Merge from Chromium at DEPS revision 251904
This commit was generated by merge_to_master.py.
Change-Id: I1f9543259d7d2a57d81aa41a1b84f85837439d21
diff --git a/sandbox/win/src/Wow64.cc b/sandbox/win/src/Wow64.cc
index a710d75..b11026b 100644
--- a/sandbox/win/src/Wow64.cc
+++ b/sandbox/win/src/Wow64.cc
@@ -142,13 +142,13 @@
// Get the path to the helper (beside the exe).
wchar_t prog_name[MAX_PATH];
GetModuleFileNameW(NULL, prog_name, MAX_PATH);
- std::wstring path(prog_name);
+ base::string16 path(prog_name);
size_t name_pos = path.find_last_of(L"\\");
- if (std::wstring::npos == name_pos)
+ if (base::string16::npos == name_pos)
return false;
path.resize(name_pos + 1);
- std::wstringstream command;
+ std::basic_stringstream<base::char16> command;
command << std::hex << std::showbase << L"\"" << path <<
L"wow_helper.exe\" " << child_->ProcessId() << " " <<
bit_cast<ULONG>(buffer);
diff --git a/sandbox/win/src/app_container.cc b/sandbox/win/src/app_container.cc
index 826b561..f8d7541 100644
--- a/sandbox/win/src/app_container.cc
+++ b/sandbox/win/src/app_container.cc
@@ -16,7 +16,7 @@
// Converts the passed in sid string to a PSID that must be relased with
// LocalFree.
-PSID ConvertSid(const string16& sid) {
+PSID ConvertSid(const base::string16& sid) {
PSID local_sid;
if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
return NULL;
@@ -49,8 +49,8 @@
}
ResultCode AppContainerAttributes::SetAppContainer(
- const string16& app_container_sid,
- const std::vector<string16>& capabilities) {
+ const base::string16& app_container_sid,
+ const std::vector<base::string16>& capabilities) {
DCHECK(!capabilities_.AppContainerSid);
DCHECK(attributes_.empty());
capabilities_.AppContainerSid = ConvertSid(app_container_sid);
@@ -94,7 +94,8 @@
return (capabilities_.AppContainerSid != NULL);
}
-ResultCode CreateAppContainer(const string16& sid, const string16& name) {
+ResultCode CreateAppContainer(const base::string16& sid,
+ const base::string16& name) {
PSID local_sid;
if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
return SBOX_ERROR_INVALID_APP_CONTAINER;
@@ -121,7 +122,7 @@
return operation_result;
}
-ResultCode DeleteAppContainer(const string16& sid) {
+ResultCode DeleteAppContainer(const base::string16& sid) {
PSID local_sid;
if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
return SBOX_ERROR_INVALID_APP_CONTAINER;
@@ -146,10 +147,10 @@
return operation_result;
}
-string16 LookupAppContainer(const string16& sid) {
+base::string16 LookupAppContainer(const base::string16& sid) {
PSID local_sid;
if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
- return string16();
+ return base::string16();
typedef HRESULT (WINAPI* AppContainerLookupMonikerPtr)(PSID sid,
LPWSTR* moniker);
@@ -166,14 +167,14 @@
}
if (!AppContainerLookupMoniker || !AppContainerFreeMemory)
- return string16();
+ return base::string16();
wchar_t* buffer = NULL;
HRESULT rv = AppContainerLookupMoniker(local_sid, &buffer);
if (FAILED(rv))
- return string16();
+ return base::string16();
- string16 name(buffer);
+ base::string16 name(buffer);
if (!AppContainerFreeMemory(buffer))
NOTREACHED();
return name;
diff --git a/sandbox/win/src/app_container.h b/sandbox/win/src/app_container.h
index 34b43e9..8125d70 100644
--- a/sandbox/win/src/app_container.h
+++ b/sandbox/win/src/app_container.h
@@ -29,8 +29,8 @@
~AppContainerAttributes();
// Sets the AppContainer and capabilities to be used with the new process.
- ResultCode SetAppContainer(const string16& app_container_sid,
- const std::vector<string16>& capabilities);
+ ResultCode SetAppContainer(const base::string16& app_container_sid,
+ const std::vector<base::string16>& capabilities);
// Updates the proc_thred attribute list of the provided startup_information
// with the app container related data.
@@ -53,15 +53,16 @@
// AppContainer, and |name| will be used as both the display name and moniker.
// This function fails if the OS doesn't support AppContainers, or if there is
// an AppContainer registered with the same id.
-ResultCode CreateAppContainer(const string16& sid, const string16& name);
+ResultCode CreateAppContainer(const base::string16& sid,
+ const base::string16& name);
// Deletes an AppContainer previously created with a successfull call to
// CreateAppContainer.
-ResultCode DeleteAppContainer(const string16& sid);
+ResultCode DeleteAppContainer(const base::string16& sid);
// Retrieves the name associated with the provided AppContainer sid. Returns an
// empty string if the AppContainer is not registered with the system.
-string16 LookupAppContainer(const string16& sid);
+base::string16 LookupAppContainer(const base::string16& sid);
} // namespace sandbox
diff --git a/sandbox/win/src/app_container_test.cc b/sandbox/win/src/app_container_test.cc
index 3b33ca5..1bfab2c 100644
--- a/sandbox/win/src/app_container_test.cc
+++ b/sandbox/win/src/app_container_test.cc
@@ -23,7 +23,8 @@
const ULONG kSharing = FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_DELETE;
-HANDLE CreateTaggedEvent(const string16& name, const string16& sid) {
+HANDLE CreateTaggedEvent(const base::string16& name,
+ const base::string16& sid) {
base::win::ScopedHandle event(CreateEvent(NULL, FALSE, FALSE, name.c_str()));
if (!event.IsValid())
return NULL;
diff --git a/sandbox/win/src/app_container_unittest.cc b/sandbox/win/src/app_container_unittest.cc
index 936a9cb..4bce16a 100644
--- a/sandbox/win/src/app_container_unittest.cc
+++ b/sandbox/win/src/app_container_unittest.cc
@@ -37,7 +37,7 @@
return;
scoped_ptr<AppContainerAttributes> attributes(new AppContainerAttributes);
- std::vector<string16> capabilities;
+ std::vector<base::string16> capabilities;
EXPECT_EQ(SBOX_ERROR_INVALID_APP_CONTAINER,
attributes->SetAppContainer(L"S-1-foo", capabilities));
diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc
index 921eb4f..54d87c4 100644
--- a/sandbox/win/src/broker_services.cc
+++ b/sandbox/win/src/broker_services.cc
@@ -316,7 +316,7 @@
// Initialize the startup information from the policy.
base::win::StartupInformation startup_info;
- string16 desktop = policy_base->GetAlternateDesktop();
+ base::string16 desktop = policy_base->GetAlternateDesktop();
if (!desktop.empty()) {
startup_info.startup_info()->lpDesktop =
const_cast<wchar_t*>(desktop.c_str());
@@ -486,7 +486,7 @@
if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
return SBOX_ERROR_UNSUPPORTED;
- string16 old_name = LookupAppContainer(sid);
+ base::string16 old_name = LookupAppContainer(sid);
if (old_name.empty())
return CreateAppContainer(sid, name);
@@ -500,7 +500,7 @@
if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
return SBOX_ERROR_UNSUPPORTED;
- string16 name = LookupAppContainer(sid);
+ base::string16 name = LookupAppContainer(sid);
if (name.empty())
return SBOX_ERROR_INVALID_APP_CONTAINER;
diff --git a/sandbox/win/src/crosscall_server.cc b/sandbox/win/src/crosscall_server.cc
index fea8553..ab8b421 100644
--- a/sandbox/win/src/crosscall_server.cc
+++ b/sandbox/win/src/crosscall_server.cc
@@ -237,7 +237,7 @@
// Covers the common case of reading a string. Note that the string is not
// scanned for invalid characters.
-bool CrossCallParamsEx::GetParameterStr(uint32 index, std::wstring* string) {
+bool CrossCallParamsEx::GetParameterStr(uint32 index, base::string16* string) {
uint32 size = 0;
ArgType type;
void* start = GetRawParameter(index, &size, &type);
diff --git a/sandbox/win/src/crosscall_server.h b/sandbox/win/src/crosscall_server.h
index 2a39507..e754006 100644
--- a/sandbox/win/src/crosscall_server.h
+++ b/sandbox/win/src/crosscall_server.h
@@ -9,6 +9,7 @@
#include <vector>
#include "base/basictypes.h"
#include "base/callback.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_params.h"
// This is the IPC server interface for CrossCall: The IPC for the Sandbox
@@ -112,7 +113,7 @@
// Gets a parameter that is a string. Returns false if the parameter does not
// exist.
- bool GetParameterStr(uint32 index, std::wstring* string);
+ bool GetParameterStr(uint32 index, base::string16* string);
// Gets a parameter that is an in/out buffer. Returns false is the parameter
// does not exist or if the size of the actual parameter is not equal to the
diff --git a/sandbox/win/src/file_policy_test.cc b/sandbox/win/src/file_policy_test.cc
index 85aea0b..adda1a5 100644
--- a/sandbox/win/src/file_policy_test.cc
+++ b/sandbox/win/src/file_policy_test.cc
@@ -62,7 +62,7 @@
SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
}
- std::wstring full_path = MakePathToSys(argv[0], false);
+ base::string16 full_path = MakePathToSys(argv[0], false);
if (full_path.empty()) {
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
}
@@ -94,7 +94,7 @@
if (argc != 1)
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
- std::wstring file(argv[0]);
+ base::string16 file(argv[0]);
if (0 != _wcsnicmp(file.c_str(), kNTObjManPrefix, kNTObjManPrefixLen))
file = MakePathToSys(argv[0], true);
@@ -132,7 +132,7 @@
if (argc != 1)
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
- std::wstring file = MakePathToSys(argv[0], true);
+ base::string16 file = MakePathToSys(argv[0], true);
UNICODE_STRING object_name;
RtlInitUnicodeString(&object_name, file.c_str());
@@ -156,7 +156,7 @@
}
SBOX_TESTS_COMMAND int File_GetDiskSpace(int argc, wchar_t **argv) {
- std::wstring sys_path = MakePathToSys(L"", false);
+ base::string16 sys_path = MakePathToSys(L"", false);
if (sys_path.empty()) {
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
}
@@ -212,7 +212,7 @@
bool expect_directory = (L'd' == argv[1][0]);
UNICODE_STRING object_name;
- std::wstring file = MakePathToSys(argv[0], true);
+ base::string16 file = MakePathToSys(argv[0], true);
RtlInitUnicodeString(&object_name, file.c_str());
OBJECT_ATTRIBUTES obj_attributes = {0};
@@ -265,8 +265,8 @@
}
TEST(FilePolicyTest, AllowNtCreateWithNativePath) {
- std::wstring calc = MakePathToSys(L"calc.exe", false);
- std::wstring nt_path;
+ base::string16 calc = MakePathToSys(L"calc.exe", false);
+ base::string16 nt_path;
ASSERT_TRUE(GetNtPathFromWin32Path(calc, &nt_path));
TestRunner runner;
runner.AddFsRule(TargetPolicy::FILES_ALLOW_READONLY, nt_path.c_str());
@@ -533,9 +533,9 @@
ASSERT_TRUE(::CreateDirectory(temp_file_name, NULL));
// Create a temporary file in the subfolder.
- std::wstring subfolder = temp_file_name;
- std::wstring temp_file_title = subfolder.substr(subfolder.rfind(L"\\") + 1);
- std::wstring temp_file = subfolder + L"\\file_" + temp_file_title;
+ base::string16 subfolder = temp_file_name;
+ base::string16 temp_file_title = subfolder.substr(subfolder.rfind(L"\\") + 1);
+ base::string16 temp_file = subfolder + L"\\file_" + temp_file_title;
HANDLE file = ::CreateFile(temp_file.c_str(), FILE_ALL_ACCESS,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
@@ -544,8 +544,8 @@
ASSERT_TRUE(::CloseHandle(file));
// Create a temporary file in the temp directory.
- std::wstring temp_dir = temp_directory;
- std::wstring temp_file_in_temp = temp_dir + L"file_" + temp_file_title;
+ base::string16 temp_dir = temp_directory;
+ base::string16 temp_file_in_temp = temp_dir + L"file_" + temp_file_title;
file = ::CreateFile(temp_file_in_temp.c_str(), FILE_ALL_ACCESS,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
CREATE_ALWAYS, 0, NULL);
@@ -553,12 +553,12 @@
ASSERT_TRUE(::CloseHandle(file));
// Give write access to the temp directory.
- std::wstring temp_dir_wildcard = temp_dir + L"*";
+ base::string16 temp_dir_wildcard = temp_dir + L"*";
EXPECT_TRUE(runner.AddFsRule(TargetPolicy::FILES_ALLOW_ANY,
temp_dir_wildcard.c_str()));
// Prepare the command to execute.
- std::wstring command_write;
+ base::string16 command_write;
command_write += L"File_Create Write \"";
command_write += temp_file;
command_write += L"\"";
@@ -573,7 +573,7 @@
OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
EXPECT_TRUE(INVALID_HANDLE_VALUE != dir);
- std::wstring temp_dir_nt;
+ base::string16 temp_dir_nt;
temp_dir_nt += L"\\??\\";
temp_dir_nt += temp_dir;
EXPECT_TRUE(SetReparsePoint(dir, temp_dir_nt.c_str()));
diff --git a/sandbox/win/src/filesystem_dispatcher.cc b/sandbox/win/src/filesystem_dispatcher.cc
index 22240ff..275122b 100644
--- a/sandbox/win/src/filesystem_dispatcher.cc
+++ b/sandbox/win/src/filesystem_dispatcher.cc
@@ -83,7 +83,7 @@
}
bool FilesystemDispatcher::NtCreateFile(
- IPCInfo* ipc, std::wstring* name, DWORD attributes, DWORD desired_access,
+ IPCInfo* ipc, base::string16* name, DWORD attributes, DWORD desired_access,
DWORD file_attributes, DWORD share_access, DWORD create_disposition,
DWORD create_options) {
if (!PreProcessName(*name, name)) {
@@ -126,7 +126,7 @@
}
bool FilesystemDispatcher::NtOpenFile(
- IPCInfo* ipc, std::wstring* name, DWORD attributes, DWORD desired_access,
+ IPCInfo* ipc, base::string16* name, DWORD attributes, DWORD desired_access,
DWORD share_access, DWORD open_options) {
if (!PreProcessName(*name, name)) {
// The path requested might contain a reparse point.
@@ -166,7 +166,7 @@
}
bool FilesystemDispatcher::NtQueryAttributesFile(
- IPCInfo* ipc, std::wstring* name, DWORD attributes, CountedBuffer* info) {
+ IPCInfo* ipc, base::string16* name, DWORD attributes, CountedBuffer* info) {
if (sizeof(FILE_BASIC_INFORMATION) != info->Size())
return false;
@@ -204,7 +204,7 @@
}
bool FilesystemDispatcher::NtQueryFullAttributesFile(
- IPCInfo* ipc, std::wstring* name, DWORD attributes, CountedBuffer* info) {
+ IPCInfo* ipc, base::string16* name, DWORD attributes, CountedBuffer* info) {
if (sizeof(FILE_NETWORK_OPEN_INFORMATION) != info->Size())
return false;
@@ -257,7 +257,7 @@
if (!IsSupportedRenameCall(rename_info, length, info_class))
return false;
- std::wstring name;
+ base::string16 name;
name.assign(rename_info->FileName, rename_info->FileNameLength /
sizeof(rename_info->FileName[0]));
if (!PreProcessName(name, &name)) {
diff --git a/sandbox/win/src/filesystem_dispatcher.h b/sandbox/win/src/filesystem_dispatcher.h
index b0d9a7a..257e4f7 100644
--- a/sandbox/win/src/filesystem_dispatcher.h
+++ b/sandbox/win/src/filesystem_dispatcher.h
@@ -6,6 +6,7 @@
#define SANDBOX_SRC_FILESYSTEM_DISPATCHER_H__
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/sandbox_policy_base.h"
@@ -22,29 +23,31 @@
private:
// Processes IPC requests coming from calls to NtCreateFile in the target.
- bool NtCreateFile(IPCInfo* ipc, std::wstring* name, DWORD attributes,
+ bool NtCreateFile(IPCInfo* ipc, base::string16* name, DWORD attributes,
DWORD desired_access, DWORD file_attributes,
DWORD share_access, DWORD create_disposition,
DWORD create_options);
// Processes IPC requests coming from calls to NtOpenFile in the target.
- bool NtOpenFile(IPCInfo* ipc, std::wstring* name, DWORD attributes,
+ bool NtOpenFile(IPCInfo* ipc, base::string16* name, DWORD attributes,
DWORD desired_access, DWORD share_access,
DWORD create_options);
// Processes IPC requests coming from calls to NtQueryAttributesFile in the
// target.
- bool NtQueryAttributesFile(IPCInfo* ipc, std::wstring* name, DWORD attributes,
+ bool NtQueryAttributesFile(IPCInfo* ipc, base::string16* name,
+ DWORD attributes,
CountedBuffer* info);
// Processes IPC requests coming from calls to NtQueryFullAttributesFile in
// the target.
- bool NtQueryFullAttributesFile(IPCInfo* ipc, std::wstring* name,
+ bool NtQueryFullAttributesFile(IPCInfo* ipc, base::string16* name,
DWORD attributes, CountedBuffer* info);
// Processes IPC requests coming from calls to NtSetInformationFile with the
// rename information class.
- bool NtSetInformationFile(IPCInfo* ipc, HANDLE handle, CountedBuffer* status,
+ bool NtSetInformationFile(IPCInfo* ipc, HANDLE handle,
+ CountedBuffer* status,
CountedBuffer* info, DWORD length,
DWORD info_class);
diff --git a/sandbox/win/src/filesystem_policy.cc b/sandbox/win/src/filesystem_policy.cc
index 02707b0..331b9fb 100644
--- a/sandbox/win/src/filesystem_policy.cc
+++ b/sandbox/win/src/filesystem_policy.cc
@@ -61,7 +61,7 @@
bool FileSystemPolicy::GenerateRules(const wchar_t* name,
TargetPolicy::Semantics semantics,
LowLevelPolicy* policy) {
- std::wstring mod_name(name);
+ base::string16 mod_name(name);
if (mod_name.empty()) {
return false;
}
@@ -229,7 +229,7 @@
bool FileSystemPolicy::CreateFileAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &file,
+ const base::string16 &file,
uint32 attributes,
uint32 desired_access,
uint32 file_attributes,
@@ -260,7 +260,7 @@
bool FileSystemPolicy::OpenFileAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &file,
+ const base::string16 &file,
uint32 attributes,
uint32 desired_access,
uint32 share_access,
@@ -292,7 +292,7 @@
bool FileSystemPolicy::QueryAttributesFileAction(
EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &file,
+ const base::string16 &file,
uint32 attributes,
FILE_BASIC_INFORMATION* file_info,
NTSTATUS* nt_status) {
@@ -317,7 +317,7 @@
bool FileSystemPolicy::QueryFullAttributesFileAction(
EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &file,
+ const base::string16 &file,
uint32 attributes,
FILE_NETWORK_OPEN_INFORMATION* file_info,
NTSTATUS* nt_status) {
@@ -372,7 +372,7 @@
return true;
}
-bool PreProcessName(const std::wstring& path, std::wstring* new_path) {
+bool PreProcessName(const base::string16& path, base::string16* new_path) {
ConvertToLongPath(path, new_path);
bool reparsed = false;
diff --git a/sandbox/win/src/filesystem_policy.h b/sandbox/win/src/filesystem_policy.h
index bcedb63..68dffec 100644
--- a/sandbox/win/src/filesystem_policy.h
+++ b/sandbox/win/src/filesystem_policy.h
@@ -8,6 +8,7 @@
#include <string>
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/nt_internals.h"
#include "sandbox/win/src/policy_low_level.h"
@@ -39,7 +40,7 @@
// 'file' : The target file or directory.
static bool CreateFileAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &file,
+ const base::string16 &file,
uint32 attributes,
uint32 desired_access,
uint32 file_attributes,
@@ -57,7 +58,7 @@
// 'file' : The target file or directory.
static bool OpenFileAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &file,
+ const base::string16 &file,
uint32 attributes,
uint32 desired_access,
uint32 share_access,
@@ -70,7 +71,7 @@
// API that is compatible with the IPC-received parameters.
static bool QueryAttributesFileAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &file,
+ const base::string16 &file,
uint32 attributes,
FILE_BASIC_INFORMATION* file_info,
NTSTATUS* nt_status);
@@ -80,7 +81,7 @@
static bool QueryFullAttributesFileAction(
EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &file,
+ const base::string16 &file,
uint32 attributes,
FILE_NETWORK_OPEN_INFORMATION* file_info,
NTSTATUS* nt_status);
@@ -100,7 +101,7 @@
// Expands the path and check if it's a reparse point. Returns false if
// we cannot determine or if there is an unexpected error. In that case
// the path cannot be trusted.
-bool PreProcessName(const std::wstring& path, std::wstring* new_path);
+bool PreProcessName(const base::string16& path, base::string16* new_path);
} // namespace sandbox
diff --git a/sandbox/win/src/handle_closer.cc b/sandbox/win/src/handle_closer.cc
index 39915a9..d250ec3 100644
--- a/sandbox/win/src/handle_closer.cc
+++ b/sandbox/win/src/handle_closer.cc
@@ -34,8 +34,8 @@
HandleCloser::HandleCloser() {}
-ResultCode HandleCloser::AddHandle(const char16* handle_type,
- const char16* handle_name) {
+ResultCode HandleCloser::AddHandle(const base::char16* handle_type,
+ const base::char16* handle_name) {
if (!handle_type)
return SBOX_ERROR_BAD_PARAMS;
@@ -61,10 +61,10 @@
for (HandleMap::iterator i = handles_to_close_.begin();
i != handles_to_close_.end(); ++i) {
size_t bytes_entry = offsetof(HandleListEntry, handle_type) +
- (i->first.size() + 1) * sizeof(char16);
+ (i->first.size() + 1) * sizeof(base::char16);
for (HandleMap::mapped_type::iterator j = i->second.begin();
j != i->second.end(); ++j) {
- bytes_entry += ((*j).size() + 1) * sizeof(char16);
+ bytes_entry += ((*j).size() + 1) * sizeof(base::char16);
}
// Round up to the nearest multiple of word size.
@@ -119,8 +119,9 @@
handle_info->record_bytes = buffer_bytes;
handle_info->num_handle_types = handles_to_close_.size();
- char16* output = reinterpret_cast<char16*>(&handle_info->handle_entries[0]);
- char16* end = reinterpret_cast<char16*>(
+ base::char16* output = reinterpret_cast<base::char16*>(
+ &handle_info->handle_entries[0]);
+ base::char16* end = reinterpret_cast<base::char16*>(
reinterpret_cast<char*>(buffer) + buffer_bytes);
for (HandleMap::iterator i = handles_to_close_.begin();
i != handles_to_close_.end(); ++i) {
@@ -174,7 +175,7 @@
return true;
}
-bool GetHandleName(HANDLE handle, string16* handle_name) {
+bool GetHandleName(HANDLE handle, base::string16* handle_name) {
static NtQueryObject QueryObject = NULL;
if (!QueryObject)
ResolveNTFunctionPtr("NtQueryObject", &QueryObject);
diff --git a/sandbox/win/src/handle_closer.h b/sandbox/win/src/handle_closer.h
index a6f81d5..a5808d1 100644
--- a/sandbox/win/src/handle_closer.h
+++ b/sandbox/win/src/handle_closer.h
@@ -19,14 +19,15 @@
// This is a map of handle-types to names that we need to close in the
// target process. A null set means we need to close all handles of the
// given type.
-typedef std::map<const string16, std::set<const string16> > HandleMap;
+typedef std::map<const base::string16, std::set<const base::string16> >
+ HandleMap;
// Type and set of corresponding handle names to close.
struct HandleListEntry {
size_t record_bytes; // Rounded to sizeof(size_t) bytes.
size_t offset_to_names; // Nul terminated strings of name_count names.
size_t name_count;
- char16 handle_type[1];
+ base::char16 handle_type[1];
};
// Global parameters and a pointer to the list of entries.
@@ -46,7 +47,8 @@
// Adds a handle that will be closed in the target process after lockdown.
// A NULL value for handle_name indicates all handles of the specified type.
// An empty string for handle_name indicates the handle is unnamed.
- ResultCode AddHandle(const char16* handle_type, const char16* handle_name);
+ ResultCode AddHandle(const base::char16* handle_type,
+ const base::char16* handle_name);
// Serializes and copies the closer table into the target process.
bool InitializeTargetHandles(TargetProcess* target);
@@ -68,7 +70,7 @@
};
// Returns the object manager's name associated with a handle
-bool GetHandleName(HANDLE handle, string16* handle_name);
+bool GetHandleName(HANDLE handle, base::string16* handle_name);
} // namespace sandbox
diff --git a/sandbox/win/src/handle_closer_agent.cc b/sandbox/win/src/handle_closer_agent.cc
index bc75e73..be0ffc1 100644
--- a/sandbox/win/src/handle_closer_agent.cc
+++ b/sandbox/win/src/handle_closer_agent.cc
@@ -49,9 +49,9 @@
HandleListEntry* entry = g_handles_to_close->handle_entries;
for (size_t i = 0; i < g_handles_to_close->num_handle_types; ++i) {
// Set the type name.
- char16* input = entry->handle_type;
+ base::char16* input = entry->handle_type;
HandleMap::mapped_type& handle_names = handles_to_close_[input];
- input = reinterpret_cast<char16*>(reinterpret_cast<char*>(entry)
+ input = reinterpret_cast<base::char16*>(reinterpret_cast<char*>(entry)
+ entry->offset_to_names);
// Grab all the handle names.
for (size_t j = 0; j < entry->name_count; ++j) {
@@ -65,9 +65,9 @@
entry = reinterpret_cast<HandleListEntry*>(reinterpret_cast<char*>(entry)
+ entry->record_bytes);
- DCHECK(reinterpret_cast<char16*>(entry) >= input);
- DCHECK(reinterpret_cast<char16*>(entry) - input <
- sizeof(size_t) / sizeof(char16));
+ DCHECK(reinterpret_cast<base::char16*>(entry) >= input);
+ DCHECK(reinterpret_cast<base::char16*>(entry) - input <
+ sizeof(size_t) / sizeof(base::char16));
}
// Clean up the memory we copied over.
@@ -88,7 +88,7 @@
32 * sizeof(wchar_t));
OBJECT_TYPE_INFORMATION* type_info =
reinterpret_cast<OBJECT_TYPE_INFORMATION*>(&(type_info_buffer[0]));
- string16 handle_name;
+ base::string16 handle_name;
HANDLE handle = NULL;
int invalid_count = 0;
diff --git a/sandbox/win/src/handle_closer_test.cc b/sandbox/win/src/handle_closer_test.cc
index ba0e33a..9adcf6c 100644
--- a/sandbox/win/src/handle_closer_test.cc
+++ b/sandbox/win/src/handle_closer_test.cc
@@ -19,7 +19,7 @@
HANDLE GetMarkerFile(const wchar_t *extension) {
wchar_t path_buffer[MAX_PATH + 1];
CHECK(::GetTempPath(MAX_PATH, path_buffer));
- string16 marker_path = path_buffer;
+ base::string16 marker_path = path_buffer;
marker_path += L"\\sbox_marker_";
// Generate a unique value from the exe's size and timestamp.
@@ -76,7 +76,7 @@
const size_t kHandleOffset = sizeof(HANDLE);
HANDLE handle = NULL;
int invalid_count = 0;
- string16 handle_name;
+ base::string16 handle_name;
if (!::GetProcessHandleCount(::GetCurrentProcess(), &handle_count))
return SBOX_TEST_FAILED_TO_RUN_TEST;
@@ -110,9 +110,9 @@
runner.SetTestState(EVERY_STATE);
sandbox::TargetPolicy* policy = runner.GetPolicy();
- string16 command = string16(L"CheckForFileHandles Y");
+ base::string16 command = base::string16(L"CheckForFileHandles Y");
for (int i = 0; i < arraysize(kFileExtensions); ++i) {
- string16 handle_name;
+ base::string16 handle_name;
base::win::ScopedHandle marker(GetMarkerFile(kFileExtensions[i]));
CHECK(marker.IsValid());
CHECK(sandbox::GetHandleName(marker, &handle_name));
@@ -130,9 +130,9 @@
runner.SetTestState(EVERY_STATE);
sandbox::TargetPolicy* policy = runner.GetPolicy();
- string16 command = string16(L"CheckForFileHandles N");
+ base::string16 command = base::string16(L"CheckForFileHandles N");
for (int i = 0; i < arraysize(kFileExtensions); ++i) {
- string16 handle_name;
+ base::string16 handle_name;
base::win::ScopedHandle marker(GetMarkerFile(kFileExtensions[i]));
CHECK(marker.IsValid());
CHECK(sandbox::GetHandleName(marker, &handle_name));
diff --git a/sandbox/win/src/handle_dispatcher.cc b/sandbox/win/src/handle_dispatcher.cc
index 26b8fc3..6acb6f9 100644
--- a/sandbox/win/src/handle_dispatcher.cc
+++ b/sandbox/win/src/handle_dispatcher.cc
@@ -53,10 +53,11 @@
HANDLE handle_temp;
if (!::DuplicateHandle(ipc->client_info->process, source_handle,
::GetCurrentProcess(), &handle_temp,
- 0, FALSE, DUPLICATE_SAME_ACCESS)) {
+ 0, FALSE, DUPLICATE_SAME_ACCESS | options)) {
ipc->return_info.win32_result = ::GetLastError();
return false;
}
+ options &= ~DUPLICATE_CLOSE_SOURCE;
base::win::ScopedHandle handle(handle_temp);
// Get the object type (32 characters is safe; current max is 14).
@@ -78,8 +79,7 @@
EvalResult eval = policy_base_->EvalPolicy(IPC_DUPLICATEHANDLEPROXY_TAG,
params.GetBase());
ipc->return_info.win32_result =
- HandlePolicy::DuplicateHandleProxyAction(eval, *ipc->client_info,
- source_handle,
+ HandlePolicy::DuplicateHandleProxyAction(eval, handle,
target_process_id,
&ipc->return_info.handle,
desired_access, options);
diff --git a/sandbox/win/src/handle_policy.cc b/sandbox/win/src/handle_policy.cc
index 718376e..f5f1c27 100644
--- a/sandbox/win/src/handle_policy.cc
+++ b/sandbox/win/src/handle_policy.cc
@@ -52,7 +52,6 @@
}
DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,
- const ClientInfo& client_info,
HANDLE source_handle,
DWORD target_process_id,
HANDLE* target_handle,
@@ -81,7 +80,7 @@
HANDLE target_process = remote_target_process.IsValid() ?
remote_target_process.Get() : ::GetCurrentProcess();
DWORD result = ERROR_SUCCESS;
- if (!::DuplicateHandle(client_info.process, source_handle, target_process,
+ if (!::DuplicateHandle(::GetCurrentProcess(), source_handle, target_process,
target_handle, desired_access, FALSE,
options)) {
return ::GetLastError();
diff --git a/sandbox/win/src/handle_policy.h b/sandbox/win/src/handle_policy.h
index d91a039..ffe54b8 100644
--- a/sandbox/win/src/handle_policy.h
+++ b/sandbox/win/src/handle_policy.h
@@ -27,7 +27,6 @@
// Processes a 'TargetPolicy::DuplicateHandle()' request from the target.
static DWORD DuplicateHandleProxyAction(EvalResult eval_result,
- const ClientInfo& client_info,
HANDLE source_handle,
DWORD target_process_id,
HANDLE* target_handle,
diff --git a/sandbox/win/src/handle_policy_test.cc b/sandbox/win/src/handle_policy_test.cc
index 11e888a..99b1717 100644
--- a/sandbox/win/src/handle_policy_test.cc
+++ b/sandbox/win/src/handle_policy_test.cc
@@ -54,8 +54,8 @@
EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"Handle_WaitProcess 30000"));
// First test that we fail to open the event.
- std::wstring cmd_line = base::StringPrintf(L"Handle_DuplicateEvent %d",
- target.process_id());
+ base::string16 cmd_line = base::StringPrintf(L"Handle_DuplicateEvent %d",
+ target.process_id());
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(cmd_line.c_str()));
// Now successfully open the event after adding a duplicate handle rule.
@@ -76,8 +76,8 @@
EXPECT_EQ(SBOX_TEST_SUCCEEDED, target.RunTest(L"Handle_WaitProcess 30000"));
// First test that we fail to open the event.
- std::wstring cmd_line = base::StringPrintf(L"Handle_DuplicateEvent %d",
- target.process_id());
+ base::string16 cmd_line = base::StringPrintf(L"Handle_DuplicateEvent %d",
+ target.process_id());
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(cmd_line.c_str()));
// Now successfully open the event after adding a duplicate handle rule.
@@ -92,7 +92,7 @@
TestRunner runner;
// First test that we fail to open the event.
- std::wstring cmd_line = base::StringPrintf(L"Handle_DuplicateEvent %d",
+ base::string16 cmd_line = base::StringPrintf(L"Handle_DuplicateEvent %d",
::GetCurrentProcessId());
EXPECT_EQ(SBOX_TEST_DENIED, runner.RunTest(cmd_line.c_str()));
diff --git a/sandbox/win/src/handle_table.cc b/sandbox/win/src/handle_table.cc
index 7230dff..3b2febe 100644
--- a/sandbox/win/src/handle_table.cc
+++ b/sandbox/win/src/handle_table.cc
@@ -22,22 +22,22 @@
namespace sandbox {
-const char16* HandleTable::kTypeProcess = L"Process";
-const char16* HandleTable::kTypeThread = L"Thread";
-const char16* HandleTable::kTypeFile = L"File";
-const char16* HandleTable::kTypeDirectory = L"Directory";
-const char16* HandleTable::kTypeKey = L"Key";
-const char16* HandleTable::kTypeWindowStation = L"WindowStation";
-const char16* HandleTable::kTypeDesktop = L"Desktop";
-const char16* HandleTable::kTypeService = L"Service";
-const char16* HandleTable::kTypeMutex = L"Mutex";
-const char16* HandleTable::kTypeSemaphore = L"Semaphore";
-const char16* HandleTable::kTypeEvent = L"Event";
-const char16* HandleTable::kTypeTimer = L"Timer";
-const char16* HandleTable::kTypeNamedPipe = L"NamedPipe";
-const char16* HandleTable::kTypeJobObject = L"JobObject";
-const char16* HandleTable::kTypeFileMap = L"FileMap";
-const char16* HandleTable::kTypeAlpcPort = L"ALPC Port";
+const base::char16* HandleTable::kTypeProcess = L"Process";
+const base::char16* HandleTable::kTypeThread = L"Thread";
+const base::char16* HandleTable::kTypeFile = L"File";
+const base::char16* HandleTable::kTypeDirectory = L"Directory";
+const base::char16* HandleTable::kTypeKey = L"Key";
+const base::char16* HandleTable::kTypeWindowStation = L"WindowStation";
+const base::char16* HandleTable::kTypeDesktop = L"Desktop";
+const base::char16* HandleTable::kTypeService = L"Service";
+const base::char16* HandleTable::kTypeMutex = L"Mutex";
+const base::char16* HandleTable::kTypeSemaphore = L"Semaphore";
+const base::char16* HandleTable::kTypeEvent = L"Event";
+const base::char16* HandleTable::kTypeTimer = L"Timer";
+const base::char16* HandleTable::kTypeNamedPipe = L"NamedPipe";
+const base::char16* HandleTable::kTypeJobObject = L"JobObject";
+const base::char16* HandleTable::kTypeFileMap = L"FileMap";
+const base::char16* HandleTable::kTypeAlpcPort = L"ALPC Port";
HandleTable::HandleTable() {
static NtQuerySystemInformation QuerySystemInformation = NULL;
@@ -151,17 +151,17 @@
return type_info_buffer_.empty() ? NULL : type_info_internal();
}
-const string16& HandleTable::HandleEntry::Name() {
+const base::string16& HandleTable::HandleEntry::Name() {
UpdateInfo(UPDATE_INFO_AND_NAME);
return handle_name_;
}
-const string16& HandleTable::HandleEntry::Type() {
+const base::string16& HandleTable::HandleEntry::Type() {
UpdateInfo(UPDATE_INFO_AND_TYPE_NAME);
return type_name_;
}
-bool HandleTable::HandleEntry::IsType(const string16& type_string) {
+bool HandleTable::HandleEntry::IsType(const base::string16& type_string) {
UpdateInfo(UPDATE_INFO_ONLY);
if (type_info_buffer_.empty())
return false;
diff --git a/sandbox/win/src/handle_table.h b/sandbox/win/src/handle_table.h
index 21ff80f..1b553fa 100644
--- a/sandbox/win/src/handle_table.h
+++ b/sandbox/win/src/handle_table.h
@@ -18,22 +18,22 @@
// for iterating through the table and retrieving handle info.
class HandleTable {
public:
- static const char16* HandleTable::kTypeProcess;
- static const char16* HandleTable::kTypeThread;
- static const char16* HandleTable::kTypeFile;
- static const char16* HandleTable::kTypeDirectory;
- static const char16* HandleTable::kTypeKey;
- static const char16* HandleTable::kTypeWindowStation;
- static const char16* HandleTable::kTypeDesktop;
- static const char16* HandleTable::kTypeService;
- static const char16* HandleTable::kTypeMutex;
- static const char16* HandleTable::kTypeSemaphore;
- static const char16* HandleTable::kTypeEvent;
- static const char16* HandleTable::kTypeTimer;
- static const char16* HandleTable::kTypeNamedPipe;
- static const char16* HandleTable::kTypeJobObject;
- static const char16* HandleTable::kTypeFileMap;
- static const char16* HandleTable::kTypeAlpcPort;
+ static const base::char16* HandleTable::kTypeProcess;
+ static const base::char16* HandleTable::kTypeThread;
+ static const base::char16* HandleTable::kTypeFile;
+ static const base::char16* HandleTable::kTypeDirectory;
+ static const base::char16* HandleTable::kTypeKey;
+ static const base::char16* HandleTable::kTypeWindowStation;
+ static const base::char16* HandleTable::kTypeDesktop;
+ static const base::char16* HandleTable::kTypeService;
+ static const base::char16* HandleTable::kTypeMutex;
+ static const base::char16* HandleTable::kTypeSemaphore;
+ static const base::char16* HandleTable::kTypeEvent;
+ static const base::char16* HandleTable::kTypeTimer;
+ static const base::char16* HandleTable::kTypeNamedPipe;
+ static const base::char16* HandleTable::kTypeJobObject;
+ static const base::char16* HandleTable::kTypeFileMap;
+ static const base::char16* HandleTable::kTypeAlpcPort;
class Iterator;
@@ -54,11 +54,11 @@
const OBJECT_TYPE_INFORMATION* TypeInfo();
- const string16& Name();
+ const base::string16& Name();
- const string16& Type();
+ const base::string16& Type();
- bool IsType(const string16& type_string);
+ bool IsType(const base::string16& type_string);
private:
friend class Iterator;
@@ -84,8 +84,8 @@
const SYSTEM_HANDLE_INFORMATION* handle_entry_;
const SYSTEM_HANDLE_INFORMATION* last_entry_;
std::vector<BYTE> type_info_buffer_;
- string16 handle_name_;
- string16 type_name_;
+ base::string16 handle_name_;
+ base::string16 type_name_;
DISALLOW_COPY_AND_ASSIGN(HandleEntry);
};
diff --git a/sandbox/win/src/interception.cc b/sandbox/win/src/interception.cc
index 8c897a1..dde5857 100644
--- a/sandbox/win/src/interception.cc
+++ b/sandbox/win/src/interception.cc
@@ -11,6 +11,7 @@
#include "base/logging.h"
#include "base/memory/scoped_ptr.h"
+#include "base/strings/string16.h"
#include "base/win/pe_image.h"
#include "base/win/windows_version.h"
#include "sandbox/win/src/interception_internal.h"
@@ -141,7 +142,7 @@
}
size_t InterceptionManager::GetBufferSize() const {
- std::set<std::wstring> dlls;
+ std::set<base::string16> dlls;
size_t buffer_bytes = 0;
std::list<InterceptionData>::const_iterator it = interceptions_.begin();
@@ -202,7 +203,7 @@
continue;
}
- const std::wstring dll = it->dll;
+ const base::string16 dll = it->dll;
if (!SetupDllInfo(*it, &buffer, &buffer_bytes))
return false;
@@ -355,7 +356,7 @@
if (data.type >= INTERCEPTION_LAST)
return false;
- std::wstring ntdll(kNtdllName);
+ base::string16 ntdll(kNtdllName);
if (ntdll == data.dll)
return false; // ntdll has to be intercepted from the parent
@@ -493,7 +494,7 @@
std::list<InterceptionData>::iterator it = interceptions_.begin();
for (; it != interceptions_.end(); ++it) {
- const std::wstring ntdll(kNtdllName);
+ const base::string16 ntdll(kNtdllName);
if (it->dll != ntdll)
break;
diff --git a/sandbox/win/src/interception.h b/sandbox/win/src/interception.h
index c73b597..739c816 100644
--- a/sandbox/win/src/interception.h
+++ b/sandbox/win/src/interception.h
@@ -14,6 +14,7 @@
#include "base/basictypes.h"
#include "base/gtest_prod_util.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/sandbox_types.h"
namespace sandbox {
@@ -135,7 +136,7 @@
struct InterceptionData {
InterceptionType type; // Interception type.
InterceptorId id; // Interceptor id.
- std::wstring dll; // Name of dll to intercept.
+ base::string16 dll; // Name of dll to intercept.
std::string function; // Name of function to intercept.
std::string interceptor; // Name of interceptor function.
const void* interceptor_address; // Interceptor's entry point.
diff --git a/sandbox/win/src/ipc_unittest.cc b/sandbox/win/src/ipc_unittest.cc
index daca7bb..53b870c 100644
--- a/sandbox/win/src/ipc_unittest.cc
+++ b/sandbox/win/src/ipc_unittest.cc
@@ -160,7 +160,7 @@
CrossCallReturn answer;
uint32 tag1 = 666;
const wchar_t text[] = L"98765 - 43210";
- std::wstring copied_text;
+ base::string16 copied_text;
CrossCallParamsEx* actual_params;
CrossCall(client, tag1, text, &answer);
@@ -204,7 +204,7 @@
EXPECT_STREQ(text, copied_text.c_str());
param_size = 1;
- std::wstring copied_text_p0, copied_text_p2;
+ base::string16 copied_text_p0, copied_text_p2;
const wchar_t text2[] = L"AeFG";
CrossCall(client, tag1, text2, null_text, text, &answer);
diff --git a/sandbox/win/src/named_pipe_dispatcher.cc b/sandbox/win/src/named_pipe_dispatcher.cc
index c3f9851..daf88f8 100644
--- a/sandbox/win/src/named_pipe_dispatcher.cc
+++ b/sandbox/win/src/named_pipe_dispatcher.cc
@@ -5,6 +5,7 @@
#include "sandbox/win/src/named_pipe_dispatcher.h"
#include "base/basictypes.h"
+#include "base/strings/string_split.h"
#include "sandbox/win/src/crosscall_client.h"
#include "sandbox/win/src/interception.h"
@@ -40,9 +41,26 @@
}
bool NamedPipeDispatcher::CreateNamedPipe(
- IPCInfo* ipc, std::wstring* name, DWORD open_mode, DWORD pipe_mode,
+ IPCInfo* ipc, base::string16* name, DWORD open_mode, DWORD pipe_mode,
DWORD max_instances, DWORD out_buffer_size, DWORD in_buffer_size,
DWORD default_timeout) {
+ ipc->return_info.win32_result = ERROR_ACCESS_DENIED;
+ ipc->return_info.handle = INVALID_HANDLE_VALUE;
+
+ std::vector<base::string16> paths;
+ std::vector<base::string16> innerpaths;
+ base::SplitString(*name, '/', &paths);
+
+ for (std::vector<base::string16>::const_iterator iter = paths.begin();
+ iter != paths.end(); ++iter) {
+ base::SplitString(*iter, '\\', &innerpaths);
+ for (std::vector<base::string16>::const_iterator iter2 = innerpaths.begin();
+ iter2 != innerpaths.end(); ++iter2) {
+ if (*iter2 == L"..")
+ return true;
+ }
+ }
+
const wchar_t* pipe_name = name->c_str();
CountedParameterSet<NameBased> params;
params[NameBased::NAME] = ParamPickerMake(pipe_name);
@@ -50,6 +68,16 @@
EvalResult eval = policy_base_->EvalPolicy(IPC_CREATENAMEDPIPEW_TAG,
params.GetBase());
+ // "For file I/O, the "\\?\" prefix to a path string tells the Windows APIs to
+ // disable all string parsing and to send the string that follows it straight
+ // to the file system."
+ // http://msdn.microsoft.com/en-us/library/aa365247(VS.85).aspx
+ // This ensures even if there is a path traversal in the pipe name, and it is
+ // able to get past the checks above, it will still not be allowed to escape
+ // our whitelisted namespace.
+ if (name->compare(0, 4, L"\\\\.\\") == 0)
+ name->replace(0, 4, L"\\\\\?\\");
+
HANDLE pipe;
DWORD ret = NamedPipePolicy::CreateNamedPipeAction(eval, *ipc->client_info,
*name, open_mode,
diff --git a/sandbox/win/src/named_pipe_dispatcher.h b/sandbox/win/src/named_pipe_dispatcher.h
index 0d03b2e..0707284 100644
--- a/sandbox/win/src/named_pipe_dispatcher.h
+++ b/sandbox/win/src/named_pipe_dispatcher.h
@@ -6,6 +6,7 @@
#define SANDBOX_SRC_NAMED_PIPE_DISPATCHER_H__
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/sandbox_policy_base.h"
@@ -23,7 +24,7 @@
private:
// Processes IPC requests coming from calls to CreateNamedPipeW() in the
// target.
- bool CreateNamedPipe(IPCInfo* ipc, std::wstring* name, DWORD open_mode,
+ bool CreateNamedPipe(IPCInfo* ipc, base::string16* name, DWORD open_mode,
DWORD pipe_mode, DWORD max_instances,
DWORD out_buffer_size, DWORD in_buffer_size,
DWORD default_timeout);
diff --git a/sandbox/win/src/named_pipe_policy.cc b/sandbox/win/src/named_pipe_policy.cc
index 0f620b1..eee719e 100644
--- a/sandbox/win/src/named_pipe_policy.cc
+++ b/sandbox/win/src/named_pipe_policy.cc
@@ -60,7 +60,7 @@
DWORD NamedPipePolicy::CreateNamedPipeAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &name,
+ const base::string16 &name,
DWORD open_mode, DWORD pipe_mode,
DWORD max_instances,
DWORD out_buffer_size,
diff --git a/sandbox/win/src/named_pipe_policy.h b/sandbox/win/src/named_pipe_policy.h
index 1ba07b8..c904aa3 100644
--- a/sandbox/win/src/named_pipe_policy.h
+++ b/sandbox/win/src/named_pipe_policy.h
@@ -8,6 +8,7 @@
#include <string>
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/policy_low_level.h"
#include "sandbox/win/src/sandbox_policy.h"
@@ -31,7 +32,7 @@
// Processes a 'CreateNamedPipeW()' request from the target.
static DWORD CreateNamedPipeAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &name,
+ const base::string16 &name,
DWORD open_mode, DWORD pipe_mode,
DWORD max_instances,
DWORD out_buffer_size,
diff --git a/sandbox/win/src/named_pipe_policy_test.cc b/sandbox/win/src/named_pipe_policy_test.cc
index b89a191..fe8c71f 100644
--- a/sandbox/win/src/named_pipe_policy_test.cc
+++ b/sandbox/win/src/named_pipe_policy_test.cc
@@ -1,18 +1,20 @@
-// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "testing/gtest/include/gtest/gtest.h"
+#include "base/win/windows_version.h"
+#include "sandbox/win/src/handle_closer.h"
#include "sandbox/win/src/sandbox.h"
#include "sandbox/win/src/sandbox_policy.h"
#include "sandbox/win/src/sandbox_factory.h"
#include "sandbox/win/tests/common/controller.h"
+#include "testing/gtest/include/gtest/gtest.h"
namespace sandbox {
SBOX_TESTS_COMMAND int NamedPipe_Create(int argc, wchar_t **argv) {
- if (argc != 1) {
+ if (argc < 1 || argc > 2) {
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
}
if ((NULL == argv) || (NULL == argv[0])) {
@@ -26,6 +28,18 @@
if (INVALID_HANDLE_VALUE == pipe)
return SBOX_TEST_DENIED;
+ // The second parameter allows us to enforce a whitelist for where the
+ // pipe should be in the object namespace after creation.
+ if (argc == 2) {
+ base::string16 handle_name;
+ if (GetHandleName(pipe, &handle_name)) {
+ if (handle_name.compare(0, wcslen(argv[1]), argv[1]) != 0)
+ return SBOX_TEST_FAILED;
+ } else {
+ return SBOX_TEST_FAILED;
+ }
+ }
+
OVERLAPPED overlapped = {0};
overlapped.hEvent = ::CreateEvent(NULL, TRUE, TRUE, NULL);
BOOL result = ::ConnectNamedPipe(pipe, &overlapped);
@@ -45,19 +59,59 @@
return SBOX_TEST_SUCCEEDED;
}
-// Tests if we can create a pipe in the sandbox. On XP, the sandbox can create
-// a pipe without any help but it fails on Vista, this is why we do not test
-// the "denied" case.
+// Tests if we can create a pipe in the sandbox.
TEST(NamedPipePolicyTest, CreatePipe) {
TestRunner runner;
// TODO(nsylvain): This policy is wrong because "*" is a valid char in a
// namedpipe name. Here we apply it like a wildcard. http://b/893603
EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
TargetPolicy::NAMEDPIPES_ALLOW_ANY,
+ L"\\\\.\\pipe\\test*"));
+
+ EXPECT_EQ(SBOX_TEST_SUCCEEDED,
+ runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
+
+ // On XP, the sandbox can create a pipe without any help but it fails on
+ // Vista+, this is why we do not test the "denied" case.
+ if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
+ EXPECT_EQ(SBOX_TEST_DENIED,
+ runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh"));
+ }
+}
+
+// Tests if we can create a pipe with a path traversal in the sandbox.
+TEST(NamedPipePolicyTest, CreatePipeTraversal) {
+ TestRunner runner;
+ // TODO(nsylvain): This policy is wrong because "*" is a valid char in a
+ // namedpipe name. Here we apply it like a wildcard. http://b/893603
+ EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_NAMED_PIPES,
+ TargetPolicy::NAMEDPIPES_ALLOW_ANY,
L"\\\\.\\pipe\\test*"));
- EXPECT_EQ(SBOX_TEST_SUCCEEDED,
- runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
+ // On XP, the sandbox can create a pipe without any help but it fails on
+ // Vista+, this is why we do not test the "denied" case.
+ if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
+ EXPECT_EQ(SBOX_TEST_DENIED,
+ runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\..\\bleh"));
+ EXPECT_EQ(SBOX_TEST_DENIED,
+ runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/../bleh"));
+ EXPECT_EQ(SBOX_TEST_DENIED,
+ runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test\\../bleh"));
+ EXPECT_EQ(SBOX_TEST_DENIED,
+ runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\test/..\\bleh"));
+ }
+}
+
+// This tests that path canonicalization is actually disabled if we use \\?\
+// syntax.
+TEST(NamedPipePolicyTest, CreatePipeCanonicalization) {
+ // "For file I/O, the "\\?\" prefix to a path string tells the Windows APIs to
+ // disable all string parsing and to send the string that follows it straight
+ // to the file system."
+ // http://msdn.microsoft.com/en-us/library/aa365247(VS.85).aspx
+ wchar_t* argv[2] = { L"\\\\?\\pipe\\test\\..\\bleh",
+ L"\\Device\\NamedPipe\\test" };
+ EXPECT_EQ(SBOX_TEST_SUCCEEDED, NamedPipe_Create(2, argv));
}
// The same test as CreatePipe but this time using strict interceptions.
@@ -73,6 +127,13 @@
EXPECT_EQ(SBOX_TEST_SUCCEEDED,
runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\testbleh"));
+
+ // On XP, the sandbox can create a pipe without any help but it fails on
+ // Vista+, this is why we do not test the "denied" case.
+ if (base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
+ EXPECT_EQ(SBOX_TEST_DENIED,
+ runner.RunTest(L"NamedPipe_Create \\\\.\\pipe\\bleh"));
+ }
}
} // namespace sandbox
diff --git a/sandbox/win/src/nt_internals.h b/sandbox/win/src/nt_internals.h
index e0c74ac..8b22e0e 100644
--- a/sandbox/win/src/nt_internals.h
+++ b/sandbox/win/src/nt_internals.h
@@ -25,6 +25,7 @@
#define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)
#define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L)
#define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L)
+#define STATUS_OBJECT_NAME_COLLISION ((NTSTATUS)0xC0000035L)
#define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS)0xC000007AL)
#define STATUS_INVALID_IMAGE_FORMAT ((NTSTATUS)0xC000007BL)
#define STATUS_NO_TOKEN ((NTSTATUS)0xC000007CL)
@@ -125,6 +126,15 @@
#define FILE_OPEN_NO_RECALL 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
+// Create/open result values. These are the disposition values returned on the
+// io status information.
+#define FILE_SUPERSEDED 0x00000000
+#define FILE_OPENED 0x00000001
+#define FILE_CREATED 0x00000002
+#define FILE_OVERWRITTEN 0x00000003
+#define FILE_EXISTS 0x00000004
+#define FILE_DOES_NOT_EXIST 0x00000005
+
typedef NTSTATUS (WINAPI *NtCreateFileFunction)(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
diff --git a/sandbox/win/src/policy_low_level.cc b/sandbox/win/src/policy_low_level.cc
index 686caa1..b6331b9 100644
--- a/sandbox/win/src/policy_low_level.cc
+++ b/sandbox/win/src/policy_low_level.cc
@@ -151,7 +151,7 @@
bool PolicyRule::GenStringOpcode(RuleType rule_type,
StringMatchOptions match_opts,
uint16 parameter, int state, bool last_call,
- int* skip_count, std::wstring* fragment) {
+ int* skip_count, base::string16* fragment) {
// The last opcode must:
// 1) Always clear the context.
@@ -226,7 +226,7 @@
uint32 last_char = kLastCharIsNone;
int state = PENDING_NONE;
int skip_count = 0; // counts how many '?' we have seen in a row.
- std::wstring fragment; // accumulates the non-wildcard part of the string.
+ base::string16 fragment; // accumulates the non-wildcard part.
while (L'\0' != *current_char) {
switch (*current_char) {
diff --git a/sandbox/win/src/policy_low_level.h b/sandbox/win/src/policy_low_level.h
index 025a133..ca8b36f 100644
--- a/sandbox/win/src/policy_low_level.h
+++ b/sandbox/win/src/policy_low_level.h
@@ -8,6 +8,7 @@
#include <list>
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/ipc_tags.h"
#include "sandbox/win/src/policy_engine_params.h"
#include "sandbox/win/src/policy_engine_opcodes.h"
@@ -163,7 +164,7 @@
// in AddStringMatch.
bool GenStringOpcode(RuleType rule_type, StringMatchOptions match_opts,
uint16 parameter, int state, bool last_call,
- int* skip_count, std::wstring* fragment);
+ int* skip_count, base::string16* fragment);
// Loop over all generated opcodes and copy them to increasing memory
// addresses from opcode_start and copy the extra data (strings usually) into
diff --git a/sandbox/win/src/policy_target_test.cc b/sandbox/win/src/policy_target_test.cc
index 1e29df2..dba670a 100644
--- a/sandbox/win/src/policy_target_test.cc
+++ b/sandbox/win/src/policy_target_test.cc
@@ -229,7 +229,7 @@
wchar_t prog_name[MAX_PATH];
GetModuleFileNameW(NULL, prog_name, MAX_PATH);
- std::wstring arguments(L"\"");
+ base::string16 arguments(L"\"");
arguments += prog_name;
arguments += L"\" -child 0 wait"; // Don't care about the "state" argument.
@@ -256,7 +256,7 @@
EXPECT_NE(::GetThreadDesktop(target.thread_id()),
::GetThreadDesktop(::GetCurrentThreadId()));
- std::wstring desktop_name = policy->GetAlternateDesktop();
+ base::string16 desktop_name = policy->GetAlternateDesktop();
HDESK desk = ::OpenDesktop(desktop_name.c_str(), 0, FALSE, DESKTOP_ENUMERATE);
EXPECT_TRUE(NULL != desk);
EXPECT_TRUE(::CloseDesktop(desk));
@@ -292,7 +292,7 @@
wchar_t prog_name[MAX_PATH];
GetModuleFileNameW(NULL, prog_name, MAX_PATH);
- std::wstring arguments(L"\"");
+ base::string16 arguments(L"\"");
arguments += prog_name;
arguments += L"\" -child 0 wait"; // Don't care about the "state" argument.
@@ -319,11 +319,11 @@
EXPECT_NE(::GetThreadDesktop(target.thread_id()),
::GetThreadDesktop(::GetCurrentThreadId()));
- std::wstring desktop_name = policy->GetAlternateDesktop();
+ base::string16 desktop_name = policy->GetAlternateDesktop();
ASSERT_FALSE(desktop_name.empty());
// Make sure there is a backslash, for the window station name.
- EXPECT_NE(desktop_name.find_first_of(L'\\'), std::wstring::npos);
+ EXPECT_NE(desktop_name.find_first_of(L'\\'), base::string16::npos);
// Isolate the desktop name.
desktop_name = desktop_name.substr(desktop_name.find_first_of(L'\\') + 1);
diff --git a/sandbox/win/src/process_policy_test.cc b/sandbox/win/src/process_policy_test.cc
index a03e0be..af64f14 100644
--- a/sandbox/win/src/process_policy_test.cc
+++ b/sandbox/win/src/process_policy_test.cc
@@ -21,10 +21,10 @@
// While the shell API provides better calls than this home brew function
// we use GetSystemWindowsDirectoryW which does not query the registry so
// it is safe to use after revert.
-string16 MakeFullPathToSystem32(const wchar_t* name) {
+base::string16 MakeFullPathToSystem32(const wchar_t* name) {
wchar_t windows_path[MAX_PATH] = {0};
::GetSystemWindowsDirectoryW(windows_path, MAX_PATH);
- string16 full_path(windows_path);
+ base::string16 full_path(windows_path);
if (full_path.empty()) {
return full_path;
}
@@ -35,8 +35,8 @@
// Creates a process with the |exe| and |command| parameter using the
// unicode and ascii version of the api.
-sandbox::SboxTestResult CreateProcessHelper(const string16& exe,
- const string16& command) {
+sandbox::SboxTestResult CreateProcessHelper(const base::string16& exe,
+ const base::string16& command) {
base::win::ScopedProcessInformation pi;
STARTUPINFOW si = {sizeof(si)};
@@ -109,10 +109,10 @@
if ((NULL == argv) || (NULL == argv[0])) {
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
}
- string16 path = MakeFullPathToSystem32(argv[0]);
+ base::string16 path = MakeFullPathToSystem32(argv[0]);
// TEST 1: Try with the path in the app_name.
- return CreateProcessHelper(path, string16());
+ return CreateProcessHelper(path, base::string16());
}
SBOX_TESTS_COMMAND int Process_RunApp2(int argc, wchar_t **argv) {
@@ -122,13 +122,13 @@
if ((NULL == argv) || (NULL == argv[0])) {
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
}
- string16 path = MakeFullPathToSystem32(argv[0]);
+ base::string16 path = MakeFullPathToSystem32(argv[0]);
// TEST 2: Try with the path in the cmd_line.
- string16 cmd_line = L"\"";
+ base::string16 cmd_line = L"\"";
cmd_line += path;
cmd_line += L"\"";
- return CreateProcessHelper(string16(), cmd_line);
+ return CreateProcessHelper(base::string16(), cmd_line);
}
SBOX_TESTS_COMMAND int Process_RunApp3(int argc, wchar_t **argv) {
@@ -140,7 +140,7 @@
}
// TEST 3: Try file name in the cmd_line.
- return CreateProcessHelper(string16(), argv[0]);
+ return CreateProcessHelper(base::string16(), argv[0]);
}
SBOX_TESTS_COMMAND int Process_RunApp4(int argc, wchar_t **argv) {
@@ -152,7 +152,7 @@
}
// TEST 4: Try file name in the app_name and current directory sets correctly.
- string16 system32 = MakeFullPathToSystem32(L"");
+ base::string16 system32 = MakeFullPathToSystem32(L"");
wchar_t current_directory[MAX_PATH + 1];
int result4;
bool test_succeeded = false;
@@ -164,7 +164,7 @@
current_directory[ret] = L'\\';
current_directory[ret+1] = L'\0';
if (::SetCurrentDirectory(system32.c_str())) {
- result4 = CreateProcessHelper(argv[0], string16());
+ result4 = CreateProcessHelper(argv[0], base::string16());
if (::SetCurrentDirectory(current_directory)) {
test_succeeded = true;
}
@@ -185,13 +185,13 @@
if ((NULL == argv) || (NULL == argv[0])) {
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
}
- string16 path = MakeFullPathToSystem32(argv[0]);
+ base::string16 path = MakeFullPathToSystem32(argv[0]);
// TEST 5: Try with the path in the cmd_line and arguments.
- string16 cmd_line = L"\"";
+ base::string16 cmd_line = L"\"";
cmd_line += path;
cmd_line += L"\" /I";
- return CreateProcessHelper(string16(), cmd_line);
+ return CreateProcessHelper(base::string16(), cmd_line);
}
SBOX_TESTS_COMMAND int Process_RunApp6(int argc, wchar_t **argv) {
@@ -203,9 +203,9 @@
}
// TEST 6: Try with the file_name in the cmd_line and arguments.
- string16 cmd_line = argv[0];
+ base::string16 cmd_line = argv[0];
cmd_line += L" /I";
- return CreateProcessHelper(string16(), cmd_line);
+ return CreateProcessHelper(base::string16(), cmd_line);
}
// Creates a process and checks if it's possible to get a handle to it's token.
@@ -216,7 +216,7 @@
if ((NULL == argv) || (NULL == argv[0]))
return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND;
- string16 path = MakeFullPathToSystem32(argv[0]);
+ base::string16 path = MakeFullPathToSystem32(argv[0]);
STARTUPINFOW si = {sizeof(si)};
@@ -284,8 +284,8 @@
TEST(ProcessPolicyTest, CreateProcessAW) {
TestRunner runner;
- string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
- string16 system32 = MakeFullPathToSystem32(L"");
+ base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
+ base::string16 system32 = MakeFullPathToSystem32(L"");
ASSERT_TRUE(!exe_path.empty());
EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
TargetPolicy::PROCESS_MIN_EXEC,
@@ -339,7 +339,7 @@
TEST(ProcessPolicyTest, TestGetProcessTokenMinAccess) {
TestRunner runner;
- string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
+ base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
ASSERT_TRUE(!exe_path.empty());
EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
TargetPolicy::PROCESS_MIN_EXEC,
@@ -351,7 +351,7 @@
TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccess) {
TestRunner runner(JOB_UNPROTECTED, USER_INTERACTIVE, USER_INTERACTIVE);
- string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
+ base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
ASSERT_TRUE(!exe_path.empty());
EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
TargetPolicy::PROCESS_ALL_EXEC,
@@ -363,7 +363,7 @@
TEST(ProcessPolicyTest, TestGetProcessTokenMinAccessNoJob) {
TestRunner runner(JOB_NONE, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN);
- string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
+ base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
ASSERT_TRUE(!exe_path.empty());
EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
TargetPolicy::PROCESS_MIN_EXEC,
@@ -375,7 +375,7 @@
TEST(ProcessPolicyTest, TestGetProcessTokenMaxAccessNoJob) {
TestRunner runner(JOB_NONE, USER_INTERACTIVE, USER_INTERACTIVE);
- string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
+ base::string16 exe_path = MakeFullPathToSystem32(L"findstr.exe");
ASSERT_TRUE(!exe_path.empty());
EXPECT_TRUE(runner.AddRule(TargetPolicy::SUBSYS_PROCESS,
TargetPolicy::PROCESS_ALL_EXEC,
diff --git a/sandbox/win/src/process_thread_dispatcher.cc b/sandbox/win/src/process_thread_dispatcher.cc
index 4525b83..39b4132 100644
--- a/sandbox/win/src/process_thread_dispatcher.cc
+++ b/sandbox/win/src/process_thread_dispatcher.cc
@@ -29,20 +29,20 @@
// "c:\program files\test param" will first try to launch c:\program.exe then
// c:\program files\test.exe. We don't do that, we stop after at the first
// space when there is no quotes.
-std::wstring GetPathFromCmdLine(const std::wstring &cmd_line) {
- std::wstring exe_name;
+base::string16 GetPathFromCmdLine(const base::string16 &cmd_line) {
+ base::string16 exe_name;
// Check if it starts with '"'.
if (cmd_line[0] == L'\"') {
// Find the position of the second '"', this terminates the path.
- std::wstring::size_type pos = cmd_line.find(L'\"', 1);
- if (std::wstring::npos == pos)
+ base::string16::size_type pos = cmd_line.find(L'\"', 1);
+ if (base::string16::npos == pos)
return cmd_line;
exe_name = cmd_line.substr(1, pos - 1);
} else {
// There is no '"', that means that the appname is terminated at the
// first space.
- std::wstring::size_type pos = cmd_line.find(L' ');
- if (std::wstring::npos == pos) {
+ base::string16::size_type pos = cmd_line.find(L' ');
+ if (base::string16::npos == pos) {
// There is no space, the cmd_line contains only the app_name
exe_name = cmd_line;
} else {
@@ -55,7 +55,7 @@
// Returns true is the path in parameter is relative. False if it's
// absolute.
-bool IsPathRelative(const std::wstring &path) {
+bool IsPathRelative(const base::string16 &path) {
// A path is Relative if it's not a UNC path beginnning with \\ or a
// path beginning with a drive. (i.e. X:\)
if (path.find(L"\\\\") == 0 || path.find(L":\\") == 1)
@@ -64,8 +64,8 @@
}
// Converts a relative path to an absolute path.
-bool ConvertToAbsolutePath(const std::wstring& child_current_directory,
- bool use_env_path, std::wstring *path) {
+bool ConvertToAbsolutePath(const base::string16& child_current_directory,
+ bool use_env_path, base::string16 *path) {
wchar_t file_buffer[MAX_PATH];
wchar_t *file_part = NULL;
@@ -201,15 +201,15 @@
return true;
}
-bool ThreadProcessDispatcher::CreateProcessW(IPCInfo* ipc, std::wstring* name,
- std::wstring* cmd_line,
- std::wstring* cur_dir,
+bool ThreadProcessDispatcher::CreateProcessW(IPCInfo* ipc, base::string16* name,
+ base::string16* cmd_line,
+ base::string16* cur_dir,
CountedBuffer* info) {
if (sizeof(PROCESS_INFORMATION) != info->Size())
return false;
// Check if there is an application name.
- std::wstring exe_name;
+ base::string16 exe_name;
if (!name->empty())
exe_name = *name;
else
diff --git a/sandbox/win/src/process_thread_dispatcher.h b/sandbox/win/src/process_thread_dispatcher.h
index 1cc5743..fba2754 100644
--- a/sandbox/win/src/process_thread_dispatcher.h
+++ b/sandbox/win/src/process_thread_dispatcher.h
@@ -6,6 +6,7 @@
#define SANDBOX_SRC_PROCESS_THREAD_DISPATCHER_H_
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/sandbox_policy_base.h"
@@ -35,8 +36,11 @@
DWORD attributes);
// Processes IPC requests coming from calls to CreateProcessW() in the target.
- bool CreateProcessW(IPCInfo* ipc, std::wstring* name, std::wstring* cmd_line,
- std::wstring* cur_dir, CountedBuffer* info);
+ bool CreateProcessW(IPCInfo* ipc,
+ base::string16* name,
+ base::string16* cmd_line,
+ base::string16* cur_dir,
+ CountedBuffer* info);
PolicyBase* policy_base_;
DISALLOW_COPY_AND_ASSIGN(ThreadProcessDispatcher);
diff --git a/sandbox/win/src/process_thread_policy.cc b/sandbox/win/src/process_thread_policy.cc
index 9493b9e..85a2f97 100644
--- a/sandbox/win/src/process_thread_policy.cc
+++ b/sandbox/win/src/process_thread_policy.cc
@@ -217,8 +217,8 @@
DWORD ProcessPolicy::CreateProcessWAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &app_name,
- const std::wstring &command_line,
+ const base::string16 &app_name,
+ const base::string16 &command_line,
PROCESS_INFORMATION* process_info) {
// The only action supported is ASK_BROKER which means create the process.
if (GIVE_ALLACCESS != eval_result && GIVE_READONLY != eval_result) {
diff --git a/sandbox/win/src/process_thread_policy.h b/sandbox/win/src/process_thread_policy.h
index c35c52b..2871dca 100644
--- a/sandbox/win/src/process_thread_policy.h
+++ b/sandbox/win/src/process_thread_policy.h
@@ -10,6 +10,7 @@
#include "sandbox/win/src/policy_low_level.h"
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/sandbox_policy.h"
@@ -71,8 +72,8 @@
// 'command_line' : The command line passed to the created process.
static DWORD CreateProcessWAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &app_name,
- const std::wstring &command_line,
+ const base::string16 &app_name,
+ const base::string16 &command_line,
PROCESS_INFORMATION* process_info);
};
diff --git a/sandbox/win/src/registry_dispatcher.cc b/sandbox/win/src/registry_dispatcher.cc
index f4dc5f5..2a92497 100644
--- a/sandbox/win/src/registry_dispatcher.cc
+++ b/sandbox/win/src/registry_dispatcher.cc
@@ -20,8 +20,8 @@
namespace {
// Builds a path using the root directory and the name.
-bool GetCompletePath(HANDLE root, const std::wstring& name,
- std::wstring* complete_name) {
+bool GetCompletePath(HANDLE root, const base::string16& name,
+ base::string16* complete_name) {
if (root) {
if (!sandbox::GetPathFromHandle(root, complete_name))
return false;
@@ -72,10 +72,10 @@
}
bool RegistryDispatcher::NtCreateKey(
- IPCInfo* ipc, std::wstring* name, DWORD attributes, HANDLE root,
+ IPCInfo* ipc, base::string16* name, DWORD attributes, HANDLE root,
DWORD desired_access, DWORD title_index, DWORD create_options) {
base::win::ScopedHandle root_handle;
- std::wstring real_path = *name;
+ base::string16 real_path = *name;
// If there is a root directory, we need to duplicate the handle to make
// it valid in this process.
@@ -117,11 +117,11 @@
return true;
}
-bool RegistryDispatcher::NtOpenKey(IPCInfo* ipc, std::wstring* name,
+bool RegistryDispatcher::NtOpenKey(IPCInfo* ipc, base::string16* name,
DWORD attributes, HANDLE root,
DWORD desired_access) {
base::win::ScopedHandle root_handle;
- std::wstring real_path = *name;
+ base::string16 real_path = *name;
// If there is a root directory, we need to duplicate the handle to make
// it valid in this process.
diff --git a/sandbox/win/src/registry_dispatcher.h b/sandbox/win/src/registry_dispatcher.h
index 782a070..39f5f54 100644
--- a/sandbox/win/src/registry_dispatcher.h
+++ b/sandbox/win/src/registry_dispatcher.h
@@ -6,6 +6,7 @@
#define SANDBOX_SRC_REGISTRY_DISPATCHER_H_
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/sandbox_policy_base.h"
@@ -22,12 +23,12 @@
private:
// Processes IPC requests coming from calls to NtCreateKey in the target.
- bool NtCreateKey(IPCInfo* ipc, std::wstring* name, DWORD attributes,
+ bool NtCreateKey(IPCInfo* ipc, base::string16* name, DWORD attributes,
HANDLE root, DWORD desired_access,
DWORD title_index, DWORD create_options);
// Processes IPC requests coming from calls to NtOpenKey in the target.
- bool NtOpenKey(IPCInfo* ipc, std::wstring* name, DWORD attributes,
+ bool NtOpenKey(IPCInfo* ipc, base::string16* name, DWORD attributes,
HANDLE root, DWORD desired_access);
PolicyBase* policy_base_;
diff --git a/sandbox/win/src/registry_policy.cc b/sandbox/win/src/registry_policy.cc
index 37e6ddb..632525a 100644
--- a/sandbox/win/src/registry_policy.cc
+++ b/sandbox/win/src/registry_policy.cc
@@ -117,7 +117,7 @@
bool RegistryPolicy::GenerateRules(const wchar_t* name,
TargetPolicy::Semantics semantics,
LowLevelPolicy* policy) {
- std::wstring resovled_name(name);
+ base::string16 resovled_name(name);
if (resovled_name.empty()) {
return false;
}
@@ -166,7 +166,7 @@
bool RegistryPolicy::CreateKeyAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &key,
+ const base::string16 &key,
uint32 attributes,
HANDLE root_directory,
uint32 desired_access,
@@ -200,7 +200,7 @@
bool RegistryPolicy::OpenKeyAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &key,
+ const base::string16 &key,
uint32 attributes,
HANDLE root_directory,
uint32 desired_access,
diff --git a/sandbox/win/src/registry_policy.h b/sandbox/win/src/registry_policy.h
index 8badde2..69af841 100644
--- a/sandbox/win/src/registry_policy.h
+++ b/sandbox/win/src/registry_policy.h
@@ -8,6 +8,7 @@
#include <string>
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/nt_internals.h"
#include "sandbox/win/src/policy_low_level.h"
@@ -30,7 +31,7 @@
// API that is compatible with the IPC-received parameters.
static bool CreateKeyAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &key,
+ const base::string16 &key,
uint32 attributes,
HANDLE root_directory,
uint32 desired_access,
@@ -44,7 +45,7 @@
// API that is compatible with the IPC-received parameters.
static bool OpenKeyAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &key,
+ const base::string16 &key,
uint32 attributes,
HANDLE root_directory,
uint32 desired_access,
diff --git a/sandbox/win/src/restricted_token.cc b/sandbox/win/src/restricted_token.cc
index 6948d8a..64973e9 100644
--- a/sandbox/win/src/restricted_token.cc
+++ b/sandbox/win/src/restricted_token.cc
@@ -277,7 +277,7 @@
}
unsigned RestrictedToken::DeleteAllPrivileges(
- const std::vector<std::wstring> *exceptions) {
+ const std::vector<base::string16> *exceptions) {
DCHECK(init_);
if (!init_)
return ERROR_NO_TOKEN;
diff --git a/sandbox/win/src/restricted_token.h b/sandbox/win/src/restricted_token.h
index 4327856..6d8e550 100644
--- a/sandbox/win/src/restricted_token.h
+++ b/sandbox/win/src/restricted_token.h
@@ -9,6 +9,7 @@
#include <vector>
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/restricted_token_utils.h"
#include "sandbox/win/src/security_level.h"
#include "sandbox/win/src/sid.h"
@@ -119,11 +120,11 @@
// the error.
//
// Sample usage:
- // std::vector<std::wstring> privilege_exceptions;
+ // std::vector<base::string16> privilege_exceptions;
// privilege_exceptions.push_back(SE_CHANGE_NOTIFY_NAME);
// restricted_token.DeleteAllPrivileges(&privilege_exceptions);
unsigned DeleteAllPrivileges(
- const std::vector<std::wstring> *exceptions);
+ const std::vector<base::string16> *exceptions);
// Adds a privilege to the list of privileges to remove in the restricted
// token.
diff --git a/sandbox/win/src/restricted_token_unittest.cc b/sandbox/win/src/restricted_token_unittest.cc
index 4948ad1..480106e 100644
--- a/sandbox/win/src/restricted_token_unittest.cc
+++ b/sandbox/win/src/restricted_token_unittest.cc
@@ -353,7 +353,7 @@
RestrictedToken token;
HANDLE token_handle = NULL;
- std::vector<std::wstring> exceptions;
+ std::vector<base::string16> exceptions;
exceptions.push_back(SE_CHANGE_NOTIFY_NAME);
ASSERT_EQ(ERROR_SUCCESS, token.Init(NULL));
diff --git a/sandbox/win/src/restricted_token_utils.cc b/sandbox/win/src/restricted_token_utils.cc
index f30a8a6..f3b1859 100644
--- a/sandbox/win/src/restricted_token_utils.cc
+++ b/sandbox/win/src/restricted_token_utils.cc
@@ -29,7 +29,7 @@
RestrictedToken restricted_token;
restricted_token.Init(NULL); // Initialized with the current process token
- std::vector<std::wstring> privilege_exceptions;
+ std::vector<base::string16> privilege_exceptions;
std::vector<Sid> sid_exceptions;
bool deny_sids = true;
@@ -237,7 +237,7 @@
const wchar_t* ace_access,
const wchar_t* integrity_level_sid) {
// Build the SDDL string for the label.
- std::wstring sddl = L"S:("; // SDDL for a SACL.
+ base::string16 sddl = L"S:("; // SDDL for a SACL.
sddl += SDDL_MANDATORY_LABEL; // Ace Type is "Mandatory Label".
sddl += L";;"; // No Ace Flags.
sddl += ace_access; // Add the ACE access.
diff --git a/sandbox/win/src/sandbox.cc b/sandbox/win/src/sandbox.cc
index d26daa4..984dfec 100644
--- a/sandbox/win/src/sandbox.cc
+++ b/sandbox/win/src/sandbox.cc
@@ -12,8 +12,7 @@
namespace sandbox {
// The section for IPC and policy.
SANDBOX_INTERCEPT HANDLE g_shared_section;
-
-static bool s_is_broker = false;
+static bool s_is_broker = false;
// GetBrokerServices: the current implementation relies on a shared section
// that is created by the broker and opened by the target.
@@ -42,3 +41,8 @@
}
} // namespace sandbox
+
+// Allows querying for whether the current process has been sandboxed.
+extern "C" bool __declspec(dllexport) IsSandboxedProcess() {
+ return sandbox::g_shared_section != NULL;
+}
diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h
index 733356a..a9f1245 100644
--- a/sandbox/win/src/sandbox_policy.h
+++ b/sandbox/win/src/sandbox_policy.h
@@ -8,6 +8,7 @@
#include <string>
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/sandbox_types.h"
#include "sandbox/win/src/security_level.h"
@@ -129,7 +130,7 @@
// Returns the name of the alternate desktop used. If an alternate window
// station is specified, the name is prepended by the window station name,
// followed by a backslash.
- virtual std::wstring GetAlternateDesktop() const = 0;
+ virtual base::string16 GetAlternateDesktop() const = 0;
// Precreates the desktop and window station, if any.
virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) = 0;
diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc
index 220a070..758a8be 100644
--- a/sandbox/win/src/sandbox_policy_base.cc
+++ b/sandbox/win/src/sandbox_policy_base.cc
@@ -173,21 +173,21 @@
return CreateAlternateDesktop(alternate_winstation);
}
-string16 PolicyBase::GetAlternateDesktop() const {
+base::string16 PolicyBase::GetAlternateDesktop() const {
// No alternate desktop or winstation. Return an empty string.
if (!use_alternate_desktop_ && !use_alternate_winstation_) {
- return string16();
+ return base::string16();
}
// The desktop and winstation should have been created by now.
// If we hit this scenario, it means that the user ignored the failure
// during SetAlternateDesktop, so we ignore it here too.
if (use_alternate_desktop_ && !alternate_desktop_handle_) {
- return string16();
+ return base::string16();
}
if (use_alternate_winstation_ && (!alternate_desktop_handle_ ||
!alternate_winstation_handle_)) {
- return string16();
+ return base::string16();
}
return GetFullDesktopName(alternate_winstation_handle_,
@@ -414,8 +414,8 @@
return SBOX_ALL_OK;
}
-ResultCode PolicyBase::AddKernelObjectToClose(const char16* handle_type,
- const char16* handle_name) {
+ResultCode PolicyBase::AddKernelObjectToClose(const base::char16* handle_type,
+ const base::char16* handle_name) {
return handle_closer_.AddHandle(handle_type, handle_name);
}
@@ -649,7 +649,7 @@
}
if (!blacklisted_dlls_.empty()) {
- std::vector<string16>::iterator it = blacklisted_dlls_.begin();
+ std::vector<base::string16>::iterator it = blacklisted_dlls_.begin();
for (; it != blacklisted_dlls_.end(); ++it) {
manager.AddToUnloadModules(it->c_str());
}
diff --git a/sandbox/win/src/sandbox_policy_base.h b/sandbox/win/src/sandbox_policy_base.h
index d56501d..5c267a0 100644
--- a/sandbox/win/src/sandbox_policy_base.h
+++ b/sandbox/win/src/sandbox_policy_base.h
@@ -44,7 +44,7 @@
virtual ResultCode SetJobLevel(JobLevel job_level,
uint32 ui_exceptions) OVERRIDE;
virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE;
- virtual string16 GetAlternateDesktop() const OVERRIDE;
+ virtual base::string16 GetAlternateDesktop() const OVERRIDE;
virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE;
virtual void DestroyAlternateDesktop() OVERRIDE;
virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE;
@@ -63,8 +63,9 @@
virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
const wchar_t* pattern) OVERRIDE;
virtual ResultCode AddDllToUnload(const wchar_t* dll_name);
- virtual ResultCode AddKernelObjectToClose(const char16* handle_type,
- const char16* handle_name) OVERRIDE;
+ virtual ResultCode AddKernelObjectToClose(
+ const base::char16* handle_type,
+ const base::char16* handle_name) OVERRIDE;
// Dispatcher:
virtual Dispatcher* OnMessageReady(IPCParams* ipc,
@@ -141,12 +142,12 @@
// Memory structure that stores the low level policy.
PolicyGlobal* policy_;
// The list of dlls to unload in the target process.
- std::vector<string16> blacklisted_dlls_;
+ std::vector<base::string16> blacklisted_dlls_;
// This is a map of handle-types to names that we need to close in the
// target process. A null set means we need to close all handles of the
// given type.
HandleCloser handle_closer_;
- std::vector<string16> capabilities_;
+ std::vector<base::string16> capabilities_;
scoped_ptr<AppContainerAttributes> appcontainer_list_;
static HDESK alternate_desktop_handle_;
diff --git a/sandbox/win/src/sandbox_utils.cc b/sandbox/win/src/sandbox_utils.cc
index 9c561c9..8631a7c 100644
--- a/sandbox/win/src/sandbox_utils.cc
+++ b/sandbox/win/src/sandbox_utils.cc
@@ -19,7 +19,7 @@
(base::win::OSInfo::GetInstance()->service_pack().major >= 2));
}
-void InitObjectAttribs(const std::wstring& name,
+void InitObjectAttribs(const base::string16& name,
ULONG attributes,
HANDLE root,
OBJECT_ATTRIBUTES* obj_attr,
diff --git a/sandbox/win/src/sandbox_utils.h b/sandbox/win/src/sandbox_utils.h
index 9a90675..3043597 100644
--- a/sandbox/win/src/sandbox_utils.h
+++ b/sandbox/win/src/sandbox_utils.h
@@ -9,6 +9,7 @@
#include <string>
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/nt_internals.h"
namespace sandbox {
@@ -16,7 +17,7 @@
// Returns true if the current OS is Windows XP SP2 or later.
bool IsXPSP2OrLater();
-void InitObjectAttribs(const std::wstring& name,
+void InitObjectAttribs(const base::string16& name,
ULONG attributes,
HANDLE root,
OBJECT_ATTRIBUTES* obj_attr,
diff --git a/sandbox/win/src/service_resolver_64.cc b/sandbox/win/src/service_resolver_64.cc
index 473ddbc..9612418 100644
--- a/sandbox/win/src/service_resolver_64.cc
+++ b/sandbox/win/src/service_resolver_64.cc
@@ -56,7 +56,7 @@
ULONG mov_r10_rcx_mov_eax; // = 4C 8B D1 B8
ULONG service_id;
USHORT syscall; // = 0F 05
- BYTE ret; // = C2
+ BYTE ret; // = C3
BYTE nop; // = 90
};
diff --git a/sandbox/win/src/sharedmem_ipc_server.cc b/sandbox/win/src/sharedmem_ipc_server.cc
index e2a30c7..bf8761e 100644
--- a/sandbox/win/src/sharedmem_ipc_server.cc
+++ b/sandbox/win/src/sharedmem_ipc_server.cc
@@ -131,7 +131,7 @@
for (size_t i = 0; i < kMaxIpcParams; i++) {
switch (ipc_params->args[i]) {
case WCHAR_TYPE: {
- delete reinterpret_cast<std::wstring*>(args[i]);
+ delete reinterpret_cast<base::string16*>(args[i]);
args[i] = NULL;
break;
}
@@ -159,7 +159,7 @@
ipc_params->args[i] = type;
switch (type) {
case WCHAR_TYPE: {
- scoped_ptr<std::wstring> data(new std::wstring);
+ scoped_ptr<base::string16> data(new base::string16);
if (!params->GetParameterStr(i, data.get())) {
args[i] = 0;
ReleaseArgs(ipc_params, args);
diff --git a/sandbox/win/src/sync_dispatcher.cc b/sandbox/win/src/sync_dispatcher.cc
index 3769fc6..d4b36d5 100644
--- a/sandbox/win/src/sync_dispatcher.cc
+++ b/sandbox/win/src/sync_dispatcher.cc
@@ -43,7 +43,7 @@
return false;
}
-bool SyncDispatcher::CreateEvent(IPCInfo* ipc, std::wstring* name,
+bool SyncDispatcher::CreateEvent(IPCInfo* ipc, base::string16* name,
DWORD event_type, DWORD initial_state) {
const wchar_t* event_name = name->c_str();
CountedParameterSet<NameBased> params;
@@ -61,7 +61,7 @@
return true;
}
-bool SyncDispatcher::OpenEvent(IPCInfo* ipc, std::wstring* name,
+bool SyncDispatcher::OpenEvent(IPCInfo* ipc, base::string16* name,
DWORD desired_access) {
const wchar_t* event_name = name->c_str();
diff --git a/sandbox/win/src/sync_dispatcher.h b/sandbox/win/src/sync_dispatcher.h
index 1d1b978..db44ba4 100644
--- a/sandbox/win/src/sync_dispatcher.h
+++ b/sandbox/win/src/sync_dispatcher.h
@@ -6,6 +6,7 @@
#define SANDBOX_SRC_SYNC_DISPATCHER_H_
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/sandbox_policy_base.h"
@@ -22,11 +23,11 @@
private:
// Processes IPC requests coming from calls to CreateEvent in the target.
- bool CreateEvent(IPCInfo* ipc, std::wstring* name, DWORD event_type,
+ bool CreateEvent(IPCInfo* ipc, base::string16* name, DWORD event_type,
DWORD initial_state);
// Processes IPC requests coming from calls to OpenEvent in the target.
- bool OpenEvent(IPCInfo* ipc, std::wstring* name, DWORD desired_access);
+ bool OpenEvent(IPCInfo* ipc, base::string16* name, DWORD desired_access);
PolicyBase* policy_base_;
DISALLOW_COPY_AND_ASSIGN(SyncDispatcher);
diff --git a/sandbox/win/src/sync_policy.cc b/sandbox/win/src/sync_policy.cc
index e3b6530..7b18fe7 100644
--- a/sandbox/win/src/sync_policy.cc
+++ b/sandbox/win/src/sync_policy.cc
@@ -21,9 +21,9 @@
// Provides functionality to resolve a symbolic link within the object
// directory passed in.
-NTSTATUS ResolveSymbolicLink(const std::wstring& directory_name,
- const std::wstring& name,
- std::wstring* target) {
+NTSTATUS ResolveSymbolicLink(const base::string16& directory_name,
+ const base::string16& name,
+ base::string16* target) {
NtOpenDirectoryObjectFunction NtOpenDirectoryObject = NULL;
ResolveNTFunctionPtr("NtOpenDirectoryObject", &NtOpenDirectoryObject);
@@ -107,7 +107,7 @@
DWORD session_id = 0;
ProcessIdToSessionId(::GetCurrentProcessId(), &session_id);
- std::wstring base_named_objects_path;
+ base::string16 base_named_objects_path;
NTSTATUS status = ResolveSymbolicLink(L"\\Sessions\\BNOLINKS",
base::StringPrintf(L"%d", session_id),
@@ -133,7 +133,7 @@
bool SyncPolicy::GenerateRules(const wchar_t* name,
TargetPolicy::Semantics semantics,
LowLevelPolicy* policy) {
- std::wstring mod_name(name);
+ base::string16 mod_name(name);
if (mod_name.empty()) {
return false;
}
@@ -178,7 +178,7 @@
DWORD SyncPolicy::CreateEventAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &event_name,
+ const base::string16 &event_name,
uint32 event_type,
uint32 initial_state,
HANDLE *handle) {
@@ -216,7 +216,7 @@
DWORD SyncPolicy::OpenEventAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &event_name,
+ const base::string16 &event_name,
uint32 desired_access,
HANDLE *handle) {
NtOpenEventFunction NtOpenEvent = NULL;
diff --git a/sandbox/win/src/sync_policy.h b/sandbox/win/src/sync_policy.h
index 93aef64..4383998 100644
--- a/sandbox/win/src/sync_policy.h
+++ b/sandbox/win/src/sync_policy.h
@@ -8,6 +8,7 @@
#include <string>
#include "base/basictypes.h"
+#include "base/strings/string16.h"
#include "sandbox/win/src/crosscall_server.h"
#include "sandbox/win/src/nt_internals.h"
#include "sandbox/win/src/policy_low_level.h"
@@ -34,13 +35,13 @@
// eval_result is the desired policy action to accomplish.
static DWORD CreateEventAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &event_name,
+ const base::string16 &event_name,
uint32 event_type,
uint32 initial_state,
HANDLE *handle);
static DWORD OpenEventAction(EvalResult eval_result,
const ClientInfo& client_info,
- const std::wstring &event_name,
+ const base::string16 &event_name,
uint32 desired_access,
HANDLE *handle);
};
diff --git a/sandbox/win/src/win_utils.cc b/sandbox/win/src/win_utils.cc
index cb366a6..d24db9c 100644
--- a/sandbox/win/src/win_utils.cc
+++ b/sandbox/win/src/win_utils.cc
@@ -33,7 +33,7 @@
};
// Returns true if the provided path points to a pipe.
-bool IsPipe(const std::wstring& path) {
+bool IsPipe(const base::string16& path) {
size_t start = 0;
if (0 == path.compare(0, sandbox::kNTPrefixLen, sandbox::kNTPrefix))
start = sandbox::kNTPrefixLen;
@@ -46,7 +46,7 @@
namespace sandbox {
-HKEY GetReservedKeyFromName(const std::wstring& name) {
+HKEY GetReservedKeyFromName(const base::string16& name) {
for (size_t i = 0; i < arraysize(kKnownKey); ++i) {
if (name == kKnownKey[i].name)
return kKnownKey[i].key;
@@ -55,7 +55,7 @@
return NULL;
}
-bool ResolveRegistryName(std::wstring name, std::wstring* resolved_name) {
+bool ResolveRegistryName(base::string16 name, base::string16* resolved_name) {
for (size_t i = 0; i < arraysize(kKnownKey); ++i) {
if (name.find(kKnownKey[i].name) == 0) {
HKEY key;
@@ -79,8 +79,8 @@
return false;
}
-DWORD IsReparsePoint(const std::wstring& full_path, bool* result) {
- std::wstring path = full_path;
+DWORD IsReparsePoint(const base::string16& full_path, bool* result) {
+ base::string16 path = full_path;
// Remove the nt prefix.
if (0 == path.compare(0, kNTPrefixLen, kNTPrefix))
@@ -92,7 +92,7 @@
return ERROR_SUCCESS;
}
- std::wstring::size_type last_pos = std::wstring::npos;
+ base::string16::size_type last_pos = base::string16::npos;
do {
path = path.substr(0, last_pos);
@@ -114,7 +114,7 @@
}
last_pos = path.rfind(L'\\');
- } while (last_pos != std::wstring::npos);
+ } while (last_pos > 2); // Skip root dir.
*result = false;
return ERROR_SUCCESS;
@@ -123,14 +123,14 @@
// We get a |full_path| of the form \??\c:\some\foo\bar, and the name that
// we'll get from |handle| will be \device\harddiskvolume1\some\foo\bar.
bool SameObject(HANDLE handle, const wchar_t* full_path) {
- std::wstring path(full_path);
+ base::string16 path(full_path);
DCHECK_NT(!path.empty());
// Check if it's a pipe.
if (IsPipe(path))
return true;
- std::wstring actual_path;
+ base::string16 actual_path;
if (!GetPathFromHandle(handle, &actual_path))
return false;
@@ -145,7 +145,7 @@
// Look for the drive letter.
size_t colon_pos = path.find(L':');
- if (colon_pos == 0 || colon_pos == std::wstring::npos)
+ if (colon_pos == 0 || colon_pos == base::string16::npos)
return false;
// Only one character for the drive.
@@ -180,11 +180,11 @@
return true;
}
-bool ConvertToLongPath(const std::wstring& short_path,
- std::wstring* long_path) {
+bool ConvertToLongPath(const base::string16& short_path,
+ base::string16* long_path) {
// Check if the path is a NT path.
bool is_nt_path = false;
- std::wstring path = short_path;
+ base::string16 path = short_path;
if (0 == path.compare(0, kNTPrefixLen, kNTPrefix)) {
path = path.substr(kNTPrefixLen);
is_nt_path = true;
@@ -206,12 +206,12 @@
ERROR_PATH_NOT_FOUND == last_error ||
ERROR_INVALID_NAME == last_error)) {
// The file does not exist, but maybe a sub path needs to be expanded.
- std::wstring::size_type last_slash = path.rfind(L'\\');
- if (std::wstring::npos == last_slash)
+ base::string16::size_type last_slash = path.rfind(L'\\');
+ if (base::string16::npos == last_slash)
return false;
- std::wstring begin = path.substr(0, last_slash);
- std::wstring end = path.substr(last_slash);
+ base::string16 begin = path.substr(0, last_slash);
+ base::string16 end = path.substr(last_slash);
if (!ConvertToLongPath(begin, &begin))
return false;
@@ -236,7 +236,7 @@
return false;
}
-bool GetPathFromHandle(HANDLE handle, std::wstring* path) {
+bool GetPathFromHandle(HANDLE handle, base::string16* path) {
NtQueryObjectFunction NtQueryObject = NULL;
ResolveNTFunctionPtr("NtQueryObject", &NtQueryObject);
@@ -265,7 +265,8 @@
return true;
}
-bool GetNtPathFromWin32Path(const std::wstring& path, std::wstring* nt_path) {
+bool GetNtPathFromWin32Path(const base::string16& path,
+ base::string16* nt_path) {
HANDLE file = ::CreateFileW(path.c_str(), 0,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL,
OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
diff --git a/sandbox/win/src/win_utils.h b/sandbox/win/src/win_utils.h
index a80bb81..9b58d1d 100644
--- a/sandbox/win/src/win_utils.h
+++ b/sandbox/win/src/win_utils.h
@@ -7,7 +7,9 @@
#include <windows.h>
#include <string>
+
#include "base/basictypes.h"
+#include "base/strings/string16.h"
namespace sandbox {
@@ -65,35 +67,37 @@
// Convert a short path (C:\path~1 or \\??\\c:\path~1) to the long version of
// the path. If the path is not a valid filesystem path, the function returns
// false and the output parameter is not modified.
-bool ConvertToLongPath(const std::wstring& short_path, std::wstring* long_path);
+bool ConvertToLongPath(const base::string16& short_path,
+ base::string16* long_path);
// Sets result to true if the path contains a reparse point. The return value
// is ERROR_SUCCESS when the function succeeds or the appropriate error code
// when the function fails.
// This function is not smart. It looks for each element in the path and
// returns true if any of them is a reparse point.
-DWORD IsReparsePoint(const std::wstring& full_path, bool* result);
+DWORD IsReparsePoint(const base::string16& full_path, bool* result);
// Returns true if the handle corresponds to the object pointed by this path.
bool SameObject(HANDLE handle, const wchar_t* full_path);
// Resolves a handle to an nt path. Returns true if the handle can be resolved.
-bool GetPathFromHandle(HANDLE handle, std::wstring* path);
+bool GetPathFromHandle(HANDLE handle, base::string16* path);
// Resolves a win32 path to an nt path using GetPathFromHandle. The path must
// exist. Returs true if the translation was succesful.
-bool GetNtPathFromWin32Path(const std::wstring& path, std::wstring* nt_path);
+bool GetNtPathFromWin32Path(const base::string16& path,
+ base::string16* nt_path);
// Translates a reserved key name to its handle.
// For example "HKEY_LOCAL_MACHINE" returns HKEY_LOCAL_MACHINE.
// Returns NULL if the name does not represent any reserved key name.
-HKEY GetReservedKeyFromName(const std::wstring& name);
+HKEY GetReservedKeyFromName(const base::string16& name);
// Resolves a user-readable registry path to a system-readable registry path.
// For example, HKEY_LOCAL_MACHINE\\Software\\microsoft is translated to
// \\registry\\machine\\software\\microsoft. Returns false if the path
// cannot be resolved.
-bool ResolveRegistryName(std::wstring name, std::wstring* resolved_name);
+bool ResolveRegistryName(base::string16 name, base::string16* resolved_name);
// Writes |length| bytes from the provided |buffer| into the address space of
// |child_process|, at the specified |address|, preserving the original write
diff --git a/sandbox/win/src/win_utils_unittest.cc b/sandbox/win/src/win_utils_unittest.cc
index 7265316..3736654 100644
--- a/sandbox/win/src/win_utils_unittest.cc
+++ b/sandbox/win/src/win_utils_unittest.cc
@@ -27,10 +27,10 @@
EXPECT_FALSE(result);
// We have to fix Bug 32224 to pass this test.
- std::wstring not_found = std::wstring(my_folder) + L"\\foo\\bar";
+ base::string16 not_found = base::string16(my_folder) + L"\\foo\\bar";
// EXPECT_EQ(ERROR_PATH_NOT_FOUND, IsReparsePoint(not_found, &result));
- std::wstring new_file = std::wstring(my_folder) + L"\\foo";
+ base::string16 new_file = base::string16(my_folder) + L"\\foo";
EXPECT_EQ(ERROR_SUCCESS, IsReparsePoint(new_file, &result));
EXPECT_FALSE(result);
@@ -40,7 +40,7 @@
OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
EXPECT_NE(INVALID_HANDLE_VALUE, dir);
- std::wstring temp_dir_nt = std::wstring(L"\\??\\") + temp_directory;
+ base::string16 temp_dir_nt = base::string16(L"\\??\\") + temp_directory;
EXPECT_TRUE(SetReparsePoint(dir, temp_dir_nt.c_str()));
EXPECT_EQ(ERROR_SUCCESS, IsReparsePoint(new_file, &result));
@@ -64,16 +64,17 @@
ASSERT_TRUE(::DeleteFile(my_folder));
ASSERT_TRUE(::CreateDirectory(my_folder, NULL));
- std::wstring folder(my_folder);
- std::wstring file_name = folder + L"\\foo.txt";
+ base::string16 folder(my_folder);
+ base::string16 file_name = folder + L"\\foo.txt";
const ULONG kSharing = FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_DELETE;
base::win::ScopedHandle file(CreateFile(
file_name.c_str(), GENERIC_WRITE, kSharing, NULL, CREATE_ALWAYS,
FILE_FLAG_DELETE_ON_CLOSE, NULL));
EXPECT_TRUE(file.IsValid());
- std::wstring file_name_nt1 = std::wstring(L"\\??\\") + file_name;
- std::wstring file_name_nt2 = std::wstring(L"\\??\\") + folder + L"\\FOO.txT";
+ base::string16 file_name_nt1 = base::string16(L"\\??\\") + file_name;
+ base::string16 file_name_nt2 =
+ base::string16(L"\\??\\") + folder + L"\\FOO.txT";
EXPECT_TRUE(SameObject(file.Get(), file_name_nt1.c_str()));
EXPECT_TRUE(SameObject(file.Get(), file_name_nt2.c_str()));
diff --git a/sandbox/win/src/window.cc b/sandbox/win/src/window.cc
index d8de967..d21858a 100644
--- a/sandbox/win/src/window.cc
+++ b/sandbox/win/src/window.cc
@@ -53,7 +53,7 @@
}
ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop) {
- std::wstring desktop_name = L"sbox_alternate_desktop_";
+ base::string16 desktop_name = L"sbox_alternate_desktop_";
// Append the current PID to the desktop name.
wchar_t buffer[16];
@@ -100,14 +100,14 @@
return SBOX_ERROR_CANNOT_CREATE_DESKTOP;
}
-std::wstring GetWindowObjectName(HANDLE handle) {
+base::string16 GetWindowObjectName(HANDLE handle) {
// Get the size of the name.
DWORD size = 0;
::GetUserObjectInformation(handle, UOI_NAME, NULL, 0, &size);
if (!size) {
NOTREACHED();
- return std::wstring();
+ return base::string16();
}
// Create the buffer that will hold the name.
@@ -117,19 +117,19 @@
if (!::GetUserObjectInformation(handle, UOI_NAME, name_buffer.get(), size,
&size)) {
NOTREACHED();
- return std::wstring();
+ return base::string16();
}
- return std::wstring(name_buffer.get());
+ return base::string16(name_buffer.get());
}
-std::wstring GetFullDesktopName(HWINSTA winsta, HDESK desktop) {
+base::string16 GetFullDesktopName(HWINSTA winsta, HDESK desktop) {
if (!desktop) {
NOTREACHED();
- return std::wstring();
+ return base::string16();
}
- std::wstring name;
+ base::string16 name;
if (winsta) {
name = GetWindowObjectName(winsta);
name += L'\\';
diff --git a/sandbox/win/src/window.h b/sandbox/win/src/window.h
index e8233e7..62fe7c4 100644
--- a/sandbox/win/src/window.h
+++ b/sandbox/win/src/window.h
@@ -8,6 +8,7 @@
#include <windows.h>
#include <string>
+#include "base/strings/string16.h"
#include "sandbox/win/src/sandbox_types.h"
namespace sandbox {
@@ -26,13 +27,13 @@
ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop);
// Returns the name of a desktop or a window station.
- std::wstring GetWindowObjectName(HANDLE handle);
+ base::string16 GetWindowObjectName(HANDLE handle);
// Returns the name of the desktop referenced by |desktop|. If a window
// station is specified, the name is prepended with the window station name,
// followed by a backslash. This name can be used as the lpDesktop parameter
// to CreateProcess.
- std::wstring GetFullDesktopName(HWINSTA winsta, HDESK desktop);
+ base::string16 GetFullDesktopName(HWINSTA winsta, HDESK desktop);
} // namespace sandbox