summaryrefslogtreecommitdiffstats
path: root/security/sandbox/chromium-shim/patches/with_update/revert_remove_AddTargetPeer.patch
diff options
context:
space:
mode:
Diffstat (limited to 'security/sandbox/chromium-shim/patches/with_update/revert_remove_AddTargetPeer.patch')
-rw-r--r--security/sandbox/chromium-shim/patches/with_update/revert_remove_AddTargetPeer.patch310
1 files changed, 0 insertions, 310 deletions
diff --git a/security/sandbox/chromium-shim/patches/with_update/revert_remove_AddTargetPeer.patch b/security/sandbox/chromium-shim/patches/with_update/revert_remove_AddTargetPeer.patch
deleted file mode 100644
index 04020b60b7..0000000000
--- a/security/sandbox/chromium-shim/patches/with_update/revert_remove_AddTargetPeer.patch
+++ /dev/null
@@ -1,310 +0,0 @@
-# HG changeset patch
-# User Toshihito Kikuchi <tkikuchi@mozilla.com>
-# Date 1589671259 25200
-# Sat May 16 16:20:59 2020 -0700
-# Node ID 0b5183a01df78cc85264f2eae2c4d8e407bb1112
-# Parent d093cd9ccfcf06f4a1f0d7f1a4bd0f143ef92b4b
-Add BrokerServicesBase::IsSafeDuplicationTarget. r=bobowen
-
-This patch adds BrokerServicesBase::IsSafeDuplicationTarget and
-BrokerServicesBase::AddTargetPeer using the new ProcessTracker introduced by
-https://chromium.googlesource.com/chromium/src.git/+/3d8382cf9dd44cf9c05e43e42c500f4825e1fed8
-We need these methods for HandlePolicy which is added as a different patch.
-
-Chromium used to have AddTargetPeer and IsActiveTarget, but removed by
-the following commits because they were no longer used in Chromium.
-https://chromium.googlesource.com/chromium/src.git/+/996b42db5296bd3d11b3d7fde1a4602bbcefed2c
-https://chromium.googlesource.com/chromium/src.git/+/e615a1152ac6e10f1a91f0629fb8b5ca223ffbdc
-
-diff --git a/security/sandbox/chromium/sandbox/win/src/broker_services.cc b/security/sandbox/chromium/sandbox/win/src/broker_services.cc
---- a/security/sandbox/chromium/sandbox/win/src/broker_services.cc
-+++ b/security/sandbox/chromium/sandbox/win/src/broker_services.cc
-@@ -154,16 +154,18 @@ namespace sandbox {
- BrokerServicesBase::BrokerServicesBase() {}
-
- // The broker uses a dedicated worker thread that services the job completion
- // port to perform policy notifications and associated cleanup tasks.
- ResultCode BrokerServicesBase::Init() {
- if (job_port_.IsValid() || thread_pool_)
- return SBOX_ERROR_UNEXPECTED_CALL;
-
-+ ::InitializeCriticalSection(&lock_);
-+
- job_port_.Set(::CreateIoCompletionPort(INVALID_HANDLE_VALUE, nullptr, 0, 0));
- if (!job_port_.IsValid())
- return SBOX_ERROR_CANNOT_INIT_BROKERSERVICES;
-
- no_targets_.Set(::CreateEventW(nullptr, true, false, nullptr));
-
- job_thread_.Set(::CreateThread(nullptr, 0, // Default security and stack.
- TargetEventsThread, this, 0, nullptr));
-@@ -191,16 +193,17 @@ BrokerServicesBase::~BrokerServicesBase(
-
- if (job_thread_.IsValid() &&
- WAIT_TIMEOUT == ::WaitForSingleObject(job_thread_.Get(), 1000)) {
- // Cannot clean broker services.
- NOTREACHED();
- return;
- }
- thread_pool_.reset();
-+ ::DeleteCriticalSection(&lock_);
- }
-
- scoped_refptr<TargetPolicy> BrokerServicesBase::CreatePolicy() {
- // If you change the type of the object being created here you must also
- // change the downcast to it in SpawnTarget().
- scoped_refptr<TargetPolicy> policy(new PolicyBase);
- // PolicyBase starts with refcount 1.
- policy->Release();
-@@ -283,16 +286,21 @@ DWORD WINAPI BrokerServicesBase::TargetE
- if (1 == target_counter) {
- ::ResetEvent(no_targets);
- }
- break;
- }
-
- case JOB_OBJECT_MSG_EXIT_PROCESS:
- case JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS: {
-+ {
-+ AutoLock lock(&broker->lock_);
-+ broker->active_targets_.erase(
-+ static_cast<DWORD>(reinterpret_cast<uintptr_t>(ovl)));
-+ }
- size_t erase_result = child_process_ids.erase(
- static_cast<DWORD>(reinterpret_cast<uintptr_t>(ovl)));
- if (erase_result != 1U) {
- // The process was untracked e.g. a child process of the target.
- --untracked_target_counter;
- DCHECK(untracked_target_counter >= 0);
- }
- --target_counter;
-@@ -348,27 +356,31 @@ DWORD WINAPI BrokerServicesBase::TargetE
- tracker->wait_handle = INVALID_HANDLE_VALUE;
- }
- processes.push_back(std::move(tracker));
-
- } else if (THREAD_CTRL_PROCESS_SIGNALLED == key) {
- ProcessTracker* tracker =
- static_cast<ProcessTracker*>(reinterpret_cast<void*>(ovl));
-
-+ {
-+ AutoLock lock(&broker->lock_);
-+ broker->active_targets_.erase(tracker->process_id);
-+ }
-+
- ::UnregisterWait(tracker->wait_handle);
- tracker->wait_handle = INVALID_HANDLE_VALUE;
-
- // PID is unique until the process handle is closed in dtor.
- processes.erase(std::remove_if(processes.begin(), processes.end(),
- [&](auto&& p) -> bool {
- return p->process_id ==
- tracker->process_id;
- }),
- processes.end());
--
- } else if (THREAD_CTRL_GET_POLICY_INFO == key) {
- // Clone the policies for sandbox diagnostics.
- std::unique_ptr<PolicyDiagnosticsReceiver> receiver;
- receiver.reset(static_cast<PolicyDiagnosticsReceiver*>(
- reinterpret_cast<void*>(ovl)));
- // The PollicyInfo ctor copies essential information from the trackers.
- auto policy_list = std::make_unique<PolicyDiagnosticList>();
- for (auto&& process_tracker : processes) {
-@@ -637,47 +649,79 @@ ResultCode BrokerServicesBase::SpawnTarg
- // the tracker. The worker thread takes ownership of these objects.
- CHECK(::PostQueuedCompletionStatus(
- job_port_.Get(), 0, THREAD_CTRL_NEW_JOB_TRACKER,
- reinterpret_cast<LPOVERLAPPED>(tracker)));
- // There is no obvious recovery after failure here. Previous version with
- // SpawnCleanup() caused deletion of TargetProcess twice. crbug.com/480639
- CHECK(
- AssociateCompletionPort(tracker->job.Get(), job_port_.Get(), tracker));
-+
-+ AutoLock lock(&lock_);
-+ active_targets_.insert(process_info.process_id());
- } else {
-- // Duplicate the process handle to give the tracking machinery
-- // something valid to wait on in the tracking thread.
-- HANDLE tmp_process_handle = INVALID_HANDLE_VALUE;
-- if (!::DuplicateHandle(::GetCurrentProcess(), process_info.process_handle(),
-- ::GetCurrentProcess(), &tmp_process_handle,
-- SYNCHRONIZE, false, 0 /*no options*/)) {
-- *last_error = ::GetLastError();
-+ result = AddTargetPeerInternal(process_info.process_handle(),
-+ process_info.process_id(),
-+ policy_base, last_error);
-+ if (result != SBOX_ALL_OK) {
- // This may fail in the same way as Job associated processes.
- // crbug.com/480639.
- SpawnCleanup(target);
-- return SBOX_ERROR_CANNOT_DUPLICATE_PROCESS_HANDLE;
-+ return result;
- }
-- base::win::ScopedHandle dup_process_handle(tmp_process_handle);
-- ProcessTracker* tracker = new ProcessTracker(
-- policy_base, process_info.process_id(), std::move(dup_process_handle));
-- // The tracker and policy will leak if this call fails.
-- ::PostQueuedCompletionStatus(job_port_.Get(), 0,
-- THREAD_CTRL_NEW_PROCESS_TRACKER,
-- reinterpret_cast<LPOVERLAPPED>(tracker));
- }
-
- *target_info = process_info.Take();
- return result;
- }
-
- ResultCode BrokerServicesBase::WaitForAllTargets() {
- ::WaitForSingleObject(no_targets_.Get(), INFINITE);
- return SBOX_ALL_OK;
- }
-
-+bool BrokerServicesBase::IsSafeDuplicationTarget(DWORD process_id) {
-+ AutoLock lock(&lock_);
-+ return active_targets_.find(process_id) != active_targets_.end();
-+}
-+
-+ResultCode BrokerServicesBase::AddTargetPeerInternal(
-+ HANDLE peer_process_handle,
-+ DWORD peer_process_id,
-+ scoped_refptr<PolicyBase> policy_base,
-+ DWORD* last_error) {
-+ // Duplicate the process handle to give the tracking machinery
-+ // something valid to wait on in the tracking thread.
-+ HANDLE tmp_process_handle = INVALID_HANDLE_VALUE;
-+ if (!::DuplicateHandle(::GetCurrentProcess(), peer_process_handle,
-+ ::GetCurrentProcess(), &tmp_process_handle,
-+ SYNCHRONIZE, false, 0 /*no options*/)) {
-+ *last_error = ::GetLastError();
-+ return SBOX_ERROR_CANNOT_DUPLICATE_PROCESS_HANDLE;
-+ }
-+ base::win::ScopedHandle dup_process_handle(tmp_process_handle);
-+ ProcessTracker* tracker = new ProcessTracker(
-+ policy_base, peer_process_id, std::move(dup_process_handle));
-+ // The tracker and policy will leak if this call fails.
-+ ::PostQueuedCompletionStatus(job_port_.Get(), 0,
-+ THREAD_CTRL_NEW_PROCESS_TRACKER,
-+ reinterpret_cast<LPOVERLAPPED>(tracker));
-+
-+ AutoLock lock(&lock_);
-+ active_targets_.insert(peer_process_id);
-+
-+ return SBOX_ALL_OK;
-+}
-+
-+ResultCode BrokerServicesBase::AddTargetPeer(HANDLE peer_process) {
-+ DWORD last_error;
-+ return AddTargetPeerInternal(peer_process, ::GetProcessId(peer_process),
-+ nullptr, &last_error);
-+}
-+
- ResultCode BrokerServicesBase::GetPolicyDiagnostics(
- std::unique_ptr<PolicyDiagnosticsReceiver> receiver) {
- CHECK(job_thread_.IsValid());
- // Post to the job thread.
- if (!::PostQueuedCompletionStatus(
- job_port_.Get(), 0, THREAD_CTRL_GET_POLICY_INFO,
- reinterpret_cast<LPOVERLAPPED>(receiver.get()))) {
- receiver->OnError(SBOX_ERROR_GENERIC);
-diff --git a/security/sandbox/chromium/sandbox/win/src/broker_services.h b/security/sandbox/chromium/sandbox/win/src/broker_services.h
---- a/security/sandbox/chromium/sandbox/win/src/broker_services.h
-+++ b/security/sandbox/chromium/sandbox/win/src/broker_services.h
-@@ -13,16 +13,17 @@
-
- #include "base/compiler_specific.h"
- #include "base/macros.h"
- #include "base/memory/scoped_refptr.h"
- #include "base/win/scoped_handle.h"
- #include "sandbox/win/src/crosscall_server.h"
- #include "sandbox/win/src/job.h"
- #include "sandbox/win/src/sandbox.h"
-+#include "sandbox/win/src/sandbox_policy_base.h"
- #include "sandbox/win/src/sharedmem_ipc_server.h"
- #include "sandbox/win/src/win2k_threadpool.h"
- #include "sandbox/win/src/win_utils.h"
-
- namespace sandbox {
-
- // BrokerServicesBase ---------------------------------------------------------
- // Broker implementation version 0
-@@ -43,16 +44,24 @@ class BrokerServicesBase final : public
- scoped_refptr<TargetPolicy> CreatePolicy() override;
- ResultCode SpawnTarget(const wchar_t* exe_path,
- const wchar_t* command_line,
- scoped_refptr<TargetPolicy> policy,
- ResultCode* last_warning,
- DWORD* last_error,
- PROCESS_INFORMATION* target) override;
- ResultCode WaitForAllTargets() override;
-+ ResultCode AddTargetPeer(HANDLE peer_process) override;
-+
-+ // Checks if the supplied process ID matches one of the broker's active
-+ // target processes. We use this method for the specific purpose of
-+ // checking if we can safely duplicate a handle to the supplied process
-+ // in DuplicateHandleProxyAction.
-+ bool IsSafeDuplicationTarget(DWORD process_id);
-+
- ResultCode GetPolicyDiagnostics(
- std::unique_ptr<PolicyDiagnosticsReceiver> receiver) override;
-
- private:
- // The routine that the worker thread executes. It is in charge of
- // notifications and cleanup-related tasks.
- static DWORD WINAPI TargetEventsThread(PVOID param);
-
-@@ -65,14 +74,27 @@ class BrokerServicesBase final : public
- base::win::ScopedHandle no_targets_;
-
- // Handle to the worker thread that reacts to job notifications.
- base::win::ScopedHandle job_thread_;
-
- // Provides a pool of threads that are used to wait on the IPC calls.
- std::unique_ptr<ThreadProvider> thread_pool_;
-
-+ // The set representing the broker's active target processes including
-+ // both sandboxed and unsandboxed peer processes.
-+ std::set<DWORD> active_targets_;
-+
-+ // Lock used to protect active_targets_ from being simultaneously accessed
-+ // by multiple threads.
-+ CRITICAL_SECTION lock_;
-+
-+ ResultCode AddTargetPeerInternal(HANDLE peer_process_handle,
-+ DWORD peer_process_id,
-+ scoped_refptr<PolicyBase> policy_base,
-+ DWORD* last_error);
-+
- DISALLOW_COPY_AND_ASSIGN(BrokerServicesBase);
- };
-
- } // namespace sandbox
-
- #endif // SANDBOX_WIN_SRC_BROKER_SERVICES_H_
-diff --git a/security/sandbox/chromium/sandbox/win/src/sandbox.h b/security/sandbox/chromium/sandbox/win/src/sandbox.h
---- a/security/sandbox/chromium/sandbox/win/src/sandbox.h
-+++ b/security/sandbox/chromium/sandbox/win/src/sandbox.h
-@@ -96,16 +96,24 @@ class BrokerServices {
-
- // This call blocks (waits) for all the targets to terminate.
- // Returns:
- // ALL_OK if successful. All other return values imply failure.
- // If the return is ERROR_GENERIC, you can call ::GetLastError() to get
- // more information.
- virtual ResultCode WaitForAllTargets() = 0;
-
-+ // Adds an unsandboxed process as a peer for policy decisions (e.g.
-+ // HANDLES_DUP_ANY policy).
-+ // Returns:
-+ // ALL_OK if successful. All other return values imply failure.
-+ // If the return is ERROR_GENERIC, you can call ::GetLastError() to get
-+ // more information.
-+ virtual ResultCode AddTargetPeer(HANDLE peer_process) = 0;
-+
- // This call creates a snapshot of policies managed by the sandbox and
- // returns them via a helper class.
- // Parameters:
- // receiver: The |PolicyDiagnosticsReceiver| implementation will be
- // called to accept the results of the call.
- // Returns:
- // ALL_OK if the request was dispatched. All other return values
- // imply failure, and the responder will not receive its completion
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-30 01:44:52 +0000