Backed out changeset 0740284125d3 (bug 1284897)
authorSebastian Hengst <archaeopteryx@coole-files.de>
Tue, 21 Feb 2017 23:13:24 +0100
changeset 373206 883e0e945f7a5f43a465d3e4a0763b6f5ee5fbcd
parent 373205 19f1d4210d56f8c164cc02baeec2e42ca2ef792d
child 373207 4c7e6ba1ab9b30bf68edc49f49d84b82075c8e20
push id10863
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 23:02:23 +0000
treeherdermozilla-aurora@0931190cd725 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1284897
milestone54.0a1
backs out0740284125d33ce825023ae66fdf07484f62f0c4
Backed out changeset 0740284125d3 (bug 1284897)
security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.cc
security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc
--- a/security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.cc
+++ b/security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.cc
@@ -12,18 +12,16 @@
 #include "sandbox/win/src/interception.h"
 #include "sandbox/win/src/interceptors.h"
 #include "sandbox/win/src/ipc_tags.h"
 #include "sandbox/win/src/policy_broker.h"
 #include "sandbox/win/src/policy_params.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 
-#include "mozilla/sandboxing/permissionsService.h"
-
 namespace sandbox {
 
 FilesystemDispatcher::FilesystemDispatcher(PolicyBase* policy_base)
     : policy_base_(policy_base) {
   static const IPCCall create_params = {
       {IPC_NTCREATEFILE_TAG,
        {WCHAR_TYPE,
         UINT32_TYPE,
@@ -112,26 +110,16 @@ bool FilesystemDispatcher::NtCreateFile(
   params[OpenFile::OPTIONS] = ParamPickerMake(create_options);
   params[OpenFile::BROKER] = ParamPickerMake(broker);
 
   // To evaluate the policy we need to call back to the policy object. We
   // are just middlemen in the operation since is the FileSystemPolicy which
   // knows what to do.
   EvalResult result = policy_base_->EvalPolicy(IPC_NTCREATEFILE_TAG,
                                                params.GetBase());
-
-  // If the policies forbid access (any result other than ASK_BROKER),
-  // then check for user-granted access to file.
-  if (ASK_BROKER != result &&
-      mozilla::sandboxing::PermissionsService::GetInstance()->
-        UserGrantedFileAccess(ipc->client_info->process_id, filename,
-                              desired_access, create_disposition)) {
-    result = ASK_BROKER;
-  }
-
   HANDLE handle;
   ULONG_PTR io_information = 0;
   NTSTATUS nt_status;
   if (!FileSystemPolicy::CreateFileAction(result, *ipc->client_info, *name,
                                           attributes, desired_access,
                                           file_attributes, share_access,
                                           create_disposition, create_options,
                                           &handle, &nt_status,
@@ -169,26 +157,16 @@ bool FilesystemDispatcher::NtOpenFile(IP
   params[OpenFile::OPTIONS] = ParamPickerMake(open_options);
   params[OpenFile::BROKER] = ParamPickerMake(broker);
 
   // To evaluate the policy we need to call back to the policy object. We
   // are just middlemen in the operation since is the FileSystemPolicy which
   // knows what to do.
   EvalResult result = policy_base_->EvalPolicy(IPC_NTOPENFILE_TAG,
                                                params.GetBase());
-
-  // If the policies forbid access (any result other than ASK_BROKER),
-  // then check for user-granted access to file.
-  if (ASK_BROKER != result &&
-      mozilla::sandboxing::PermissionsService::GetInstance()->UserGrantedFileAccess(
-                                    ipc->client_info->process_id, filename,
-                                    desired_access, create_disposition)) {
-    result = ASK_BROKER;
-  }
-
   HANDLE handle;
   ULONG_PTR io_information = 0;
   NTSTATUS nt_status;
   if (!FileSystemPolicy::OpenFileAction(result, *ipc->client_info, *name,
                                         attributes, desired_access,
                                         share_access, open_options, &handle,
                                         &nt_status, &io_information)) {
     ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
--- a/security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc
+++ b/security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc
@@ -65,16 +65,19 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre
     uint32_t broker = FALSE;
     CountedParameterSet<OpenFile> params;
     params[OpenFile::NAME] = ParamPickerMake(name);
     params[OpenFile::ACCESS] = ParamPickerMake(desired_access_uint32);
     params[OpenFile::DISPOSITION] = ParamPickerMake(disposition_uint32);
     params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32);
     params[OpenFile::BROKER] = ParamPickerMake(broker);
 
+    if (!QueryBroker(IPC_NTCREATEFILE_TAG, params.GetBase()))
+      break;
+
     SharedMemIPCClient ipc(memory);
     CrossCallReturn answer = {0};
     // The following call must match in the parameters with
     // FilesystemDispatcher::ProcessNtCreateFile.
     ResultCode code = CrossCall(ipc, IPC_NTCREATEFILE_TAG, name, attributes,
                                 desired_access_uint32, file_attributes, sharing,
                                 disposition, options_uint32, &answer);
     if (SBOX_ALL_OK != code)
@@ -145,16 +148,19 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF
     uint32_t broker = FALSE;
     CountedParameterSet<OpenFile> params;
     params[OpenFile::NAME] = ParamPickerMake(name);
     params[OpenFile::ACCESS] = ParamPickerMake(desired_access_uint32);
     params[OpenFile::DISPOSITION] = ParamPickerMake(disposition_uint32);
     params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32);
     params[OpenFile::BROKER] = ParamPickerMake(broker);
 
+    if (!QueryBroker(IPC_NTOPENFILE_TAG, params.GetBase()))
+      break;
+
     SharedMemIPCClient ipc(memory);
     CrossCallReturn answer = {0};
     ResultCode code = CrossCall(ipc, IPC_NTOPENFILE_TAG, name, attributes,
                                 desired_access_uint32, sharing, options_uint32,
                                 &answer);
     if (SBOX_ALL_OK != code)
       break;