'target_name': 'sandbox_services', - 'type': '<(component)', - 'sources': [ - 'services/init_process_reaper.cc', - 'services/init_process_reaper.h', - 'services/proc_util.cc', - 'services/proc_util.h', - 'services/resource_limits.cc', - 'services/resource_limits.h', - 'services/scoped_process.cc', - 'services/scoped_process.h', - 'services/syscall_wrappers.cc', - 'services/syscall_wrappers.h', - 'services/thread_helpers.cc', - 'services/thread_helpers.h', - 'services/yama.cc', - 'services/yama.h', - 'syscall_broker/broker_channel.cc', - 'syscall_broker/broker_channel.h', - 'syscall_broker/broker_client.cc', - 'syscall_broker/broker_client.h', - 'syscall_broker/broker_common.h', - 'syscall_broker/broker_file_permission.cc', - 'syscall_broker/broker_file_permission.h', - 'syscall_broker/broker_host.cc', - 'syscall_broker/broker_host.h', - 'syscall_broker/broker_policy.cc', - 'syscall_broker/broker_policy.h', - 'syscall_broker/broker_process.cc', - 'syscall_broker/broker_process.h', - ], - 'dependencies': [ - '../base/base.gyp:base', - ], - 'defines': [ - 'SANDBOX_IMPLEMENTATION', - ], - 'conditions': [ - ['compile_credentials==1', { - 'sources': [ - 'services/credentials.cc', - 'services/credentials.h', - 'services/namespace_sandbox.cc', - 'services/namespace_sandbox.h', - 'services/namespace_utils.cc', - 'services/namespace_utils.h', - ], - 'dependencies': [ - # for capability.h. - 'sandbox_services_headers', - ], - }], - ], - 'include_dirs': [ - '..', - ], - }, - { 'target_name': 'sandbox_services_headers', - 'type': 'none', - 'sources': [ - 'system_headers/arm64_linux_syscalls.h', - 'system_headers/arm64_linux_ucontext.h', - 'system_headers/arm_linux_syscalls.h', - 'system_headers/arm_linux_ucontext.h', - 'system_headers/capability.h', - 'system_headers/i386_linux_ucontext.h', - 'system_headers/linux_futex.h', - 'system_headers/linux_seccomp.h', - 'system_headers/linux_syscalls.h', - 'system_headers/linux_time.h', - 'system_headers/linux_ucontext.h', - 'system_headers/mips_linux_syscalls.h', - 'system_headers/mips_linux_ucontext.h', - 'system_headers/x86_32_linux_syscalls.h', - 'system_headers/x86_64_linux_syscalls.h', - ], - 'include_dirs': [ - '..', - ], - }, - { - 'target_name': 'suid_sandbox_client', - 'type': '<(component)', - 'sources': [ - 'suid/common/sandbox.h', - 'suid/common/suid_unsafe_environment_variables.h', - 'suid/client/setuid_sandbox_client.cc', - 'suid/client/setuid_sandbox_client.h', - 'suid/client/setuid_sandbox_host.cc', - 'suid/client/setuid_sandbox_host.h', - ], - 'defines': [ - 'SANDBOX_IMPLEMENTATION', - ], - 'dependencies': [ - '../base/base.gyp:base', - 'sandbox_services', - ], - 'include_dirs': [ - '..', - ], - }, - { - 'target_name': 'bpf_dsl_golden', - 'type': 'none', - 'actions': [ - { - 'action_name': 'generate', - 'inputs': [ - 'bpf_dsl/golden/generate.py', - 'bpf_dsl/golden/i386/ArgSizePolicy.txt', - 'bpf_dsl/golden/i386/BasicPolicy.txt', - 'bpf_dsl/golden/i386/ElseIfPolicy.txt', - 'bpf_dsl/golden/i386/MaskingPolicy.txt', - 'bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt', - 'bpf_dsl/golden/i386/NegativeConstantsPolicy.txt', - 'bpf_dsl/golden/i386/SwitchPolicy.txt', - 'bpf_dsl/golden/x86-64/ArgSizePolicy.txt', - 'bpf_dsl/golden/x86-64/BasicPolicy.txt', - 'bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt', - 'bpf_dsl/golden/x86-64/ElseIfPolicy.txt', - 'bpf_dsl/golden/x86-64/MaskingPolicy.txt', - 'bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt', - 'bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt', - 'bpf_dsl/golden/x86-64/SwitchPolicy.txt', - ], - 'outputs': [ - '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_files.h', - ], - 'action': [ - 'python', - 'linux/bpf_dsl/golden/generate.py', - '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_files.h', - 'linux/bpf_dsl/golden/i386/ArgSizePolicy.txt', - 'linux/bpf_dsl/golden/i386/BasicPolicy.txt', - 'linux/bpf_dsl/golden/i386/ElseIfPolicy.txt', - 'linux/bpf_dsl/golden/i386/MaskingPolicy.txt', - 'linux/bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt', - 'linux/bpf_dsl/golden/i386/NegativeConstantsPolicy.txt', - 'linux/bpf_dsl/golden/i386/SwitchPolicy.txt', - 'linux/bpf_dsl/golden/x86-64/ArgSizePolicy.txt', - 'linux/bpf_dsl/golden/x86-64/BasicPolicy.txt', - 'linux/bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt', - 'linux/bpf_dsl/golden/x86-64/ElseIfPolicy.txt', - 'linux/bpf_dsl/golden/x86-64/MaskingPolicy.txt', - 'linux/bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt', - 'linux/bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt', - 'linux/bpf_dsl/golden/x86-64/SwitchPolicy.txt', - ], - 'message': 'Generating header from golden files ...', - }, - ], - }, - ], - 'conditions': [ - [ 'OS=="android"', { - 'targets': [ - { - 'target_name': 'sandbox_linux_unittests_deps', - 'type': 'none', - 'dependencies': [ - 'sandbox_linux_unittests', - ], - 'variables': { - 'output_dir': '<(PRODUCT_DIR)/sandbox_linux_unittests__dist/', - 'native_binary': '<(PRODUCT_DIR)/sandbox_linux_unittests', - 'include_main_binary': 1, - }, - 'includes': [ - '../../build/android/native_app_dependencies.gypi' - ], - }], - }], - [ 'OS=="android"', { - 'conditions': [ - ['test_isolation_mode != "noop"', { - 'targets': [ - { - 'target_name': 'sandbox_linux_unittests_apk_run', - 'type': 'none', - 'dependencies': [ - 'sandbox_linux_unittests', - ], - 'includes': [ - '../../build/isolate.gypi', - ], - 'sources': [ - '../sandbox_linux_unittests_apk.isolate', - ], - }, - ], - }, - ], - ], - }], - ['test_isolation_mode != "noop"', { - 'targets': [ - { - 'target_name': 'sandbox_linux_unittests_run', - 'type': 'none', - 'dependencies': [ - 'sandbox_linux_unittests', - ], - 'includes': [ - '../../build/isolate.gypi', - ], - 'sources': [ - '../sandbox_linux_unittests.isolate', - ], - }, - ], - }], - ], -} diff --git a/chromium/sandbox/linux/sandbox_linux_nacl_nonsfi.gyp b/chromium/sandbox/linux/sandbox_linux_nacl_nonsfi.gyp deleted file mode 100644 index 50e637c360b..00000000000 --- a/chromium/sandbox/linux/sandbox_linux_nacl_nonsfi.gyp +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2015 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -{ - 'variables': { - 'chromium_code': 1, - }, - 'includes': [ - '../../build/common_untrusted.gypi', - ], - 'conditions': [ - ['disable_nacl==0 and disable_nacl_untrusted==0', { - 'targets': [ - { - 'target_name': 'sandbox_linux_nacl_nonsfi', - 'type': 'none', - 'variables': { - 'nacl_untrusted_build': 1, - 'nlib_target': 'libsandbox_linux_nacl_nonsfi.a', - 'build_glibc': 0, - 'build_newlib': 0, - 'build_irt': 0, - 'build_pnacl_newlib': 0, - 'build_nonsfi_helper': 1, - 'compile_flags': [ - '-fgnu-inline-asm', - ], - 'sources': [ - # This is the subset of linux build target, needed for - # nacl_helper_nonsfi's sandbox implementation. - 'bpf_dsl/bpf_dsl.cc', - 'bpf_dsl/codegen.cc', - 'bpf_dsl/policy.cc', - 'bpf_dsl/policy_compiler.cc', - 'bpf_dsl/syscall_set.cc', - 'seccomp-bpf-helpers/sigsys_handlers.cc', - 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc', - 'seccomp-bpf/die.cc', - 'seccomp-bpf/sandbox_bpf.cc', - 'seccomp-bpf/syscall.cc', - 'seccomp-bpf/trap.cc', - 'services/credentials.cc', - 'services/namespace_sandbox.cc', - 'services/namespace_utils.cc', - 'services/proc_util.cc', - 'services/resource_limits.cc', - 'services/syscall_wrappers.cc', - 'services/thread_helpers.cc', - 'suid/client/setuid_sandbox_client.cc', - ], - }, - 'dependencies': [ - '../../base/base_nacl.gyp:base_nacl_nonsfi', - ], - }, - ], - }], - - ['disable_nacl==0 and disable_nacl_untrusted==0 and enable_nacl_nonsfi_test==1', { - 'targets': [ - { - 'target_name': 'sandbox_linux_test_utils_nacl_nonsfi', - 'type': 'none', - 'variables': { - 'nacl_untrusted_build': 1, - 'nlib_target': 'libsandbox_linux_test_utils_nacl_nonsfi.a', - 'build_glibc': 0, - 'build_newlib': 0, - 'build_irt': 0, - 'build_pnacl_newlib': 0, - 'build_nonsfi_helper': 1, - - 'sources': [ - 'seccomp-bpf/sandbox_bpf_test_runner.cc', - 'tests/sandbox_test_runner.cc', - 'tests/unit_tests.cc', - ], - }, - 'dependencies': [ - '../../testing/gtest_nacl.gyp:gtest_nacl', - ], - }, - ], - }], - ], -} diff --git a/chromium/sandbox/linux/sandbox_linux_test_sources.gypi b/chromium/sandbox/linux/sandbox_linux_test_sources.gypi deleted file mode 100644 index 612814e1d48..00000000000 --- a/chromium/sandbox/linux/sandbox_linux_test_sources.gypi +++ /dev/null @@ -1,93 +0,0 @@ -# Copyright (c) 2012 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# Tests need to be compiled in the same link unit, so we have to list them -# in a separate .gypi file. -{ - 'dependencies': [ - 'sandbox', - 'sandbox_linux_test_utils', - 'sandbox_services', - '../base/base.gyp:base', - '../testing/gtest.gyp:gtest', - ], - 'include_dirs': [ - '../..', - ], - 'sources': [ - 'services/proc_util_unittest.cc', - 'services/scoped_process_unittest.cc', - 'services/resource_limits_unittests.cc', - 'services/syscall_wrappers_unittest.cc', - 'services/thread_helpers_unittests.cc', - 'services/yama_unittests.cc', - 'syscall_broker/broker_file_permission_unittest.cc', - 'syscall_broker/broker_process_unittest.cc', - 'tests/main.cc', - 'tests/scoped_temporary_file.cc', - 'tests/scoped_temporary_file.h', - 'tests/scoped_temporary_file_unittest.cc', - 'tests/test_utils_unittest.cc', - 'tests/unit_tests_unittest.cc', - ], - 'conditions': [ - [ 'compile_suid_client==1', { - 'sources': [ - 'suid/client/setuid_sandbox_client_unittest.cc', - 'suid/client/setuid_sandbox_host_unittest.cc', - ], - }], - [ 'use_seccomp_bpf==1', { - 'sources': [ - 'bpf_dsl/bpf_dsl_unittest.cc', - 'bpf_dsl/codegen_unittest.cc', - 'bpf_dsl/cons_unittest.cc', - 'bpf_dsl/dump_bpf.cc', - 'bpf_dsl/dump_bpf.h', - 'bpf_dsl/syscall_set_unittest.cc', - 'bpf_dsl/test_trap_registry.cc', - 'bpf_dsl/test_trap_registry.h', - 'bpf_dsl/test_trap_registry_unittest.cc', - 'bpf_dsl/verifier.cc', - 'bpf_dsl/verifier.h', - 'integration_tests/bpf_dsl_seccomp_unittest.cc', - 'integration_tests/seccomp_broker_process_unittest.cc', - 'seccomp-bpf-helpers/baseline_policy_unittest.cc', - 'seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc', - 'seccomp-bpf/bpf_tests_unittest.cc', - 'seccomp-bpf/sandbox_bpf_unittest.cc', - 'seccomp-bpf/syscall_unittest.cc', - 'seccomp-bpf/trap_unittest.cc', - ], - 'dependencies': [ - 'bpf_dsl_golden', - ], - }], - [ 'compile_credentials==1', { - 'sources': [ - 'integration_tests/namespace_unix_domain_socket_unittest.cc', - 'services/credentials_unittest.cc', - 'services/namespace_utils_unittest.cc', - ], - 'dependencies': [ - '../build/linux/system.gyp:libcap' - ], - 'conditions': [ - [ 'use_base_test_suite==1', { - 'sources': [ - 'services/namespace_sandbox_unittest.cc', - ] - }] - ], - }], - [ 'use_base_test_suite==1', { - 'dependencies': [ - '../base/base.gyp:test_support_base', - ], - 'defines': [ - 'SANDBOX_USES_BASE_TEST_SUITE', - ], - }], - ], -} diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc index 2bf572c0b3c..af472695e0c 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc @@ -169,6 +169,10 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, if (sysno == __NR_getpriority || sysno ==__NR_setpriority) return RestrictGetSetpriority(current_pid); + if (sysno == __NR_getrandom) { + return RestrictGetRandom(); + } + if (sysno == __NR_madvise) { // Only allow MADV_DONTNEED (aka MADV_FREE). const Arg<int> advice(2); diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc index f0392b1a002..ca812d8a1ed 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc @@ -168,6 +168,21 @@ BPF_TEST_C(BaselinePolicy, Socketpair, BaselinePolicy) { TestPipeOrSocketPair(base::ScopedFD(sv[0]), base::ScopedFD(sv[1])); } +#if !defined(GRND_NONBLOCK) +#define GRND_NONBLOCK 1 +#endif + +BPF_TEST_C(BaselinePolicy, GetRandom, BaselinePolicy) { + char buf[1]; + + // Many systems do not yet support getrandom(2) so ENOSYS is a valid result + // here. + int ret = HANDLE_EINTR(syscall(__NR_getrandom, buf, sizeof(buf), 0)); + BPF_ASSERT((ret == -1 && errno == ENOSYS) || ret == 1); + ret = HANDLE_EINTR(syscall(__NR_getrandom, buf, sizeof(buf), GRND_NONBLOCK)); + BPF_ASSERT((ret == -1 && (errno == ENOSYS || errno == EAGAIN)) || ret == 1); +} + // Not all architectures can restrict the domain for socketpair(). #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) BPF_DEATH_TEST_C(BaselinePolicy, @@ -349,6 +364,17 @@ BPF_DEATH_TEST_C(BaselinePolicy, clock_gettime(CLOCK_MONOTONIC_RAW, &ts); } +#if !defined(GRND_RANDOM) +#define GRND_RANDOM 2 +#endif + +BPF_DEATH_TEST_C(BaselinePolicy, + GetRandomOfDevRandomCrashes, + DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()), + BaselinePolicy) { + syscall(__NR_getrandom, NULL, 0, GRND_RANDOM); +} + #if !defined(__i386__) BPF_DEATH_TEST_C(BaselinePolicy, GetSockOptWrongLevelSigsys, diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc index 077bc61f38d..ff730180019 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc @@ -49,7 +49,8 @@ void WriteToStdErr(const char* error_message, size_t size) { while (size > 0) { // TODO(jln): query the current policy to check if send() is available and // use it to perform a non-blocking write. - const int ret = HANDLE_EINTR(write(STDERR_FILENO, error_message, size)); + const int ret = HANDLE_EINTR( + sandbox::sys_write(STDERR_FILENO, error_message, size)); // We can't handle any type of error here. if (ret <= 0 || static_cast<size_t>(ret) > size) break; size -= ret; @@ -105,7 +106,7 @@ void PrintSyscallError(uint32_t sysno) { WriteToStdErr(kSeccompErrorPostfix, sizeof(kSeccompErrorPostfix) - 1); } -} // namespace. +} // namespace namespace sandbox { diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc index 56c4cb387da..43f633ed78e 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc @@ -351,4 +351,14 @@ ResultExpr RestrictClockID() { .Default(CrashSIGSYS()); } +#if !defined(GRND_NONBLOCK) +#define GRND_NONBLOCK 1 +#endif + +ResultExpr RestrictGetRandom() { + const Arg<unsigned int> flags(2); + const unsigned int kGoodFlags = GRND_NONBLOCK; + return If((flags & ~kGoodFlags) == 0, Allow()).Else(CrashSIGSYS()); +} + } // namespace sandbox. diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h index b96fe20e35f..d2a6faadb6d 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h @@ -94,6 +94,10 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictGetrusage(); // about the state of the host OS. SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictClockID(); +// Restrict the flags argument to getrandom() to allow only no flags, or +// GRND_NONBLOCK. +SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictGetRandom(); + } // namespace sandbox. #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_PARAMETERS_RESTRICTIONS_H_ diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc index 804a8fea1e7..c068cd2d04f 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc @@ -13,6 +13,7 @@ #include <unistd.h> #include "base/bind.h" +#include "base/single_thread_task_runner.h" #include "base/synchronization/waitable_event.h" #include "base/sys_info.h" #include "base/threading/thread.h" @@ -164,7 +165,7 @@ BPF_TEST_C(ParameterRestrictions, // different. base::Thread getparam_thread("sched_getparam_thread"); BPF_ASSERT(getparam_thread.Start()); - getparam_thread.message_loop()->PostTask( + getparam_thread.task_runner()->PostTask( FROM_HERE, base::Bind(&SchedGetParamThread, &thread_run)); BPF_ASSERT(thread_run.TimedWait(base::TimeDelta::FromMilliseconds(5000))); getparam_thread.Stop(); diff --git a/chromium/sandbox/linux/services/credentials.cc b/chromium/sandbox/linux/services/credentials.cc index 0c617d4b2f1..803af159704 100644 --- a/chromium/sandbox/linux/services/credentials.cc +++ b/chromium/sandbox/linux/services/credentials.cc @@ -315,12 +315,16 @@ bool Credentials::DropFileSystemAccess(int proc_fd) { CHECK_LE(0, proc_fd); CHECK(ChrootToSafeEmptyDir()); - CHECK(!base::DirectoryExists(base::FilePath("/proc"))); + CHECK(!HasFileSystemAccess()); CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); // We never let this function fail. return true; } +bool Credentials::HasFileSystemAccess() { + return base::DirectoryExists(base::FilePath("/proc")); +} + pid_t Credentials::ForkAndDropCapabilitiesInChild() { pid_t pid = fork(); if (pid != 0) { diff --git a/chromium/sandbox/linux/services/credentials.h b/chromium/sandbox/linux/services/credentials.h index b89a6aa7cf6..157c8e75e8f 100644 --- a/chromium/sandbox/linux/services/credentials.h +++ b/chromium/sandbox/linux/services/credentials.h @@ -94,6 +94,9 @@ class SANDBOX_EXPORT Credentials { // - DropAllCapabilities() must be called to prevent escapes. static bool DropFileSystemAccess(int proc_fd) WARN_UNUSED_RESULT; + // This function returns true if the process can still access the filesystem. + static bool HasFileSystemAccess(); + // Forks and drops capabilities in the child. static pid_t ForkAndDropCapabilitiesInChild(); diff --git a/chromium/sandbox/linux/services/credentials_unittest.cc b/chromium/sandbox/linux/services/credentials_unittest.cc index b95ba0bab27..661e096850f 100644 --- a/chromium/sandbox/linux/services/credentials_unittest.cc +++ b/chromium/sandbox/linux/services/credentials_unittest.cc @@ -145,11 +145,12 @@ SANDBOX_TEST(Credentials, CanDetectRoot) { // Disabled on ASAN because of crbug.com/451603. SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessIsSafe)) { + CHECK(Credentials::HasFileSystemAccess()); CHECK(Credentials::DropAllCapabilities()); // Probably missing kernel support. if (!Credentials::MoveToNewUserNS()) return; CHECK(Credentials::DropFileSystemAccess(ProcUtil::OpenProc().get())); - CHECK(!base::DirectoryExists(base::FilePath("/proc"))); + CHECK(!Credentials::HasFileSystemAccess()); CHECK(WorkingDirectoryIsRoot()); CHECK(base::IsDirectoryEmpty(base::FilePath("/"))); // We want the chroot to never have a subdirectory. A subdirectory diff --git a/chromium/sandbox/linux/services/syscall_wrappers.cc b/chromium/sandbox/linux/services/syscall_wrappers.cc index 7132d2ade95..9c7727cee50 100644 --- a/chromium/sandbox/linux/services/syscall_wrappers.cc +++ b/chromium/sandbox/linux/services/syscall_wrappers.cc @@ -32,6 +32,10 @@ pid_t sys_gettid(void) { return syscall(__NR_gettid); } +ssize_t sys_write(int fd, const char* buffer, size_t buffer_size) { + return syscall(__NR_write, fd, buffer, buffer_size); +} + long sys_clone(unsigned long flags, std::nullptr_t child_stack, pid_t* ptid, diff --git a/chromium/sandbox/linux/services/syscall_wrappers.h b/chromium/sandbox/linux/services/syscall_wrappers.h index 057e4c87f47..1975bfbd88a 100644 --- a/chromium/sandbox/linux/services/syscall_wrappers.h +++ b/chromium/sandbox/linux/services/syscall_wrappers.h @@ -28,6 +28,10 @@ SANDBOX_EXPORT pid_t sys_getpid(void); SANDBOX_EXPORT pid_t sys_gettid(void); +SANDBOX_EXPORT ssize_t sys_write(int fd, + const char* buffer, + size_t buffer_size); + SANDBOX_EXPORT long sys_clone(unsigned long flags); // |regs| is not supported and must be passed as nullptr. |child_stack| must be diff --git a/chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc b/chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc index b58a901cde6..f79fa92ffe9 100644 --- a/chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc +++ b/chromium/sandbox/linux/syscall_broker/broker_file_permission_unittest.cc @@ -46,10 +46,17 @@ SANDBOX_TEST(BrokerFilePermission, CreateGoodRecursive) { BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(kPath); } +#if defined(OS_ANDROID) && defined(OFFICIAL_BUILD) && defined(NDEBUG) +#define DEATH_BY_SIGILL(msg) DEATH_BY_SIGNAL(SIGILL) +#else +#define DEATH_BY_SIGILL(msg) DEATH_MESSAGE(msg) +#endif + SANDBOX_DEATH_TEST( BrokerFilePermission, CreateBad, - DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) { + DEATH_BY_SIGILL(BrokerFilePermissionTester::GetErrorMessage()) +) { const char kPath[] = "/tmp/bad/"; BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath); } @@ -57,7 +64,8 @@ SANDBOX_DEATH_TEST( SANDBOX_DEATH_TEST( BrokerFilePermission, CreateBadRecursive, - DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) { + DEATH_BY_SIGILL(BrokerFilePermissionTester::GetErrorMessage()) +) { const char kPath[] = "/tmp/bad"; BrokerFilePermission perm = BrokerFilePermission::ReadOnlyRecursive(kPath); } @@ -65,7 +73,8 @@ SANDBOX_DEATH_TEST( SANDBOX_DEATH_TEST( BrokerFilePermission, CreateBadNotAbs, - DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) { + DEATH_BY_SIGILL(BrokerFilePermissionTester::GetErrorMessage()) +) { const char kPath[] = "tmp/bad"; BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath); } @@ -73,7 +82,8 @@ SANDBOX_DEATH_TEST( SANDBOX_DEATH_TEST( BrokerFilePermission, CreateBadEmpty, - DEATH_MESSAGE(BrokerFilePermissionTester::GetErrorMessage())) { + DEATH_BY_SIGILL(BrokerFilePermissionTester::GetErrorMessage()) +) { const char kPath[] = ""; BrokerFilePermission perm = BrokerFilePermission::ReadOnly(kPath); } diff --git a/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h b/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h index d0031242841..5a179b07357 100644 --- a/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h +++ b/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h @@ -1263,4 +1263,8 @@ #define __NR_seccomp (__NR_Linux + 312) #endif +#if !defined(__NR_getrandom) +#define __NR_getrandom (__NR_Linux + 313) +#endif + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_ diff --git a/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h b/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h index eb1717aad97..819f9eb38b5 100644 --- a/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h +++ b/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h @@ -1425,4 +1425,8 @@ #define __NR_seccomp (__NR_Linux + 352) #endif +#if !defined(__NR_getrandom) +#define __NR_getrandom (__NR_Linux + 353) +#endif + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_ diff --git a/chromium/sandbox/mac/bootstrap_sandbox.cc b/chromium/sandbox/mac/bootstrap_sandbox.cc index 4b3a1c6cce3..a48cb5d91d3 100644 --- a/chromium/sandbox/mac/bootstrap_sandbox.cc +++ b/chromium/sandbox/mac/bootstrap_sandbox.cc @@ -158,7 +158,7 @@ std::unique_ptr<PreExecDelegate> BootstrapSandbox::NewClient( } awaiting_processes_[token] = sandbox_policy_id; - return base::WrapUnique(new PreExecDelegate(server_bootstrap_name_, token)); + return base::MakeUnique<PreExecDelegate>(server_bootstrap_name_, token); } void BootstrapSandbox::RevokeToken(uint64_t token) { diff --git a/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm b/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm index f81cd114eec..a6225a91c32 100644 --- a/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm +++ b/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm @@ -138,6 +138,11 @@ TEST_F(BootstrapSandboxTest, DistributedNotifications_Unsandboxed) { // Run the test with the sandbox enabled without notifications on the policy // whitelist. TEST_F(BootstrapSandboxTest, DistributedNotifications_SandboxDeny) { + if (base::mac::IsAtLeastOS10_12()) { + LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later."; + return; + } + base::scoped_nsobject<DistributedNotificationObserver> observer( [[DistributedNotificationObserver alloc] init]); @@ -151,6 +156,11 @@ TEST_F(BootstrapSandboxTest, DistributedNotifications_SandboxDeny) { // Run the test with notifications permitted. TEST_F(BootstrapSandboxTest, DistributedNotifications_SandboxAllow) { + if (base::mac::IsAtLeastOS10_12()) { + LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later."; + return; + } + base::scoped_nsobject<DistributedNotificationObserver> observer( [[DistributedNotificationObserver alloc] init]); @@ -181,6 +191,10 @@ MULTIPROCESS_TEST_MAIN(PostNotification) { const char kTestServer[] = "org.chromium.test_bootstrap_server"; TEST_F(BootstrapSandboxTest, PolicyDenyError) { + if (base::mac::IsAtLeastOS10_12()) { + LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later."; + return; + } BootstrapSandboxPolicy policy(BaselinePolicy()); policy.rules[kTestServer] = Rule(POLICY_DENY_ERROR); sandbox_->RegisterSandboxPolicy(1, policy); @@ -204,6 +218,10 @@ MULTIPROCESS_TEST_MAIN(PolicyDenyError) { } TEST_F(BootstrapSandboxTest, PolicyDenyDummyPort) { + if (base::mac::IsAtLeastOS10_12()) { + LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later."; + return; + } BootstrapSandboxPolicy policy(BaselinePolicy()); policy.rules[kTestServer] = Rule(POLICY_DENY_DUMMY_PORT); sandbox_->RegisterSandboxPolicy(1, policy); @@ -232,6 +250,11 @@ struct SubstitutePortAckRecv : public SubstitutePortAckSend { const char kSubstituteAck[] = "Hello, this is doge!"; TEST_F(BootstrapSandboxTest, PolicySubstitutePort) { + if (base::mac::IsAtLeastOS10_12()) { + LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later."; + return; + } + mach_port_t task = mach_task_self(); mach_port_t port; @@ -348,6 +371,11 @@ const char kDefaultRuleTestDeny[] = "org.chromium.sandbox.test.DefaultRuleAllow.Deny"; TEST_F(BootstrapSandboxTest, DefaultRuleAllow) { + if (base::mac::IsAtLeastOS10_12()) { + LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later."; + return; + } + mach_port_t task = mach_task_self(); mach_port_t port; @@ -415,6 +443,11 @@ MULTIPROCESS_TEST_MAIN(DefaultRuleAllow) { } TEST_F(BootstrapSandboxTest, ChildOutliveSandbox) { + if (base::mac::IsAtLeastOS10_12()) { + LOG(ERROR) << "BootstrapSandbox does not work on macOS Sierra or later."; + return; + } + const int kTestPolicyId = 1; mach_port_t task = mach_task_self(); diff --git a/chromium/sandbox/mac/launchd_interception_server.cc b/chromium/sandbox/mac/launchd_interception_server.cc index 69231b59508..167fbab5828 100644 --- a/chromium/sandbox/mac/launchd_interception_server.cc +++ b/chromium/sandbox/mac/launchd_interception_server.cc @@ -54,7 +54,7 @@ bool LaunchdInterceptionServer::Initialize(mach_port_t server_receive_right) { } sandbox_send_port_.reset(sandbox_port_.get()); - if (base::mac::IsOSYosemiteOrLater()) { + if (base::mac::IsAtLeastOS10_10()) { message_server_.reset(new XPCMessageServer(this, server_receive_right)); xpc_launchd_ = true; } else { diff --git a/chromium/sandbox/mac/os_compatibility.cc b/chromium/sandbox/mac/os_compatibility.cc index 0e8d08f5d75..1e0ba5be76f 100644 --- a/chromium/sandbox/mac/os_compatibility.cc +++ b/chromium/sandbox/mac/os_compatibility.cc @@ -96,7 +96,7 @@ class OSCompatibility_10_7 : public OSCompatibility { void WriteServiceLookUpReply(IPCMessage message, mach_port_t service_port) override { - auto reply = reinterpret_cast<look_up2_reply_10_7*>(message.mach); + auto* reply = reinterpret_cast<look_up2_reply_10_7*>(message.mach); reply->Head.msgh_size = sizeof(*reply); reply->Head.msgh_bits = MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND_ONCE) | @@ -108,7 +108,7 @@ class OSCompatibility_10_7 : public OSCompatibility { } bool IsSwapIntegerReadOnly(const IPCMessage message) override { - auto request = + auto* request = reinterpret_cast<const swap_integer_request_10_7*>(message.mach); return request->inkey == 0 && request->inval == 0 && request->outkey != 0; } @@ -181,7 +181,7 @@ class OSCompatibility_10_10 : public OSCompatibility { // static std::unique_ptr<OSCompatibility> OSCompatibility::CreateForPlatform() { - if (base::mac::IsOSMavericks()) + if (base::mac::IsOS10_9()) return base::WrapUnique(new OSCompatibility_10_7()); else return base::WrapUnique(new OSCompatibility_10_10()); diff --git a/chromium/sandbox/mac/pre_exec_delegate.cc b/chromium/sandbox/mac/pre_exec_delegate.cc index 9d777d3f4d0..1aac68be87e 100644 --- a/chromium/sandbox/mac/pre_exec_delegate.cc +++ b/chromium/sandbox/mac/pre_exec_delegate.cc @@ -22,9 +22,8 @@ PreExecDelegate::PreExecDelegate( sandbox_server_bootstrap_name_ptr_( sandbox_server_bootstrap_name_.c_str()), sandbox_token_(sandbox_token), - is_yosemite_or_later_(base::mac::IsOSYosemiteOrLater()), - look_up_message_(CreateBootstrapLookUpMessage()) { -} + is_yosemite_or_later_(base::mac::IsAtLeastOS10_10()), + look_up_message_(CreateBootstrapLookUpMessage()) {} PreExecDelegate::~PreExecDelegate() {} diff --git a/chromium/sandbox/mac/sandbox_mac.gypi b/chromium/sandbox/mac/sandbox_mac.gypi deleted file mode 100644 index 79740e5a846..00000000000 --- a/chromium/sandbox/mac/sandbox_mac.gypi +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright 2014 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -{ - 'targets': [ - { - 'target_name': 'seatbelt', - 'type' : '<(component)', - 'sources': [ - 'seatbelt.cc', - 'seatbelt.h', - 'seatbelt_export.h', - ], - 'defines': [ - 'SEATBELT_IMPLEMENTATION', - ], - 'include_dirs': [ - '../..', - ], - 'link_settings': { - 'libraries': [ - '$(SDKROOT)/usr/lib/libsandbox.dylib', - ], - } - }, - { - 'target_name': 'sandbox', - 'type': '<(component)', - 'sources': [ - 'bootstrap_sandbox.cc', - 'bootstrap_sandbox.h', - 'launchd_interception_server.cc', - 'launchd_interception_server.h', - 'mach_message_server.cc', - 'mach_message_server.h', - 'message_server.h', - 'os_compatibility.cc', - 'os_compatibility.h', - 'policy.cc', - 'policy.h', - 'pre_exec_delegate.cc', - 'pre_exec_delegate.h', - 'xpc.h', - 'xpc_message_server.cc', - 'xpc_message_server.h', - ], - 'dependencies': [ - '../base/base.gyp:base', - ], - 'include_dirs': [ - '..', - '<(SHARED_INTERMEDIATE_DIR)', - ], - 'defines': [ - 'SANDBOX_IMPLEMENTATION', - ], - 'link_settings': { - 'libraries': [ - '$(SDKROOT)/usr/lib/libbsm.dylib', - ], - }, - }, - { - 'target_name': 'sandbox_mac_unittests', - 'type': 'executable', - 'sources': [ - 'bootstrap_sandbox_unittest.mm', - 'policy_unittest.cc', - 'xpc_message_server_unittest.cc', - ], - 'dependencies': [ - 'sandbox', - '../base/base.gyp:base', - '../base/base.gyp:run_all_unittests', - '../testing/gtest.gyp:gtest', - ], - 'include_dirs': [ - '..', - ], - 'link_settings': { - 'libraries': [ - '$(SDKROOT)/System/Library/Frameworks/CoreFoundation.framework', - '$(SDKROOT)/System/Library/Frameworks/Foundation.framework', - ], - }, - }, - ], - 'conditions': [ - ['test_isolation_mode != "noop"', { - 'targets': [ - { - 'target_name': 'sandbox_mac_unittests_run', - 'type': 'none', - 'dependencies': [ - 'sandbox_mac_unittests', - ], - 'includes': [ '../../build/isolate.gypi' ], - 'sources': [ '../sandbox_mac_unittests.isolate' ], - }, - ], - }], - ], -} diff --git a/chromium/sandbox/mac/seatbelt.cc b/chromium/sandbox/mac/seatbelt.cc index c2028d5bb33..0987faee7aa 100644 --- a/chromium/sandbox/mac/seatbelt.cc +++ b/chromium/sandbox/mac/seatbelt.cc @@ -15,6 +15,17 @@ int sandbox_init_with_parameters(const char* profile, namespace sandbox { +// Initialize the static member variables. +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wdeprecated-declarations" +const char* Seatbelt::kProfileNoInternet = kSBXProfileNoInternet; +const char* Seatbelt::kProfileNoNetwork = kSBXProfileNoNetwork; +const char* Seatbelt::kProfileNoWrite = kSBXProfileNoWrite; +const char* Seatbelt::kProfileNoWriteExceptTemporary = + kSBXProfileNoWriteExceptTemporary; +const char* Seatbelt::kProfilePureComputation = kSBXProfilePureComputation; +#pragma clang diagnostic pop + // static int Seatbelt::Init(const char* profile, uint64_t flags, char** errorbuf) { // OS X deprecated these functions, but did not provide a suitable replacement, diff --git a/chromium/sandbox/mac/seatbelt.h b/chromium/sandbox/mac/seatbelt.h index c5dd386bfe2..2a5db08e4b6 100644 --- a/chromium/sandbox/mac/seatbelt.h +++ b/chromium/sandbox/mac/seatbelt.h @@ -26,6 +26,16 @@ class SEATBELT_EXPORT Seatbelt { static void FreeError(char* errorbuf); + static const char* kProfileNoInternet; + + static const char* kProfileNoNetwork; + + static const char* kProfileNoWrite; + + static const char* kProfileNoWriteExceptTemporary; + + static const char* kProfilePureComputation; + private: Seatbelt(); DISALLOW_COPY_AND_ASSIGN(Seatbelt); diff --git a/chromium/sandbox/sandbox.gyp b/chromium/sandbox/sandbox.gyp deleted file mode 100644 index f93fa1862a7..00000000000 --- a/chromium/sandbox/sandbox.gyp +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright (c) 2012 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -{ - 'variables': { - 'chromium_code': 1, - }, - 'conditions': [ - [ 'OS=="win"', { - 'includes': [ - 'win/sandbox_win.gypi', - ], - }], - [ 'OS=="linux" or OS=="android"', { - 'includes': [ - 'linux/sandbox_linux.gypi', - ], - }], - [ 'OS=="mac" and OS!="ios"', { - 'includes': [ - 'mac/sandbox_mac.gypi', - ], - }], - [ 'OS!="win" and OS!="mac" and OS!="linux" and OS!="android"', { - # A 'default' to accomodate the "sandbox" target. - 'targets': [ - { - 'target_name': 'sandbox', - 'type': 'none', - } - ] - }], - ], -} diff --git a/chromium/sandbox/sandbox_linux_unittests.isolate b/chromium/sandbox/sandbox_linux_unittests.isolate deleted file mode 100644 index 2b7c2a73af3..00000000000 --- a/chromium/sandbox/sandbox_linux_unittests.isolate +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2014 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# Because of a limitation in isolate_driver.py, this file needs to be in -# the same directory as the main .gyp file. - -{ - 'conditions': [ - ['OS=="android" or OS=="linux"', { - 'variables': { - 'command': [ - '<(PRODUCT_DIR)/sandbox_linux_unittests', - ], - }, - }], - ], - 'includes': [ - # This is needed because of base/ dependencies on - # icudtl.dat. - '../base/base.isolate', - ], -} diff --git a/chromium/sandbox/sandbox_linux_unittests_apk.isolate b/chromium/sandbox/sandbox_linux_unittests_apk.isolate deleted file mode 100644 index b9aaf51ba0d..00000000000 --- a/chromium/sandbox/sandbox_linux_unittests_apk.isolate +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2015 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. -{ - 'includes': [ - '../build/android/android.isolate', - 'sandbox_linux_unittests.isolate', - ], - 'variables': { - 'command': [ - '<(PRODUCT_DIR)/bin/run_sandbox_linux_unittests', - '--logcat-output-dir', '${ISOLATED_OUTDIR}/logcats', - ], - 'files': [ - '<(PRODUCT_DIR)/bin/run_sandbox_linux_unittests', - '<(PRODUCT_DIR)/sandbox_linux_unittests', - ] - }, -} diff --git a/chromium/sandbox/sandbox_mac_unittests.isolate b/chromium/sandbox/sandbox_mac_unittests.isolate deleted file mode 100644 index a202a9be748..00000000000 --- a/chromium/sandbox/sandbox_mac_unittests.isolate +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright (c) 2015 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. -{ - 'variables': { - 'command': [ '<(PRODUCT_DIR)/sandbox_mac_unittests' ], - }, - 'includes': [ '../base/base.isolate' ], -} diff --git a/chromium/sandbox/sbox_integration_tests.isolate b/chromium/sandbox/sbox_integration_tests.isolate deleted file mode 100644 index 719cd389083..00000000000 --- a/chromium/sandbox/sbox_integration_tests.isolate +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2015 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# Because of a limitation in isolate_driver.py, this file needs to be in -# the same directory as the main .gyp file. - -{ - 'conditions': [ - ['OS=="win"', { - 'variables': { - 'command': [ - '<(PRODUCT_DIR)/sbox_integration_tests.exe', - ], - }, - }], - ['OS=="win" and target_arch=="ia32"', { - 'variables': { - 'files': [ - '<(PRODUCT_DIR)/wow_helper.exe', - ], - }, - }], - # These PDBs are needed in order to get reasonable stack traces if - # an assertion fires or a crash occurs. Add more as necessary. - ['OS=="win" and (fastbuild==0 or fastbuild==1)', { - 'variables': { - 'files': [ - '<(PRODUCT_DIR)/sbox_integration_tests.exe.pdb', - ], - }, - }], - ], - 'includes': [ - '../base/base.isolate', - ], -} diff --git a/chromium/sandbox/sbox_unittests.isolate b/chromium/sandbox/sbox_unittests.isolate deleted file mode 100644 index e6dec256348..00000000000 --- a/chromium/sandbox/sbox_unittests.isolate +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2015 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# Because of a limitation in isolate_driver.py, this file needs to be in -# the same directory as the main .gyp file. - -{ - 'conditions': [ - ['OS=="win"', { - 'variables': { - 'command': [ - '<(PRODUCT_DIR)/sbox_unittests.exe', - ], - }, - }], - ['OS=="win" and target_arch=="ia32"', { - 'variables': { - 'files': [ - '<(PRODUCT_DIR)/wow_helper.exe', - ], - }, - }], - ], - 'includes': [ - '../base/base.isolate', - ], -} diff --git a/chromium/sandbox/sbox_validation_tests.isolate b/chromium/sandbox/sbox_validation_tests.isolate deleted file mode 100644 index 4daee6bd67d..00000000000 --- a/chromium/sandbox/sbox_validation_tests.isolate +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2015 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# Because of a limitation in isolate_driver.py, this file needs to be in -# the same directory as the main .gyp file. - -{ - 'conditions': [ - ['OS=="win"', { - 'variables': { - 'command': [ - '<(PRODUCT_DIR)/sbox_validation_tests.exe', - ], - }, - }], - ['OS=="win" and target_arch=="ia32"', { - 'variables': { - 'files': [ - '<(PRODUCT_DIR)/wow_helper.exe', - ], - }, - }], - ], - 'includes': [ - '../base/base.isolate', - ], -} diff --git a/chromium/sandbox/win/BUILD.gn b/chromium/sandbox/win/BUILD.gn index 60bb499af3d..ac679f4d439 100644 --- a/chromium/sandbox/win/BUILD.gn +++ b/chromium/sandbox/win/BUILD.gn @@ -154,31 +154,18 @@ static_library("sandbox") { ] } + # Disable sanitizer coverage in the sandbox code. The sandbox code runs before + # sanitizer coverage can initialize. http://crbug.com/484711 + configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ] + configs += + [ "//build/config/sanitizers:default_sanitizer_flags_but_coverage" ] + configs += [ "//build/config:precompiled_headers" ] deps = [ "//base", "//base:base_static", ] - if (current_cpu == "x86") { - deps += [ ":copy_wow_helper" ] - } -} - -if (current_cpu == "x86") { - # Make a target that copies the wow_helper files to the out dir. - # - # TODO(brettw) we can probably just build this now that we have proper - # toolchain support. - copy("copy_wow_helper") { - sources = [ - "wow_helper/wow_helper.exe", - "wow_helper/wow_helper.pdb", - ] - outputs = [ - "$root_out_dir/{{source_file_part}}", - ] - } } test("sbox_integration_tests") { diff --git a/chromium/sandbox/win/PRESUBMIT.py b/chromium/sandbox/win/PRESUBMIT.py index e03c9d1089d..0dee5656470 100644 --- a/chromium/sandbox/win/PRESUBMIT.py +++ b/chromium/sandbox/win/PRESUBMIT.py @@ -23,7 +23,7 @@ def PostUploadHook(cl, change, output_api): return [] bots = [ - 'tryserver.chromium.win:win10_chromium_x64_rel_ng', + 'master.tryserver.chromium.win:win10_chromium_x64_rel_ng', ] results = [] diff --git a/chromium/sandbox/win/sandbox_win.gypi b/chromium/sandbox/win/sandbox_win.gypi deleted file mode 100644 index e9673aa9a1b..00000000000 --- a/chromium/sandbox/win/sandbox_win.gypi +++ /dev/null @@ -1,432 +0,0 @@ -# Copyright (c) 2012 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -{ - 'target_defaults': { - 'variables': { - 'sandbox_windows_target': 0, - 'target_arch%': 'ia32', - }, - 'target_conditions': [ - ['sandbox_windows_target==1', { - # Files that are shared between the 32-bit and the 64-bit versions - # of the Windows sandbox library. - 'sources': [ - 'src/acl.cc', - 'src/acl.h', - 'src/broker_services.cc', - 'src/broker_services.h', - 'src/crosscall_client.h', - 'src/crosscall_params.h', - 'src/crosscall_server.cc', - 'src/crosscall_server.h', - 'src/eat_resolver.cc', - 'src/eat_resolver.h', - 'src/filesystem_dispatcher.cc', - 'src/filesystem_dispatcher.h', - 'src/filesystem_interception.cc', - 'src/filesystem_interception.h', - 'src/filesystem_policy.cc', - 'src/filesystem_policy.h', - 'src/handle_closer.cc', - 'src/handle_closer.h', - 'src/handle_closer_agent.cc', - 'src/handle_closer_agent.h', - 'src/interception.cc', - 'src/interception.h', - 'src/interception_agent.cc', - 'src/interception_agent.h', - 'src/interception_internal.h', - 'src/interceptors.h', - 'src/internal_types.h', - 'src/ipc_tags.h', - 'src/job.cc', - 'src/job.h', - 'src/named_pipe_dispatcher.cc', - 'src/named_pipe_dispatcher.h', - 'src/named_pipe_interception.cc', - 'src/named_pipe_interception.h', - 'src/named_pipe_policy.cc', - 'src/named_pipe_policy.h', - 'src/nt_internals.h', - 'src/policy_broker.cc', - 'src/policy_broker.h', - 'src/policy_engine_opcodes.cc', - 'src/policy_engine_opcodes.h', - 'src/policy_engine_params.h', - 'src/policy_engine_processor.cc', - 'src/policy_engine_processor.h', - 'src/policy_low_level.cc', - 'src/policy_low_level.h', - 'src/policy_params.h', - 'src/policy_target.cc', - 'src/policy_target.h', - 'src/process_mitigations.cc', - 'src/process_mitigations.h', - 'src/process_mitigations_win32k_dispatcher.cc', - 'src/process_mitigations_win32k_dispatcher.h', - 'src/process_mitigations_win32k_interception.cc', - 'src/process_mitigations_win32k_interception.h', - 'src/process_mitigations_win32k_policy.cc', - 'src/process_mitigations_win32k_policy.h', - 'src/process_thread_dispatcher.cc', - 'src/process_thread_dispatcher.h', - 'src/process_thread_interception.cc', - 'src/process_thread_interception.h', - 'src/process_thread_policy.cc', - 'src/process_thread_policy.h', - 'src/registry_dispatcher.cc', - 'src/registry_dispatcher.h', - 'src/registry_interception.cc', - 'src/registry_interception.h', - 'src/registry_policy.cc', - 'src/registry_policy.h', - 'src/resolver.cc', - 'src/resolver.h', - 'src/restricted_token_utils.cc', - 'src/restricted_token_utils.h', - 'src/restricted_token.cc', - 'src/restricted_token.h', - 'src/sandbox_factory.h', - 'src/sandbox_globals.cc', - 'src/sandbox_nt_types.h', - 'src/sandbox_nt_util.cc', - 'src/sandbox_nt_util.h', - 'src/sandbox_policy_base.cc', - 'src/sandbox_policy_base.h', - 'src/sandbox_policy.h', - 'src/sandbox_rand.cc', - 'src/sandbox_rand.h', - 'src/sandbox_types.h', - 'src/sandbox_utils.cc', - 'src/sandbox_utils.h', - 'src/sandbox.cc', - 'src/sandbox.h', - 'src/security_level.h', - 'src/service_resolver.cc', - 'src/service_resolver.h', - 'src/sharedmem_ipc_client.cc', - 'src/sharedmem_ipc_client.h', - 'src/sharedmem_ipc_server.cc', - 'src/sharedmem_ipc_server.h', - 'src/sid.cc', - 'src/sid.h', - 'src/sync_dispatcher.cc', - 'src/sync_dispatcher.h', - 'src/sync_interception.cc', - 'src/sync_interception.h', - 'src/sync_policy.cc', - 'src/sync_policy.h', - 'src/target_interceptions.cc', - 'src/target_interceptions.h', - 'src/target_process.cc', - 'src/target_process.h', - 'src/target_services.cc', - 'src/target_services.h', - 'src/top_level_dispatcher.cc', - 'src/top_level_dispatcher.h', - 'src/win_utils.cc', - 'src/win_utils.h', - 'src/win2k_threadpool.cc', - 'src/win2k_threadpool.h', - 'src/window.cc', - 'src/window.h', - ], - 'target_conditions': [ - ['target_arch=="x64"', { - 'sources': [ - 'src/interceptors_64.cc', - 'src/interceptors_64.h', - 'src/resolver_64.cc', - 'src/service_resolver_64.cc', - ], - }], - ['target_arch=="ia32"', { - 'sources': [ - 'src/resolver_32.cc', - 'src/service_resolver_32.cc', - 'src/sidestep_resolver.cc', - 'src/sidestep_resolver.h', - 'src/sidestep\ia32_modrm_map.cpp', - 'src/sidestep\ia32_opcode_map.cpp', - 'src/sidestep\mini_disassembler_types.h', - 'src/sidestep\mini_disassembler.cpp', - 'src/sidestep\mini_disassembler.h', - 'src/sidestep\preamble_patcher_with_stub.cpp', - 'src/sidestep\preamble_patcher.h', - ], - }], - ], - }], - ], - }, - 'targets': [ - { - 'target_name': 'sandbox', - 'type': 'static_library', - 'variables': { - 'sandbox_windows_target': 1, - }, - 'dependencies': [ - '../base/base.gyp:base', - '../base/base.gyp:base_static', - ], - 'export_dependent_settings': [ - '../base/base.gyp:base', - ], - 'include_dirs': [ - '../..', - ], - 'target_conditions': [ - ['target_arch=="ia32"', { - 'copies': [ - { - 'destination': '<(PRODUCT_DIR)', - 'files': [ - 'wow_helper/wow_helper.exe', - 'wow_helper/wow_helper.pdb', - ], - }, - ], - }], - ], - }, - { - 'target_name': 'sbox_integration_tests', - 'type': 'executable', - 'dependencies': [ - 'sandbox', - 'sbox_integration_test_hook_dll', - 'sbox_integration_test_win_proc', - '../base/base.gyp:test_support_base', - '../testing/gtest.gyp:gtest', - ], - 'sources': [ - 'src/address_sanitizer_test.cc', - 'src/app_container_test.cc', - 'src/file_policy_test.cc', - 'src/handle_inheritance_test.cc', - 'tests/integration_tests/integration_tests_test.cc', - 'src/handle_closer_test.cc', - 'src/integrity_level_test.cc', - 'src/ipc_ping_test.cc', - 'src/lpc_policy_test.cc', - 'src/named_pipe_policy_test.cc', - 'src/policy_target_test.cc', - 'src/process_mitigations_test.cc', - 'src/process_policy_test.cc', - 'src/registry_policy_test.cc', - 'src/restricted_token_test.cc', - 'src/sync_policy_test.cc', - 'src/sync_policy_test.h', - 'src/unload_dll_test.cc', - 'tests/common/controller.cc', - 'tests/common/controller.h', - 'tests/common/test_utils.cc', - 'tests/common/test_utils.h', - 'tests/integration_tests/integration_tests.cc', - 'tests/integration_tests/integration_tests_common.h', - ], - 'link_settings': { - 'libraries': [ - '-ldxva2.lib', - ], - }, - }, - { - 'target_name': 'sbox_integration_test_hook_dll', - 'type': 'shared_library', - 'dependencies': [ - ], - 'sources': [ - 'tests/integration_tests/hooking_dll.cc', - 'tests/integration_tests/integration_tests_common.h', - ], - }, - { - 'target_name': 'sbox_integration_test_win_proc', - 'type': 'executable', - 'dependencies': [ - ], - 'sources': [ - 'tests/integration_tests/hooking_win_proc.cc', - 'tests/integration_tests/integration_tests_common.h', - ], - 'msvs_settings': { - 'VCLinkerTool': { - 'SubSystem': '2', # Set /SUBSYSTEM:WINDOWS - }, - }, - }, - { - 'target_name': 'sbox_validation_tests', - 'type': 'executable', - 'dependencies': [ - 'sandbox', - '../base/base.gyp:test_support_base', - '../testing/gtest.gyp:gtest', - ], - 'sources': [ - 'tests/common/controller.cc', - 'tests/common/controller.h', - 'tests/validation_tests/unit_tests.cc', - 'tests/validation_tests/commands.cc', - 'tests/validation_tests/commands.h', - 'tests/validation_tests/suite.cc', - ], - 'link_settings': { - 'libraries': [ - '-lshlwapi.lib', - ], - }, - }, - { - 'target_name': 'sbox_unittests', - 'type': 'executable', - 'dependencies': [ - 'sandbox', - '../base/base.gyp:test_support_base', - '../testing/gtest.gyp:gtest', - ], - 'sources': [ - 'src/interception_unittest.cc', - 'src/service_resolver_unittest.cc', - 'src/restricted_token_unittest.cc', - 'src/job_unittest.cc', - 'src/sid_unittest.cc', - 'src/policy_engine_unittest.cc', - 'src/policy_low_level_unittest.cc', - 'src/policy_opcodes_unittest.cc', - 'src/ipc_unittest.cc', - 'src/sandbox_nt_util_unittest.cc', - 'src/threadpool_unittest.cc', - 'src/win_utils_unittest.cc', - 'tests/common/test_utils.cc', - 'tests/common/test_utils.h', - 'tests/unit_tests/unit_tests.cc', - ], - }, - { - 'target_name': 'sandbox_poc', - 'type': 'executable', - 'dependencies': [ - 'sandbox', - 'pocdll', - ], - 'sources': [ - 'sandbox_poc/main_ui_window.cc', - 'sandbox_poc/main_ui_window.h', - 'sandbox_poc/resource.h', - 'sandbox_poc/sandbox.cc', - 'sandbox_poc/sandbox.h', - 'sandbox_poc/sandbox.ico', - 'sandbox_poc/sandbox.rc', - ], - 'link_settings': { - 'libraries': [ - '-lcomctl32.lib', - ], - }, - 'msvs_settings': { - 'VCLinkerTool': { - 'SubSystem': '2', # Set /SUBSYSTEM:WINDOWS - }, - }, - }, - { - 'target_name': 'pocdll', - 'type': 'shared_library', - 'sources': [ - 'sandbox_poc/pocdll/exports.h', - 'sandbox_poc/pocdll/fs.cc', - 'sandbox_poc/pocdll/handles.cc', - 'sandbox_poc/pocdll/invasive.cc', - 'sandbox_poc/pocdll/network.cc', - 'sandbox_poc/pocdll/pocdll.cc', - 'sandbox_poc/pocdll/processes_and_threads.cc', - 'sandbox_poc/pocdll/registry.cc', - 'sandbox_poc/pocdll/spyware.cc', - 'sandbox_poc/pocdll/utils.h', - ], - 'defines': [ - 'POCDLL_EXPORTS', - ], - 'include_dirs': [ - '../..', - ], - }, - ], - 'conditions': [ - ['OS=="win" and target_arch=="ia32"', { - 'targets': [ - { - 'target_name': 'sandbox_win64', - 'type': 'static_library', - 'variables': { - 'sandbox_windows_target': 1, - 'target_arch': 'x64', - }, - 'dependencies': [ - '../base/base.gyp:base_win64', - '../base/base.gyp:base_static_win64', - ], - 'configurations': { - 'Common_Base': { - 'msvs_target_platform': 'x64', - }, - }, - 'include_dirs': [ - '../..', - ], - 'defines': [ - '<@(nacl_win64_defines)', - ] - }, - ], - }], - ['test_isolation_mode != "noop"', { - 'targets': [ - { - 'target_name': 'sbox_integration_tests_run', - 'type': 'none', - 'dependencies': [ - 'sbox_integration_tests', - ], - 'includes': [ - '../../build/isolate.gypi', - ], - 'sources': [ - '../sbox_integration_tests.isolate', - ], - }, - { - 'target_name': 'sbox_unittests_run', - 'type': 'none', - 'dependencies': [ - 'sbox_unittests', - ], - 'includes': [ - '../../build/isolate.gypi', - ], - 'sources': [ - '../sbox_unittests.isolate', - ], - }, - { - 'target_name': 'sbox_validation_tests_run', - 'type': 'none', - 'dependencies': [ - 'sbox_validation_tests', - ], - 'includes': [ - '../../build/isolate.gypi', - ], - 'sources': [ - '../sbox_validation_tests.isolate', - ], - }, - ], - }], - ], -} diff --git a/chromium/sandbox/win/src/address_sanitizer_test.cc b/chromium/sandbox/win/src/address_sanitizer_test.cc index 75fb0eb6431..0800cdebe3c 100644 --- a/chromium/sandbox/win/src/address_sanitizer_test.cc +++ b/chromium/sandbox/win/src/address_sanitizer_test.cc @@ -62,7 +62,8 @@ TEST_F(AddressSanitizerTests, TestAddressSanitizer) { base::ScopedTempDir temp_directory; base::FilePath temp_file_name; ASSERT_TRUE(temp_directory.CreateUniqueTempDir()); - ASSERT_TRUE(CreateTemporaryFileInDir(temp_directory.path(), &temp_file_name)); + ASSERT_TRUE( + CreateTemporaryFileInDir(temp_directory.GetPath(), &temp_file_name)); SECURITY_ATTRIBUTES attrs = {}; attrs.nLength = sizeof(attrs); diff --git a/chromium/sandbox/win/src/broker_services.cc b/chromium/sandbox/win/src/broker_services.cc index 64a0afeca31..b33889dcd3f 100644 --- a/chromium/sandbox/win/src/broker_services.cc +++ b/chromium/sandbox/win/src/broker_services.cc @@ -136,7 +136,7 @@ BrokerServicesBase::~BrokerServicesBase() { return; } - STLDeleteElements(&tracker_list_); + base::STLDeleteElements(&tracker_list_); delete thread_pool_; ::DeleteCriticalSection(&lock_); diff --git a/chromium/sandbox/win/src/handle_closer_agent.cc b/chromium/sandbox/win/src/handle_closer_agent.cc index 6b17f6547a8..c18fef4e370 100644 --- a/chromium/sandbox/win/src/handle_closer_agent.cc +++ b/chromium/sandbox/win/src/handle_closer_agent.cc @@ -82,7 +82,7 @@ bool HandleCloserAgent::AttemptToStuffHandleSlot(HANDLE closed_handle, reinterpret_cast<uintptr_t>(dup_dummy) < reinterpret_cast<uintptr_t>(closed_handle)); - for (auto h : to_close) + for (HANDLE h : to_close) ::CloseHandle(h); // Useful to know when we're not able to stuff handles. diff --git a/chromium/sandbox/win/src/handle_closer_test.cc b/chromium/sandbox/win/src/handle_closer_test.cc index ceba818a7f4..1e0ab498394 100644 --- a/chromium/sandbox/win/src/handle_closer_test.cc +++ b/chromium/sandbox/win/src/handle_closer_test.cc @@ -145,7 +145,7 @@ SBOX_TESTS_COMMAND int CheckForEventHandles(int argc, wchar_t** argv) { return SBOX_TEST_SUCCEEDED; case AFTER_REVERT: - for (auto handle : to_check) { + for (HANDLE handle : to_check) { // Set up buffers for the type info and the name. std::vector<BYTE> type_info_buffer(sizeof(OBJECT_TYPE_INFORMATION) + 32 * sizeof(wchar_t)); diff --git a/chromium/sandbox/win/src/handle_inheritance_test.cc b/chromium/sandbox/win/src/handle_inheritance_test.cc index 939ace67cb5..e7c69030449 100644 --- a/chromium/sandbox/win/src/handle_inheritance_test.cc +++ b/chromium/sandbox/win/src/handle_inheritance_test.cc @@ -23,7 +23,8 @@ TEST(HandleInheritanceTests, TestStdoutInheritance) { base::ScopedTempDir temp_directory; base::FilePath temp_file_name; ASSERT_TRUE(temp_directory.CreateUniqueTempDir()); - ASSERT_TRUE(CreateTemporaryFileInDir(temp_directory.path(), &temp_file_name)); + ASSERT_TRUE( + CreateTemporaryFileInDir(temp_directory.GetPath(), &temp_file_name)); SECURITY_ATTRIBUTES attrs = {}; attrs.nLength = sizeof(attrs); diff --git a/chromium/sandbox/win/src/nt_internals.h b/chromium/sandbox/win/src/nt_internals.h index a206e94d159..6469c2bf34b 100644 --- a/chromium/sandbox/win/src/nt_internals.h +++ b/chromium/sandbox/win/src/nt_internals.h @@ -333,18 +333,18 @@ typedef struct _PROCESS_BASIC_INFORMATION { }; } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; -typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)( - IN HANDLE ProcessHandle, - IN PROCESSINFOCLASS ProcessInformationClass, - OUT PVOID ProcessInformation, - IN ULONG ProcessInformationLength, - OUT PULONG ReturnLength OPTIONAL); - -typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)( - HANDLE ProcessHandle, - IN PROCESSINFOCLASS ProcessInformationClass, - IN PVOID ProcessInformation, - IN ULONG ProcessInformationLength); +typedef NTSTATUS(WINAPI* NtQueryInformationProcessFunction)( + IN HANDLE ProcessHandle, + IN PROCESSINFOCLASS ProcessInformationClass, + OUT PVOID ProcessInformation, + IN ULONG ProcessInformationLength, + OUT PULONG ReturnLength OPTIONAL); + +typedef NTSTATUS(WINAPI* NtSetInformationProcessFunction)( + HANDLE ProcessHandle, + IN PROCESSINFOCLASS ProcessInformationClass, + IN PVOID ProcessInformation, + IN ULONG ProcessInformationLength); typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) ( IN HANDLE ThreadHandle, @@ -370,21 +370,50 @@ typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) ( IN ULONG HandleAttributes, OUT PHANDLE TokenHandle); -typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)( - IN HANDLE Process, - IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, - IN BOOLEAN CreateSuspended, - IN ULONG ZeroBits, - IN SIZE_T MaximumStackSize, - IN SIZE_T CommittedStackSize, - IN LPTHREAD_START_ROUTINE StartAddress, - IN PVOID Parameter, - OUT PHANDLE Thread, - OUT PCLIENT_ID ClientId); +typedef NTSTATUS(WINAPI* NtQueryInformationTokenFunction)( + IN HANDLE TokenHandle, + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + OUT PVOID TokenInformation, + IN ULONG TokenInformationLength, + OUT PULONG ReturnLength); + +typedef NTSTATUS(WINAPI* RtlCreateUserThreadFunction)( + IN HANDLE Process, + IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, + IN BOOLEAN CreateSuspended, + IN ULONG ZeroBits, + IN SIZE_T MaximumStackSize, + IN SIZE_T CommittedStackSize, + IN LPTHREAD_START_ROUTINE StartAddress, + IN PVOID Parameter, + OUT PHANDLE Thread, + OUT PCLIENT_ID ClientId); + +typedef NTSTATUS(WINAPI* RtlConvertSidToUnicodeStringFunction)( + OUT PUNICODE_STRING UnicodeString, + IN PSID Sid, + IN BOOLEAN AllocateDestinationString); + +typedef VOID(WINAPI* RtlFreeUnicodeStringFunction)( + IN OUT PUNICODE_STRING UnicodeString); // ----------------------------------------------------------------------- // Registry +typedef enum _KEY_VALUE_INFORMATION_CLASS { + KeyValueFullInformation = 1 +} KEY_VALUE_INFORMATION_CLASS, + *PKEY_VALUE_INFORMATION_CLASS; + +typedef struct _KEY_VALUE_FULL_INFORMATION { + ULONG TitleIndex; + ULONG Type; + ULONG DataOffset; + ULONG DataLength; + ULONG NameLength; + WCHAR Name[1]; +} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; + typedef NTSTATUS (WINAPI *NtCreateKeyFunction)( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, @@ -408,6 +437,24 @@ typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)( typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)( IN HANDLE KeyHandle); +typedef NTSTATUS(WINAPI* RtlFormatCurrentUserKeyPathFunction)( + OUT PUNICODE_STRING RegistryPath); + +typedef NTSTATUS(WINAPI* NtQueryValueKeyFunction)(IN HANDLE KeyHandle, + IN PUNICODE_STRING ValueName, + IN KEY_VALUE_INFORMATION_CLASS + KeyValueInformationClass, + OUT PVOID KeyValueInformation, + IN ULONG Length, + OUT PULONG ResultLength); + +typedef NTSTATUS(WINAPI* NtSetValueKeyFunction)(IN HANDLE KeyHandle, + IN PUNICODE_STRING ValueName, + IN ULONG TitleIndex OPTIONAL, + IN ULONG Type, + IN PVOID Data, + IN ULONG DataSize); + // ----------------------------------------------------------------------- // Memory diff --git a/chromium/sandbox/win/src/process_mitigations_test.cc b/chromium/sandbox/win/src/process_mitigations_test.cc index bf89a9ad987..7aae5964bec 100644 --- a/chromium/sandbox/win/src/process_mitigations_test.cc +++ b/chromium/sandbox/win/src/process_mitigations_test.cc @@ -70,7 +70,6 @@ bool CheckWin8DepPolicy() { } #endif // !defined(_WIN64) -#if defined(NDEBUG) bool CheckWin8AslrPolicy() { PROCESS_MITIGATION_ASLR_POLICY policy = {}; if (!get_process_mitigation_policy(::GetCurrentProcess(), ProcessASLRPolicy, @@ -79,7 +78,6 @@ bool CheckWin8AslrPolicy() { } return policy.EnableForceRelocateImages && policy.DisallowStrippedImages; } -#endif // defined(NDEBUG) bool CheckWin8StrictHandlePolicy() { PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY policy = {}; @@ -393,7 +391,7 @@ void TestWin8ExtensionPointAppInitWrapper(bool is_success_test) { ADD_FAILURE(); all_good = false; } else { - for (auto module : modules) { + for (HMODULE module : modules) { wchar_t name[MAX_PATH] = {}; if (::GetModuleFileNameExW(proc_info.hProcess, module, name, MAX_PATH) && @@ -479,7 +477,7 @@ void TestWin10ImageLoadLowLabel(bool is_success_test) { base::ScopedTempDir temp_dir; ASSERT_TRUE(temp_dir.CreateUniqueTempDir()); - base::FilePath new_path = temp_dir.path(); + base::FilePath new_path = temp_dir.GetPath(); new_path = new_path.Append(L"lowIL_calc.exe"); // Test file will be cleaned up by the ScopedTempDir. @@ -843,7 +841,7 @@ SBOX_TESTS_COMMAND int TestChildProcess(int argc, wchar_t** argv) { //------------------------------------------------------------------------------ // Win8 Checks: // MITIGATION_DEP(_NO_ATL_THUNK) -// MITIGATION_RELOCATE_IMAGE(_REQUIRED) - ASLR, release only +// MITIGATION_RELOCATE_IMAGE(_REQUIRED) - ASLR // MITIGATION_STRICT_HANDLE_CHECKS // >= Win8 //------------------------------------------------------------------------------ @@ -860,10 +858,8 @@ SBOX_TESTS_COMMAND int CheckWin8(int argc, wchar_t** argv) { return SBOX_TEST_FIRST_ERROR; #endif -#if defined(NDEBUG) // ASLR cannot be forced in debug builds. if (!CheckWin8AslrPolicy()) return SBOX_TEST_SECOND_ERROR; -#endif if (!CheckWin8StrictHandlePolicy()) return SBOX_TEST_THIRD_ERROR; @@ -878,16 +874,24 @@ TEST(ProcessMitigationsTest, CheckWin8) { TestRunner runner; sandbox::TargetPolicy* policy = runner.GetPolicy(); + // ASLR cannot be forced on start in debug builds. + constexpr sandbox::MitigationFlags kDebugDelayedMitigations = + MITIGATION_RELOCATE_IMAGE | MITIGATION_RELOCATE_IMAGE_REQUIRED; + sandbox::MitigationFlags mitigations = MITIGATION_DEP | MITIGATION_DEP_NO_ATL_THUNK; -#if defined(NDEBUG) // ASLR cannot be forced in debug builds. - mitigations |= MITIGATION_RELOCATE_IMAGE | MITIGATION_RELOCATE_IMAGE_REQUIRED; +#if defined(NDEBUG) + mitigations |= kDebugDelayedMitigations; #endif EXPECT_EQ(policy->SetProcessMitigations(mitigations), SBOX_ALL_OK); mitigations |= MITIGATION_STRICT_HANDLE_CHECKS; +#if !defined(NDEBUG) + mitigations |= kDebugDelayedMitigations; +#endif + EXPECT_EQ(policy->SetDelayedProcessMitigations(mitigations), SBOX_ALL_OK); EXPECT_EQ(SBOX_TEST_SUCCEEDED, runner.RunTest(L"CheckWin8")); diff --git a/chromium/sandbox/win/src/sandbox.vcproj b/chromium/sandbox/win/src/sandbox.vcproj index f206e01a1f2..229441cbd50 100644 --- a/chromium/sandbox/win/src/sandbox.vcproj +++ b/chromium/sandbox/win/src/sandbox.vcproj @@ -64,11 +64,6 @@ <Tool Name="VCFxCopTool" /> - <Tool - Name="VCPostBuildEventTool" - Description="Copy wow_helper to output directory" - CommandLine="copy $(ProjectDir)\..\wow_helper\wow_helper.exe $(OutDir) && copy $(ProjectDir)\..\wow_helper\wow_helper.pdb $(OutDir)" - /> </Configuration> <Configuration Name="Release|Win32" @@ -118,11 +113,6 @@ <Tool Name="VCFxCopTool" /> - <Tool - Name="VCPostBuildEventTool" - Description="Copy wow_helper to output directory" - CommandLine="copy $(ProjectDir)\..\wow_helper\wow_helper.exe $(OutDir) && copy $(ProjectDir)\..\wow_helper\wow_helper.pdb $(OutDir)" - /> </Configuration> </Configurations> <References> diff --git a/chromium/sandbox/win/src/sandbox_nt_util.cc b/chromium/sandbox/win/src/sandbox_nt_util.cc index 62f2422ca43..ac73fc11c3f 100644 --- a/chromium/sandbox/win/src/sandbox_nt_util.cc +++ b/chromium/sandbox/win/src/sandbox_nt_util.cc @@ -23,58 +23,67 @@ SANDBOX_INTERCEPT NtExports g_nt; namespace { #if defined(_WIN64) +// Align a pointer to the next allocation granularity boundary. +inline char* AlignToBoundary(void* ptr, size_t increment) { + const size_t kAllocationGranularity = (64 * 1024) - 1; + uintptr_t ptr_int = reinterpret_cast<uintptr_t>(ptr); + uintptr_t ret_ptr = + (ptr_int + increment + kAllocationGranularity) & ~kAllocationGranularity; + // Check for overflow. + if (ret_ptr < ptr_int) + return nullptr; + return reinterpret_cast<char*>(ret_ptr); +} + +// Allocate a memory block somewhere within 2GiB of a specified base address. +// This is used for the DLL hooking code to get a valid trampoline location +// which must be within +/- 2GiB of the base. We only consider +2GiB for now. void* AllocateNearTo(void* source, size_t size) { using sandbox::g_nt; - - // Start with 1 GB above the source. - const size_t kOneGB = 0x40000000; - void* base = reinterpret_cast<char*>(source) + kOneGB; - SIZE_T actual_size = size; - ULONG_PTR zero_bits = 0; // Not the correct type if used. - ULONG type = MEM_RESERVE; - - NTSTATUS ret; - int attempts = 0; - for (; attempts < 41; attempts++) { - ret = g_nt.AllocateVirtualMemory(NtCurrentProcess, &base, zero_bits, - &actual_size, type, PAGE_READWRITE); - if (NT_SUCCESS(ret)) { - if (base < source || - base >= reinterpret_cast<char*>(source) + 4 * kOneGB) { - // We won't be able to patch this dll. - VERIFY_SUCCESS(g_nt.FreeVirtualMemory(NtCurrentProcess, &base, &size, - MEM_RELEASE)); - return NULL; - } + // 2GiB, maximum upper bound the allocation address must be within. + const size_t kMaxSize = 0x80000000ULL; + // We don't support null as a base as this would just pick an arbitrary + // address when passed to NtAllocateVirtualMemory. + if (source == nullptr) + return nullptr; + // Ignore an allocation which is larger than the maximum. + if (size > kMaxSize) + return nullptr; + + // Ensure base address is aligned to the allocation granularity boundary. + char* base = AlignToBoundary(source, 0); + if (base == nullptr) + return nullptr; + // Set top address to be base + 2GiB. + const char* top_address = base + kMaxSize; + + while (base < top_address) { + MEMORY_BASIC_INFORMATION mem_info; + NTSTATUS status = + g_nt.QueryVirtualMemory(NtCurrentProcess, base, MemoryBasicInformation, + &mem_info, sizeof(mem_info), nullptr); + if (!NT_SUCCESS(status)) break; - } - if (attempts == 30) { - // Try the first GB. - base = reinterpret_cast<char*>(source); - } else if (attempts == 40) { - // Try the highest available address. - base = NULL; - type |= MEM_TOP_DOWN; + if ((mem_info.State == MEM_FREE) && (mem_info.RegionSize >= size)) { + // We've found a valid free block, try and allocate it for use. + // Note that we need to both commit and reserve the block for the + // allocation to succeed as per Windows virtual memory requirements. + void* ret_base = mem_info.BaseAddress; + status = + g_nt.AllocateVirtualMemory(NtCurrentProcess, &ret_base, 0, &size, + MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); + // Shouldn't fail, but if it does we'll just continue and try next block. + if (NT_SUCCESS(status)) + return ret_base; } - // Try 100 MB higher. - base = reinterpret_cast<char*>(base) + 100 * 0x100000; - } - - if (attempts == 41) - return NULL; - - ret = g_nt.AllocateVirtualMemory(NtCurrentProcess, &base, zero_bits, - &actual_size, MEM_COMMIT, PAGE_READWRITE); - - if (!NT_SUCCESS(ret)) { - VERIFY_SUCCESS(g_nt.FreeVirtualMemory(NtCurrentProcess, &base, &size, - MEM_RELEASE)); - base = NULL; + // Update base past current allocation region. + base = AlignToBoundary(mem_info.BaseAddress, mem_info.RegionSize); + if (base == nullptr) + break; } - - return base; + return nullptr; } #else // defined(_WIN64). void* AllocateNearTo(void* source, size_t size) { diff --git a/chromium/sandbox/win/src/sandbox_nt_util_unittest.cc b/chromium/sandbox/win/src/sandbox_nt_util_unittest.cc index 0fbea668024..b916e3d5ea2 100644 --- a/chromium/sandbox/win/src/sandbox_nt_util_unittest.cc +++ b/chromium/sandbox/win/src/sandbox_nt_util_unittest.cc @@ -2,7 +2,9 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include <memory> #include <windows.h> +#include <vector> #include "base/win/scoped_handle.h" #include "base/win/scoped_process_information.h" @@ -43,5 +45,151 @@ TEST(SandboxNtUtil, IsSameProcessDifferentProcess) { EXPECT_TRUE(TerminateProcess(process_info.process_handle(), 0)); } +#if defined(_WIN64) +struct VirtualMemDeleter { + void operator()(char* p) { ::VirtualFree(p, 0, MEM_RELEASE); } +}; + +typedef std::unique_ptr<char, VirtualMemDeleter> unique_ptr_vmem; + +void AllocateBlock(SIZE_T size, + SIZE_T free_size, + char** base_address, + std::vector<unique_ptr_vmem>* mem_range) { + unique_ptr_vmem ptr(static_cast<char*>(::VirtualAlloc( + *base_address, size - free_size, MEM_RESERVE, PAGE_READWRITE))); + ASSERT_NE(nullptr, ptr.get()); + mem_range->push_back(std::move(ptr)); + *base_address += size; +} + +#define KIB(x) ((x)*1024ULL) +#define MIB(x) (KIB(x) * 1024ULL) +#define GIB(x) (MIB(x) * 1024ULL) +// Construct a basic memory layout to do the test. We reserve first to get a +// base address then reallocate with the following pattern. +// |512MiB-64KiB Free|512MiB-128Kib Free|512MiB-256Kib Free|512MiB+512KiB Free| +// The purpose of this is leave a couple of free memory regions within a 2GiB +// block of reserved memory that we can test the searching allocator. +void AllocateTestRange(std::vector<unique_ptr_vmem>* mem_range) { + // Ensure we preallocate enough space in the vector to prevent unexpected + // allocations. + mem_range->reserve(5); + SIZE_T total_size = + MIB(512) + MIB(512) + MIB(512) + MIB(512) + KIB(512) + KIB(64); + unique_ptr_vmem ptr(static_cast<char*>( + ::VirtualAlloc(nullptr, total_size, MEM_RESERVE, PAGE_READWRITE))); + ASSERT_NE(nullptr, ptr.get()); + char* base_address = ptr.get(); + char* orig_base = base_address; + ptr.reset(); + AllocateBlock(MIB(512), KIB(64), &base_address, mem_range); + AllocateBlock(MIB(512), KIB(128), &base_address, mem_range); + AllocateBlock(MIB(512), KIB(256), &base_address, mem_range); + AllocateBlock(MIB(512) + KIB(512), KIB(512), &base_address, mem_range); + // Allocate a memory block at end to act as an upper bound. + AllocateBlock(KIB(64), 0, &base_address, mem_range); + ASSERT_EQ(total_size, static_cast<SIZE_T>(base_address - orig_base)); +} + +// Test we can allocate appropriate blocks. +void TestAlignedRange(char* base_address) { + unique_ptr_vmem ptr_256k(new (sandbox::NT_PAGE, base_address) char[KIB(256)]); + EXPECT_EQ(base_address + GIB(1) + MIB(512) - KIB(256), ptr_256k.get()); + unique_ptr_vmem ptr_64k(new (sandbox::NT_PAGE, base_address) char[KIB(64)]); + EXPECT_EQ(base_address + MIB(512) - KIB(64), ptr_64k.get()); + unique_ptr_vmem ptr_128k(new (sandbox::NT_PAGE, base_address) char[KIB(128)]); + EXPECT_EQ(base_address + GIB(1) - KIB(128), ptr_128k.get()); + // We will have run out of space here so should also fail. + unique_ptr_vmem ptr_64k_noalloc( + new (sandbox::NT_PAGE, base_address) char[KIB(64)]); + EXPECT_EQ(nullptr, ptr_64k_noalloc.get()); +} + +// Test the 512k block which exists at the end of the maximum allocation +// boundary. +void Test512kBlock(char* base_address) { + // This should fail as it'll just be out of range. + unique_ptr_vmem ptr_512k_noalloc( + new (sandbox::NT_PAGE, base_address) char[KIB(512)]); + EXPECT_EQ(nullptr, ptr_512k_noalloc.get()); + // Check that moving base address we can allocate the 512k block. + unique_ptr_vmem ptr_512k( + new (sandbox::NT_PAGE, base_address + GIB(1)) char[KIB(512)]); + EXPECT_EQ(base_address + GIB(2), ptr_512k.get()); + // Free pointer first. + ptr_512k.reset(); + ptr_512k.reset(new (sandbox::NT_PAGE, base_address + GIB(2)) char[KIB(512)]); + EXPECT_EQ(base_address + GIB(2), ptr_512k.get()); +} + +// Test we can allocate appropriate blocks even when starting at an unaligned +// address. +void TestUnalignedRange(char* base_address) { + char* unaligned_base = base_address + 123456; + unique_ptr_vmem ptr_256k( + new (sandbox::NT_PAGE, unaligned_base) char[KIB(256)]); + EXPECT_EQ(base_address + GIB(1) + MIB(512) - KIB(256), ptr_256k.get()); + unique_ptr_vmem ptr_64k(new (sandbox::NT_PAGE, unaligned_base) char[KIB(64)]); + EXPECT_EQ(base_address + MIB(512) - KIB(64), ptr_64k.get()); + unique_ptr_vmem ptr_128k( + new (sandbox::NT_PAGE, unaligned_base) char[KIB(128)]); + EXPECT_EQ(base_address + GIB(1) - KIB(128), ptr_128k.get()); +} + +// Test maximum number of available allocations within the predefined pattern. +void TestMaxAllocations(char* base_address) { + // There's only 7 64k blocks in the first 2g which we can fill. + unique_ptr_vmem ptr_1(new (sandbox::NT_PAGE, base_address) char[1]); + EXPECT_NE(nullptr, ptr_1.get()); + unique_ptr_vmem ptr_2(new (sandbox::NT_PAGE, base_address) char[1]); + EXPECT_NE(nullptr, ptr_2.get()); + unique_ptr_vmem ptr_3(new (sandbox::NT_PAGE, base_address) char[1]); + EXPECT_NE(nullptr, ptr_3.get()); + unique_ptr_vmem ptr_4(new (sandbox::NT_PAGE, base_address) char[1]); + EXPECT_NE(nullptr, ptr_4.get()); + unique_ptr_vmem ptr_5(new (sandbox::NT_PAGE, base_address) char[1]); + EXPECT_NE(nullptr, ptr_5.get()); + unique_ptr_vmem ptr_6(new (sandbox::NT_PAGE, base_address) char[1]); + EXPECT_NE(nullptr, ptr_6.get()); + unique_ptr_vmem ptr_7(new (sandbox::NT_PAGE, base_address) char[1]); + EXPECT_NE(nullptr, ptr_7.get()); + unique_ptr_vmem ptr_8(new (sandbox::NT_PAGE, base_address) char[1]); + EXPECT_EQ(nullptr, ptr_8.get()); +} + +// Test extreme allocations we know should fail. +void TestExtremes() { + unique_ptr_vmem ptr_null(new (sandbox::NT_PAGE, nullptr) char[1]); + EXPECT_EQ(nullptr, ptr_null.get()); + unique_ptr_vmem ptr_too_large( + new (sandbox::NT_PAGE, reinterpret_cast<void*>(0x1000000)) char[GIB(4)]); + EXPECT_EQ(nullptr, ptr_too_large.get()); + unique_ptr_vmem ptr_overflow( + new (sandbox::NT_PAGE, reinterpret_cast<void*>(SIZE_MAX)) char[1]); + EXPECT_EQ(nullptr, ptr_overflow.get()); + unique_ptr_vmem ptr_invalid(new ( + sandbox::NT_PAGE, reinterpret_cast<void*>(SIZE_MAX - 0x1000000)) char[1]); + EXPECT_EQ(nullptr, ptr_invalid.get()); +} + +// Test nearest allocator, only do this for 64 bit. We test through the exposed +// new operator as we can't call the AllocateNearTo function directly. +TEST(SandboxNtUtil, NearestAllocator) { + InitGlobalNt(); + std::vector<unique_ptr_vmem> mem_range; + AllocateTestRange(&mem_range); + ASSERT_LT(0U, mem_range.size()); + char* base_address = static_cast<char*>(mem_range[0].get()); + + TestAlignedRange(base_address); + Test512kBlock(base_address); + TestUnalignedRange(base_address); + TestMaxAllocations(base_address); + TestExtremes(); +} + +#endif // defined(_WIN64) + } // namespace } // namespace sandbox diff --git a/chromium/sandbox/win/src/sandbox_types.h b/chromium/sandbox/win/src/sandbox_types.h index 919086a828e..ae36ef5c95f 100644 --- a/chromium/sandbox/win/src/sandbox_types.h +++ b/chromium/sandbox/win/src/sandbox_types.h @@ -5,6 +5,7 @@ #ifndef SANDBOX_WIN_SRC_SANDBOX_TYPES_H_ #define SANDBOX_WIN_SRC_SANDBOX_TYPES_H_ +#include "base/process/kill.h" #include "base/process/launch.h" namespace sandbox { @@ -103,6 +104,8 @@ enum ResultCode : int { SBOX_ERROR_CANNOT_RESOLVE_INTERCEPTION_THUNK = 41, // Cannot write interception thunk to child process. SBOX_ERROR_CANNOT_WRITE_INTERCEPTION_THUNK = 42, + // Cannot find the base address of the new process. + SBOX_ERROR_CANNOT_FIND_BASE_ADDRESS = 43, // Placeholder for last item of the enum. SBOX_ERROR_LAST }; @@ -121,6 +124,10 @@ enum TerminationCodes { SBOX_FATAL_LAST }; +static_assert(SBOX_FATAL_MEMORY_EXCEEDED == + base::win::kSandboxFatalMemoryExceeded, + "Value for SBOX_FATAL_MEMORY_EXCEEDED must match base."); + class BrokerServices; class TargetServices; diff --git a/chromium/sandbox/win/src/security_level.h b/chromium/sandbox/win/src/security_level.h index d8524c1facc..ecca64d8fc7 100644 --- a/chromium/sandbox/win/src/security_level.h +++ b/chromium/sandbox/win/src/security_level.h @@ -154,11 +154,13 @@ const MitigationFlags MITIGATION_DEP_NO_ATL_THUNK = 0x00000002; // PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE. const MitigationFlags MITIGATION_SEHOP = 0x00000004; -// Forces ASLR on all images in the child process. Corresponds to +// Forces ASLR on all images in the child process. In debug builds, must be +// enabled after startup. Corresponds to // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON . const MitigationFlags MITIGATION_RELOCATE_IMAGE = 0x00000008; -// Refuses to load DLLs that cannot support ASLR. Corresponds to +// Refuses to load DLLs that cannot support ASLR. In debug builds, must be +// enabled after startup. Corresponds to // PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS. const MitigationFlags MITIGATION_RELOCATE_IMAGE_REQUIRED = 0x00000010; @@ -185,6 +187,11 @@ const MitigationFlags MITIGATION_STRICT_HANDLE_CHECKS = 0x00000100; // Prevents the process from making Win32k calls. Corresponds to // PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON. +// +// Applications linked to user32.dll or gdi32.dll make Win32k calls during +// setup, even if Win32k is not otherwise used. So they also need to add a rule +// with SUBSYS_WIN32K_LOCKDOWN and semantics FAKE_USER_GDI_INIT to allow the +// initialization to succeed. const MitigationFlags MITIGATION_WIN32K_DISABLE = 0x00000200; // Prevents certain built-in third party extension points from being used. diff --git a/chromium/sandbox/win/src/sharedmem_ipc_server.cc b/chromium/sandbox/win/src/sharedmem_ipc_server.cc index 672abfacb7a..fbe85f176af 100644 --- a/chromium/sandbox/win/src/sharedmem_ipc_server.cc +++ b/chromium/sandbox/win/src/sharedmem_ipc_server.cc @@ -60,7 +60,7 @@ SharedMemIPCServer::~SharedMemIPCServer() { // Better to leak than to crash. return; } - STLDeleteElements(&server_contexts_); + base::STLDeleteElements(&server_contexts_); if (client_control_) ::UnmapViewOfFile(client_control_); diff --git a/chromium/sandbox/win/src/target_process.cc b/chromium/sandbox/win/src/target_process.cc index 7fddffb4c41..72e2780c8c3 100644 --- a/chromium/sandbox/win/src/target_process.cc +++ b/chromium/sandbox/win/src/target_process.cc @@ -12,7 +12,6 @@ #include "base/macros.h" #include "base/memory/free_deleter.h" -#include "base/win/pe_image.h" #include "base/win/startup_information.h" #include "base/win/windows_version.h" #include "sandbox/win/src/crosscall_client.h" @@ -50,26 +49,6 @@ SANDBOX_INTERCEPT HANDLE g_shared_section; SANDBOX_INTERCEPT size_t g_shared_IPC_size; SANDBOX_INTERCEPT size_t g_shared_policy_size; -// Returns the address of the main exe module in memory taking in account -// address space layout randomization. -void* GetBaseAddress(const wchar_t* exe_name, void* entry_point) { - HMODULE exe = ::LoadLibrary(exe_name); - if (NULL == exe) - return exe; - - base::win::PEImage pe(exe); - if (!pe.VerifyMagic()) { - ::FreeLibrary(exe); - return exe; - } - PIMAGE_NT_HEADERS nt_header = pe.GetNTHeaders(); - char* base = reinterpret_cast<char*>(entry_point) - - nt_header->OptionalHeader.AddressOfEntryPoint; - - ::FreeLibrary(exe); - return base; -} - TargetProcess::TargetProcess(base::win::ScopedHandle initial_token, base::win::ScopedHandle lockdown_token, HANDLE job, @@ -180,31 +159,20 @@ ResultCode TargetProcess::Create( initial_token_.Close(); } - CONTEXT context; - context.ContextFlags = CONTEXT_ALL; - if (!::GetThreadContext(process_info.thread_handle(), &context)) { - *win_error = ::GetLastError(); - ::TerminateProcess(process_info.process_handle(), 0); - return SBOX_ERROR_GET_THREAD_CONTEXT; - } - -#if defined(_WIN64) - void* entry_point = reinterpret_cast<void*>(context.Rcx); -#else -#pragma warning(push) -#pragma warning(disable: 4312) - // This cast generates a warning because it is 32 bit specific. - void* entry_point = reinterpret_cast<void*>(context.Eax); -#pragma warning(pop) -#endif // _WIN64 - if (!target_info->DuplicateFrom(process_info)) { *win_error = ::GetLastError(); // This may or may not be correct. ::TerminateProcess(process_info.process_handle(), 0); return SBOX_ERROR_DUPLICATE_TARGET_INFO; } - base_address_ = GetBaseAddress(exe_path, entry_point); + base_address_ = GetProcessBaseAddress(process_info.process_handle()); + DCHECK(base_address_); + if (!base_address_) { + *win_error = ::GetLastError(); + ::TerminateProcess(process_info.process_handle(), 0); + return SBOX_ERROR_CANNOT_FIND_BASE_ADDRESS; + } + sandbox_process_info_.Set(process_info.Take()); return SBOX_ALL_OK; } diff --git a/chromium/sandbox/win/src/win_utils.cc b/chromium/sandbox/win/src/win_utils.cc index c31c25e3af5..9dfb2c9fb92 100644 --- a/chromium/sandbox/win/src/win_utils.cc +++ b/chromium/sandbox/win/src/win_utils.cc @@ -4,12 +4,17 @@ #include "sandbox/win/src/win_utils.h" +#include <psapi.h> #include <stddef.h> +#include <stdint.h> #include <map> #include <memory> +#include <vector> #include "base/macros.h" +#include "base/numerics/safe_math.h" +#include "base/strings/string16.h" #include "base/strings/string_util.h" #include "base/win/pe_image.h" #include "sandbox/win/src/internal_types.h" @@ -104,6 +109,45 @@ void RemoveImpliedDevice(base::string16* path) { *path = path->substr(kNTDotPrefixLen); } +// Get the native path to the process. +bool GetProcessPath(HANDLE process, base::string16* path) { + wchar_t process_name[MAX_PATH]; + DWORD size = MAX_PATH; + if (::QueryFullProcessImageNameW(process, PROCESS_NAME_NATIVE, process_name, + &size)) { + *path = process_name; + return true; + } + // Process name is potentially greater than MAX_PATH, try larger max size. + std::vector<wchar_t> process_name_buffer(SHRT_MAX); + size = SHRT_MAX; + if (::QueryFullProcessImageNameW(process, PROCESS_NAME_NATIVE, + &process_name_buffer[0], &size)) { + *path = &process_name_buffer[0]; + return true; + } + return false; +} + +// Get the native path for a mapped file. +bool GetImageFilePath(HANDLE process, + void* base_address, + base::string16* path) { + wchar_t mapped_path[MAX_PATH]; + if (::GetMappedFileNameW(process, base_address, mapped_path, MAX_PATH)) { + *path = mapped_path; + return true; + } + // Image name is potentially greater than MAX_PATH, try larger max size. + std::vector<wchar_t> mapped_path_buffer(SHRT_MAX); + if (::GetMappedFileNameW(process, base_address, &mapped_path_buffer[0], + SHRT_MAX)) { + *path = &mapped_path_buffer[0]; + return true; + } + return false; +} + } // namespace namespace sandbox { @@ -410,6 +454,47 @@ DWORD GetLastErrorFromNtStatus(NTSTATUS status) { return NtStatusToDosError(status); } +// This function walks the virtual memory map using VirtualQueryEx to find +// the main executable's image section. We attempt to find the first image +// section which matches the path returned for the process. This shouldn't +// be a major performance problem because a new process has a very limited +// amount of memory allocated so the majority of the valid range should be +// skipped immediately. However if it turns out to be the case it could be +// optimized in the specific case of the process being the same as the +// current process, which due to ASLR rules the image load address will almost +// always match the current process's load address. +void* GetProcessBaseAddress(HANDLE process) { + MEMORY_BASIC_INFORMATION mem_info = {}; + // Start 64KiB above zero page. + void* current = reinterpret_cast<void*>(0x10000); + base::string16 process_path; + + if (!GetProcessPath(process, &process_path)) + return nullptr; + + // Walk the virtual memory mappings trying to find image sections. + // VirtualQueryEx will return false if it encounters a location outside of + // the user memory range. + while (::VirtualQueryEx(process, current, &mem_info, sizeof(mem_info))) { + base::string16 image_path; + if (mem_info.Type == MEM_IMAGE && + GetImageFilePath(process, mem_info.BaseAddress, &image_path) && + EqualPath(process_path, image_path)) { + return mem_info.BaseAddress; + } + // VirtualQueryEx should fail before overflow, but just in case we'll check + // to prevent an infinite loop. + base::CheckedNumeric<uintptr_t> next_base = + reinterpret_cast<uintptr_t>(mem_info.BaseAddress); + next_base += mem_info.RegionSize; + if (!next_base.IsValid()) + return nullptr; + current = reinterpret_cast<void*>(next_base.ValueOrDie()); + } + + return nullptr; +} + }; // namespace sandbox void ResolveNTFunctionPtr(const char* name, void* ptr) { @@ -423,7 +508,6 @@ void ResolveNTFunctionPtr(const char* name, void* ptr) { // Race-safe way to set static ntdll. ::InterlockedCompareExchangePointer( reinterpret_cast<PVOID volatile*>(&ntdll), ntdll_local, NULL); - } CHECK_NT(ntdll); diff --git a/chromium/sandbox/win/src/win_utils.h b/chromium/sandbox/win/src/win_utils.h index 13dc569c10a..b88b08c63c1 100644 --- a/chromium/sandbox/win/src/win_utils.h +++ b/chromium/sandbox/win/src/win_utils.h @@ -112,6 +112,14 @@ bool IsPipe(const base::string16& path); // Converts a NTSTATUS code to a Win32 error code. DWORD GetLastErrorFromNtStatus(NTSTATUS status); +// Returns the address of the main exe module in memory taking in account +// address space layout randomization. While it will work on running processes +// it's recommended to only call this for a suspended process. Ideally also +// a process which has not been started. There's a slim chance that a process +// could map its own executables file multiple times, but this is pretty +// unlikely to occur in practice. +void* GetProcessBaseAddress(HANDLE process); + } // namespace sandbox // Resolves a function name in NTDLL to a function pointer. The second parameter diff --git a/chromium/sandbox/win/src/win_utils_unittest.cc b/chromium/sandbox/win/src/win_utils_unittest.cc index 7500798102a..50ded519153 100644 --- a/chromium/sandbox/win/src/win_utils_unittest.cc +++ b/chromium/sandbox/win/src/win_utils_unittest.cc @@ -3,13 +3,55 @@ // found in the LICENSE file. #include <windows.h> +#include <psapi.h> +#include <vector> + +#include "base/numerics/safe_conversions.h" #include "base/win/scoped_handle.h" +#include "base/win/scoped_process_information.h" #include "sandbox/win/src/nt_internals.h" #include "sandbox/win/src/win_utils.h" #include "sandbox/win/tests/common/test_utils.h" #include "testing/gtest/include/gtest/gtest.h" +namespace { + +class ScopedTerminateProcess { + public: + ScopedTerminateProcess(HANDLE process) : process_(process) {} + + ~ScopedTerminateProcess() { ::TerminateProcess(process_, 0); } + + private: + HANDLE process_; +}; + +bool GetModuleList(HANDLE process, std::vector<HMODULE>* result) { + std::vector<HMODULE> modules(256); + DWORD size_needed = 0; + if (EnumProcessModules( + process, &modules[0], + base::checked_cast<DWORD>(modules.size() * sizeof(HMODULE)), + &size_needed)) { + result->assign(modules.begin(), + modules.begin() + (size_needed / sizeof(HMODULE))); + return true; + } + modules.resize(size_needed / sizeof(HMODULE)); + if (EnumProcessModules( + process, &modules[0], + base::checked_cast<DWORD>(modules.size() * sizeof(HMODULE)), + &size_needed)) { + result->assign(modules.begin(), + modules.begin() + (size_needed / sizeof(HMODULE))); + return true; + } + return false; +} + +} // namespace + TEST(WinUtils, IsReparsePoint) { using sandbox::IsReparsePoint; @@ -122,3 +164,48 @@ TEST(WinUtils, NtStatusToWin32Error) { EXPECT_EQ(static_cast<DWORD>(ERROR_ACCESS_DENIED), GetLastErrorFromNtStatus(STATUS_ACCESS_DENIED)); } + +TEST(WinUtils, GetProcessBaseAddress) { + using sandbox::GetProcessBaseAddress; + STARTUPINFO start_info = {}; + PROCESS_INFORMATION proc_info = {}; + WCHAR command_line[] = L"notepad"; + start_info.cb = sizeof(start_info); + start_info.dwFlags = STARTF_USESHOWWINDOW; + start_info.wShowWindow = SW_HIDE; + EXPECT_TRUE(::CreateProcessW(nullptr, command_line, nullptr, nullptr, FALSE, + CREATE_SUSPENDED, nullptr, nullptr, &start_info, + &proc_info)); + base::win::ScopedProcessInformation scoped_proc_info(proc_info); + ScopedTerminateProcess process_terminate(scoped_proc_info.process_handle()); + void* base_address = GetProcessBaseAddress(scoped_proc_info.process_handle()); + EXPECT_NE(nullptr, base_address); + EXPECT_NE(static_cast<DWORD>(-1), + ::ResumeThread(scoped_proc_info.thread_handle())); + ::WaitForInputIdle(scoped_proc_info.process_handle(), 1000); + EXPECT_NE(static_cast<DWORD>(-1), + ::SuspendThread(scoped_proc_info.thread_handle())); + // Check again, the process will have done some more memory initialization. + EXPECT_EQ(base_address, + GetProcessBaseAddress(scoped_proc_info.process_handle())); + + std::vector<HMODULE> modules; + // Compare against the loader's module list (which should now be initialized). + // GetModuleList could fail if the target process hasn't fully initialized. + // If so skip this check and log it as a warning. + if (GetModuleList(scoped_proc_info.process_handle(), &modules) && + modules.size() > 0) { + // First module should be the main executable. + EXPECT_EQ(base_address, modules[0]); + } else { + LOG(WARNING) << "Couldn't test base address against module list"; + } + // Fill in some of the virtual memory with 10MiB chunks and try again. + for (int count = 0; count < 100; ++count) { + EXPECT_NE(nullptr, + ::VirtualAllocEx(scoped_proc_info.process_handle(), nullptr, + 10 * 1024 * 1024, MEM_RESERVE, PAGE_NOACCESS)); + } + EXPECT_EQ(base_address, + GetProcessBaseAddress(scoped_proc_info.process_handle())); +}
\ No newline at end of file diff --git a/chromium/sandbox/win/wow_helper.sln b/chromium/sandbox/win/wow_helper.sln deleted file mode 100644 index 26d0da25262..00000000000 --- a/chromium/sandbox/win/wow_helper.sln +++ /dev/null @@ -1,19 +0,0 @@ -Microsoft Visual Studio Solution File, Format Version 9.00 -# Visual Studio 2005 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wow_helper", "wow_helper\wow_helper.vcproj", "{BCF3A457-39F1-4DAA-9A65-93CFCD559036}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|x64 = Debug|x64 - Release|x64 = Release|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {BCF3A457-39F1-4DAA-9A65-93CFCD559036}.Debug|x64.ActiveCfg = Debug|x64 - {BCF3A457-39F1-4DAA-9A65-93CFCD559036}.Debug|x64.Build.0 = Debug|x64 - {BCF3A457-39F1-4DAA-9A65-93CFCD559036}.Release|x64.ActiveCfg = Release|x64 - {BCF3A457-39F1-4DAA-9A65-93CFCD559036}.Release|x64.Build.0 = Release|x64 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/chromium/sandbox/win/wow_helper/service64_resolver.cc b/chromium/sandbox/win/wow_helper/service64_resolver.cc deleted file mode 100644 index 1e71b50d783..00000000000 --- a/chromium/sandbox/win/wow_helper/service64_resolver.cc +++ /dev/null @@ -1,347 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "sandbox/win/wow_helper/service64_resolver.h" - -#include <limits.h> -#include <stddef.h> - -#include <memory> - -#include "base/bit_cast.h" -#include "sandbox/win/wow_helper/target_code.h" - -namespace { -#pragma pack(push, 1) - -const BYTE kMovEax = 0xB8; -const BYTE kMovEdx = 0xBA; -const USHORT kCallPtrEdx = 0x12FF; -const BYTE kRet = 0xC2; -const BYTE kNop = 0x90; -const USHORT kJmpEdx = 0xE2FF; -const USHORT kXorEcx = 0xC933; -const ULONG kLeaEdx = 0x0424548D; -const ULONG kCallFs1 = 0xC015FF64; -const ULONG kCallFs2Ret = 0xC2000000; -const BYTE kPopEdx = 0x5A; -const BYTE kPushEdx = 0x52; -const BYTE kPush32 = 0x68; - -const ULONG kMmovR10EcxMovEax = 0xB8D18B4C; -const USHORT kSyscall = 0x050F; -const BYTE kRetNp = 0xC3; -const BYTE kPad = 0x66; -const USHORT kNop16 = 0x9066; -const BYTE kRelJmp = 0xE9; - -const ULONG kXorRaxMovEax = 0xB8C03148; -const ULONG kSaveRcx = 0x10488948; -const ULONG kMovRcxRaxJmp = 0xE9C88B48; - -// Service code for 64 bit systems. -struct ServiceEntry { - // this struct contains roughly the following code: - // mov r10,rcx - // mov eax,52h - // syscall - // ret - // xchg ax,ax - // xchg ax,ax - - ULONG mov_r10_ecx_mov_eax; // = 4C 8B D1 B8 - ULONG service_id; - USHORT syscall; // = 0F 05 - BYTE ret; // = C3 - BYTE pad; // = 66 - USHORT xchg_ax_ax1; // = 66 90 - USHORT xchg_ax_ax2; // = 66 90 -}; - -struct Redirected { - // this struct contains roughly the following code: - // jmp relative_32 - // xchg ax,ax // 3 byte nop - - Redirected() { - jmp = kRelJmp; - relative = 0; - pad = kPad; - xchg_ax_ax = kNop16; - }; - BYTE jmp; // = E9 - ULONG relative; - BYTE pad; // = 66 - USHORT xchg_ax_ax; // = 66 90 -}; - -struct InternalThunk { - // this struct contains roughly the following code: - // xor rax,rax - // mov eax, 0x00080000 // Thunk storage. - // mov [rax]PatchInfo.service, rcx // Save first argument. - // mov rcx, rax - // jmp relative_to_interceptor - - InternalThunk() { - xor_rax_mov_eax = kXorRaxMovEax; - patch_info = 0; - save_rcx = kSaveRcx; - mov_rcx_rax_jmp = kMovRcxRaxJmp; - relative = 0; - }; - ULONG xor_rax_mov_eax; // = 48 31 C0 B8 - ULONG patch_info; - ULONG save_rcx; // = 48 89 48 10 - ULONG mov_rcx_rax_jmp; // = 48 8b c8 e9 - ULONG relative; -}; - -struct ServiceFullThunk { - sandbox::PatchInfo patch_info; - ServiceEntry original; - InternalThunk internal_thunk; -}; - -#pragma pack(pop) - -// Simple utility function to write to a buffer on the child, if the memery has -// write protection attributes. -// Arguments: -// child_process (in): process to write to. -// address (out): memory position on the child to write to. -// buffer (in): local buffer with the data to write . -// length (in): number of bytes to write. -// Returns true on success. -bool WriteProtectedChildMemory(HANDLE child_process, - void* address, - const void* buffer, - size_t length) { - // first, remove the protections - DWORD old_protection; - if (!::VirtualProtectEx(child_process, address, length, - PAGE_WRITECOPY, &old_protection)) - return false; - - SIZE_T written; - bool ok = ::WriteProcessMemory(child_process, address, buffer, length, - &written) && (length == written); - - // always attempt to restore the original protection - if (!::VirtualProtectEx(child_process, address, length, - old_protection, &old_protection)) - return false; - - return ok; -} - -// Get pointers to the functions that we need from ntdll.dll. -NTSTATUS ResolveNtdll(sandbox::PatchInfo* patch_info) { - wchar_t* ntdll_name = L"ntdll.dll"; - HMODULE ntdll = ::GetModuleHandle(ntdll_name); - if (!ntdll) - return STATUS_PROCEDURE_NOT_FOUND; - - void* signal = ::GetProcAddress(ntdll, "NtSignalAndWaitForSingleObject"); - if (!signal) - return STATUS_PROCEDURE_NOT_FOUND; - - patch_info->signal_and_wait = - reinterpret_cast<NtSignalAndWaitForSingleObjectFunction>(signal); - - return STATUS_SUCCESS; -} - -}; // namespace - -namespace sandbox { - -NTSTATUS ResolverThunk::Init(const void* target_module, - const void* interceptor_module, - const char* target_name, - const char* interceptor_name, - const void* interceptor_entry_point, - void* thunk_storage, - size_t storage_bytes) { - if (NULL == thunk_storage || 0 == storage_bytes || - NULL == target_module || NULL == target_name) - return STATUS_INVALID_PARAMETER; - - if (storage_bytes < GetThunkSize()) - return STATUS_BUFFER_TOO_SMALL; - - NTSTATUS ret = STATUS_SUCCESS; - if (NULL == interceptor_entry_point) { - ret = ResolveInterceptor(interceptor_module, interceptor_name, - &interceptor_entry_point); - if (!NT_SUCCESS(ret)) - return ret; - } - - ret = ResolveTarget(target_module, target_name, &target_); - if (!NT_SUCCESS(ret)) - return ret; - - interceptor_ = interceptor_entry_point; - - return ret; -} - -NTSTATUS ResolverThunk::ResolveInterceptor(const void* interceptor_module, - const char* interceptor_name, - const void** address) { - return STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS ResolverThunk::ResolveTarget(const void* module, - const char* function_name, - void** address) { - return STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS Service64ResolverThunk::Setup(const void* target_module, - const void* interceptor_module, - const char* target_name, - const char* interceptor_name, - const void* interceptor_entry_point, - void* thunk_storage, - size_t storage_bytes, - size_t* storage_used) { - NTSTATUS ret = Init(target_module, interceptor_module, target_name, - interceptor_name, interceptor_entry_point, - thunk_storage, storage_bytes); - if (!NT_SUCCESS(ret)) - return ret; - - size_t thunk_bytes = GetThunkSize(); - std::unique_ptr<char[]> thunk_buffer(new char[thunk_bytes]); - ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>( - thunk_buffer.get()); - - if (!IsFunctionAService(&thunk->original)) - return STATUS_UNSUCCESSFUL; - - ret = PerformPatch(thunk, thunk_storage); - - if (NULL != storage_used) - *storage_used = thunk_bytes; - - return ret; -} - -NTSTATUS Service64ResolverThunk::ResolveInterceptor( - const void* interceptor_module, - const char* interceptor_name, - const void** address) { - // After all, we are using a locally mapped version of the exe, so the - // action is the same as for a target function. - return ResolveTarget(interceptor_module, interceptor_name, - const_cast<void**>(address)); -} - -// In this case all the work is done from the parent, so resolve is -// just a simple GetProcAddress. -NTSTATUS Service64ResolverThunk::ResolveTarget(const void* module, - const char* function_name, - void** address) { - if (NULL == module) - return STATUS_UNSUCCESSFUL; - - *address = ::GetProcAddress(bit_cast<HMODULE>(module), function_name); - - if (NULL == *address) - return STATUS_UNSUCCESSFUL; - - return STATUS_SUCCESS; -} - -size_t Service64ResolverThunk::GetThunkSize() const { - return sizeof(ServiceFullThunk); -} - -bool Service64ResolverThunk::IsFunctionAService(void* local_thunk) const { - ServiceEntry function_code; - SIZE_T read; - if (!::ReadProcessMemory(process_, target_, &function_code, - sizeof(function_code), &read)) - return false; - - if (sizeof(function_code) != read) - return false; - - if (kMmovR10EcxMovEax != function_code.mov_r10_ecx_mov_eax || - kSyscall != function_code.syscall || kRetNp != function_code.ret) - return false; - - // Save the verified code - memcpy(local_thunk, &function_code, sizeof(function_code)); - - return true; -} - -NTSTATUS Service64ResolverThunk::PerformPatch(void* local_thunk, - void* remote_thunk) { - ServiceFullThunk* full_local_thunk = reinterpret_cast<ServiceFullThunk*>( - local_thunk); - ServiceFullThunk* full_remote_thunk = reinterpret_cast<ServiceFullThunk*>( - remote_thunk); - - // If the source or target are above 4GB we cannot do this relative jump. - if (reinterpret_cast<ULONG_PTR>(full_remote_thunk) > - static_cast<ULONG_PTR>(ULONG_MAX)) - return STATUS_CONFLICTING_ADDRESSES; - - if (reinterpret_cast<ULONG_PTR>(target_) > static_cast<ULONG_PTR>(ULONG_MAX)) - return STATUS_CONFLICTING_ADDRESSES; - - // Patch the original code. - Redirected local_service; - Redirected* remote_service = reinterpret_cast<Redirected*>(target_); - ULONG_PTR diff = reinterpret_cast<BYTE*>(&full_remote_thunk->internal_thunk) - - &remote_service->pad; - local_service.relative = static_cast<ULONG>(diff); - - // Setup the PatchInfo structure. - SIZE_T actual; - if (!::ReadProcessMemory(process_, remote_thunk, local_thunk, - sizeof(PatchInfo), &actual)) - return STATUS_UNSUCCESSFUL; - if (sizeof(PatchInfo) != actual) - return STATUS_UNSUCCESSFUL; - - full_local_thunk->patch_info.orig_MapViewOfSection = reinterpret_cast< - NtMapViewOfSectionFunction>(&full_remote_thunk->original); - full_local_thunk->patch_info.patch_location = target_; - NTSTATUS ret = ResolveNtdll(&full_local_thunk->patch_info); - if (!NT_SUCCESS(ret)) - return ret; - - // Setup the thunk. The jump out is performed from right after the end of the - // thunk (full_remote_thunk + 1). - InternalThunk my_thunk; - ULONG_PTR patch_info = reinterpret_cast<ULONG_PTR>(remote_thunk); - my_thunk.patch_info = static_cast<ULONG>(patch_info); - diff = reinterpret_cast<const BYTE*>(interceptor_) - - reinterpret_cast<BYTE*>(full_remote_thunk + 1); - my_thunk.relative = static_cast<ULONG>(diff); - - memcpy(&full_local_thunk->internal_thunk, &my_thunk, sizeof(my_thunk)); - - // copy the local thunk buffer to the child - if (!::WriteProcessMemory(process_, remote_thunk, local_thunk, - sizeof(ServiceFullThunk), &actual)) - return STATUS_UNSUCCESSFUL; - - if (sizeof(ServiceFullThunk) != actual) - return STATUS_UNSUCCESSFUL; - - // and now change the function to intercept, on the child - if (!::WriteProtectedChildMemory(process_, target_, &local_service, - sizeof(local_service))) - return STATUS_UNSUCCESSFUL; - - return STATUS_SUCCESS; -} - -} // namespace sandbox diff --git a/chromium/sandbox/win/wow_helper/service64_resolver.h b/chromium/sandbox/win/wow_helper/service64_resolver.h deleted file mode 100644 index 32ee46f8e67..00000000000 --- a/chromium/sandbox/win/wow_helper/service64_resolver.h +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__ -#define SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__ - -#include <stddef.h> - -#include "base/macros.h" -#include "sandbox/win/src/nt_internals.h" -#include "sandbox/win/src/resolver.h" - -namespace sandbox { - -// This is the concrete resolver used to perform service-call type functions -// inside ntdll.dll (64-bit). -class Service64ResolverThunk : public ResolverThunk { - public: - // The service resolver needs a child process to write to. - explicit Service64ResolverThunk(HANDLE process) - : process_(process), ntdll_base_(NULL) {} - virtual ~Service64ResolverThunk() {} - - // Implementation of Resolver::Setup. - virtual NTSTATUS Setup(const void* target_module, - const void* interceptor_module, - const char* target_name, - const char* interceptor_name, - const void* interceptor_entry_point, - void* thunk_storage, - size_t storage_bytes, - size_t* storage_used); - - // Implementation of Resolver::ResolveInterceptor. - virtual NTSTATUS ResolveInterceptor(const void* module, - const char* function_name, - const void** address); - - // Implementation of Resolver::ResolveTarget. - virtual NTSTATUS ResolveTarget(const void* module, - const char* function_name, - void** address); - - // Implementation of Resolver::GetThunkSize. - virtual size_t GetThunkSize() const; - - protected: - // The unit test will use this member to allow local patch on a buffer. - HMODULE ntdll_base_; - - // Handle of the child process. - HANDLE process_; - - private: - // Returns true if the code pointer by target_ corresponds to the expected - // type of function. Saves that code on the first part of the thunk pointed - // by local_thunk (should be directly accessible from the parent). - virtual bool IsFunctionAService(void* local_thunk) const; - - // Performs the actual patch of target_. - // local_thunk must be already fully initialized, and the first part must - // contain the original code. The real type of this buffer is ServiceFullThunk - // (yes, private). remote_thunk (real type ServiceFullThunk), must be - // allocated on the child, and will contain the thunk data, after this call. - // Returns the apropriate status code. - virtual NTSTATUS PerformPatch(void* local_thunk, void* remote_thunk); - - DISALLOW_COPY_AND_ASSIGN(Service64ResolverThunk); -}; - -} // namespace sandbox - - -#endif // SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__ diff --git a/chromium/sandbox/win/wow_helper/target_code.cc b/chromium/sandbox/win/wow_helper/target_code.cc deleted file mode 100644 index 8da27cc5764..00000000000 --- a/chromium/sandbox/win/wow_helper/target_code.cc +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "sandbox/win/wow_helper/target_code.h" - -namespace sandbox { - -// Hooks NtMapViewOfSection to detect the load of dlls. -NTSTATUS WINAPI TargetNtMapViewOfSection( - PatchInfo *patch_info, HANDLE process, PVOID *base, ULONG_PTR zero_bits, - SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, - SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { - NTSTATUS ret = patch_info->orig_MapViewOfSection(patch_info->section, process, - base, zero_bits, commit_size, - offset, view_size, inherit, - allocation_type, protect); - - LARGE_INTEGER timeout; - timeout.QuadPart = -(5 * 10000000); // 5 seconds. - - // The wait is alertable. - patch_info->signal_and_wait(patch_info->dll_load, patch_info->continue_load, - TRUE, &timeout); - - return ret; -} - -// Marks the end of the code to copy to the target process. -NTSTATUS WINAPI TargetEnd() { - return STATUS_SUCCESS; -} - -} // namespace sandbox diff --git a/chromium/sandbox/win/wow_helper/target_code.h b/chromium/sandbox/win/wow_helper/target_code.h deleted file mode 100644 index c198a852e2d..00000000000 --- a/chromium/sandbox/win/wow_helper/target_code.h +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef SANDBOX_WOW_HELPER_TARGET_CODE_H__ -#define SANDBOX_WOW_HELPER_TARGET_CODE_H__ - -#include "sandbox/win/src/nt_internals.h" - -namespace sandbox { - -extern "C" { - -// Holds the information needed for the interception of NtMapViewOfSection. -// Changes of this structure must be synchronized with changes of PatchInfo32 -// on sandbox/win/src/wow64.cc. -struct PatchInfo { - HANDLE dll_load; // Event to signal the broker. - HANDLE continue_load; // Event to wait for the broker. - HANDLE section; // First argument of the call. - NtMapViewOfSectionFunction orig_MapViewOfSection; - NtSignalAndWaitForSingleObjectFunction signal_and_wait; - void* patch_location; -}; - -// Interception of NtMapViewOfSection on the child process. -// It should never be called directly. This function provides the means to -// detect dlls being loaded, so we can patch them if needed. -NTSTATUS WINAPI TargetNtMapViewOfSection( - PatchInfo* patch_info, HANDLE process, PVOID* base, ULONG_PTR zero_bits, - SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, - SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect); - -// Marker of the end of TargetNtMapViewOfSection. -NTSTATUS WINAPI TargetEnd(); - -} // extern "C" - -} // namespace sandbox - -#endif // SANDBOX_WOW_HELPER_TARGET_CODE_H__ diff --git a/chromium/sandbox/win/wow_helper/wow_helper.cc b/chromium/sandbox/win/wow_helper/wow_helper.cc deleted file mode 100644 index af76cbc1358..00000000000 --- a/chromium/sandbox/win/wow_helper/wow_helper.cc +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// Wow_helper.exe is a simple Win32 64-bit executable designed to help to -// sandbox a 32 bit application running on a 64 bit OS. The basic idea is to -// perform a 64 bit interception of the target process and notify the 32-bit -// broker process whenever a DLL is being loaded. This allows the broker to -// setup the interceptions (32-bit) properly on the target. - -#include <windows.h> -#include <stddef.h> - -#include <string> - -#include "sandbox/win/wow_helper/service64_resolver.h" -#include "sandbox/win/wow_helper/target_code.h" - -namespace sandbox { - -// Performs the interception of NtMapViewOfSection on the 64-bit version of -// ntdll.dll. 'thunk' is the buffer on the address space of process 'child', -// that will be used to store the information about the patch. -int PatchNtdll(HANDLE child, void* thunk, size_t thunk_bytes) { - wchar_t* ntdll_name = L"ntdll.dll"; - HMODULE ntdll_base = ::GetModuleHandle(ntdll_name); - if (!ntdll_base) - return 100; - - Service64ResolverThunk resolver(child); - size_t used = resolver.GetThunkSize(); - char* code = reinterpret_cast<char*>(thunk) + used; - NTSTATUS ret = resolver.Setup(ntdll_base, NULL, "NtMapViewOfSection", NULL, - code, thunk, thunk_bytes, NULL); - if (!NT_SUCCESS(ret)) - return 101; - - size_t size = reinterpret_cast<char*>(&TargetEnd) - - reinterpret_cast<char*>(&TargetNtMapViewOfSection); - - if (size + used > thunk_bytes) - return 102; - - SIZE_T written; - if (!::WriteProcessMemory(child, code, &TargetNtMapViewOfSection, size, - &written)) - return 103; - - if (size != written) - return 104; - - return 0; -} - -} // namespace sandbox - -// We must receive two arguments: the process id of the target to intercept and -// the address of a page of memory on that process that will be used for the -// interception. We receive the address because the broker will cleanup the -// patch when the work is performed. -// -// It should be noted that we don't wait until the real work is done; this -// program quits as soon as the 64-bit interception is performed. -int wWinMain(HINSTANCE, HINSTANCE, wchar_t* command_line, int) { - static_assert(sizeof(void*) > sizeof(DWORD), "unsupported 32 bits"); - if (!command_line) - return 1; - - wchar_t* next; - DWORD process_id = wcstoul(command_line, &next, 0); - if (!process_id) - return 2; - - DWORD access = PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE; - HANDLE child = ::OpenProcess(access, FALSE, process_id); - if (!child) - return 3; - - DWORD buffer = wcstoul(next, NULL, 0); - if (!buffer) - return 4; - - void* thunk = reinterpret_cast<void*>(static_cast<ULONG_PTR>(buffer)); - - const size_t kPageSize = 4096; - return sandbox::PatchNtdll(child, thunk, kPageSize); -} diff --git a/chromium/sandbox/win/wow_helper/wow_helper.exe b/chromium/sandbox/win/wow_helper/wow_helper.exe Binary files differdeleted file mode 100755 index f9bfb4bbdde..00000000000 --- a/chromium/sandbox/win/wow_helper/wow_helper.exe +++ /dev/null diff --git a/chromium/sandbox/win/wow_helper/wow_helper.pdb b/chromium/sandbox/win/wow_helper/wow_helper.pdb Binary files differdeleted file mode 100644 index 9cb67d001df..00000000000 --- a/chromium/sandbox/win/wow_helper/wow_helper.pdb +++ /dev/null diff --git a/chromium/sandbox/win/wow_helper/wow_helper.vcproj b/chromium/sandbox/win/wow_helper/wow_helper.vcproj deleted file mode 100644 index c8e7c9ebffe..00000000000 --- a/chromium/sandbox/win/wow_helper/wow_helper.vcproj +++ /dev/null @@ -1,215 +0,0 @@ -<?xml version="1.0" encoding="Windows-1252"?> -<VisualStudioProject - ProjectType="Visual C++" - Version="8.00" - Name="wow_helper" - ProjectGUID="{BCF3A457-39F1-4DAA-9A65-93CFCD559036}" - RootNamespace="wow_helper" - Keyword="Win32Proj" - > - <Platforms> - <Platform - Name="x64" - /> - </Platforms> - <ToolFiles> - </ToolFiles> - <Configurations> - <Configuration - Name="Debug|x64" - OutputDirectory="$(ProjectDir)" - IntermediateDirectory="$(PlatformName)\$(ConfigurationName)" - ConfigurationType="1" - CharacterSet="1" - > - <Tool - Name="VCPreBuildEventTool" - /> - <Tool - Name="VCCustomBuildTool" - /> - <Tool - Name="VCXMLDataGeneratorTool" - /> - <Tool - Name="VCWebServiceProxyGeneratorTool" - /> - <Tool - Name="VCMIDLTool" - TargetEnvironment="3" - /> - <Tool - Name="VCCLCompilerTool" - Optimization="0" - AdditionalIncludeDirectories="$(SolutionDir)..;$(SolutionDir)..\third_party\platformsdk_win2008_6_1\files\Include;$(VSInstallDir)\VC\atlmfc\include" - PreprocessorDefinitions="_WIN32_WINNT=0x0501;WINVER=0x0501;WIN32;_DEBUG" - MinimalRebuild="true" - BasicRuntimeChecks="0" - RuntimeLibrary="1" - BufferSecurityCheck="false" - RuntimeTypeInfo="false" - UsePrecompiledHeader="0" - WarningLevel="3" - Detect64BitPortabilityProblems="true" - DebugInformationFormat="3" - /> - <Tool - Name="VCManagedResourceCompilerTool" - /> - <Tool - Name="VCResourceCompilerTool" - /> - <Tool - Name="VCPreLinkEventTool" - /> - <Tool - Name="VCLinkerTool" - LinkIncremental="1" - GenerateDebugInformation="true" - SubSystem="2" - TargetMachine="17" - /> - <Tool - Name="VCALinkTool" - /> - <Tool - Name="VCManifestTool" - /> - <Tool - Name="VCXDCMakeTool" - /> - <Tool - Name="VCBscMakeTool" - /> - <Tool - Name="VCFxCopTool" - /> - <Tool - Name="VCAppVerifierTool" - /> - <Tool - Name="VCWebDeploymentTool" - /> - <Tool - Name="VCPostBuildEventTool" - /> - </Configuration> - <Configuration - Name="Release|x64" - OutputDirectory="$(ProjectDir)" - IntermediateDirectory="$(PlatformName)\$(ConfigurationName)" - ConfigurationType="1" - CharacterSet="1" - WholeProgramOptimization="1" - > - <Tool - Name="VCPreBuildEventTool" - /> - <Tool - Name="VCCustomBuildTool" - /> - <Tool - Name="VCXMLDataGeneratorTool" - /> - <Tool - Name="VCWebServiceProxyGeneratorTool" - /> - <Tool - Name="VCMIDLTool" - TargetEnvironment="3" - /> - <Tool - Name="VCCLCompilerTool" - AdditionalIncludeDirectories="$(SolutionDir)..;$(SolutionDir)..\third_party\platformsdk_win2008_6_1\files\Include;$(VSInstallDir)\VC\atlmfc\include" - PreprocessorDefinitions="_WIN32_WINNT=0x0501;WINVER=0x0501;WIN32;NDEBUG" - RuntimeLibrary="0" - BufferSecurityCheck="false" - RuntimeTypeInfo="false" - UsePrecompiledHeader="0" - WarningLevel="3" - Detect64BitPortabilityProblems="true" - DebugInformationFormat="3" - /> - <Tool - Name="VCManagedResourceCompilerTool" - /> - <Tool - Name="VCResourceCompilerTool" - /> - <Tool - Name="VCPreLinkEventTool" - /> - <Tool - Name="VCLinkerTool" - LinkIncremental="1" - GenerateDebugInformation="true" - SubSystem="2" - OptimizeReferences="2" - EnableCOMDATFolding="2" - TargetMachine="17" - /> - <Tool - Name="VCALinkTool" - /> - <Tool - Name="VCManifestTool" - /> - <Tool - Name="VCXDCMakeTool" - /> - <Tool - Name="VCBscMakeTool" - /> - <Tool - Name="VCFxCopTool" - /> - <Tool - Name="VCAppVerifierTool" - /> - <Tool - Name="VCWebDeploymentTool" - /> - <Tool - Name="VCPostBuildEventTool" - /> - </Configuration> - </Configurations> - <References> - </References> - <Files> - <Filter - Name="sandbox" - > - <File - RelativePath="..\src\nt_internals.h" - > - </File> - <File - RelativePath="..\src\resolver.h" - > - </File> - </Filter> - <File - RelativePath=".\service64_resolver.cc" - > - </File> - <File - RelativePath=".\service64_resolver.h" - > - </File> - <File - RelativePath=".\target_code.cc" - > - </File> - <File - RelativePath=".\target_code.h" - > - </File> - <File - RelativePath=".\wow_helper.cc" - > - </File> - </Files> - <Globals> - </Globals> -</VisualStudioProject> |