mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-19 08:15:31 +00:00
Bug 928044 Part 3: Add logging changes back into the Chromium interception code. r=tabraldes
This commit is contained in:
parent
b539721eb8
commit
ba7a2fa911
@ -1,5 +1,5 @@
|
||||
Please add a link to the bugzilla bug and patch name that should be re-applied.
|
||||
Also, please update any existing links to their actual mozilla-central changeset.
|
||||
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=1041775 bug1041775part2.patch
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=1041775 bug1041775part3.patch
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=928044 bug928044part3.patch
|
||||
|
@ -12,6 +12,7 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#include "mozilla/sandboxing/sandboxLogging.h"
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -31,6 +32,10 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile,
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtCreateFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -86,6 +91,9 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
mozilla::sandboxing::LogAllowed("NtCreateFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -102,6 +110,10 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file,
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtOpenFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -154,6 +166,9 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
mozilla::sandboxing::LogAllowed("NtOpenFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -168,6 +183,10 @@ NTSTATUS WINAPI TargetNtQueryAttributesFile(
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtQueryAttributesFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -208,6 +227,9 @@ NTSTATUS WINAPI TargetNtQueryAttributesFile(
|
||||
if (SBOX_ALL_OK != code)
|
||||
break;
|
||||
|
||||
mozilla::sandboxing::LogAllowed("NtQueryAttributesFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
return answer.nt_status;
|
||||
|
||||
} while (false);
|
||||
@ -225,6 +247,10 @@ NTSTATUS WINAPI TargetNtQueryFullAttributesFile(
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtQueryFullAttributesFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -266,6 +292,9 @@ NTSTATUS WINAPI TargetNtQueryFullAttributesFile(
|
||||
if (SBOX_ALL_OK != code)
|
||||
break;
|
||||
|
||||
mozilla::sandboxing::LogAllowed("NtQueryFullAttributesFile",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -282,6 +311,8 @@ NTSTATUS WINAPI TargetNtSetInformationFile(
|
||||
if (STATUS_ACCESS_DENIED != status)
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtSetInformationFile");
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -343,6 +374,7 @@ NTSTATUS WINAPI TargetNtSetInformationFile(
|
||||
break;
|
||||
|
||||
status = answer.nt_status;
|
||||
mozilla::sandboxing::LogAllowed("NtSetInformationFile");
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
|
@ -10,6 +10,7 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#include "mozilla/sandboxing/sandboxLogging.h"
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -34,10 +35,12 @@ ResultCode DuplicateHandleProxy(HANDLE source_handle,
|
||||
|
||||
if (answer.win32_result) {
|
||||
::SetLastError(answer.win32_result);
|
||||
mozilla::sandboxing::LogBlocked("DuplicateHandle");
|
||||
return SBOX_ERROR_GENERIC;
|
||||
}
|
||||
|
||||
*target_handle = answer.handle;
|
||||
mozilla::sandboxing::LogAllowed("DuplicateHandle");
|
||||
return SBOX_ALL_OK;
|
||||
}
|
||||
|
||||
|
@ -12,6 +12,7 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#include "mozilla/sandboxing/sandboxLogging.h"
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -27,6 +28,8 @@ HANDLE WINAPI TargetCreateNamedPipeW(
|
||||
if (INVALID_HANDLE_VALUE != pipe)
|
||||
return pipe;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("CreateNamedPipeW", pipe_name);
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return INVALID_HANDLE_VALUE;
|
||||
@ -62,6 +65,7 @@ HANDLE WINAPI TargetCreateNamedPipeW(
|
||||
if (ERROR_SUCCESS != answer.win32_result)
|
||||
return INVALID_HANDLE_VALUE;
|
||||
|
||||
mozilla::sandboxing::LogAllowed("CreateNamedPipeW", pipe_name);
|
||||
return answer.handle;
|
||||
} while (false);
|
||||
|
||||
|
@ -12,6 +12,7 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#include "mozilla/sandboxing/sandboxLogging.h"
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -28,6 +29,7 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread,
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtOpenThread");
|
||||
do {
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
break;
|
||||
@ -93,6 +95,7 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread,
|
||||
break;
|
||||
}
|
||||
|
||||
mozilla::sandboxing::LogAllowed("NtOpenThread");
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -177,6 +180,7 @@ NTSTATUS WINAPI TargetNtOpenProcessToken(
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtOpenProcessToken");
|
||||
do {
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
break;
|
||||
@ -208,6 +212,7 @@ NTSTATUS WINAPI TargetNtOpenProcessToken(
|
||||
break;
|
||||
}
|
||||
|
||||
mozilla::sandboxing::LogAllowed("NtOpenProcessToken");
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -222,6 +227,7 @@ NTSTATUS WINAPI TargetNtOpenProcessTokenEx(
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtOpenProcessTokenEx");
|
||||
do {
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
break;
|
||||
@ -253,6 +259,7 @@ NTSTATUS WINAPI TargetNtOpenProcessTokenEx(
|
||||
break;
|
||||
}
|
||||
|
||||
mozilla::sandboxing::LogAllowed("NtOpenProcessTokenEx");
|
||||
return answer.nt_status;
|
||||
} while (false);
|
||||
|
||||
@ -274,6 +281,8 @@ BOOL WINAPI TargetCreateProcessW(CreateProcessWFunction orig_CreateProcessW,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
mozilla::sandboxing::LogBlocked("CreateProcessW", application_name);
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return FALSE;
|
||||
@ -311,6 +320,7 @@ BOOL WINAPI TargetCreateProcessW(CreateProcessWFunction orig_CreateProcessW,
|
||||
if (ERROR_SUCCESS != answer.win32_result)
|
||||
return FALSE;
|
||||
|
||||
mozilla::sandboxing::LogAllowed("CreateProcessW", application_name);
|
||||
return TRUE;
|
||||
} while (false);
|
||||
|
||||
@ -333,6 +343,8 @@ BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
mozilla::sandboxing::LogBlocked("CreateProcessA", application_name);
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return FALSE;
|
||||
@ -393,6 +405,7 @@ BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA,
|
||||
if (ERROR_SUCCESS != answer.win32_result)
|
||||
return FALSE;
|
||||
|
||||
mozilla::sandboxing::LogAllowed("CreateProcessA", application_name);
|
||||
return TRUE;
|
||||
} while (false);
|
||||
|
||||
|
@ -10,6 +10,7 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#include "mozilla/sandboxing/sandboxLogging.h"
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -25,6 +26,12 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
|
||||
mozilla::sandboxing::LogBlocked("NtCreateKey",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
}
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -87,6 +94,9 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
mozilla::sandboxing::LogAllowed("NtCreateKey",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -140,6 +150,9 @@ NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
mozilla::sandboxing::LogAllowed("NtOpenKey[Ex]",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -153,6 +166,12 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
|
||||
mozilla::sandboxing::LogBlocked("NtOpenKey",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
}
|
||||
|
||||
return CommonNtOpenKey(status, key, desired_access, object_attributes);
|
||||
}
|
||||
|
||||
@ -170,6 +189,12 @@ NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
|
||||
if (NT_SUCCESS(status) || open_options != 0)
|
||||
return status;
|
||||
|
||||
if (STATUS_OBJECT_NAME_NOT_FOUND != status) {
|
||||
mozilla::sandboxing::LogBlocked("NtOpenKeyEx",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
}
|
||||
|
||||
return CommonNtOpenKey(status, key, desired_access, object_attributes);
|
||||
}
|
||||
|
||||
|
@ -12,6 +12,7 @@
|
||||
#include "sandbox/win/src/sandbox_nt_util.h"
|
||||
#include "sandbox/win/src/sharedmem_ipc_client.h"
|
||||
#include "sandbox/win/src/target_services.h"
|
||||
#include "mozilla/sandboxing/sandboxLogging.h"
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@ -62,6 +63,10 @@ NTSTATUS WINAPI TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent,
|
||||
if (status != STATUS_ACCESS_DENIED || !object_attributes)
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtCreatEvent",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -101,6 +106,9 @@ NTSTATUS WINAPI TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
mozilla::sandboxing::LogAllowed("NtCreateEvent",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
@ -115,6 +123,10 @@ NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent,
|
||||
if (status != STATUS_ACCESS_DENIED || !object_attributes)
|
||||
return status;
|
||||
|
||||
mozilla::sandboxing::LogBlocked("NtOpenEvent",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
//
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -153,6 +165,9 @@ NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent,
|
||||
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
||||
break;
|
||||
}
|
||||
mozilla::sandboxing::LogAllowed("NtOpenEvent",
|
||||
object_attributes->ObjectName->Buffer,
|
||||
object_attributes->ObjectName->Length);
|
||||
} while (false);
|
||||
|
||||
return status;
|
||||
|
Loading…
Reference in New Issue
Block a user