Restructure sandbox code to reduce dependencies pulled in by intercept code.

BUG=322710
TEST=NONE

Review URL: https://codereview.chromium.org/84063004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@238538 0039d316-1c4b-4281-b951-d872f2087c98

sandbox/win/sandbox_win.gypi

@@ -93,6 +93,7 @@
             'src/restricted_token.cc',
             'src/restricted_token.h',
             'src/sandbox_factory.h',
+            'src/sandbox_globals.cc',
             'src/sandbox_nt_types.h',
             'src/sandbox_nt_util.cc',
             'src/sandbox_nt_util.h',

sandbox/win/src/nt_internals.h

-// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
+// Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -601,6 +601,11 @@ typedef size_t  (__cdecl *strlenFunction)(
 typedef size_t (__cdecl *wcslenFunction)(
   IN const wchar_t* _Str);
 
+typedef void* (__cdecl *memcpyFunction)(
+  IN void* dest,
+  IN const void* src,
+  IN size_t count);
+
 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)(
   IN OUT PUNICODE_STRING  DestinationString,
   IN PANSI_STRING  SourceString,

sandbox/win/src/policy_broker.cc

@@ -73,6 +73,7 @@ bool SetupNtdllImports(TargetProcess *child) {
   INIT_GLOBAL_RTL(_strnicmp);
   INIT_GLOBAL_RTL(strlen);
   INIT_GLOBAL_RTL(wcslen);
+  INIT_GLOBAL_RTL(memcpy);
 
 #ifndef NDEBUG
   // Verify that the structure is fully initialized.

sandbox/win/src/sandbox.cc

@@ -11,7 +11,7 @@
 
 namespace sandbox {
 // The section for IPC and policy.
-SANDBOX_INTERCEPT HANDLE  g_shared_section = NULL;
+SANDBOX_INTERCEPT HANDLE  g_shared_section;
 
 static bool               s_is_broker =  false;
 

sandbox/win/src/sandbox_globals.cc

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <windows.h>
+
+#include "sandbox/win/src/sandbox_nt_types.h"
+#include "sandbox/win/src/sandbox_types.h"
+
+namespace sandbox {
+
+// The section for IPC and policy.
+SANDBOX_INTERCEPT HANDLE g_shared_section = NULL;
+
+// This is the list of all imported symbols from ntdll.dll.
+SANDBOX_INTERCEPT NtExports g_nt = {};
+
+}  // namespace sandbox

sandbox/win/src/sandbox_nt_types.h

@@ -31,6 +31,7 @@ struct NtExports {
   _strnicmpFunction                     _strnicmp;
   strlenFunction                        strlen;
   wcslenFunction                        wcslen;
+  memcpyFunction                        memcpy;
 };
 
 // This is the value used for the ntdll level allocator.

sandbox/win/src/sandbox_nt_util.cc

@@ -11,7 +11,7 @@
 namespace sandbox {
 
 // This is the list of all imported symbols from ntdll.dll.
-SANDBOX_INTERCEPT NtExports g_nt = { NULL };
+SANDBOX_INTERCEPT NtExports g_nt;
 
 }  // namespace sandbox
 
@@ -208,15 +208,7 @@ bool ValidParameter(void* buffer, size_t size, RequiredAccess intent) {
 NTSTATUS CopyData(void* destination, const void* source, size_t bytes) {
   NTSTATUS ret = STATUS_SUCCESS;
   __try {
-    if (SandboxFactory::GetTargetServices()->GetState()->InitCalled()) {
-      memcpy(destination, source, bytes);
-    } else {
-      const char* from = reinterpret_cast<const char*>(source);
-      char* to = reinterpret_cast<char*>(destination);
-      for (size_t i = 0; i < bytes; i++) {
-        to[i] = from[i];
-      }
-    }
+    g_nt.memcpy(destination, source, bytes);
   } __except(EXCEPTION_EXECUTE_HANDLER) {
     ret = GetExceptionCode();
   }

sandbox/win/src/sandbox_nt_util.h

@@ -45,6 +45,8 @@ void __cdecl operator delete(void* memory, void* buffer,
 #define VERIFY_SUCCESS(action) (action)
 #endif
 
+#define CHECK_NT(condition) { (condition) ? (void)0 : __debugbreak(); }
+
 #define NOTREACHED_NT() DCHECK_NT(false)
 
 namespace sandbox {
@@ -94,7 +96,6 @@ enum RequiredAccess {
 // write)
 bool ValidParameter(void* buffer, size_t size, RequiredAccess intent);
 
-
 // Copies data from a user buffer to our buffer. Returns the operation status.
 NTSTATUS CopyData(void* destination, const void* source, size_t bytes);
 

sandbox/win/src/sandbox_utils.cc

@@ -28,11 +28,11 @@ void InitObjectAttribs(const std::wstring& name,
   if (!RtlInitUnicodeString) {
     HMODULE ntdll = ::GetModuleHandle(kNtdllName);
     RtlInitUnicodeString = reinterpret_cast<RtlInitUnicodeStringFunction>(
-      GetProcAddress(ntdll, "RtlInitUnicodeString"));
+        GetProcAddress(ntdll, "RtlInitUnicodeString"));
     DCHECK(RtlInitUnicodeString);
   }
   RtlInitUnicodeString(uni_name, name.c_str());
   InitializeObjectAttributes(obj_attr, uni_name, attributes, root, NULL);
 }
 
-};  // namespace sandbox
+}  // namespace sandbox

sandbox/win/src/sandbox_utils.h

@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef SANDBOX_SRC_SANDBOX_UTILS_H__
-#define SANDBOX_SRC_SANDBOX_UTILS_H__
+#ifndef SANDBOX_SRC_SANDBOX_UTILS_H_
+#define SANDBOX_SRC_SANDBOX_UTILS_H_
 
 #include <windows.h>
 #include <string>
@@ -22,6 +22,6 @@ void InitObjectAttribs(const std::wstring& name,
                        OBJECT_ATTRIBUTES* obj_attr,
                        UNICODE_STRING* uni_name);
 
-};  // namespace sandbox
+}  // namespace sandbox
 
-#endif  // SANDBOX_SRC_SANDBOX_UTILS_H__
+#endif  // SANDBOX_SRC_SANDBOX_UTILS_H_

sandbox/win/src/service_resolver.cc

-// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
+// Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/service_resolver.h"
 
-#include "base/logging.h"
 #include "base/win/pe_image.h"
+#include "sandbox/win/src/internal_types.h"
+#include "sandbox/win/src/sandbox_nt_util.h"
 
 namespace sandbox {
 
@@ -24,7 +25,6 @@ NTSTATUS ServiceResolverThunk::ResolveInterceptor(
 NTSTATUS ServiceResolverThunk::ResolveTarget(const void* module,
                                              const char* function_name,
                                              void** address) {
-  DCHECK(address);
   if (NULL == module)
     return STATUS_UNSUCCESSFUL;
 
@@ -32,11 +32,15 @@ NTSTATUS ServiceResolverThunk::ResolveTarget(const void* module,
   *address = module_image.GetProcAddress(function_name);
 
   if (NULL == *address) {
-    NOTREACHED();
+    NOTREACHED_NT();
     return STATUS_UNSUCCESSFUL;
   }
 
   return STATUS_SUCCESS;
 }
 
+void ServiceResolverThunk::AllowLocalPatches() {
+  ntdll_base_ = ::GetModuleHandle(kNtdllName);
+}
+
 }  // namespace sandbox

sandbox/win/src/service_resolver.h

@@ -43,6 +43,9 @@ class ServiceResolverThunk : public ResolverThunk {
   // Implementation of Resolver::GetThunkSize.
   virtual size_t GetThunkSize() const;
 
+  // Call this to set up ntdll_base_ which will allow for local patches.
+  virtual void AllowLocalPatches();
+
  protected:
   // The unit test will use this member to allow local patch on a buffer.
   HMODULE ntdll_base_;

sandbox/win/src/service_resolver_64.cc

@@ -4,8 +4,8 @@
 
 #include "sandbox/win/src/service_resolver.h"
 
-#include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/win_utils.h"
 
 namespace {
@@ -144,14 +144,14 @@ bool ServiceResolverThunk::IsFunctionAService(void* local_thunk) const {
 
 NTSTATUS ServiceResolverThunk::PerformPatch(void* local_thunk,
                                             void* remote_thunk) {
-  ServiceFullThunk* full_local_thunk = reinterpret_cast<ServiceFullThunk*>(
-                                           local_thunk);
-  ServiceFullThunk* full_remote_thunk = reinterpret_cast<ServiceFullThunk*>(
-                                            remote_thunk);
+  ServiceFullThunk* full_local_thunk =
+      reinterpret_cast<ServiceFullThunk*>(local_thunk);
+  ServiceFullThunk* full_remote_thunk =
+      reinterpret_cast<ServiceFullThunk*>(remote_thunk);
 
   // Patch the original code.
   ServiceEntry local_service;
-  DCHECK_GE(GetInternalThunkSize(), sizeof(local_service));
+  DCHECK_NT(GetInternalThunkSize() >= sizeof(local_service));
   if (!SetInternalThunk(&local_service, sizeof(local_service), NULL,
                         interceptor_))
     return STATUS_UNSUCCESSFUL;
@@ -181,12 +181,12 @@ NTSTATUS ServiceResolverThunk::PerformPatch(void* local_thunk,
 }
 
 bool Wow64ResolverThunk::IsFunctionAService(void* local_thunk) const {
-  NOTREACHED();
+  NOTREACHED_NT();
   return false;
 }
 
 bool Win2kResolverThunk::IsFunctionAService(void* local_thunk) const {
-  NOTREACHED();
+  NOTREACHED_NT();
   return false;
 }
 

sandbox/win/src/service_resolver_unittest.cc

@@ -44,7 +44,7 @@ class ResolverThunkTest : public T {
     EXPECT_EQ(STATUS_SUCCESS, ret);
 
     target_ = fake_target_;
-    ntdll_base_ = ::GetModuleHandle(L"ntdll.dll");
+
     return ret;
   };
 
@@ -108,6 +108,8 @@ NTSTATUS PatchNtdllWithResolver(const char* function, bool relaxed,
   scoped_ptr<char[]> thunk(new char[thunk_size]);
   size_t used;
 
+  resolver->AllowLocalPatches();
+
   NTSTATUS ret = resolver->Setup(ntdll_base, NULL, function, NULL,
                                  function_entry, thunk.get(), thunk_size,
                                  &used);
@@ -224,4 +226,41 @@ TEST(ServiceResolverTest, MultiplePatchedServices) {
 #endif
 }
 
+TEST(ServiceResolverTest, LocalPatchesAllowed) {
+  sandbox::ServiceResolverThunk* resolver = GetTestResolver(true);
+
+  HMODULE ntdll_base = ::GetModuleHandle(L"ntdll.dll");
+  ASSERT_TRUE(NULL != ntdll_base);
+
+  const char kFunctionName[] = "NtClose";
+
+  void* target = ::GetProcAddress(ntdll_base, kFunctionName);
+  ASSERT_TRUE(NULL != target);
+
+  BYTE service[50];
+  memcpy(service, target, sizeof(service));
+  static_cast<WinXpResolverTest*>(resolver)->set_target(service);
+
+  // Any pointer will do as an interception_entry_point
+  void* function_entry = resolver;
+  size_t thunk_size = resolver->GetThunkSize();
+  scoped_ptr<char[]> thunk(new char[thunk_size]);
+  size_t used;
+
+  NTSTATUS ret = STATUS_UNSUCCESSFUL;
+
+  // First try patching without having allowed local patches.
+  ret = resolver->Setup(ntdll_base, NULL, kFunctionName, NULL,
+                        function_entry, thunk.get(), thunk_size,
+                        &used);
+  EXPECT_FALSE(NT_SUCCESS(ret));
+
+  // Now allow local patches and check that things work.
+  resolver->AllowLocalPatches();
+  ret = resolver->Setup(ntdll_base, NULL, kFunctionName, NULL,
+                        function_entry, thunk.get(), thunk_size,
+                        &used);
+  EXPECT_EQ(STATUS_SUCCESS, ret);
+}
+
 }  // namespace

sandbox/win/src/win_utils.cc

@@ -6,10 +6,10 @@
 
 #include <map>
 
-#include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "sandbox/win/src/internal_types.h"
 #include "sandbox/win/src/nt_internals.h"
+#include "sandbox/win/src/sandbox_nt_util.h"
 
 namespace {
 
@@ -104,7 +104,7 @@ DWORD IsReparsePoint(const std::wstring& full_path, bool* result) {
           error != ERROR_PATH_NOT_FOUND &&
           error != ERROR_INVALID_NAME) {
         // Unexpected error.
-        NOTREACHED();
+        NOTREACHED_NT();
         return error;
       }
     } else if (FILE_ATTRIBUTE_REPARSE_POINT & attributes) {
@@ -124,7 +124,7 @@ DWORD IsReparsePoint(const std::wstring& full_path, bool* result) {
 // we'll get from |handle| will be \device\harddiskvolume1\some\foo\bar.
 bool SameObject(HANDLE handle, const wchar_t* full_path) {
   std::wstring path(full_path);
-  DCHECK(!path.empty());
+  DCHECK_NT(!path.empty());
 
   // Check if it's a pipe.
   if (IsPipe(path))
@@ -319,5 +319,5 @@ void ResolveNTFunctionPtr(const char* name, void* ptr) {
     *function_ptr = ::GetProcAddress(ntdll, name);
   }
 
-  CHECK(*function_ptr);
+  CHECK_NT(*function_ptr);
 }