| author | Bob Owen <bobowencode@gmail.com> |
| Tue, 18 Nov 2014 15:09:55 +0000 | |
| changeset 217594 | 90ddcaa449595f506821e5988a735a23a41d0721 |
| parent 217593 | a52ce2ed0c280b9a3a4970b471b79ca46af4e43d |
| child 217595 | 365d1073111a941b0cc3cb49802109623d82c311 |
| push id | 27886 |
| push user | ryanvm@gmail.com |
| push date | Thu, 27 Nov 2014 01:34:27 +0000 |
| treeherder | mozilla-central@159a0ec99a6d [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | tabraldes |
| bugs | 1041775 |
| milestone | 36.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt +++ b/security/sandbox/modifications-to-chromium-to-reapply-after-upstream-merge.txt @@ -1,6 +1,5 @@ Please add a link to the bugzilla bug and patch name that should be re-applied. Also, please update any existing links to their actual mozilla-central changeset. -https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a -https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2 https://hg.mozilla.org/mozilla-central/rev/f94a07671389 +https://bugzilla.mozilla.org/show_bug.cgi?id=1041775 bug1041775part2.patch
--- a/security/sandbox/win/src/filesystem_interception.cc +++ b/security/sandbox/win/src/filesystem_interception.cc @@ -7,16 +7,19 @@ #include "sandbox/win/src/crosscall_client.h" #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/policy_params.h" #include "sandbox/win/src/policy_target.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" +#ifdef MOZ_CONTENT_SANDBOX +#include "mozilla/warnonlysandbox/warnOnlySandbox.h" +#endif namespace sandbox { NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile, PHANDLE file, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, PLARGE_INTEGER allocation_size, @@ -26,16 +29,22 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre // Check if the process can open it first. NTSTATUS status = orig_CreateFile(file, desired_access, object_attributes, io_status, allocation_size, file_attributes, sharing, disposition, options, ea_buffer, ea_length); if (STATUS_ACCESS_DENIED != status) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtCreateFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(file, sizeof(HANDLE), WRITE)) break; if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) @@ -81,32 +90,43 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre __try { *file = answer.handle; io_status->Status = answer.nt_status; io_status->Information = answer.extended[0].ulong_ptr; status = io_status->Status; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtCreateFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif } while (false); return status; } NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, ULONG sharing, ULONG options) { // Check if the process can open it first. NTSTATUS status = orig_OpenFile(file, desired_access, object_attributes, io_status, sharing, options); if (STATUS_ACCESS_DENIED != status) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtOpenFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(file, sizeof(HANDLE), WRITE)) break; if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) @@ -149,30 +169,41 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF __try { *file = answer.handle; io_status->Status = answer.nt_status; io_status->Information = answer.extended[0].ulong_ptr; status = io_status->Status; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtOpenFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif } while (false); return status; } NTSTATUS WINAPI TargetNtQueryAttributesFile( NtQueryAttributesFileFunction orig_QueryAttributes, POBJECT_ATTRIBUTES object_attributes, PFILE_BASIC_INFORMATION file_attributes) { // Check if the process can query it first. NTSTATUS status = orig_QueryAttributes(object_attributes, file_attributes); if (STATUS_ACCESS_DENIED != status) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtQueryAttributesFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(file_attributes, sizeof(FILE_BASIC_INFORMATION), WRITE)) break; @@ -203,16 +234,21 @@ NTSTATUS WINAPI TargetNtQueryAttributesF ResultCode code = CrossCall(ipc, IPC_NTQUERYATTRIBUTESFILE_TAG, name, attributes, file_info, &answer); operator delete(name, NT_ALLOC); if (SBOX_ALL_OK != code) break; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtQueryAttributesFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif return answer.nt_status; } while (false); return status; } NTSTATUS WINAPI TargetNtQueryFullAttributesFile( @@ -220,16 +256,22 @@ NTSTATUS WINAPI TargetNtQueryFullAttribu POBJECT_ATTRIBUTES object_attributes, PFILE_NETWORK_OPEN_INFORMATION file_attributes) { // Check if the process can query it first. NTSTATUS status = orig_QueryFullAttributes(object_attributes, file_attributes); if (STATUS_ACCESS_DENIED != status) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtQueryFullAttributesFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION), WRITE)) break; @@ -261,32 +303,41 @@ NTSTATUS WINAPI TargetNtQueryFullAttribu ResultCode code = CrossCall(ipc, IPC_NTQUERYFULLATTRIBUTESFILE_TAG, name, attributes, file_info, &answer); operator delete(name, NT_ALLOC); if (SBOX_ALL_OK != code) break; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtQueryFullAttributesFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif return answer.nt_status; } while (false); return status; } NTSTATUS WINAPI TargetNtSetInformationFile( NtSetInformationFileFunction orig_SetInformationFile, HANDLE file, PIO_STATUS_BLOCK io_status, PVOID file_info, ULONG length, FILE_INFORMATION_CLASS file_info_class) { // Check if the process can open it first. NTSTATUS status = orig_SetInformationFile(file, io_status, file_info, length, file_info_class); if (STATUS_ACCESS_DENIED != status) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtSetInformationFile"); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { void* memory = GetGlobalIPCMemory(); if (NULL == memory) break; @@ -338,14 +389,17 @@ NTSTATUS WINAPI TargetNtSetInformationFi ResultCode code = CrossCall(ipc, IPC_NTSETINFO_RENAME_TAG, file, io_status_buffer, file_info_buffer, length, file_info_class, &answer); if (SBOX_ALL_OK != code) break; status = answer.nt_status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtSetInformationFile"); +#endif } while (false); return status; } } // namespace sandbox
--- a/security/sandbox/win/src/handle_interception.cc +++ b/security/sandbox/win/src/handle_interception.cc @@ -5,16 +5,19 @@ #include "sandbox/win/src/handle_interception.h" #include "sandbox/win/src/crosscall_client.h" #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" +#ifdef MOZ_CONTENT_SANDBOX +#include "mozilla/warnonlysandbox/warnOnlySandbox.h" +#endif namespace sandbox { ResultCode DuplicateHandleProxy(HANDLE source_handle, DWORD target_process_id, HANDLE* target_handle, DWORD desired_access, DWORD options) { @@ -29,17 +32,23 @@ ResultCode DuplicateHandleProxy(HANDLE s ResultCode code = CrossCall(ipc, IPC_DUPLICATEHANDLEPROXY_TAG, source_handle, target_process_id, desired_access, options, &answer); if (SBOX_ALL_OK != code) return code; if (answer.win32_result) { ::SetLastError(answer.win32_result); +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("DuplicateHandle"); +#endif return SBOX_ERROR_GENERIC; } *target_handle = answer.handle; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("DuplicateHandle"); +#endif return SBOX_ALL_OK; } } // namespace sandbox
--- a/security/sandbox/win/src/named_pipe_interception.cc +++ b/security/sandbox/win/src/named_pipe_interception.cc @@ -7,31 +7,38 @@ #include "sandbox/win/src/crosscall_client.h" #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/policy_params.h" #include "sandbox/win/src/policy_target.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" +#ifdef MOZ_CONTENT_SANDBOX +#include "mozilla/warnonlysandbox/warnOnlySandbox.h" +#endif namespace sandbox { HANDLE WINAPI TargetCreateNamedPipeW( CreateNamedPipeWFunction orig_CreateNamedPipeW, LPCWSTR pipe_name, DWORD open_mode, DWORD pipe_mode, DWORD max_instance, DWORD out_buffer_size, DWORD in_buffer_size, DWORD default_timeout, LPSECURITY_ATTRIBUTES security_attributes) { HANDLE pipe = orig_CreateNamedPipeW(pipe_name, open_mode, pipe_mode, max_instance, out_buffer_size, in_buffer_size, default_timeout, security_attributes); if (INVALID_HANDLE_VALUE != pipe) return pipe; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("CreateNamedPipeW", pipe_name); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return INVALID_HANDLE_VALUE; DWORD original_error = ::GetLastError(); // We don't support specific Security Attributes. if (security_attributes) @@ -57,16 +64,19 @@ HANDLE WINAPI TargetCreateNamedPipeW( if (SBOX_ALL_OK != code) break; ::SetLastError(answer.win32_result); if (ERROR_SUCCESS != answer.win32_result) return INVALID_HANDLE_VALUE; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("CreateNamedPipeW", pipe_name); +#endif return answer.handle; } while (false); ::SetLastError(original_error); return INVALID_HANDLE_VALUE; } } // namespace sandbox
--- a/security/sandbox/win/src/process_thread_interception.cc +++ b/security/sandbox/win/src/process_thread_interception.cc @@ -7,32 +7,38 @@ #include "sandbox/win/src/crosscall_client.h" #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/policy_params.h" #include "sandbox/win/src/policy_target.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" +#ifdef MOZ_CONTENT_SANDBOX +#include "mozilla/warnonlysandbox/warnOnlySandbox.h" +#endif namespace sandbox { SANDBOX_INTERCEPT NtExports g_nt; // Hooks NtOpenThread and proxy the call to the broker if it's trying to // open a thread in the same process. NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread, PHANDLE thread, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) { NTSTATUS status = orig_OpenThread(thread, desired_access, object_attributes, client_id); if (NT_SUCCESS(status)) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtOpenThread"); +#endif do { if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) break; if (!client_id) break; uint32 thread_id = 0; bool should_break = false; @@ -88,16 +94,19 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpe __try { // Write the output parameters. *thread = answer.handle; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtOpenThread"); +#endif return answer.nt_status; } while (false); return status; } // Hooks NtOpenProcess and proxy the call to the broker if it's trying to // open the current process. @@ -105,16 +114,19 @@ NTSTATUS WINAPI TargetNtOpenProcess(NtOp PHANDLE process, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) { NTSTATUS status = orig_OpenProcess(process, desired_access, object_attributes, client_id); if (NT_SUCCESS(status)) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtOpenProcess"); +#endif do { if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) break; if (!client_id) break; uint32 process_id = 0; bool should_break = false; @@ -158,30 +170,36 @@ NTSTATUS WINAPI TargetNtOpenProcess(NtOp __try { // Write the output parameters. *process = answer.handle; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtOpenProcess"); +#endif return answer.nt_status; } while (false); return status; } NTSTATUS WINAPI TargetNtOpenProcessToken( NtOpenProcessTokenFunction orig_OpenProcessToken, HANDLE process, ACCESS_MASK desired_access, PHANDLE token) { NTSTATUS status = orig_OpenProcessToken(process, desired_access, token); if (NT_SUCCESS(status)) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtOpenProcessToken"); +#endif do { if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) break; if (CURRENT_PROCESS != process) break; if (!ValidParameter(token, sizeof(HANDLE), WRITE)) @@ -203,30 +221,36 @@ NTSTATUS WINAPI TargetNtOpenProcessToken __try { // Write the output parameters. *token = answer.handle; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtOpenProcessToken"); +#endif return answer.nt_status; } while (false); return status; } NTSTATUS WINAPI TargetNtOpenProcessTokenEx( NtOpenProcessTokenExFunction orig_OpenProcessTokenEx, HANDLE process, ACCESS_MASK desired_access, ULONG handle_attributes, PHANDLE token) { NTSTATUS status = orig_OpenProcessTokenEx(process, desired_access, handle_attributes, token); if (NT_SUCCESS(status)) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtOpenProcessTokenEx"); +#endif do { if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) break; if (CURRENT_PROCESS != process) break; if (!ValidParameter(token, sizeof(HANDLE), WRITE)) @@ -248,16 +272,19 @@ NTSTATUS WINAPI TargetNtOpenProcessToken __try { // Write the output parameters. *token = answer.handle; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtOpenProcessTokenEx"); +#endif return answer.nt_status; } while (false); return status; } BOOL WINAPI TargetCreateProcessW(CreateProcessWFunction orig_CreateProcessW, LPCWSTR application_name, LPWSTR command_line, @@ -269,16 +296,20 @@ BOOL WINAPI TargetCreateProcessW(CreateP LPPROCESS_INFORMATION process_information) { if (orig_CreateProcessW(application_name, command_line, process_attributes, thread_attributes, inherit_handles, flags, environment, current_directory, startup_info, process_information)) { return TRUE; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("CreateProcessW", application_name); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return FALSE; DWORD original_error = ::GetLastError(); do { if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION), @@ -306,16 +337,19 @@ BOOL WINAPI TargetCreateProcessW(CreateP command_line, cur_dir, proc_info, &answer); if (SBOX_ALL_OK != code) break; ::SetLastError(answer.win32_result); if (ERROR_SUCCESS != answer.win32_result) return FALSE; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("CreateProcessW", application_name); +#endif return TRUE; } while (false); ::SetLastError(original_error); return FALSE; } BOOL WINAPI TargetCreateProcessA(CreateProcessAFunction orig_CreateProcessA, @@ -328,16 +362,20 @@ BOOL WINAPI TargetCreateProcessA(CreateP LPPROCESS_INFORMATION process_information) { if (orig_CreateProcessA(application_name, command_line, process_attributes, thread_attributes, inherit_handles, flags, environment, current_directory, startup_info, process_information)) { return TRUE; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("CreateProcessA", application_name); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return FALSE; DWORD original_error = ::GetLastError(); do { if (!ValidParameter(process_information, sizeof(PROCESS_INFORMATION), @@ -388,16 +426,19 @@ BOOL WINAPI TargetCreateProcessA(CreateP if (SBOX_ALL_OK != code) break; ::SetLastError(answer.win32_result); if (ERROR_SUCCESS != answer.win32_result) return FALSE; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("CreateProcessA", application_name); +#endif return TRUE; } while (false); ::SetLastError(original_error); return FALSE; } } // namespace sandbox
--- a/security/sandbox/win/src/registry_interception.cc +++ b/security/sandbox/win/src/registry_interception.cc @@ -5,31 +5,42 @@ #include "sandbox/win/src/registry_interception.h" #include "sandbox/win/src/crosscall_client.h" #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" +#ifdef MOZ_CONTENT_SANDBOX +#include "mozilla/warnonlysandbox/warnOnlySandbox.h" +#endif namespace sandbox { NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey, PHANDLE key, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, ULONG title_index, PUNICODE_STRING class_name, ULONG create_options, PULONG disposition) { // Check if the process can create it first. NTSTATUS status = orig_CreateKey(key, desired_access, object_attributes, title_index, class_name, create_options, disposition); if (NT_SUCCESS(status)) return status; +#ifdef MOZ_CONTENT_SANDBOX + if (STATUS_OBJECT_NAME_NOT_FOUND != status) { + mozilla::warnonlysandbox::LogBlocked("NtCreateKey", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); + } +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(key, sizeof(HANDLE), WRITE)) break; @@ -82,16 +93,21 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCrea if (disposition) *disposition = answer.extended[0].unsigned_int; status = answer.nt_status; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtCreateKey", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif } while (false); return status; } NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes) { @@ -135,29 +151,42 @@ NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS break; __try { *key = answer.handle; status = answer.nt_status; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtOpenKey[Ex]", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif } while (false); return status; } NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes) { // Check if the process can open it first. NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes); if (NT_SUCCESS(status)) return status; +#ifdef MOZ_CONTENT_SANDBOX + if (STATUS_OBJECT_NAME_NOT_FOUND != status) { + mozilla::warnonlysandbox::LogBlocked("NtOpenKey", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); + } +#endif + return CommonNtOpenKey(status, key, desired_access, object_attributes); } NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx, PHANDLE key, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, ULONG open_options) { // Check if the process can open it first. @@ -165,12 +194,20 @@ NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpen open_options); // We do not support open_options at this time. The 2 current known values // are REG_OPTION_CREATE_LINK, to open a symbolic link, and // REG_OPTION_BACKUP_RESTORE to open the key with special privileges. if (NT_SUCCESS(status) || open_options != 0) return status; +#ifdef MOZ_CONTENT_SANDBOX + if (STATUS_OBJECT_NAME_NOT_FOUND != status) { + mozilla::warnonlysandbox::LogBlocked("NtOpenKeyEx", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); + } +#endif + return CommonNtOpenKey(status, key, desired_access, object_attributes); } } // namespace sandbox
--- a/security/sandbox/win/src/sync_interception.cc +++ b/security/sandbox/win/src/sync_interception.cc @@ -7,16 +7,19 @@ #include "sandbox/win/src/crosscall_client.h" #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/policy_params.h" #include "sandbox/win/src/policy_target.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" +#ifdef MOZ_CONTENT_SANDBOX +#include "mozilla/warnonlysandbox/warnOnlySandbox.h" +#endif namespace sandbox { ResultCode ProxyCreateEvent(LPCWSTR name, BOOL initial_state, EVENT_TYPE event_type, void* ipc_memory, CrossCallReturn* answer) { @@ -57,16 +60,22 @@ NTSTATUS WINAPI TargetNtCreateEvent(NtCr EVENT_TYPE event_type, BOOLEAN initial_state) { NTSTATUS status = orig_CreateEvent(event_handle, desired_access, object_attributes, event_type, initial_state); if (status != STATUS_ACCESS_DENIED || !object_attributes) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtCreateEvent", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) break; @@ -96,30 +105,41 @@ NTSTATUS WINAPI TargetNtCreateEvent(NtCr break; } __try { *event_handle = answer.handle; status = STATUS_SUCCESS; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtCreateEvent", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif } while (false); return status; } NTSTATUS WINAPI TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent, PHANDLE event_handle, ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes) { NTSTATUS status = orig_OpenEvent(event_handle, desired_access, object_attributes); if (status != STATUS_ACCESS_DENIED || !object_attributes) return status; +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogBlocked("NtOpenEvent", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(event_handle, sizeof(HANDLE), WRITE)) break; @@ -148,14 +168,19 @@ NTSTATUS WINAPI TargetNtOpenEvent(NtOpen break; } __try { *event_handle = answer.handle; status = STATUS_SUCCESS; } __except(EXCEPTION_EXECUTE_HANDLER) { break; } +#ifdef MOZ_CONTENT_SANDBOX + mozilla::warnonlysandbox::LogAllowed("NtOpenEvent", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); +#endif } while (false); return status; } } // namespace sandbox