3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2024-12-29 00:32:35 +08:00
Code Issues Projects Releases Wiki Activity
crashpad/util/win/registration_protocol_win_test.cc

159 lines
4.9 KiB
C++
Raw Normal View History

Update copyright boilerplate, 2022 edition (Crashpad) sed -i '' -E -e 's/Copyright (.+) The Crashpad Authors\. All rights reserved\.$/Copyright \1 The Crashpad Authors/' $(git grep -El 'Copyright (.+) The Crashpad Authors\. All rights reserved\.$') Bug: chromium:1098010 Change-Id: I8d6138469ddbe3d281a5d83f64cf918ec2491611 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3878262 Reviewed-by: Joshua Peraza <jperaza@chromium.org> Commit-Queue: Mark Mentovai <mark@chromium.org>
2022-09-06 19:14:07 -04:00
// Copyright 2016 The Crashpad Authors
win: Remove use of rpcrt4 and advapi32 from some util code ConvertStringSecurityDescriptorToSecurityDescriptor() is used when creating the initial connection pipe. Because this is done from inside DllMain(), we cannot use advapi32 (where this function is). Instead, save the binary representation of the self-relative SECURITY_DESCRIPTOR. It is conceivable that this could change, but unlikely as this is the same blob that would be stored on a file in NTFS. Another potential approach would be to not make the pipe available to all integrity levels here, and instead modify the Chromium sandbox code to allow a specific pipe name prefix that would have to correspond with the pipe name that Crashpad creates. Similarly, UuidCreate() (used when initializing the database) is in a DLL that can't be loaded early, so use the Linux/Android implementation on Windows too. R=mark@chromium.org BUG=chromium:655788,chromium:656800 Change-Id: I434f8e96fc275fc30d0a31208b025bfc08595ff9 Reviewed-on: https://chromium-review.googlesource.com/417223 Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-12-07 11:35:07 -08:00
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "util/win/registration_protocol_win.h"
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
#include <aclapi.h>
win: Remove use of rpcrt4 and advapi32 from some util code ConvertStringSecurityDescriptorToSecurityDescriptor() is used when creating the initial connection pipe. Because this is done from inside DllMain(), we cannot use advapi32 (where this function is). Instead, save the binary representation of the self-relative SECURITY_DESCRIPTOR. It is conceivable that this could change, but unlikely as this is the same blob that would be stored on a file in NTFS. Another potential approach would be to not make the pipe available to all integrity levels here, and instead modify the Chromium sandbox code to allow a specific pipe name prefix that would have to correspond with the pipe name that Crashpad creates. Similarly, UuidCreate() (used when initializing the database) is in a DLL that can't be loaded early, so use the Linux/Android implementation on Windows too. R=mark@chromium.org BUG=chromium:655788,chromium:656800 Change-Id: I434f8e96fc275fc30d0a31208b025bfc08595ff9 Reviewed-on: https://chromium-review.googlesource.com/417223 Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-12-07 11:35:07 -08:00
#include <sddl.h>
#include <string.h>
[crashpad] Prepare crashpad for base::string16 switch This change prepares crashpad for the upcoming switch of base::string16 to std::u16string on all platforms. It does so by replacing Windows-only instances of base::string16 with std::wstring, and using appropriate string utility functions. Bug: chromium:911896 Change-Id: Ibb0b8a4e4dc7fae1d24d18823f8dbb6da31f8239 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2332402 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-09-12 09:20:14 +02:00
#include <wchar.h>
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
#include <windows.h>
#include <vector>
win: Remove use of rpcrt4 and advapi32 from some util code ConvertStringSecurityDescriptorToSecurityDescriptor() is used when creating the initial connection pipe. Because this is done from inside DllMain(), we cannot use advapi32 (where this function is). Instead, save the binary representation of the self-relative SECURITY_DESCRIPTOR. It is conceivable that this could change, but unlikely as this is the same blob that would be stored on a file in NTFS. Another potential approach would be to not make the pipe available to all integrity levels here, and instead modify the Chromium sandbox code to allow a specific pipe name prefix that would have to correspond with the pipe name that Crashpad creates. Similarly, UuidCreate() (used when initializing the database) is in a DLL that can't be loaded early, so use the Linux/Android implementation on Windows too. R=mark@chromium.org BUG=chromium:655788,chromium:656800 Change-Id: I434f8e96fc275fc30d0a31208b025bfc08595ff9 Reviewed-on: https://chromium-review.googlesource.com/417223 Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-12-07 11:35:07 -08:00
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
#include "base/logging.h"
Include-what-you-use related to logging.h Add direct includes for things provided transitively by logging.h (or by other headers including logging.h). This is in preparation for cleaning up unnecessary includes of logging.h in header files (so if something depends on logging.h, it needs include it explicitly), and for when Chromium's logging.h no longer includes check.h, check_op.h, and notreached.h. DEPS is also updated to roll mini_chromium to ae14a14ab4 which includes these new header files. Bug: chromium:1031540 Change-Id: I36f646d0a93854989dc602d0dc7139dd7a7b8621 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2250251 Commit-Queue: Hans Wennborg <hans@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-06-18 15:35:28 +02:00
#include "base/notreached.h"
win: Remove use of rpcrt4 and advapi32 from some util code ConvertStringSecurityDescriptorToSecurityDescriptor() is used when creating the initial connection pipe. Because this is done from inside DllMain(), we cannot use advapi32 (where this function is). Instead, save the binary representation of the self-relative SECURITY_DESCRIPTOR. It is conceivable that this could change, but unlikely as this is the same blob that would be stored on a file in NTFS. Another potential approach would be to not make the pipe available to all integrity levels here, and instead modify the Chromium sandbox code to allow a specific pipe name prefix that would have to correspond with the pipe name that Crashpad creates. Similarly, UuidCreate() (used when initializing the database) is in a DLL that can't be loaded early, so use the Linux/Android implementation on Windows too. R=mark@chromium.org BUG=chromium:655788,chromium:656800 Change-Id: I434f8e96fc275fc30d0a31208b025bfc08595ff9 Reviewed-on: https://chromium-review.googlesource.com/417223 Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-12-07 11:35:07 -08:00
#include "gtest/gtest.h"
#include "test/errors.h"
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
#include "util/win/scoped_handle.h"
win: Remove use of rpcrt4 and advapi32 from some util code ConvertStringSecurityDescriptorToSecurityDescriptor() is used when creating the initial connection pipe. Because this is done from inside DllMain(), we cannot use advapi32 (where this function is). Instead, save the binary representation of the self-relative SECURITY_DESCRIPTOR. It is conceivable that this could change, but unlikely as this is the same blob that would be stored on a file in NTFS. Another potential approach would be to not make the pipe available to all integrity levels here, and instead modify the Chromium sandbox code to allow a specific pipe name prefix that would have to correspond with the pipe name that Crashpad creates. Similarly, UuidCreate() (used when initializing the database) is in a DLL that can't be loaded early, so use the Linux/Android implementation on Windows too. R=mark@chromium.org BUG=chromium:655788,chromium:656800 Change-Id: I434f8e96fc275fc30d0a31208b025bfc08595ff9 Reviewed-on: https://chromium-review.googlesource.com/417223 Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-12-07 11:35:07 -08:00
#include "util/win/scoped_local_alloc.h"
namespace crashpad {
namespace test {
namespace {
[crashpad] Prepare crashpad for base::string16 switch This change prepares crashpad for the upcoming switch of base::string16 to std::u16string on all platforms. It does so by replacing Windows-only instances of base::string16 with std::wstring, and using appropriate string utility functions. Bug: chromium:911896 Change-Id: Ibb0b8a4e4dc7fae1d24d18823f8dbb6da31f8239 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2332402 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-09-12 09:20:14 +02:00
std::wstring GetStringFromSid(PSID sid) {
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
LPWSTR sid_str;
if (!ConvertSidToStringSid(sid, &sid_str)) {
PLOG(ERROR) << "ConvertSidToStringSid";
[crashpad] Prepare crashpad for base::string16 switch This change prepares crashpad for the upcoming switch of base::string16 to std::u16string on all platforms. It does so by replacing Windows-only instances of base::string16 with std::wstring, and using appropriate string utility functions. Bug: chromium:911896 Change-Id: Ibb0b8a4e4dc7fae1d24d18823f8dbb6da31f8239 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2332402 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-09-12 09:20:14 +02:00
return std::wstring();
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
}
ScopedLocalAlloc sid_str_ptr(sid_str);
return sid_str;
}
[crashpad] Prepare crashpad for base::string16 switch This change prepares crashpad for the upcoming switch of base::string16 to std::u16string on all platforms. It does so by replacing Windows-only instances of base::string16 with std::wstring, and using appropriate string utility functions. Bug: chromium:911896 Change-Id: Ibb0b8a4e4dc7fae1d24d18823f8dbb6da31f8239 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2332402 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-09-12 09:20:14 +02:00
std::wstring GetUserSidString() {
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
HANDLE token_handle;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token_handle)) {
PLOG(ERROR) << "OpenProcessToken";
[crashpad] Prepare crashpad for base::string16 switch This change prepares crashpad for the upcoming switch of base::string16 to std::u16string on all platforms. It does so by replacing Windows-only instances of base::string16 with std::wstring, and using appropriate string utility functions. Bug: chromium:911896 Change-Id: Ibb0b8a4e4dc7fae1d24d18823f8dbb6da31f8239 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2332402 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-09-12 09:20:14 +02:00
return std::wstring();
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
}
ScopedKernelHANDLE token(token_handle);
DWORD user_size = 0;
GetTokenInformation(token.get(), TokenUser, nullptr, 0, &user_size);
if (user_size == 0) {
PLOG(ERROR) << "GetTokenInformation Size";
[crashpad] Prepare crashpad for base::string16 switch This change prepares crashpad for the upcoming switch of base::string16 to std::u16string on all platforms. It does so by replacing Windows-only instances of base::string16 with std::wstring, and using appropriate string utility functions. Bug: chromium:911896 Change-Id: Ibb0b8a4e4dc7fae1d24d18823f8dbb6da31f8239 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2332402 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-09-12 09:20:14 +02:00
return std::wstring();
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
}
std::vector<char> user(user_size);
if (!GetTokenInformation(
token.get(), TokenUser, user.data(), user_size, &user_size)) {
PLOG(ERROR) << "GetTokenInformation";
[crashpad] Prepare crashpad for base::string16 switch This change prepares crashpad for the upcoming switch of base::string16 to std::u16string on all platforms. It does so by replacing Windows-only instances of base::string16 with std::wstring, and using appropriate string utility functions. Bug: chromium:911896 Change-Id: Ibb0b8a4e4dc7fae1d24d18823f8dbb6da31f8239 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2332402 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-09-12 09:20:14 +02:00
return std::wstring();
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
}
TOKEN_USER* user_ptr = reinterpret_cast<TOKEN_USER*>(user.data());
return GetStringFromSid(user_ptr->User.Sid);
}
void CheckAce(PACL acl,
DWORD index,
BYTE check_ace_type,
ACCESS_MASK check_mask,
[crashpad] Prepare crashpad for base::string16 switch This change prepares crashpad for the upcoming switch of base::string16 to std::u16string on all platforms. It does so by replacing Windows-only instances of base::string16 with std::wstring, and using appropriate string utility functions. Bug: chromium:911896 Change-Id: Ibb0b8a4e4dc7fae1d24d18823f8dbb6da31f8239 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2332402 Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2020-09-12 09:20:14 +02:00
const std::wstring& check_sid) {
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
ASSERT_FALSE(check_sid.empty());
void* ace_ptr;
ASSERT_TRUE(GetAce(acl, index, &ace_ptr));
ACE_HEADER* header = static_cast<ACE_HEADER*>(ace_ptr);
ASSERT_EQ(check_ace_type, header->AceType);
ASSERT_EQ(0, header->AceFlags);
PSID sid = nullptr;
ACCESS_MASK mask = 0;
switch (header->AceType) {
case ACCESS_ALLOWED_ACE_TYPE: {
ACCESS_ALLOWED_ACE* allowed_ace =
static_cast<ACCESS_ALLOWED_ACE*>(ace_ptr);
sid = &allowed_ace->SidStart;
mask = allowed_ace->Mask;
} break;
case SYSTEM_MANDATORY_LABEL_ACE_TYPE: {
SYSTEM_MANDATORY_LABEL_ACE* label_ace =
static_cast<SYSTEM_MANDATORY_LABEL_ACE*>(ace_ptr);
sid = &label_ace->SidStart;
mask = label_ace->Mask;
} break;
default:
NOTREACHED();
break;
}
ASSERT_EQ(check_mask, mask);
ASSERT_EQ(check_sid, GetStringFromSid(sid));
}
TEST(SecurityDescriptor, NamedPipeDefault) {
const void* sec_desc = GetSecurityDescriptorForNamedPipeInstance(nullptr);
PACL acl;
BOOL acl_present;
BOOL acl_defaulted;
ASSERT_TRUE(GetSecurityDescriptorDacl(
const_cast<void*>(sec_desc), &acl_present, &acl, &acl_defaulted));
ASSERT_EQ(3, acl->AceCount);
CheckAce(acl, 0, ACCESS_ALLOWED_ACE_TYPE, GENERIC_ALL, GetUserSidString());
// Check SYSTEM user SID.
CheckAce(acl, 1, ACCESS_ALLOWED_ACE_TYPE, GENERIC_ALL, L"S-1-5-18");
// Check ALL APPLICATION PACKAGES group SID.
CheckAce(acl,
2,
ACCESS_ALLOWED_ACE_TYPE,
GENERIC_READ | GENERIC_WRITE,
L"S-1-15-2-1");
ASSERT_TRUE(GetSecurityDescriptorSacl(
const_cast<void*>(sec_desc), &acl_present, &acl, &acl_defaulted));
ASSERT_EQ(1, acl->AceCount);
CheckAce(acl, 0, SYSTEM_MANDATORY_LABEL_ACE_TYPE, 0, L"S-1-16-0");
}
win: Remove use of rpcrt4 and advapi32 from some util code ConvertStringSecurityDescriptorToSecurityDescriptor() is used when creating the initial connection pipe. Because this is done from inside DllMain(), we cannot use advapi32 (where this function is). Instead, save the binary representation of the self-relative SECURITY_DESCRIPTOR. It is conceivable that this could change, but unlikely as this is the same blob that would be stored on a file in NTFS. Another potential approach would be to not make the pipe available to all integrity levels here, and instead modify the Chromium sandbox code to allow a specific pipe name prefix that would have to correspond with the pipe name that Crashpad creates. Similarly, UuidCreate() (used when initializing the database) is in a DLL that can't be loaded early, so use the Linux/Android implementation on Windows too. R=mark@chromium.org BUG=chromium:655788,chromium:656800 Change-Id: I434f8e96fc275fc30d0a31208b025bfc08595ff9 Reviewed-on: https://chromium-review.googlesource.com/417223 Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-12-07 11:35:07 -08:00
TEST(SecurityDescriptor, MatchesAdvapi32) {
// This security descriptor is built manually in the connection code to avoid
// calling the advapi32 functions. Verify that it returns the same thing as
// ConvertStringSecurityDescriptorToSecurityDescriptor() would.
// Mandatory Label, no ACE flags, no ObjectType, integrity level
// untrusted.
Standardize on static constexpr for arrays when possible This uses “static” at function scope to avoid making local copies, even in cases where the compiler can’t see that the local copy is unnecessary. “constexpr” adds additional safety in that it prevents global state from being initialized from any runtime dependencies, which would be undesirable. At namespace scope, “constexpr” is also used where appropriate. For the most part, this was a mechanical transformation for things matching '(^| )const [^=]*\['. Similar transformations could be applied to non-arrays in some cases, but there’s limited practical impact in most non-array cases relative to arrays, there are far more use sites, and much more manual intervention would be required. Change-Id: I3513b739ee8b0be026f8285475cddc5f9cc81152 Reviewed-on: https://chromium-review.googlesource.com/583997 Commit-Queue: Mark Mentovai <mark@chromium.org> Reviewed-by: Leonard Mosescu <mosescu@chromium.org>
2017-07-25 13:34:04 -04:00
static constexpr wchar_t kSddl[] = L"S:(ML;;;;;S-1-16-0)";
win: Remove use of rpcrt4 and advapi32 from some util code ConvertStringSecurityDescriptorToSecurityDescriptor() is used when creating the initial connection pipe. Because this is done from inside DllMain(), we cannot use advapi32 (where this function is). Instead, save the binary representation of the self-relative SECURITY_DESCRIPTOR. It is conceivable that this could change, but unlikely as this is the same blob that would be stored on a file in NTFS. Another potential approach would be to not make the pipe available to all integrity levels here, and instead modify the Chromium sandbox code to allow a specific pipe name prefix that would have to correspond with the pipe name that Crashpad creates. Similarly, UuidCreate() (used when initializing the database) is in a DLL that can't be loaded early, so use the Linux/Android implementation on Windows too. R=mark@chromium.org BUG=chromium:655788,chromium:656800 Change-Id: I434f8e96fc275fc30d0a31208b025bfc08595ff9 Reviewed-on: https://chromium-review.googlesource.com/417223 Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-12-07 11:35:07 -08:00
PSECURITY_DESCRIPTOR sec_desc;
ULONG sec_desc_len;
ASSERT_TRUE(ConvertStringSecurityDescriptorToSecurityDescriptor(
kSddl, SDDL_REVISION_1, &sec_desc, &sec_desc_len))
<< ErrorMessage("ConvertStringSecurityDescriptorToSecurityDescriptor");
ScopedLocalAlloc sec_desc_owner(sec_desc);
size_t created_len;
const void* const created =
[Windows] Add AppContainer SID to Named Pipe DACL. This CL modifies the creation of the Named Pipe Security Descriptor to allow access from AppContainer processes. The DACL only allows access for the current user and SYSTEM which matches up with the auto-assigned DACL used previously (the read-only logon SID ACE has been removed). As this new code uses APIs from ADVAPI32 a check is made to ensure it's not being called while the loader lock is held to avoid hitting previous similar issues. Bug: crashpad: 318 Change-Id: I3f9cf5c788dbadacad21c8a2d57a0188f690ac32 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1955982 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
2019-12-10 08:51:20 -08:00
GetFallbackSecurityDescriptorForNamedPipeInstance(&created_len);
test: Use (actual, [un]expected) in gtest {ASSERT,EXPECT}_{EQ,NE} gtest used to require (expected, actual) ordering for arguments to EXPECT_EQ and ASSERT_EQ, and in failed test assertions would identify each side as “expected” or “actual.” Tests in Crashpad adhered to this traditional ordering. After a gtest change in February 2016, it is now agnostic with respect to the order of these arguments. This change mechanically updates all uses of these macros to (actual, expected) by reversing them. This provides consistency with our use of the logging CHECK_EQ and DCHECK_EQ macros, and makes for better readability by ordinary native speakers. The rough (but working!) conversion tool is https://chromium-review.googlesource.com/c/466727/1/rewrite_expectassert_eq.py, and “git cl format” cleaned up its output. EXPECT_NE and ASSERT_NE never had a preferred ordering. gtest never made a judgment that one side or the other needed to provide an “unexpected” value. Consequently, some code used (unexpected, actual) while other code used (actual, unexpected). For consistency with the new EXPECT_EQ and ASSERT_EQ usage, as well as consistency with CHECK_NE and DCHECK_NE, this change also updates these use sites to (actual, unexpected) where one side can be called “unexpected” as, for example, std::string::npos can be. Unfortunately, this portion was a manual conversion. References: https://github.com/google/googletest/blob/master/googletest/docs/Primer.md#binary-comparison https://github.com/google/googletest/commit/77d6b173380332b1c1bc540532641f410ec82d65 https://github.com/google/googletest/pull/713 Change-Id: I978fef7c94183b8b1ef63f12f5ab4d6693626be3 Reviewed-on: https://chromium-review.googlesource.com/466727 Reviewed-by: Scott Graham <scottmg@chromium.org>
2017-04-04 00:35:21 -04:00
ASSERT_EQ(created_len, sec_desc_len);
EXPECT_EQ(memcmp(sec_desc, created, sec_desc_len), 0);
win: Remove use of rpcrt4 and advapi32 from some util code ConvertStringSecurityDescriptorToSecurityDescriptor() is used when creating the initial connection pipe. Because this is done from inside DllMain(), we cannot use advapi32 (where this function is). Instead, save the binary representation of the self-relative SECURITY_DESCRIPTOR. It is conceivable that this could change, but unlikely as this is the same blob that would be stored on a file in NTFS. Another potential approach would be to not make the pipe available to all integrity levels here, and instead modify the Chromium sandbox code to allow a specific pipe name prefix that would have to correspond with the pipe name that Crashpad creates. Similarly, UuidCreate() (used when initializing the database) is in a DLL that can't be loaded early, so use the Linux/Android implementation on Windows too. R=mark@chromium.org BUG=chromium:655788,chromium:656800 Change-Id: I434f8e96fc275fc30d0a31208b025bfc08595ff9 Reviewed-on: https://chromium-review.googlesource.com/417223 Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-12-07 11:35:07 -08:00
}
} // namespace
} // namespace test
} // namespace crashpad
Reference in New Issue Copy Permalink