[Windows]: Remove SANDBOX_EXPORTS support.

This CL removes support for the SANDBOX_EXPORTS compile option. The feature is not tested or officially supported. It's common practice to removed unused code where possible. Bug: 610499 Change-Id: I357e8a0a531dc0cbbd263baa77441bb7f97c5585 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2544878 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#828859}

[Windows]: Remove SANDBOX_EXPORTS support.
This CL removes support for the SANDBOX_EXPORTS compile option. The feature is not tested or officially supported. It's common practice to removed unused code where possible. Bug: 610499 Change-Id: I357e8a0a531dc0cbbd263baa77441bb7f97c5585 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2544878 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#828859}
665b8382 · James Forshaw · Commit Bot · 0977dd12 · 665b8382 · 665b8382
Commit 665b8382 authored Nov 18, 2020 by James Forshaw Committed by Commit Bot Nov 18, 2020
4 changed files
--- a/sandbox/win/src/interception.cc
+++ b/sandbox/win/src/interception.cc
@@ -352,16 +352,6 @@ ResultCode InterceptionManager::PatchNtdll(bool hot_patch_needed) {
    return SBOX_ALL_OK;

  if (hot_patch_needed) {
-#if defined(SANDBOX_EXPORTS)
-// Make sure the functions are not excluded by the linker.
-#if defined(_WIN64)
-#pragma comment(linker, "/include:TargetNtMapViewOfSection64")
-#pragma comment(linker, "/include:TargetNtUnmapViewOfSection64")
-#else
-#pragma comment(linker, "/include:_TargetNtMapViewOfSection@44")
-#pragma comment(linker, "/include:_TargetNtUnmapViewOfSection@12")
-#endif
-#endif  // defined(SANDBOX_EXPORTS)
    ADD_NT_INTERCEPTION(NtMapViewOfSection, MAP_VIEW_OF_SECTION_ID, 44);
    ADD_NT_INTERCEPTION(NtUnmapViewOfSection, UNMAP_VIEW_OF_SECTION_ID, 12);
  }
@@ -433,13 +423,6 @@ ResultCode InterceptionManager::PatchClientFunctions(
  if (!ntdll_base)
    return SBOX_ERROR_NO_HANDLE;

-  char* interceptor_base = nullptr;
-
-#if defined(SANDBOX_EXPORTS)
-  interceptor_base = reinterpret_cast<char*>(child_.MainModule());
-  base::ScopedNativeLibrary local_interceptor(::LoadLibrary(child_.Name()));
-#endif  // defined(SANDBOX_EXPORTS)
-
  std::unique_ptr<ServiceResolverThunk> thunk;
 #if defined(_WIN64)
  thunk.reset(new ServiceResolverThunk(child_.Process(), relaxed_));
@@ -468,26 +451,8 @@ ResultCode InterceptionManager::PatchClientFunctions(
    if (INTERCEPTION_SERVICE_CALL != interception.type)
      return SBOX_ERROR_BAD_PARAMS;

-#if defined(SANDBOX_EXPORTS)
-    // We may be trying to patch by function name.
-    if (!interception.interceptor_address) {
-      const char* address;
-      NTSTATUS ret = thunk->ResolveInterceptor(
-          local_interceptor.get(), interception.interceptor.c_str(),
-          reinterpret_cast<const void**>(&address));
-      if (!NT_SUCCESS(ret)) {
-        ::SetLastError(GetLastErrorFromNtStatus(ret));
-        return SBOX_ERROR_CANNOT_RESOLVE_INTERCEPTION_THUNK;
-      }
-
-      // Translate the local address to an address on the child.
-      interception.interceptor_address =
-          interceptor_base +
-          (address - reinterpret_cast<char*>(local_interceptor.get()));
-    }
-#endif  // defined(SANDBOX_EXPORTS)
    NTSTATUS ret = thunk->Setup(
-        ntdll_base, interceptor_base, interception.function.c_str(),
+        ntdll_base, nullptr, interception.function.c_str(),
        interception.interceptor.c_str(), interception.interceptor_address,
        &thunks->thunks[dll_data->num_thunks],
        thunk_bytes - dll_data->used_bytes, nullptr);

--- a/sandbox/win/src/interception.h
+++ b/sandbox/win/src/interception.h
@@ -235,32 +235,6 @@ class InterceptionManager {
 // Note that num_params is the number of bytes to pop out of the stack for
 // the exported interceptor, following the calling convention of a service call
 // (WINAPI = with the "C" underscore).
-#if SANDBOX_EXPORTS
-#if defined(_WIN64)
-#define MAKE_SERVICE_NAME(service, params) "Target" #service "64"
-#else
-#define MAKE_SERVICE_NAME(service, params) "_Target" #service "@" #params
-#endif
-
-#define ADD_NT_INTERCEPTION(service, id, num_params)        \
-  AddToPatchedFunctions(kNtdllName, #service,               \
-                        sandbox::INTERCEPTION_SERVICE_CALL, \
-                        MAKE_SERVICE_NAME(service, num_params), id)
-
-#define INTERCEPT_NT(manager, service, id, num_params)                        \
-  ((&Target##service) ? manager->ADD_NT_INTERCEPTION(service, id, num_params) \
-                      : false)
-
-// When intercepting the EAT it is important that the patched version of the
-// function not call any functions imported from system libraries unless
-// |TargetServices::InitCalled()| returns true, because it is only then that
-// we are guaranteed that our IAT has been initialized.
-#define INTERCEPT_EAT(manager, dll, function, id, num_params)             \
-  ((&Target##function) ? manager->AddToPatchedFunctions(                  \
-                             dll, #function, sandbox::INTERCEPTION_EAT,   \
-                             MAKE_SERVICE_NAME(function, num_params), id) \
-                       : false)
-#else  // SANDBOX_EXPORTS
 #if defined(_WIN64)
 #define MAKE_SERVICE_NAME(service) &Target##service##64
 #else
@@ -283,7 +257,6 @@ class InterceptionManager {
  manager->AddToPatchedFunctions(                             \
      dll, #function, sandbox::INTERCEPTION_EAT,              \
      reinterpret_cast<void*>(MAKE_SERVICE_NAME(function)), id)
-#endif  // SANDBOX_EXPORTS

 }  // namespace sandbox


--- a/sandbox/win/src/sandbox_types.h
+++ b/sandbox/win/src/sandbox_types.h
@@ -174,11 +174,7 @@ struct SandboxInterfaceInfo {
  TargetServices* target_services;
 };

-#if SANDBOX_EXPORTS
-#define SANDBOX_INTERCEPT extern "C" __declspec(dllexport)
-#else
 #define SANDBOX_INTERCEPT extern "C"
-#endif

 enum InterceptionType {
  INTERCEPTION_INVALID = 0,

--- a/sandbox/win/src/target_process.cc
+++ b/sandbox/win/src/target_process.cc
@@ -235,26 +235,8 @@ ResultCode TargetProcess::TransferVariable(const char* name,
  if (!sandbox_process_info_.IsValid())
    return SBOX_ERROR_UNEXPECTED_CALL;

-  void* child_var = address;
-
-#if SANDBOX_EXPORTS
-  HMODULE module = ::LoadLibrary(exe_name_.get());
-  if (!module)
-    return SBOX_ERROR_CANNOT_LOADLIBRARY_EXECUTABLE;
-
-  child_var = ::GetProcAddress(module, name);
-  ::FreeLibrary(module);
-
-  if (!child_var)
-    return SBOX_ERROR_CANNOT_FIND_VARIABLE_ADDRESS;
-
-  size_t offset =
-      reinterpret_cast<char*>(child_var) - reinterpret_cast<char*>(module);
-  child_var = reinterpret_cast<char*>(MainModule()) + offset;
-#endif
-
  SIZE_T written;
-  if (!::WriteProcessMemory(sandbox_process_info_.process_handle(), child_var,
+  if (!::WriteProcessMemory(sandbox_process_info_.process_handle(), address,
                            address, size, &written))
    return SBOX_ERROR_CANNOT_WRITE_VARIABLE_VALUE;