mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-13 18:27:35 +00:00
Bug 1018966 - Part 2: Make warn only sandbox changes to the Chromium code. r=tabraldes
This commit is contained in:
parent
f19448274c
commit
a9431992d5
@ -0,0 +1,4 @@
|
||||
Please add a link to the bugzilla bug and patch name that should be re-applied.
|
||||
Also, please update any existing links to their actual mozilla-central changeset.
|
||||
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=1018966 wosChromiumChanges.patch
|
@ -12,6 +12,9 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
|
||||
#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
|
||||
#endif
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -31,6 +34,12 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile,
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtCreateFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -86,6 +95,11 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtCreateFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -102,6 +116,12 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file,
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtOpenFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -154,6 +174,11 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtOpenFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -168,6 +193,12 @@ NTSTATUS WINAPI TargetNtQueryAttributesFile(
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtQueryAttributesFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -208,6 +239,11 @@ NTSTATUS WINAPI TargetNtQueryAttributesFile(
|
||||
if (SBOX_ALL_OK != code)
|
||||
break;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtQueryAttributesFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
return answer.nt_status;
|
||||
|
||||
} while (false);
|
||||
@ -225,6 +261,12 @@ NTSTATUS WINAPI TargetNtQueryFullAttributesFile(
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtQueryFullAttributesFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -266,6 +308,11 @@ NTSTATUS WINAPI TargetNtQueryFullAttributesFile(
|
||||
if (SBOX_ALL_OK != code)
|
||||
break;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtQueryFullAttributesFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -282,6 +329,10 @@ NTSTATUS WINAPI TargetNtSetInformationFile(
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtSetInformationFile");
|
||||
#endif
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -343,6 +394,9 @@ NTSTATUS WINAPI TargetNtSetInformationFile(
|
||||
break;
|
||||
|
||||
status = answer.nt_status;
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtSetInformationFile");
|
||||
#endif
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
|
@ -10,6 +10,9 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
|
||||
#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
|
||||
#endif
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -34,10 +37,16 @@ ResultCode DuplicateHandleProxy(HANDLE source_handle,
|
||||
|
||||
if (answer.win32_result) {
|
||||
::SetLastError(answer.nt_status);
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("DuplicateHandle");
|
||||
#endif
|
||||
return SBOX_ERROR_GENERIC;
|
||||
}
|
||||
|
||||
*target_handle = answer.handle;
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("DuplicateHandle");
|
||||
#endif
|
||||
return SBOX_ALL_OK;
|
||||
}
|
||||
|
||||
|
@ -12,6 +12,9 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
|
||||
#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
|
||||
#endif
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -27,6 +30,9 @@ HANDLE WINAPI TargetCreateNamedPipeW(
|
||||
if (INVALID_HANDLE_VALUE != pipe)
|
||||
return pipe;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("CreateNamedPipeW", pipe_name);
|
||||
#endif
|
||||
DWORD original_error = ::GetLastError();
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
@ -62,6 +68,9 @@ HANDLE WINAPI TargetCreateNamedPipeW(
|
||||
if (ERROR_SUCCESS != answer.win32_result)
|
||||
return INVALID_HANDLE_VALUE;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("CreateNamedPipeW", pipe_name);
|
||||
#endif
|
||||
return answer.handle;
|
||||
} while (false);
|
||||
|
||||
|
@ -12,6 +12,9 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
|
||||
#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
|
||||
#endif
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -28,6 +31,9 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread,
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtOpenThread");
|
||||
#endif
|
||||
do {
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
break;
|
||||
@ -93,6 +99,9 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread,
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtOpenThread");
|
||||
#endif
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -110,6 +119,9 @@ NTSTATUS WINAPI TargetNtOpenProcess(NtOpenProcessFunction orig_OpenProcess,
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtOpenProcess");
|
||||
#endif
|
||||
do {
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
break;
|
||||
@ -163,6 +175,9 @@ NTSTATUS WINAPI TargetNtOpenProcess(NtOpenProcessFunction orig_OpenProcess,
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtOpenProcess");
|
||||
#endif
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -177,6 +192,9 @@ NTSTATUS WINAPI TargetNtOpenProcessToken(
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtOpenProcessToken");
|
||||
#endif
|
||||
do {
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
break;
|
||||
@ -208,6 +226,9 @@ NTSTATUS WINAPI TargetNtOpenProcessToken(
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtOpenProcessToken");
|
||||
#endif
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -222,6 +243,9 @@ NTSTATUS WINAPI TargetNtOpenProcessTokenEx(
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtOpenProcessTokenEx");
|
||||
#endif
|
||||
do {
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
break;
|
||||
@ -253,6 +277,9 @@ NTSTATUS WINAPI TargetNtOpenProcessTokenEx(
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtOpenProcessTokenEx");
|
||||
#endif
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -273,6 +300,10 @@ BOOL WINAPI TargetCreateProcessW(CreateProcessWFunction orig_CreateProcessW,
|
||||
process_information)) {
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("CreateProcessW", application_name);
|
||||
#endif
|
||||
DWORD original_error = ::GetLastError();
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
@ -310,6 +341,9 @@ BOOL WINAPI TargetCreateProcessW(CreateProcessWFunction orig_CreateProcessW,
|
||||
if (ERROR_SUCCESS != answer.win32_result)
|
||||
return FALSE;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("CreateProcessW", application_name);
|
||||
#endif
|
||||
return TRUE;
|
||||
} while (false);
|
||||
|
||||
@ -331,6 +365,10 @@ BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA,
|
||||
process_information)) {
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("CreateProcessA", application_name);
|
||||
#endif
|
||||
DWORD original_error = ::GetLastError();
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
@ -391,6 +429,9 @@ BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA,
|
||||
if (ERROR_SUCCESS != answer.win32_result)
|
||||
return FALSE;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("CreateProcessA", application_name);
|
||||
#endif
|
||||
return TRUE;
|
||||
} while (false);
|
||||
|
||||
|
@ -10,6 +10,9 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
|
||||
#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
|
||||
#endif
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -25,6 +28,12 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtCreateKey",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -87,6 +96,11 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtCreateKey",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -140,6 +154,11 @@ NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("NtOpenKey[Ex]",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -153,6 +172,12 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtOpenKey",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
|
||||
return CommonNtOpenKey(status, key, desired_access, object_attributes);
|
||||
}
|
||||
|
||||
@ -170,6 +195,12 @@ NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
|
||||
if (NT_SUCCESS(status) || open_options != 0)
|
||||
return status;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
#endif
|
||||
|
||||
return CommonNtOpenKey(status, key, desired_access, object_attributes);
|
||||
}
|
||||
|
||||
|
@ -12,6 +12,9 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#ifdef MOZ_CONTENT_SANDBOX // For upstream merging, use patch in bug 1018966 to reapply warn only sandbox code
|
||||
#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
|
||||
#endif
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -26,6 +29,10 @@ HANDLE WINAPI TargetCreateEventW(CreateEventWFunction orig_CreateEvent,
|
||||
if (NULL != handle)
|
||||
return handle;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("CreateEventW", name);
|
||||
#endif
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return NULL;
|
||||
@ -53,6 +60,9 @@ HANDLE WINAPI TargetCreateEventW(CreateEventWFunction orig_CreateEvent,
|
||||
break;
|
||||
|
||||
::SetLastError(answer.win32_result);
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("CreateEventW", name);
|
||||
#endif
|
||||
return answer.handle;
|
||||
} while (false);
|
||||
|
||||
@ -71,6 +81,10 @@ HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent,
|
||||
if (NULL != handle)
|
||||
return handle;
|
||||
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogBlocked("OpenEventW", name);
|
||||
#endif
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return NULL;
|
||||
@ -97,6 +111,9 @@ HANDLE WINAPI TargetOpenEventW(OpenEventWFunction orig_OpenEvent,
|
||||
break;
|
||||
|
||||
::SetLastError(answer.win32_result);
|
||||
#ifdef MOZ_CONTENT_SANDBOX
|
||||
mozilla::warnonlysandbox::LogAllowed("OpenEventW", name);
|
||||
#endif
|
||||
return answer.handle;
|
||||
} while (false);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user