The Tor Browser / annotate

security/sandbox/win/src/registry_dispatcher.cc@6474c204b198 (annotated)

security/sandbox/win/src/registry_dispatcher.cc

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
michael@0 2 // Use of this source code is governed by a BSD-style license that can be
michael@0 3 // found in the LICENSE file.
michael@0 4
michael@0 5 #include "sandbox/win/src/registry_dispatcher.h"
michael@0 6
michael@0 7 #include "base/win/scoped_handle.h"
michael@0 8 #include "base/win/windows_version.h"
michael@0 9 #include "sandbox/win/src/crosscall_client.h"
michael@0 10 #include "sandbox/win/src/interception.h"
michael@0 11 #include "sandbox/win/src/interceptors.h"
michael@0 12 #include "sandbox/win/src/ipc_tags.h"
michael@0 13 #include "sandbox/win/src/sandbox_nt_util.h"
michael@0 14 #include "sandbox/win/src/policy_broker.h"
michael@0 15 #include "sandbox/win/src/policy_params.h"
michael@0 16 #include "sandbox/win/src/sandbox.h"
michael@0 17 #include "sandbox/win/src/registry_interception.h"
michael@0 18 #include "sandbox/win/src/registry_policy.h"
michael@0 19
michael@0 20 namespace {
michael@0 21
michael@0 22 // Builds a path using the root directory and the name.
michael@0 23 bool GetCompletePath(HANDLE root, const std::wstring& name,
michael@0 24 std::wstring* complete_name) {
michael@0 25 if (root) {
michael@0 26 if (!sandbox::GetPathFromHandle(root, complete_name))
michael@0 27 return false;
michael@0 28
michael@0 29 *complete_name += L"\\";
michael@0 30 *complete_name += name;
michael@0 31 } else {
michael@0 32 *complete_name = name;
michael@0 33 }
michael@0 34
michael@0 35 return true;
michael@0 36 }
michael@0 37
michael@0 38 }
michael@0 39
michael@0 40 namespace sandbox {
michael@0 41
michael@0 42 RegistryDispatcher::RegistryDispatcher(PolicyBase* policy_base)
michael@0 43 : policy_base_(policy_base) {
michael@0 44 static const IPCCall create_params = {
michael@0 45 {IPC_NTCREATEKEY_TAG, WCHAR_TYPE, ULONG_TYPE, VOIDPTR_TYPE, ULONG_TYPE,
michael@0 46 ULONG_TYPE, ULONG_TYPE},
michael@0 47 reinterpret_cast<CallbackGeneric>(&RegistryDispatcher::NtCreateKey)
michael@0 48 };
michael@0 49
michael@0 50 static const IPCCall open_params = {
michael@0 51 {IPC_NTOPENKEY_TAG, WCHAR_TYPE, ULONG_TYPE, VOIDPTR_TYPE, ULONG_TYPE},
michael@0 52 reinterpret_cast<CallbackGeneric>(&RegistryDispatcher::NtOpenKey)
michael@0 53 };
michael@0 54
michael@0 55 ipc_calls_.push_back(create_params);
michael@0 56 ipc_calls_.push_back(open_params);
michael@0 57 }
michael@0 58
michael@0 59 bool RegistryDispatcher::SetupService(InterceptionManager* manager,
michael@0 60 int service) {
michael@0 61 if (IPC_NTCREATEKEY_TAG == service)
michael@0 62 return INTERCEPT_NT(manager, NtCreateKey, CREATE_KEY_ID, 32);
michael@0 63
michael@0 64 if (IPC_NTOPENKEY_TAG == service) {
michael@0 65 bool result = INTERCEPT_NT(manager, NtOpenKey, OPEN_KEY_ID, 16);
michael@0 66 if (base::win::GetVersion() >= base::win::VERSION_WIN7)
michael@0 67 result &= INTERCEPT_NT(manager, NtOpenKeyEx, OPEN_KEY_EX_ID, 20);
michael@0 68 return result;
michael@0 69 }
michael@0 70
michael@0 71 return false;
michael@0 72 }
michael@0 73
michael@0 74 bool RegistryDispatcher::NtCreateKey(
michael@0 75 IPCInfo* ipc, std::wstring* name, DWORD attributes, HANDLE root,
michael@0 76 DWORD desired_access, DWORD title_index, DWORD create_options) {
michael@0 77 base::win::ScopedHandle root_handle;
michael@0 78 std::wstring real_path = *name;
michael@0 79
michael@0 80 // If there is a root directory, we need to duplicate the handle to make
michael@0 81 // it valid in this process.
michael@0 82 if (root) {
michael@0 83 if (!::DuplicateHandle(ipc->client_info->process, root,
michael@0 84 ::GetCurrentProcess(), &root, 0, FALSE,
michael@0 85 DUPLICATE_SAME_ACCESS))
michael@0 86 return false;
michael@0 87
michael@0 88 root_handle.Set(root);
michael@0 89 }
michael@0 90
michael@0 91 if (!GetCompletePath(root, *name, &real_path))
michael@0 92 return false;
michael@0 93
michael@0 94 const wchar_t* regname = real_path.c_str();
michael@0 95 CountedParameterSet<OpenKey> params;
michael@0 96 params[OpenKey::NAME] = ParamPickerMake(regname);
michael@0 97 params[OpenKey::ACCESS] = ParamPickerMake(desired_access);
michael@0 98
michael@0 99 EvalResult result = policy_base_->EvalPolicy(IPC_NTCREATEKEY_TAG,
michael@0 100 params.GetBase());
michael@0 101
michael@0 102 HANDLE handle;
michael@0 103 NTSTATUS nt_status;
michael@0 104 ULONG disposition = 0;
michael@0 105 if (!RegistryPolicy::CreateKeyAction(result, *ipc->client_info, *name,
michael@0 106 attributes, root, desired_access,
michael@0 107 title_index, create_options, &handle,
michael@0 108 &nt_status, &disposition)) {
michael@0 109 ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
michael@0 110 return true;
michael@0 111 }
michael@0 112
michael@0 113 // Return operation status on the IPC.
michael@0 114 ipc->return_info.extended[0].unsigned_int = disposition;
michael@0 115 ipc->return_info.nt_status = nt_status;
michael@0 116 ipc->return_info.handle = handle;
michael@0 117 return true;
michael@0 118 }
michael@0 119
michael@0 120 bool RegistryDispatcher::NtOpenKey(IPCInfo* ipc, std::wstring* name,
michael@0 121 DWORD attributes, HANDLE root,
michael@0 122 DWORD desired_access) {
michael@0 123 base::win::ScopedHandle root_handle;
michael@0 124 std::wstring real_path = *name;
michael@0 125
michael@0 126 // If there is a root directory, we need to duplicate the handle to make
michael@0 127 // it valid in this process.
michael@0 128 if (root) {
michael@0 129 if (!::DuplicateHandle(ipc->client_info->process, root,
michael@0 130 ::GetCurrentProcess(), &root, 0, FALSE,
michael@0 131 DUPLICATE_SAME_ACCESS))
michael@0 132 return false;
michael@0 133 root_handle.Set(root);
michael@0 134 }
michael@0 135
michael@0 136 if (!GetCompletePath(root, *name, &real_path))
michael@0 137 return false;
michael@0 138
michael@0 139 const wchar_t* regname = real_path.c_str();
michael@0 140 CountedParameterSet<OpenKey> params;
michael@0 141 params[OpenKey::NAME] = ParamPickerMake(regname);
michael@0 142 params[OpenKey::ACCESS] = ParamPickerMake(desired_access);
michael@0 143
michael@0 144 EvalResult result = policy_base_->EvalPolicy(IPC_NTOPENKEY_TAG,
michael@0 145 params.GetBase());
michael@0 146 HANDLE handle;
michael@0 147 NTSTATUS nt_status;
michael@0 148 if (!RegistryPolicy::OpenKeyAction(result, *ipc->client_info, *name,
michael@0 149 attributes, root, desired_access, &handle,
michael@0 150 &nt_status)) {
michael@0 151 ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
michael@0 152 return true;
michael@0 153 }
michael@0 154
michael@0 155 // Return operation status on the IPC.
michael@0 156 ipc->return_info.nt_status = nt_status;
michael@0 157 ipc->return_info.handle = handle;
michael@0 158 return true;
michael@0 159 }
michael@0 160
michael@0 161 } // namespace sandbox

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial