Bug 1284897 - Add mechanism to libsandbox_s to track names of files that have been given special sandbox access permissions (PermissionsService). r=bobowen

Hook this into the browser via the XREAppData. This patch contains only the changes to Chromium source code.
2024-11-29 07:42:04 +00:00 · 2017-01-20 08:27:57 -08:00 · 2017-01-20 08:27:57 -08:00 · 3fd846f6a8
commit 3fd846f6a8
parent e9bcaf4cbe
2 changed files with 22 additions and 6 deletions
--- a/security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.cc
+++ b/security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.cc
@ -17,6 +17,8 @@
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_nt_util.h"

+#include "mozilla/sandboxing/permissionsService.h"
+
 namespace sandbox {

 FilesystemDispatcher::FilesystemDispatcher(PolicyBase* policy_base)
@ -115,6 +117,16 @@ bool FilesystemDispatcher::NtCreateFile(IPCInfo* ipc,
  // knows what to do.
  EvalResult result = policy_base_->EvalPolicy(IPC_NTCREATEFILE_TAG,
                                               params.GetBase());
+
+  // If the policies forbid access (any result other than ASK_BROKER),
+  // then check for user-granted access to file.
+  if (ASK_BROKER != result &&
+      mozilla::sandboxing::PermissionsService::GetInstance()->
+        UserGrantedFileAccess(ipc->client_info->process_id, filename,
+                              desired_access, create_disposition)) {
+    result = ASK_BROKER;
+  }
+
  HANDLE handle;
  ULONG_PTR io_information = 0;
  NTSTATUS nt_status;
@ -162,6 +174,16 @@ bool FilesystemDispatcher::NtOpenFile(IPCInfo* ipc,
  // knows what to do.
  EvalResult result = policy_base_->EvalPolicy(IPC_NTOPENFILE_TAG,
                                               params.GetBase());
+
+  // If the policies forbid access (any result other than ASK_BROKER),
+  // then check for user-granted access to file.
+  if (ASK_BROKER != result &&
+      mozilla::sandboxing::PermissionsService::GetInstance()->UserGrantedFileAccess(
+                                    ipc->client_info->process_id, filename,
+                                    desired_access, create_disposition)) {
+    result = ASK_BROKER;
+  }
+
  HANDLE handle;
  ULONG_PTR io_information = 0;
  NTSTATUS nt_status;
--- a/security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc
+++ b/security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc
@ -70,9 +70,6 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile,
    params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32);
    params[OpenFile::BROKER] = ParamPickerMake(broker);

-    if (!QueryBroker(IPC_NTCREATEFILE_TAG, params.GetBase()))
-      break;
-
    SharedMemIPCClient ipc(memory);
    CrossCallReturn answer = {0};
    // The following call must match in the parameters with
@ -153,9 +150,6 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file,
    params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32);
    params[OpenFile::BROKER] = ParamPickerMake(broker);

-    if (!QueryBroker(IPC_NTOPENFILE_TAG, params.GetBase()))
-      break;
-
    SharedMemIPCClient ipc(memory);
    CrossCallReturn answer = {0};
    ResultCode code = CrossCall(ipc, IPC_NTOPENFILE_TAG, name, attributes,