1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/sync_interception.h"
7 #include "sandbox/win/src/crosscall_client.h"
8 #include "sandbox/win/src/ipc_tags.h"
9 #include "sandbox/win/src/policy_params.h"
10 #include "sandbox/win/src/policy_target.h"
11 #include "sandbox/win/src/sandbox_factory.h"
12 #include "sandbox/win/src/sandbox_nt_util.h"
13 #include "sandbox/win/src/sharedmem_ipc_client.h"
14 #include "sandbox/win/src/target_services.h"
18 ResultCode
ProxyCreateEvent(LPCWSTR name
,
20 EVENT_TYPE event_type
,
22 CrossCallReturn
* answer
) {
23 CountedParameterSet
<NameBased
> params
;
24 params
[NameBased::NAME
] = ParamPickerMake(name
);
26 if (!QueryBroker(IPC_CREATEEVENT_TAG
, params
.GetBase()))
27 return SBOX_ERROR_GENERIC
;
29 SharedMemIPCClient
ipc(ipc_memory
);
30 ResultCode code
= CrossCall(ipc
, IPC_CREATEEVENT_TAG
, name
, event_type
,
31 initial_state
, answer
);
35 ResultCode
ProxyOpenEvent(LPCWSTR name
,
36 uint32 desired_access
,
38 CrossCallReturn
* answer
) {
39 CountedParameterSet
<OpenEventParams
> params
;
40 params
[OpenEventParams::NAME
] = ParamPickerMake(name
);
41 params
[OpenEventParams::ACCESS
] = ParamPickerMake(desired_access
);
43 if (!QueryBroker(IPC_OPENEVENT_TAG
, params
.GetBase()))
44 return SBOX_ERROR_GENERIC
;
46 SharedMemIPCClient
ipc(ipc_memory
);
47 ResultCode code
= CrossCall(ipc
, IPC_OPENEVENT_TAG
, name
, desired_access
,
53 NTSTATUS WINAPI
TargetNtCreateEvent(NtCreateEventFunction orig_CreateEvent
,
55 ACCESS_MASK desired_access
,
56 POBJECT_ATTRIBUTES object_attributes
,
57 EVENT_TYPE event_type
,
58 BOOLEAN initial_state
) {
59 NTSTATUS status
= orig_CreateEvent(event_handle
, desired_access
,
60 object_attributes
, event_type
,
62 if (status
!= STATUS_ACCESS_DENIED
|| !object_attributes
)
65 // We don't trust that the IPC can work this early.
66 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
70 if (!ValidParameter(event_handle
, sizeof(HANDLE
), WRITE
))
73 void* memory
= GetGlobalIPCMemory();
77 OBJECT_ATTRIBUTES object_attribs_copy
= *object_attributes
;
78 // The RootDirectory points to BaseNamedObjects. We can ignore it.
79 object_attribs_copy
.RootDirectory
= NULL
;
82 uint32 attributes
= 0;
83 NTSTATUS ret
= AllocAndCopyName(&object_attribs_copy
, &name
, &attributes
,
85 if (!NT_SUCCESS(ret
) || name
== NULL
)
88 CrossCallReturn answer
= {0};
89 answer
.nt_status
= status
;
90 ResultCode code
= ProxyCreateEvent(name
, initial_state
, event_type
, memory
,
92 operator delete(name
, NT_ALLOC
);
94 if (code
!= SBOX_ALL_OK
) {
95 status
= answer
.nt_status
;
99 *event_handle
= answer
.handle
;
100 status
= STATUS_SUCCESS
;
101 } __except(EXCEPTION_EXECUTE_HANDLER
) {
109 NTSTATUS WINAPI
TargetNtOpenEvent(NtOpenEventFunction orig_OpenEvent
,
110 PHANDLE event_handle
,
111 ACCESS_MASK desired_access
,
112 POBJECT_ATTRIBUTES object_attributes
) {
113 NTSTATUS status
= orig_OpenEvent(event_handle
, desired_access
,
115 if (status
!= STATUS_ACCESS_DENIED
|| !object_attributes
)
118 // We don't trust that the IPC can work this early.
119 if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
123 if (!ValidParameter(event_handle
, sizeof(HANDLE
), WRITE
))
126 void* memory
= GetGlobalIPCMemory();
130 OBJECT_ATTRIBUTES object_attribs_copy
= *object_attributes
;
131 // The RootDirectory points to BaseNamedObjects. We can ignore it.
132 object_attribs_copy
.RootDirectory
= NULL
;
134 wchar_t* name
= NULL
;
135 uint32 attributes
= 0;
136 NTSTATUS ret
= AllocAndCopyName(&object_attribs_copy
, &name
, &attributes
,
138 if (!NT_SUCCESS(ret
) || name
== NULL
)
141 CrossCallReturn answer
= {0};
142 answer
.nt_status
= status
;
143 ResultCode code
= ProxyOpenEvent(name
, desired_access
, memory
, &answer
);
144 operator delete(name
, NT_ALLOC
);
146 if (code
!= SBOX_ALL_OK
) {
147 status
= answer
.nt_status
;
151 *event_handle
= answer
.handle
;
152 status
= STATUS_SUCCESS
;
153 } __except(EXCEPTION_EXECUTE_HANDLER
) {
161 } // namespace sandbox