Attempt3 at landing this. The previous attempt failed on Windows XP b…

…ecause the \Sessions\Session id\BaseNamedObjects path

does not always exist on Windows XP. It only exists for terminal server sessions.

Relanding this with fixes for the SyncPolicyTest.TestEvent and SyncPolicyTest.TestEventReadOnly tests.

Replace the CreateEvent/OpenEvent patches with their Nt counterparts like
NtOpenEvent and NtCreateEvent.

Reason being :- We patch these APIS via the Export table patch which does not
work with bound imports. This results in our
patched functions never getting called.

This should fix the GPU process hang with the XP presentation path.

The change from the previous patch is to resolve the BaseNamedObjects path via the \Sessions\BNOLinks directory which
contains the BaseNamedObjects symbolic links for the running sessions

BUG=305815
R=cpu@chromium.org, rvargas@chromium.org, cpu, rvargas

Review URL: https://codereview.chromium.org/41193002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@231063 0039d316-1c4b-4281-b951-d872f2087c98

sandbox/win/src/interceptors.h

@@ -39,10 +39,8 @@ enum InterceptorId {
   OPEN_KEY_ID,
   OPEN_KEY_EX_ID,
   // Sync dispatcher:
-  CREATE_EVENTW_ID,
-  CREATE_EVENTA_ID,
-  OPEN_EVENTW_ID,
-  OPEN_EVENTA_ID,
+  CREATE_EVENT_ID,
+  OPEN_EVENT_ID,
   // CSRSS bypasses for HandleCloser:
   CREATE_THREAD_ID,
   GET_USER_DEFAULT_LCID_ID,

sandbox/win/src/interceptors_64.cc

@@ -249,36 +249,23 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64(
 
 // -----------------------------------------------------------------------
 
-SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64(
-    LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset,
-    BOOL initial_state, LPCWSTR name) {
-  CreateEventWFunction orig_fn = reinterpret_cast<
-      CreateEventWFunction>(g_originals[CREATE_EVENTW_ID]);
-  return TargetCreateEventW(orig_fn, security_attributes, manual_reset,
-                            initial_state, name);
+SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent64(
+    PHANDLE event_handle, ACCESS_MASK desired_access,
+    POBJECT_ATTRIBUTES object_attributes, EVENT_TYPE event_type,
+    BOOLEAN initial_state) {
+  NtCreateEventFunction orig_fn = reinterpret_cast<
+      NtCreateEventFunction>(g_originals[CREATE_EVENT_ID]);
+  return TargetNtCreateEvent(orig_fn, event_handle, desired_access,
+                             object_attributes, event_type, initial_state);
 }
 
-SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventA64(
-    LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset,
-    BOOL initial_state, LPCSTR name) {
-  CreateEventAFunction orig_fn = reinterpret_cast<
-      CreateEventAFunction>(g_originals[CREATE_EVENTA_ID]);
-  return TargetCreateEventA(orig_fn, security_attributes, manual_reset,
-                            initial_state, name);
-}
-
-SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64(
-    DWORD desired_access, BOOL inherit_handle, LPCWSTR name) {
-  OpenEventWFunction orig_fn = reinterpret_cast<
-      OpenEventWFunction>(g_originals[OPEN_EVENTW_ID]);
-  return TargetOpenEventW(orig_fn, desired_access, inherit_handle, name);
-}
-
-SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventA64(
-    DWORD desired_access, BOOL inherit_handle, LPCSTR name) {
-  OpenEventAFunction orig_fn = reinterpret_cast<
-      OpenEventAFunction>(g_originals[OPEN_EVENTA_ID]);
-  return TargetOpenEventA(orig_fn, desired_access, inherit_handle, name);
+SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent64(
+    PHANDLE event_handle, ACCESS_MASK desired_access,
+    POBJECT_ATTRIBUTES object_attributes) {
+  NtOpenEventFunction orig_fn = reinterpret_cast<
+      NtOpenEventFunction>(g_originals[OPEN_EVENT_ID]);
+  return TargetNtOpenEvent(orig_fn, event_handle, desired_access,
+                           object_attributes);
 }
 
 }  // namespace sandbox

sandbox/win/src/interceptors_64.h

@@ -153,23 +153,15 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64(
 // -----------------------------------------------------------------------
 // Interceptors handled by the sync dispatcher.
 
-// Interception of CreateEventW on the child process.
-SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64(
-    LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset,
-    BOOL initial_state, LPCWSTR name);
-
-// Interception of CreateEventA on the child process.
-SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventA64(
-    LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset,
-    BOOL initial_state, LPCSTR name);
-
-// Interception of OpenEventW on the child process.
-SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64(
-    DWORD desired_access, BOOL inherit_handle, LPCWSTR name);
-
-// Interception of OpenEventA on the child process.
-SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventA64(
-    DWORD desired_access, BOOL inherit_handle, LPCSTR name);
+// Interception of NtCreateEvent/NtOpenEvent on the child process.
+SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent64(
+    PHANDLE event_handle, ACCESS_MASK desired_access,
+    POBJECT_ATTRIBUTES object_attributes, EVENT_TYPE event_type,
+    BOOLEAN initial_state);
+
+SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent64(
+    PHANDLE event_handle, ACCESS_MASK desired_access,
+    POBJECT_ATTRIBUTES object_attributes);
 
 }  // extern "C"
 

sandbox/win/src/nt_internals.h

@@ -615,5 +615,31 @@ typedef VOID (WINAPI *RtlInitUnicodeStringFunction) (
   IN OUT PUNICODE_STRING DestinationString,
   IN PCWSTR SourceString);
 
+typedef enum _EVENT_TYPE {
+  NotificationEvent,
+  SynchronizationEvent
+} EVENT_TYPE, *PEVENT_TYPE;
+
+typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) (
+    PHANDLE DirectoryHandle,
+    ACCESS_MASK DesiredAccess,
+    POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) (
+    HANDLE LinkHandle,
+    PUNICODE_STRING LinkTarget,
+    PULONG ReturnedLength);
+
+typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) (
+    PHANDLE LinkHandle,
+    ACCESS_MASK DesiredAccess,
+    POBJECT_ATTRIBUTES ObjectAttributes);
+
+#define DIRECTORY_QUERY               0x0001
+#define DIRECTORY_TRAVERSE            0x0002
+#define DIRECTORY_CREATE_OBJECT       0x0004
+#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
+#define DIRECTORY_ALL_ACCESS          0x000F
+
 #endif  // SANDBOX_WIN_SRC_NT_INTERNALS_H__
 

sandbox/win/src/sync_dispatcher.cc

@@ -25,7 +25,7 @@ SyncDispatcher::SyncDispatcher(PolicyBase* policy_base)
   };
 
   static const IPCCall open_params = {
-    {IPC_OPENEVENT_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE},
+    {IPC_OPENEVENT_TAG, WCHAR_TYPE, ULONG_TYPE},
     reinterpret_cast<CallbackGeneric>(&SyncDispatcher::OpenEvent)
   };
 
@@ -35,33 +35,16 @@ SyncDispatcher::SyncDispatcher(PolicyBase* policy_base)
 
 bool SyncDispatcher::SetupService(InterceptionManager* manager,
                                   int service) {
-  bool ret = false;
-  // We need to intercept kernelbase.dll on Windows 7 and beyond and
-  // kernel32.dll for earlier versions.
-  static const wchar_t* kWin32SyncDllName =
-      base::win::GetVersion() >= base::win::VERSION_WIN7 ? kKernelBasedllName :
-          kKerneldllName;
-
   if (IPC_CREATEEVENT_TAG == service) {
-    ret = INTERCEPT_EAT(manager, kWin32SyncDllName, CreateEventW,
-                        CREATE_EVENTW_ID, 20);
-    if (ret) {
-      ret = INTERCEPT_EAT(manager, kWin32SyncDllName, CreateEventA,
-                          CREATE_EVENTA_ID, 20);
-    }
+    return INTERCEPT_NT(manager, NtCreateEvent, CREATE_EVENT_ID, 24);
   } else if (IPC_OPENEVENT_TAG == service) {
-    ret = INTERCEPT_EAT(manager, kWin32SyncDllName, OpenEventW, OPEN_EVENTW_ID,
-                        16);
-    if (ret) {
-      ret = INTERCEPT_EAT(manager, kWin32SyncDllName, OpenEventA,
-                          OPEN_EVENTA_ID, 16);
-    }
+    return INTERCEPT_NT(manager, NtOpenEvent, OPEN_EVENT_ID, 16);
   }
-  return ret;
+  return false;
 }
 
 bool SyncDispatcher::CreateEvent(IPCInfo* ipc, std::wstring* name,
-                                 DWORD manual_reset, DWORD initial_state) {
+                                 DWORD event_type, DWORD initial_state) {
   const wchar_t* event_name = name->c_str();
   CountedParameterSet<NameBased> params;
   params[NameBased::NAME] = ParamPickerMake(event_name);
@@ -70,16 +53,16 @@ bool SyncDispatcher::CreateEvent(IPCInfo* ipc, std::wstring* name,
                                                params.GetBase());
   HANDLE handle = NULL;
   DWORD ret = SyncPolicy::CreateEventAction(result, *ipc->client_info, *name,
-                                            manual_reset, initial_state,
+                                            event_type, initial_state,
                                             &handle);
   // Return operation status on the IPC.
-  ipc->return_info.win32_result = ret;
+  ipc->return_info.nt_status = ret;
   ipc->return_info.handle = handle;
   return true;
 }
 
 bool SyncDispatcher::OpenEvent(IPCInfo* ipc, std::wstring* name,
-                               DWORD desired_access, DWORD inherit_handle) {
+                               DWORD desired_access) {
   const wchar_t* event_name = name->c_str();
 
   CountedParameterSet<OpenEventParams> params;
@@ -90,8 +73,7 @@ bool SyncDispatcher::OpenEvent(IPCInfo* ipc, std::wstring* name,
                                                params.GetBase());
   HANDLE handle = NULL;
   DWORD ret = SyncPolicy::OpenEventAction(result, *ipc->client_info, *name,
-                                          desired_access, inherit_handle,
-                                          &handle);
+                                          desired_access, &handle);
   // Return operation status on the IPC.
   ipc->return_info.win32_result = ret;
   ipc->return_info.handle = handle;

sandbox/win/src/sync_dispatcher.h

@@ -22,12 +22,11 @@ class SyncDispatcher : public Dispatcher {
 
 private:
   // Processes IPC requests coming from calls to CreateEvent in the target.
-  bool CreateEvent(IPCInfo* ipc, std::wstring* name, DWORD manual_reset,
+  bool CreateEvent(IPCInfo* ipc, std::wstring* name, DWORD event_type,
                    DWORD initial_state);
 
   // Processes IPC requests coming from calls to OpenEvent in the target.
-  bool OpenEvent(IPCInfo* ipc, std::wstring* name, DWORD desired_access,
-                 DWORD inherit_handle);
+  bool OpenEvent(IPCInfo* ipc, std::wstring* name, DWORD desired_access);
 
   PolicyBase* policy_base_;
   DISALLOW_COPY_AND_ASSIGN(SyncDispatcher);