Allow socket creation to be delegated from sandbox target to broker.

This is needed to allow connections to loopback from within an App Container on Windows. See https://docs.microsoft.com/en-us/windows/iot-core/develop-your-app/loopback Only overlapped sockets are supported by the broker, as these are the only ones used by Chromium. Add tests to verify this works for both UDP and TCP sockets. Since this code can't depend on net/ a very simple UDP server is used for testing. BUG=841001 Change-Id: I794bdadb779b456c5dba97d01d3e646b793ad265 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3069722 Reviewed-by: Alex Gough <ajgo@chromium.org> Reviewed-by: Daniel Rubery <drubery@chromium.org> Commit-Queue: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#909354}
FairyWorld · Aug 6, 2021 · 0394e04 · 0394e04
1 parent 2d12b87
commit 0394e04
Show file tree

Hide file tree

Showing 16 changed files with 784 additions and 5 deletions.
diff --git a/chrome/chrome_cleaner/ipc/sandbox_unittest.cc b/chrome/chrome_cleaner/ipc/sandbox_unittest.cc
@@ -26,6 +26,7 @@
 #include "chrome/chrome_cleaner/logging/scoped_logging.h"
 #include "chrome/chrome_cleaner/os/disk_util.h"
 #include "chrome/chrome_cleaner/os/initializer.h"
+#include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -46,6 +47,7 @@ class MockSandboxTargetServices : public sandbox::TargetServices {
   MOCK_METHOD0(Init, sandbox::ResultCode());
   MOCK_METHOD0(LowerToken, void());
   MOCK_METHOD0(GetState, sandbox::ProcessState*());
+  MOCK_METHOD3(CreateBrokeredSocket, SOCKET(int af, int family, int protocol));
 };
 
 class TestSandboxSetupHooks : public SandboxSetupHooks {

diff --git a/sandbox/win/BUILD.gn b/sandbox/win/BUILD.gn
@@ -127,6 +127,8 @@ static_library("sandbox") {
     "src/signed_interception.h",
     "src/signed_policy.cc",
     "src/signed_policy.h",
+    "src/socket_dispatcher.cc",
+    "src/socket_dispatcher.h",
     "src/startup_information_helper.cc",
     "src/startup_information_helper.h",
     "src/sync_dispatcher.cc",
@@ -239,7 +241,10 @@ test("sbox_integration_tests") {
     ":sbox_integration_test_win_proc",
   ]
 
-  libs = [ "ktmw32.lib" ]
+  libs = [
+    "ktmw32.lib",
+    "iphlpapi.lib",
+  ]
 }
 
 shared_library("sbox_integration_test_hijack_dll") {

diff --git a/sandbox/win/fuzzer/fuzzer_types.h b/sandbox/win/fuzzer/fuzzer_types.h
@@ -32,6 +32,7 @@ typedef uint32_t ULONG;
 typedef uint32_t* ULONG_PTR;
 typedef LONG NTSTATUS;
 typedef void PROCESS_INFORMATION;
+typedef uintptr_t SOCKET;
 
 // __stdcall is used in one place. TODO(wfh): replace with WINAPI.
 #define __stdcall