Upgrade ProcessMitigationsWin32KDispatcher to new shared memory api.

ProcessMitigationsWin32KDispatcher uses a raw handle to open a shared memory region containing certificate data. This CL uses the new shared memory region API to open region. In keeping with current semantics, it is opened writable. This should introduce no functional change. Bug: 795291 Change-Id: I1d7bdeb0220a1deaaff8c65e9bc0e457df78057b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1657897Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Alex Ilin <alexilin@chromium.org> Commit-Queue: Matthew Cary (CET) <mattcary@chromium.org> Cr-Commit-Position: refs/heads/master@{#672015}

Upgrade ProcessMitigationsWin32KDispatcher to new shared memory api.
ProcessMitigationsWin32KDispatcher uses a raw handle to open a shared memory region containing certificate data. This CL uses the new shared memory region API to open region. In keeping with current semantics, it is opened writable. This should introduce no functional change. Bug: 795291 Change-Id: I1d7bdeb0220a1deaaff8c65e9bc0e457df78057b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1657897Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Alex Ilin <alexilin@chromium.org> Commit-Queue: Matthew Cary (CET) <mattcary@chromium.org> Cr-Commit-Position: refs/heads/master@{#672015}
68e88163 · Matthew Cary · Commit Bot · 36f1d455 · 68e88163
Commit 68e88163 authored Jun 25, 2019 by Matthew Cary Committed by Commit Bot Jun 25, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 26 deletions

sandbox/win/src/process_mitigations_win32k_dispatcher.cc sandbox/win/src/process_mitigations_win32k_dispatcher.cc +36 -26

No files found.
--- a/sandbox/win/src/process_mitigations_win32k_dispatcher.cc
+++ b/sandbox/win/src/process_mitigations_win32k_dispatcher.cc
@@ -6,7 +6,8 @@

 #include <algorithm>

-#include "base/memory/shared_memory.h"
+#include "base/memory/platform_shared_memory_region.h"
+#include "base/memory/unsafe_shared_memory_region.h"
 #include "base/strings/string16.h"
 #include "base/unguessable_token.h"
 #include "base/win/windows_version.h"
@@ -20,18 +21,27 @@ namespace sandbox {

 namespace {

-base::SharedMemoryHandle GetSharedMemoryHandle(const ClientInfo& client_info,
-                                               HANDLE handle,
-                                               size_t size) {
-  HANDLE result_handle = nullptr;
+base::UnsafeSharedMemoryRegion GetSharedMemoryRegion(
+    const ClientInfo& client_info,
+    HANDLE handle,
+    size_t size) {
+  HANDLE dup_handle = nullptr;
  intptr_t handle_int = reinterpret_cast<intptr_t>(handle);
  if (handle_int <= 0 ||
      !::DuplicateHandle(client_info.process, handle, ::GetCurrentProcess(),
-                         &result_handle, 0, false, DUPLICATE_SAME_ACCESS)) {
-    result_handle = nullptr;
-  }
-  return base::SharedMemoryHandle(result_handle, size,
-                                  base::UnguessableToken::Create());
+                         &dup_handle, 0, false, DUPLICATE_SAME_ACCESS)) {
+    return {};
+  }
+  // The raw handle returned from ::DuplicateHandle() must be wrapped in a
+  // base::PlatformSharedMemoryRegion.
+  base::subtle::PlatformSharedMemoryRegion platform_region =
+      base::subtle::PlatformSharedMemoryRegion::Take(
+          base::win::ScopedHandle(dup_handle),
+          base::subtle::PlatformSharedMemoryRegion::Mode::kUnsafe, size,
+          base::UnguessableToken::Create());
+  // |platform_region| can now be wrapped in a base::UnsafeSharedMemoryRegion.
+  return base::UnsafeSharedMemoryRegion::Deserialize(
+      std::move(platform_region));
 }

 }  // namespace
@@ -413,22 +423,22 @@ bool ProcessMitigationsWin32KDispatcher::GetCertificate(
    ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
    return true;
  }
-  base::SharedMemoryHandle handle = GetSharedMemoryHandle(
+  base::UnsafeSharedMemoryRegion region = GetSharedMemoryRegion(
      *ipc->client_info, shared_buffer_handle, shared_buffer_size);
-  if (!handle.IsValid()) {
+  if (!region.IsValid()) {
    ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
    return true;
  }
-  base::SharedMemory cert_data(handle, false);
-  if (!cert_data.Map(shared_buffer_size)) {
+  base::WritableSharedMemoryMapping cert_data = region.Map();
+  if (!cert_data.IsValid()) {
    ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
    return true;
  }
  NTSTATUS status = STATUS_INVALID_PARAMETER;
  if (device_name->size() > 0) {
    status = ProcessMitigationsWin32KLockdownPolicy::GetCertificateAction(
-        *ipc->client_info, *device_name, static_cast<BYTE*>(cert_data.memory()),
-        shared_buffer_size);
+        *ipc->client_info, *device_name,
+        cert_data.GetMemoryAsSpan<BYTE>().data(), shared_buffer_size);
  } else {
    scoped_refptr<ProtectedVideoOutput> output =
        GetProtectedVideoOutput(protected_output, false);
@@ -436,7 +446,7 @@ bool ProcessMitigationsWin32KDispatcher::GetCertificate(
      status =
          ProcessMitigationsWin32KLockdownPolicy::GetCertificateByHandleAction(
              *ipc->client_info, output.get()->handle(),
-              static_cast<BYTE*>(cert_data.memory()), shared_buffer_size);
+              cert_data.GetMemoryAsSpan<BYTE>().data(), shared_buffer_size);
    }
  }
  ipc->return_info.nt_status = status;
@@ -517,15 +527,15 @@ bool ProcessMitigationsWin32KDispatcher::ConfigureOPMProtectedOutput(
    ipc->return_info.nt_status = STATUS_INVALID_HANDLE;
    return true;
  };
-  base::SharedMemoryHandle handle =
-      GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle,
+  base::UnsafeSharedMemoryRegion region =
+      GetSharedMemoryRegion(*ipc->client_info, shared_buffer_handle,
                            sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS));
-  if (!handle.IsValid()) {
+  if (!region.IsValid()) {
    ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
    return true;
  }
-  base::SharedMemory buffer(handle, false);
-  if (!buffer.Map(sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS))) {
+  base::WritableSharedMemoryMapping buffer = region.Map();
+  if (!buffer.IsValid()) {
    ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
    return true;
  }
@@ -554,15 +564,15 @@ bool ProcessMitigationsWin32KDispatcher::GetOPMInformation(
      std::max(sizeof(DXGKMDT_OPM_GET_INFO_PARAMETERS),
               sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION));

-  base::SharedMemoryHandle handle = GetSharedMemoryHandle(
+  base::UnsafeSharedMemoryRegion region = GetSharedMemoryRegion(
      *ipc->client_info, shared_buffer_handle, shared_buffer_size);
-  if (!handle.IsValid()) {
+  if (!region.IsValid()) {
    ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
    return true;
  }
-  base::SharedMemory buffer(handle, false);

-  if (!buffer.Map(shared_buffer_size)) {
+  base::WritableSharedMemoryMapping buffer = region.Map();
+  if (!buffer.IsValid()) {
    ipc->return_info.nt_status = STATUS_ACCESS_DENIED;
    return true;
  }