Bug 1522830: Part 6 - Add API to be able to initialize launcher dll blocklist during spawning of child process; r=mhowell

We need a way for the sandbox broker to be able to initialize the launcher
DLL blocklist when starting a new content process.

This patch adds the ability to resolve the initialization function through
DLL services.

Differential Revision: https://phabricator.services.mozilla.com/D53678

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Aaron Klotz 2019-12-06 22:03:45 +00:00
parent 24253580aa
commit 78b5fd3fbf
8 changed files with 51 additions and 6 deletions

View File

@ -9,6 +9,7 @@
#include "mozilla/Assertions.h"
#include "mozilla/Types.h"
#include "mozilla/Unused.h"
#include "../DllBlocklistInit.h"
using GlobalInitializerFn = void(__cdecl*)(void);
@ -84,7 +85,7 @@ class MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS LoaderPrivateAPIImp final
void NotifyEndDllLoad(void* aContext, NTSTATUS aLoadNtStatus,
ModuleLoadInfo&& aModuleLoadInfo) final;
nt::AllocatedUnicodeString GetSectionName(void* aSectionAddr) final;
nt::MemorySectionNameBuf GetSectionNameBuffer(void* aSectionAddr) final;
nt::LoaderAPI::InitDllBlocklistOOPFnPtr GetDllBlocklistInitFn() final;
// LoaderPrivateAPI
void NotifyBeginDllLoad(void** aContext,
@ -93,6 +94,7 @@ class MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS LoaderPrivateAPIImp final
PCUNICODE_STRING aRequestedDllName) final;
void SetObserver(nt::LoaderObserver* aNewObserver) final;
bool IsDefaultObserver() const final;
nt::MemorySectionNameBuf GetSectionNameBuffer(void* aSectionAddr) final;
};
static void Init() {
@ -208,6 +210,11 @@ nt::AllocatedUnicodeString LoaderPrivateAPIImp::GetSectionName(
return nt::AllocatedUnicodeString(&buf.mSectionFileName);
}
nt::LoaderAPI::InitDllBlocklistOOPFnPtr
LoaderPrivateAPIImp::GetDllBlocklistInitFn() {
return &InitializeDllBlocklistOOP;
}
nt::MemorySectionNameBuf LoaderPrivateAPIImp::GetSectionNameBuffer(
void* aSectionAddr) {
const HANDLE kCurrentProcess = reinterpret_cast<HANDLE>(-1);

View File

@ -92,6 +92,15 @@ class NS_NO_VTABLE LoaderAPI {
* backing it.
*/
virtual AllocatedUnicodeString GetSectionName(void* aSectionAddr) = 0;
using InitDllBlocklistOOPFnPtr =
LauncherVoidResultWithLineInfo (*)(const wchar_t*, HANDLE);
/**
* Return a pointer to the cross-process DLL Blocklist Init function.
* Used by sandboxBroker::LaunchApp.
*/
virtual InitDllBlocklistOOPFnPtr GetDllBlocklistInitFn() = 0;
};
} // namespace nt

View File

@ -28,7 +28,8 @@ nt::LoaderAPI* ModuleLoadFrame::sLoaderAPI;
using GetNtLoaderAPIFn = decltype(&mozilla::GetNtLoaderAPI);
/* static */
void ModuleLoadFrame::StaticInit(nt::LoaderObserver* aNewObserver) {
nt::LoaderAPI::InitDllBlocklistOOPFnPtr ModuleLoadFrame::StaticInit(
nt::LoaderObserver* aNewObserver) {
const auto pGetNtLoaderAPI = reinterpret_cast<GetNtLoaderAPIFn>(
::GetProcAddress(::GetModuleHandleW(nullptr), "GetNtLoaderAPI"));
if (!pGetNtLoaderAPI) {
@ -36,10 +37,12 @@ void ModuleLoadFrame::StaticInit(nt::LoaderObserver* aNewObserver) {
// the launcher process blocklist.
gFallbackLoaderAPI.SetObserver(aNewObserver);
sLoaderAPI = &gFallbackLoaderAPI;
return;
return nullptr;
}
sLoaderAPI = pGetNtLoaderAPI(aNewObserver);
MOZ_ASSERT(sLoaderAPI);
return sLoaderAPI->GetDllBlocklistInitFn();
}
ModuleLoadFrame::ModuleLoadFrame(PCUNICODE_STRING aRequestedDllName)

View File

@ -25,7 +25,8 @@ class MOZ_RAII ModuleLoadFrame final {
ModuleLoadFrame& operator=(const ModuleLoadFrame&) = delete;
ModuleLoadFrame& operator=(ModuleLoadFrame&&) = delete;
static void StaticInit(nt::LoaderObserver* aNewObserver);
static nt::LoaderAPI::InitDllBlocklistOOPFnPtr StaticInit(
nt::LoaderObserver* aNewObserver);
private:
bool mAlreadyLoaded;

View File

@ -588,6 +588,7 @@ static WindowsDllInterceptor Kernel32Intercept;
static void GetNativeNtBlockSetWriter();
static glue::LoaderObserver gMozglueLoaderObserver;
static nt::LoaderAPI::InitDllBlocklistOOPFnPtr gInitDllBlocklistOOPFnPtr;
MFBT_API void DllBlocklist_Initialize(uint32_t aInitFlags) {
if (sBlocklistInitAttempted) {
@ -597,7 +598,8 @@ MFBT_API void DllBlocklist_Initialize(uint32_t aInitFlags) {
sInitFlags = aInitFlags;
glue::ModuleLoadFrame::StaticInit(&gMozglueLoaderObserver);
gInitDllBlocklistOOPFnPtr =
glue::ModuleLoadFrame::StaticInit(&gMozglueLoaderObserver);
#ifdef _M_AMD64
if (!IsWin8OrLater()) {
@ -753,6 +755,7 @@ MFBT_API void DllBlocklist_SetFullDllServices(
glue::AutoExclusiveLock lock(gDllServicesLock);
if (aSvc) {
aSvc->SetAuthenticodeImpl(GetAuthenticode());
aSvc->SetInitDllBlocklistOOPFnPtr(gInitDllBlocklistOOPFnPtr);
gMozglueLoaderObserver.Forward(aSvc);
}

View File

@ -10,10 +10,12 @@
#include "mozilla/Assertions.h"
#include "mozilla/Authenticode.h"
#include "mozilla/LoaderAPIInterfaces.h"
#include "mozilla/Move.h"
#include "mozilla/mozalloc.h"
#include "mozilla/UniquePtr.h"
#include "mozilla/Vector.h"
#include "mozilla/WindowsDllBlocklist.h"
#include "mozilla/WinHeaderOnlyUtils.h"
#if defined(MOZILLA_INTERNAL_API)
@ -57,6 +59,17 @@ class DllServicesBase : public Authenticode {
mAuthenticode = aAuthenticode;
}
void SetInitDllBlocklistOOPFnPtr(
nt::LoaderAPI::InitDllBlocklistOOPFnPtr aPtr) {
mInitDllBlocklistOOPFnPtr = aPtr;
}
template <typename... Args>
LauncherVoidResultWithLineInfo InitDllBlocklistOOP(Args&&... aArgs) {
MOZ_RELEASE_ASSERT(mInitDllBlocklistOOPFnPtr);
return mInitDllBlocklistOOPFnPtr(std::forward<Args>(aArgs)...);
}
// In debug builds we override GetBinaryOrgName to add a Gecko-specific
// assertion. OTOH, we normally do not want people overriding this function,
// so we'll make it final in the release case, thus covering all bases.
@ -85,7 +98,8 @@ class DllServicesBase : public Authenticode {
DllServicesBase& operator=(DllServicesBase&&) = delete;
protected:
DllServicesBase() : mAuthenticode(nullptr) {}
DllServicesBase()
: mAuthenticode(nullptr), mInitDllBlocklistOOPFnPtr(nullptr) {}
virtual ~DllServicesBase() = default;
@ -94,6 +108,7 @@ class DllServicesBase : public Authenticode {
private:
Authenticode* mAuthenticode;
nt::LoaderAPI::InitDllBlocklistOOPFnPtr mInitDllBlocklistOOPFnPtr;
};
} // namespace detail

View File

@ -67,6 +67,12 @@ nt::AllocatedUnicodeString FallbackLoaderAPI::GetSectionName(
return nt::AllocatedUnicodeString(&buf.mSectionFileName);
}
nt::LoaderAPI::InitDllBlocklistOOPFnPtr
FallbackLoaderAPI::GetDllBlocklistInitFn() {
MOZ_ASSERT_UNREACHABLE("This should not be called so soon!");
return nullptr;
}
void FallbackLoaderAPI::SetObserver(nt::LoaderObserver* aLoaderObserver) {
mLoaderObserver = aLoaderObserver;
}

View File

@ -24,6 +24,7 @@ class MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS FallbackLoaderAPI final
void NotifyEndDllLoad(void* aContext, NTSTATUS aLoadNtStatus,
ModuleLoadInfo&& aModuleLoadInfo) final;
nt::AllocatedUnicodeString GetSectionName(void* aSectionAddr) final;
nt::LoaderAPI::InitDllBlocklistOOPFnPtr GetDllBlocklistInitFn() final;
void SetObserver(nt::LoaderObserver* aLoaderObserver);