[ tor-browser ].git.dasho

35_add_interception_logging.patch (13814B)
      1 # HG changeset patch
      2 # User Bob Owen <bobowencode@gmail.com>
      3 # Date 1417281138 0
      4 #      Sat Nov 29 17:12:18 2014 +0000
      5 # Node ID 4ea2e332affe4b74bd37fbf2fee8da0b1c94e115
      6 # Parent  5eec91873c96c2cbfc856ba86335fa068c89d6ce
      7 Re-apply - Logging changes to the Chromium interception code. r=tabraldes
      8 
      9 Originally landed as changset:
     10 https://hg.mozilla.org/mozilla-central/rev/0f763c186855
     11 
     12 diff --git a/sandbox/win/src/filesystem_interception.cc b/sandbox/win/src/filesystem_interception.cc
     13 --- a/sandbox/win/src/filesystem_interception.cc
     14 +++ b/sandbox/win/src/filesystem_interception.cc
     15 @@ -10,16 +10,17 @@
     16 #include "sandbox/win/src/filesystem_policy.h"
     17 #include "sandbox/win/src/ipc_tags.h"
     18 #include "sandbox/win/src/policy_params.h"
     19 #include "sandbox/win/src/policy_target.h"
     20 #include "sandbox/win/src/sandbox_factory.h"
     21 #include "sandbox/win/src/sandbox_nt_util.h"
     22 #include "sandbox/win/src/sharedmem_ipc_client.h"
     23 #include "sandbox/win/src/target_services.h"
     24 +#include "mozilla/sandboxing/sandboxLogging.h"
     25 
     26 // This status occurs when trying to access a network share on the machine from
     27 // which it is shared.
     28 #define STATUS_NETWORK_OPEN_RESTRICTION ((NTSTATUS)0xC0000201L)
     29 
     30 namespace sandbox {
     31 
     32 NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile,
     33 @@ -75,16 +76,20 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre
     34   NTSTATUS status = orig_CreateFile(
     35       file, desired_access, object_attributes, io_status, allocation_size,
     36       file_attributes, sharing, disposition, options, ea_buffer, ea_length);
     37   if (STATUS_ACCESS_DENIED != status &&
     38       STATUS_NETWORK_OPEN_RESTRICTION != status) {
     39     return status;
     40   }
     41 
     42 +  mozilla::sandboxing::LogBlocked("NtCreateFile",
     43 +                                  object_attributes->ObjectName->Buffer,
     44 +                                  object_attributes->ObjectName->Length);
     45 +
     46   // We don't trust that the IPC can work this early.
     47   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) {
     48     return status;
     49   }
     50 
     51   do {
     52     if (!ValidParameter(file, sizeof(HANDLE), WRITE)) {
     53       break;
     54 @@ -96,16 +101,19 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCre
     55 
     56     __try {
     57       *file = answer.handle;
     58       io_status->Status = answer.nt_status;
     59       io_status->Information = answer.extended[0].ulong_ptr;
     60     } __except (EXCEPTION_EXECUTE_HANDLER) {
     61       break;
     62     }
     63 +    mozilla::sandboxing::LogAllowed("NtCreateFile",
     64 +                                    object_attributes->ObjectName->Buffer,
     65 +                                    object_attributes->ObjectName->Length);
     66   } while (false);
     67 
     68   return status;
     69 }
     70 
     71 NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile,
     72                                  PHANDLE file,
     73                                  ACCESS_MASK desired_access,
     74 @@ -115,16 +123,20 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF
     75                                  ULONG options) {
     76   // Check if the process can open it first.
     77   NTSTATUS status = orig_OpenFile(file, desired_access, object_attributes,
     78                                   io_status, sharing, options);
     79   if (STATUS_ACCESS_DENIED != status &&
     80       STATUS_NETWORK_OPEN_RESTRICTION != status)
     81     return status;
     82 
     83 +  mozilla::sandboxing::LogBlocked("NtOpenFile",
     84 +                                  object_attributes->ObjectName->Buffer,
     85 +                                  object_attributes->ObjectName->Length);
     86 +
     87   // We don't trust that the IPC can work this early.
     88   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     89     return status;
     90 
     91   do {
     92     if (!ValidParameter(file, sizeof(HANDLE), WRITE))
     93       break;
     94     if (!ValidParameter(io_status, sizeof(IO_STATUS_BLOCK), WRITE))
     95 @@ -171,31 +183,38 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenF
     96 
     97     __try {
     98       *file = answer.handle;
     99       io_status->Status = answer.nt_status;
    100       io_status->Information = answer.extended[0].ulong_ptr;
    101     } __except (EXCEPTION_EXECUTE_HANDLER) {
    102       break;
    103     }
    104 +    mozilla::sandboxing::LogAllowed("NtOpenFile",
    105 +                                    object_attributes->ObjectName->Buffer,
    106 +                                    object_attributes->ObjectName->Length);
    107   } while (false);
    108 
    109   return status;
    110 }
    111 
    112 NTSTATUS WINAPI
    113 TargetNtQueryAttributesFile(NtQueryAttributesFileFunction orig_QueryAttributes,
    114                             POBJECT_ATTRIBUTES object_attributes,
    115                             PFILE_BASIC_INFORMATION file_attributes) {
    116   // Check if the process can query it first.
    117   NTSTATUS status = orig_QueryAttributes(object_attributes, file_attributes);
    118   if (STATUS_ACCESS_DENIED != status &&
    119       STATUS_NETWORK_OPEN_RESTRICTION != status)
    120     return status;
    121 
    122 +  mozilla::sandboxing::LogBlocked("NtQueryAttributesFile",
    123 +                                  object_attributes->ObjectName->Buffer,
    124 +                                  object_attributes->ObjectName->Length);
    125 +
    126   // We don't trust that the IPC can work this early.
    127   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
    128     return status;
    129 
    130   do {
    131     if (!ValidParameter(file_attributes, sizeof(FILE_BASIC_INFORMATION), WRITE))
    132       break;
    133 
    134 @@ -227,32 +246,39 @@ TargetNtQueryAttributesFile(NtQueryAttri
    135     ResultCode code = CrossCall(ipc, IpcTag::NTQUERYATTRIBUTESFILE, name.get(),
    136                                 attributes, file_info, &answer);
    137 
    138     if (SBOX_ALL_OK != code)
    139       break;
    140 
    141     status = answer.nt_status;
    142 
    143 +    mozilla::sandboxing::LogAllowed("NtQueryAttributesFile",
    144 +                                    object_attributes->ObjectName->Buffer,
    145 +                                    object_attributes->ObjectName->Length);
    146   } while (false);
    147 
    148   return status;
    149 }
    150 
    151 NTSTATUS WINAPI TargetNtQueryFullAttributesFile(
    152     NtQueryFullAttributesFileFunction orig_QueryFullAttributes,
    153     POBJECT_ATTRIBUTES object_attributes,
    154     PFILE_NETWORK_OPEN_INFORMATION file_attributes) {
    155   // Check if the process can query it first.
    156   NTSTATUS status =
    157       orig_QueryFullAttributes(object_attributes, file_attributes);
    158   if (STATUS_ACCESS_DENIED != status &&
    159       STATUS_NETWORK_OPEN_RESTRICTION != status)
    160     return status;
    161 
    162 +  mozilla::sandboxing::LogBlocked("NtQueryFullAttributesFile",
    163 +                                  object_attributes->ObjectName->Buffer,
    164 +                                  object_attributes->ObjectName->Length);
    165 +
    166   // We don't trust that the IPC can work this early.
    167   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
    168     return status;
    169 
    170   do {
    171     if (!ValidParameter(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION),
    172                         WRITE))
    173       break;
    174 @@ -284,16 +310,20 @@ NTSTATUS WINAPI TargetNtQueryFullAttribu
    175     CrossCallReturn answer = {0};
    176     ResultCode code = CrossCall(ipc, IpcTag::NTQUERYFULLATTRIBUTESFILE,
    177                                 name.get(), attributes, file_info, &answer);
    178 
    179     if (SBOX_ALL_OK != code)
    180       break;
    181 
    182     status = answer.nt_status;
    183 +
    184 +    mozilla::sandboxing::LogAllowed("NtQueryFullAttributesFile",
    185 +                                    object_attributes->ObjectName->Buffer,
    186 +                                    object_attributes->ObjectName->Length);
    187   } while (false);
    188 
    189   return status;
    190 }
    191 
    192 NTSTATUS WINAPI
    193 TargetNtSetInformationFile(NtSetInformationFileFunction orig_SetInformationFile,
    194                            HANDLE file,
    195 @@ -302,16 +332,18 @@ TargetNtSetInformationFile(NtSetInformat
    196                            ULONG length,
    197                            FILE_INFORMATION_CLASS file_info_class) {
    198   // Check if the process can open it first.
    199   NTSTATUS status = orig_SetInformationFile(file, io_status, file_info, length,
    200                                             file_info_class);
    201   if (STATUS_ACCESS_DENIED != status)
    202     return status;
    203 
    204 +  mozilla::sandboxing::LogBlocked("NtSetInformationFile");
    205 +
    206   // We don't trust that the IPC can work this early.
    207   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
    208     return status;
    209 
    210   do {
    211     void* memory = GetGlobalIPCMemory();
    212     if (!memory)
    213       break;
    214 @@ -366,14 +398,15 @@ TargetNtSetInformationFile(NtSetInformat
    215     ResultCode code =
    216         CrossCall(ipc, IpcTag::NTSETINFO_RENAME, file, io_status_buffer,
    217                   file_info_buffer, length, file_info_class, &answer);
    218 
    219     if (SBOX_ALL_OK != code)
    220       break;
    221 
    222     status = answer.nt_status;
    223 +    mozilla::sandboxing::LogAllowed("NtSetInformationFile");
    224   } while (false);
    225 
    226   return status;
    227 }
    228 
    229 }  // namespace sandbox
    230 diff --git a/sandbox/win/src/process_thread_interception.cc b/sandbox/win/src/process_thread_interception.cc
    231 --- a/sandbox/win/src/process_thread_interception.cc
    232 +++ b/sandbox/win/src/process_thread_interception.cc
    233 @@ -10,16 +10,17 @@
    234 #include "sandbox/win/src/ipc_tags.h"
    235 #include "sandbox/win/src/policy_params.h"
    236 #include "sandbox/win/src/policy_target.h"
    237 #include "sandbox/win/src/sandbox_factory.h"
    238 #include "sandbox/win/src/sandbox_nt_util.h"
    239 #include "sandbox/win/src/sharedmem_ipc_client.h"
    240 #include "sandbox/win/src/target_services.h"
    241 #include "third_party/abseil-cpp/absl/types/optional.h"
    242 +#include "mozilla/sandboxing/sandboxLogging.h"
    243 
    244 namespace sandbox {
    245 
    246 namespace {
    247 
    248 NTSTATUS DuplicateObject(HANDLE handle,
    249                          ACCESS_MASK desired_access,
    250                          PHANDLE out_handle) {
    251 @@ -59,16 +60,17 @@ CallNtOpenProcessTokenEx(NTSTATUS status,
    252                                   HANDLE process,
    253                                   ACCESS_MASK desired_access,
    254                                   ULONG handle_attributes,
    255                                   PHANDLE token) {
    256   if (NT_SUCCESS(status)) {
    257     return status;
    258   }
    259 
    260 +  mozilla::sandboxing::LogBlocked("NtOpenProcessToken(Ex)");
    261   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) {
    262     return status;
    263   }
    264 
    265   if (CURRENT_PROCESS != process ||
    266       !ValidParameter(token, sizeof(HANDLE), WRITE)) {
    267     return status;
    268   }
    269 @@ -92,16 +94,17 @@ CallNtOpenProcessTokenEx(NTSTATUS status,
    270 
    271   __try {
    272     // Write the output parameters.
    273     *token = answer.handle;
    274   } __except (EXCEPTION_EXECUTE_HANDLER) {
    275     return status;
    276   }
    277 
    278 +    mozilla::sandboxing::LogAllowed("NtOpenProcessTokenEx");
    279   return answer.nt_status;
    280 }
    281 
    282 }  // namespace
    283 
    284 // Hooks NtOpenThread and proxy the call to the broker if it's trying to
    285 // open a thread in the same process.
    286 NTSTATUS WINAPI TargetNtOpenThread(NtOpenThreadFunction orig_OpenThread,
    287 @@ -110,16 +113,17 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpe
    288                                    POBJECT_ATTRIBUTES object_attributes,
    289                                    PCLIENT_ID client_id) {
    290   NTSTATUS status =
    291       orig_OpenThread(thread, desired_access, object_attributes, client_id);
    292   if (NT_SUCCESS(status)) {
    293     return status;
    294   }
    295 
    296 +  mozilla::sandboxing::LogBlocked("NtOpenThread");
    297   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled()) {
    298     return status;
    299   }
    300 
    301   if (!ValidParameter(thread, sizeof(HANDLE), WRITE) ||
    302       !ValidObjectAttributes(object_attributes)) {
    303     return status;
    304   }
    305 @@ -162,16 +166,17 @@ NTSTATUS WINAPI TargetNtOpenThread(NtOpe
    306 
    307   __try {
    308     // Write the output parameters.
    309     *thread = answer.handle;
    310   } __except (EXCEPTION_EXECUTE_HANDLER) {
    311     return status;
    312   }
    313 
    314 +  mozilla::sandboxing::LogAllowed("NtOpenThread");
    315   return answer.nt_status;
    316 }
    317 
    318 // Hooks NtOpenProcess and duplicates the current process handle if opening the
    319 // current process.
    320 NTSTATUS WINAPI TargetNtOpenProcess(NtOpenProcessFunction orig_OpenProcess,
    321                                     PHANDLE process,
    322                                     ACCESS_MASK desired_access,
    323 diff --git a/sandbox/win/src/signed_interception.cc b/sandbox/win/src/signed_interception.cc
    324 --- a/sandbox/win/src/signed_interception.cc
    325 +++ b/sandbox/win/src/signed_interception.cc
    326 @@ -10,16 +10,17 @@
    327 #include "sandbox/win/src/crosscall_client.h"
    328 #include "sandbox/win/src/ipc_tags.h"
    329 #include "sandbox/win/src/policy_params.h"
    330 #include "sandbox/win/src/policy_target.h"
    331 #include "sandbox/win/src/sandbox_factory.h"
    332 #include "sandbox/win/src/sandbox_nt_util.h"
    333 #include "sandbox/win/src/sharedmem_ipc_client.h"
    334 #include "sandbox/win/src/target_services.h"
    335 +#include "mozilla/sandboxing/sandboxLogging.h"
    336 
    337 namespace sandbox {
    338 
    339 // Note that this shim may be called before the heap is available, we must get
    340 // as far as |QueryBroker| without using the heap, for example when AppVerifier
    341 // is enabled.
    342 NTSTATUS WINAPI
    343 TargetNtCreateSection(NtCreateSectionFunction orig_CreateSection,
    344 @@ -38,16 +39,18 @@ TargetNtCreateSection(NtCreateSectionFun
    345       break;
    346     if (maximum_size)
    347       break;
    348     if (section_page_protection != PAGE_EXECUTE)
    349       break;
    350     if (allocation_attributes != SEC_IMAGE)
    351       break;
    352 
    353 +    mozilla::sandboxing::LogBlocked("NtCreateSection");
    354 +
    355     // IPC must be fully started.
    356     void* memory = GetGlobalIPCMemory();
    357     if (!memory)
    358       break;
    359 
    360     // As mentioned at the top of the function, we need to use the stack here
    361     // because the heap may not be available.
    362     constexpr ULONG path_buffer_size =
    363 @@ -90,16 +93,17 @@ TargetNtCreateSection(NtCreateSectionFun
    364     if (code != SBOX_ALL_OK)
    365       break;
    366 
    367     if (!NT_SUCCESS(answer.nt_status))
    368       break;
    369 
    370     __try {
    371       *section_handle = answer.handle;
    372 +      mozilla::sandboxing::LogAllowed("NtCreateSection");
    373       return answer.nt_status;
    374     } __except (EXCEPTION_EXECUTE_HANDLER) {
    375       break;
    376     }
    377   } while (false);
    378 
    379   // Fall back to the original API in all failure cases.
    380   return orig_CreateSection(section_handle, desired_access, object_attributes,
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE