search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 88eb819) | patch
close ALPC ports in sbox integrations tests. This is the first step in locking down...
commiteae1886dee8fdbb150b31ca482f8edc0e09ab446
authorliamjm <liamjm@chromium.org>
Thu, 16 Jul 2015 00:37:08 +0000 (15 17:37 -0700)
committerCommit bot <commit-bot@chromium.org>
Thu, 16 Jul 2015 00:38:20 +0000 (16 00:38 +0000)
treea29b09968ccb4315bb7462dc204526a925215010tree | snapshot (tar.gz zip)
parent88eb8193f91f25c92493e8ee8e9e272c308aae85commit | diff
close ALPC ports in sbox integrations tests. This is the first step in locking down ALPC ports.

Closing ALPC ports causes the following tests to break, because they call CreateProcess(). The interception of CreateProcess() tries to call CreateProcess natively, which crashes.
ProcessPolicyTest.TestGetProcessTokenMaxAccess
ProcessPolicyTest.TestGetProcessTokenMaxAccessNoJob
PolicyTargetTest.OpenThread

The changes in process_thread_interception.cc check to see if CSRSS is disconnected, and doesn't use the native CreateProcess if CSRSS is disconnected. This connected flag is implicitly set in the HandleCloserAgent when type "ALPC Port" are requested to be closed.

Therefore this still only affects sbox_integration_tests, but adds some of the capability that will be needed to further lock down CSRSS.

BUG=464430

Review URL: https://codereview.chromium.org/1226383005

Cr-Commit-Position: refs/heads/master@{#338963}
sandbox/win/src/handle_closer_agent.cc diff | blob | blame | history
sandbox/win/src/handle_closer_agent.h diff | blob | blame | history
sandbox/win/src/process_thread_interception.cc diff | blob | blame | history
sandbox/win/src/target_services.cc diff | blob | blame | history
sandbox/win/src/target_services.h diff | blob | blame | history
sandbox/win/tests/common/controller.cc diff | blob | blame | history