# HG changeset patch # User Bob Owen # Date 1417281138 0 # Sat Nov 29 17:12:18 2014 +0000 # Node ID 4ea2e332affe4b74bd37fbf2fee8da0b1c94e115 # Parent 5eec91873c96c2cbfc856ba86335fa068c89d6ce Re-apply - Logging changes to the Chromium interception code. r=tabraldes Originally landed as changset: https://hg.mozilla.org/mozilla-central/rev/0f763c186855 diff --git a/sandbox/win/src/filesystem_interception.cc b/sandbox/win/src/filesystem_interception.cc --- a/sandbox/win/src/filesystem_interception.cc +++ b/sandbox/win/src/filesystem_interception.cc @@ -10,16 +10,17 @@ #include "sandbox/win/src/filesystem_policy.h" #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/policy_params.h" #include "sandbox/win/src/policy_target.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" +#include "mozilla/sandboxing/sandboxLogging.h" // This status occurs when trying to access a network share on the machine from // which it is shared. #define STATUS_NETWORK_OPEN_RESTRICTION ((NTSTATUS)0xC0000201L) namespace sandbox { NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile, @@ -75,16 +76,20 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre NTSTATUS status = orig_CreateFile( file, desired_access, object_attributes, io_status, allocation_size, file_attributes, sharing, disposition, options, ea_buffer, ea_length); if (STATUS_ACCESS_DENIED != status && STATUS_NETWORK_OPEN_RESTRICTION != status) { return status; } + mozilla::sandboxing::LogBlocked("NtCreateFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) { return status; } do { if (!ValidParameter(file, sizeof(HANDLE), WRITE)) { break; @@ -96,16 +101,19 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre __try { *file = answer.handle; io_status->Status = answer.nt_status; io_status->Information = answer.extended[0].ulong_ptr; } __except (EXCEPTION_EXECUTE_HANDLER) { break; } + mozilla::sandboxing::LogAllowed("NtCreateFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); } while (false); return status; } NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file, ACCESS_MASK desired_access, @@ -115,16 +123,20 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF ULONG options) { // Check if the process can open it first. NTSTATUS status = orig_OpenFile(file, desired_access, object_attributes, io_status, sharing, options); if (STATUS_ACCESS_DENIED != status && STATUS_NETWORK_OPEN_RESTRICTION != status) return status; + mozilla::sandboxing::LogBlocked("NtOpenFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(file, sizeof(HANDLE), WRITE)) break; if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE)) @@ -171,31 +183,38 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF __try { *file = answer.handle; io_status->Status = answer.nt_status; io_status->Information = answer.extended[0].ulong_ptr; } __except (EXCEPTION_EXECUTE_HANDLER) { break; } + mozilla::sandboxing::LogAllowed("NtOpenFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); } while (false); return status; } NTSTATUS WINAPI TargetNtQueryAttributesFile(NtQueryAttributesFileFunction orig_QueryAttributes, POBJECT_ATTRIBUTES object_attributes, PFILE_BASIC_INFORMATION file_attributes) { // Check if the process can query it first. NTSTATUS status = orig_QueryAttributes(object_attributes, file_attributes); if (STATUS_ACCESS_DENIED != status && STATUS_NETWORK_OPEN_RESTRICTION != status) return status; + mozilla::sandboxing::LogBlocked("NtQueryAttributesFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(file_attributes, sizeof(FILE_BASIC_INFORMATION), WRITE)) break; @@ -227,32 +246,39 @@ TargetNtQueryAttributesFile(NtQueryAttri ResultCode code = CrossCall(ipc, IpcTag::NTQUERYATTRIBUTESFILE, name.get(), attributes, file_info, &answer); if (SBOX_ALL_OK != code) break; status = answer.nt_status; + mozilla::sandboxing::LogAllowed("NtQueryAttributesFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); } while (false); return status; } NTSTATUS WINAPI TargetNtQueryFullAttributesFile( NtQueryFullAttributesFileFunction orig_QueryFullAttributes, POBJECT_ATTRIBUTES object_attributes, PFILE_NETWORK_OPEN_INFORMATION file_attributes) { // Check if the process can query it first. NTSTATUS status = orig_QueryFullAttributes(object_attributes, file_attributes); if (STATUS_ACCESS_DENIED != status && STATUS_NETWORK_OPEN_RESTRICTION != status) return status; + mozilla::sandboxing::LogBlocked("NtQueryFullAttributesFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { if (!ValidParameter(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION), WRITE)) break; @@ -284,16 +310,20 @@ NTSTATUS WINAPI TargetNtQueryFullAttribu CrossCallReturn answer = {0}; ResultCode code = CrossCall(ipc, IpcTag::NTQUERYFULLATTRIBUTESFILE, name.get(), attributes, file_info, &answer); if (SBOX_ALL_OK != code) break; status = answer.nt_status; + + mozilla::sandboxing::LogAllowed("NtQueryFullAttributesFile", + object_attributes->ObjectName->Buffer, + object_attributes->ObjectName->Length); } while (false); return status; } NTSTATUS WINAPI TargetNtSetInformationFile(NtSetInformationFileFunction orig_SetInformationFile, HANDLE file, @@ -302,16 +332,18 @@ TargetNtSetInformationFile(NtSetInformat ULONG length, FILE_INFORMATION_CLASS file_info_class) { // Check if the process can open it first. NTSTATUS status = orig_SetInformationFile(file, io_status, file_info, length, file_info_class); if (STATUS_ACCESS_DENIED != status) return status; + mozilla::sandboxing::LogBlocked("NtSetInformationFile"); + // We don't trust that the IPC can work this early. if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) return status; do { void* memory = GetGlobalIPCMemory(); if (!memory) break; @@ -366,14 +398,15 @@ TargetNtSetInformationFile(NtSetInformat ResultCode code = CrossCall(ipc, IpcTag::NTSETINFO_RENAME, file, io_status_buffer, file_info_buffer, length, file_info_class, &answer); if (SBOX_ALL_OK != code) break; status = answer.nt_status; + mozilla::sandboxing::LogAllowed("NtSetInformationFile"); } while (false); return status; } } // namespace sandbox diff --git a/sandbox/win/src/process_thread_interception.cc b/sandbox/win/src/process_thread_interception.cc --- a/sandbox/win/src/process_thread_interception.cc +++ b/sandbox/win/src/process_thread_interception.cc @@ -10,16 +10,17 @@ #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/policy_params.h" #include "sandbox/win/src/policy_target.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" #include "third_party/abseil-cpp/absl/types/optional.h" +#include "mozilla/sandboxing/sandboxLogging.h" namespace sandbox { namespace { NTSTATUS DuplicateObject(HANDLE handle, ACCESS_MASK desired_access, PHANDLE out_handle) { @@ -59,16 +60,17 @@ CallNtOpenProcessTokenEx(NTSTATUS status, HANDLE process, ACCESS_MASK desired_access, ULONG handle_attributes, PHANDLE token) { if (NT_SUCCESS(status)) { return status; } + mozilla::sandboxing::LogBlocked("NtOpenProcessToken(Ex)"); if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) { return status; } if (CURRENT_PROCESS != process || !ValidParameter(token, sizeof(HANDLE), WRITE)) { return status; } @@ -92,16 +94,17 @@ CallNtOpenProcessTokenEx(NTSTATUS status, __try { // Write the output parameters. *token = answer.handle; } __except (EXCEPTION_EXECUTE_HANDLER) { return status; } + mozilla::sandboxing::LogAllowed("NtOpenProcessTokenEx"); return answer.nt_status; } } // namespace // Hooks NtOpenThread and proxy the call to the broker if it's trying to // open a thread in the same process. NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread, @@ -110,16 +113,17 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpe POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) { NTSTATUS status = orig_OpenThread(thread, desired_access, object_attributes, client_id); if (NT_SUCCESS(status)) { return status; } + mozilla::sandboxing::LogBlocked("NtOpenThread"); if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) { return status; } if (!ValidParameter(thread, sizeof(HANDLE), WRITE) || !ValidObjectAttributes(object_attributes)) { return status; } @@ -162,16 +166,17 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpe __try { // Write the output parameters. *thread = answer.handle; } __except (EXCEPTION_EXECUTE_HANDLER) { return status; } + mozilla::sandboxing::LogAllowed("NtOpenThread"); return answer.nt_status; } // Hooks NtOpenProcess and duplicates the current process handle if opening the // current process. NTSTATUS WINAPI TargetNtOpenProcess(NtOpenProcessFunction orig_OpenProcess, PHANDLE process, ACCESS_MASK desired_access, diff --git a/sandbox/win/src/signed_interception.cc b/sandbox/win/src/signed_interception.cc --- a/sandbox/win/src/signed_interception.cc +++ b/sandbox/win/src/signed_interception.cc @@ -10,16 +10,17 @@ #include "sandbox/win/src/crosscall_client.h" #include "sandbox/win/src/ipc_tags.h" #include "sandbox/win/src/policy_params.h" #include "sandbox/win/src/policy_target.h" #include "sandbox/win/src/sandbox_factory.h" #include "sandbox/win/src/sandbox_nt_util.h" #include "sandbox/win/src/sharedmem_ipc_client.h" #include "sandbox/win/src/target_services.h" +#include "mozilla/sandboxing/sandboxLogging.h" namespace sandbox { // Note that this shim may be called before the heap is available, we must get // as far as |QueryBroker| without using the heap, for example when AppVerifier // is enabled. NTSTATUS WINAPI TargetNtCreateSection(NtCreateSectionFunction orig_CreateSection, @@ -38,16 +39,18 @@ TargetNtCreateSection(NtCreateSectionFun break; if (maximum_size) break; if (section_page_protection != PAGE_EXECUTE) break; if (allocation_attributes != SEC_IMAGE) break; + mozilla::sandboxing::LogBlocked("NtCreateSection"); + // IPC must be fully started. void* memory = GetGlobalIPCMemory(); if (!memory) break; // As mentioned at the top of the function, we need to use the stack here // because the heap may not be available. constexpr ULONG path_buffer_size = @@ -90,16 +93,17 @@ TargetNtCreateSection(NtCreateSectionFun if (code != SBOX_ALL_OK) break; if (!NT_SUCCESS(answer.nt_status)) break; __try { *section_handle = answer.handle; + mozilla::sandboxing::LogAllowed("NtCreateSection"); return answer.nt_status; } __except (EXCEPTION_EXECUTE_HANDLER) { break; } } while (false); // Fall back to the original API in all failure cases. return orig_CreateSection(section_handle, desired_access, object_attributes,