mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1173371 Part 2: Change Chromium sandbox to allow rules for files on network drives to be added. a=aklotz
This commit is contained in:
Bob Owen
parent
09e1c980e1
commit
4f68f5682b
@ -156,6 +156,7 @@ bool ResolveRegistryName(base::string16 name, base::string16* resolved_name) {
|
|||||||
// \??\c:\some\foo\bar
|
// \??\c:\some\foo\bar
|
||||||
// \Device\HarddiskVolume0\some\foo\bar
|
// \Device\HarddiskVolume0\some\foo\bar
|
||||||
// \??\HarddiskVolume0\some\foo\bar
|
// \??\HarddiskVolume0\some\foo\bar
|
||||||
|
// \??\UNC\SERVER\Share\some\foo\bar
|
||||||
DWORD IsReparsePoint(const base::string16& full_path, bool* result) {
|
DWORD IsReparsePoint(const base::string16& full_path, bool* result) {
|
||||||
// Check if it's a pipe. We can't query the attributes of a pipe.
|
// Check if it's a pipe. We can't query the attributes of a pipe.
|
||||||
if (IsPipe(full_path)) {
|
if (IsPipe(full_path)) {
|
||||||
@ -171,18 +172,25 @@ DWORD IsReparsePoint(const base::string16& full_path, bool* result) {
|
|||||||
if (!has_drive && !is_device_path && !nt_path)
|
if (!has_drive && !is_device_path && !nt_path)
|
||||||
return ERROR_INVALID_NAME;
|
return ERROR_INVALID_NAME;
|
||||||
|
|
||||||
bool added_implied_device = false;
|
|
||||||
if (!has_drive) {
|
if (!has_drive) {
|
||||||
path = base::string16(kNTDotPrefix) + path;
|
// Add Win32 device namespace prefix, required for some Windows APIs.
|
||||||
added_implied_device = true;
|
path.insert(0, kNTDotPrefix);
|
||||||
}
|
}
|
||||||
|
|
||||||
base::string16::size_type last_pos = base::string16::npos;
|
// Ensure that volume path matches start of path.
|
||||||
bool passed_once = false;
|
wchar_t vol_path[MAX_PATH];
|
||||||
|
if (!::GetVolumePathNameW(path.c_str(), vol_path, MAX_PATH)) {
|
||||||
|
return ERROR_INVALID_NAME;
|
||||||
|
}
|
||||||
|
size_t vol_path_len = wcslen(vol_path);
|
||||||
|
if (!EqualPath(path, vol_path, vol_path_len)) {
|
||||||
|
return ERROR_INVALID_NAME;
|
||||||
|
}
|
||||||
|
|
||||||
|
// vol_path will include a trailing slash, so reduce size for loop check.
|
||||||
|
--vol_path_len;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
path = path.substr(0, last_pos);
|
|
||||||
|
|
||||||
DWORD attributes = ::GetFileAttributes(path.c_str());
|
DWORD attributes = ::GetFileAttributes(path.c_str());
|
||||||
if (INVALID_FILE_ATTRIBUTES == attributes) {
|
if (INVALID_FILE_ATTRIBUTES == attributes) {
|
||||||
DWORD error = ::GetLastError();
|
DWORD error = ::GetLastError();
|
||||||
@ -190,10 +198,6 @@ DWORD IsReparsePoint(const base::string16& full_path, bool* result) {
|
|||||||
error != ERROR_PATH_NOT_FOUND &&
|
error != ERROR_PATH_NOT_FOUND &&
|
||||||
error != ERROR_INVALID_NAME) {
|
error != ERROR_INVALID_NAME) {
|
||||||
// Unexpected error.
|
// Unexpected error.
|
||||||
if (passed_once && added_implied_device &&
|
|
||||||
(path.rfind(L'\\') == kNTDotPrefixLen - 1)) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
NOTREACHED_NT();
|
NOTREACHED_NT();
|
||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
@ -203,9 +207,8 @@ DWORD IsReparsePoint(const base::string16& full_path, bool* result) {
|
|||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
passed_once = true;
|
path.resize(path.rfind(L'\\'));
|
||||||
last_pos = path.rfind(L'\\');
|
} while (path.size() > vol_path_len); // Skip root dir.
|
||||||
} while (last_pos > 2); // Skip root dir.
|
|
||||||
|
|
||||||
*result = false;
|
*result = false;
|
||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
@ -226,11 +229,11 @@ bool SameObject(HANDLE handle, const wchar_t* full_path) {
|
|||||||
DCHECK_NT(!path.empty());
|
DCHECK_NT(!path.empty());
|
||||||
|
|
||||||
// This may end with a backslash.
|
// This may end with a backslash.
|
||||||
const wchar_t kBackslash = '\\';
|
if (path.back() == L'\\') {
|
||||||
if (path[path.length() - 1] == kBackslash)
|
path.pop_back();
|
||||||
path = path.substr(0, path.length() - 1);
|
}
|
||||||
|
|
||||||
// Perfect match (case-insesitive check).
|
// Perfect match (case-insensitive check).
|
||||||
if (EqualPath(actual_path, path))
|
if (EqualPath(actual_path, path))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
@ -239,40 +242,44 @@ bool SameObject(HANDLE handle, const wchar_t* full_path) {
|
|||||||
|
|
||||||
if (!has_drive && nt_path) {
|
if (!has_drive && nt_path) {
|
||||||
base::string16 simple_actual_path;
|
base::string16 simple_actual_path;
|
||||||
if (!IsDevicePath(actual_path, &simple_actual_path))
|
if (IsDevicePath(path, &path)) {
|
||||||
return false;
|
if (IsDevicePath(actual_path, &simple_actual_path)) {
|
||||||
|
// Perfect match (case-insensitive check).
|
||||||
// Perfect match (case-insesitive check).
|
return (EqualPath(simple_actual_path, path));
|
||||||
return (EqualPath(simple_actual_path, path));
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// Add Win32 device namespace for GetVolumePathName.
|
||||||
|
path.insert(0, kNTDotPrefix);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!has_drive)
|
// Get the volume path in the same format as actual_path.
|
||||||
|
wchar_t vol_path[MAX_PATH];
|
||||||
|
if (!::GetVolumePathName(path.c_str(), vol_path, MAX_PATH)) {
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
// We only need 3 chars, but let's alloc a buffer for four.
|
size_t vol_path_len = wcslen(vol_path);
|
||||||
wchar_t drive[4] = {0};
|
base::string16 nt_vol;
|
||||||
wchar_t vol_name[MAX_PATH];
|
if (!GetNtPathFromWin32Path(vol_path, &nt_vol)) {
|
||||||
memcpy(drive, &path[0], 2 * sizeof(*drive));
|
|
||||||
|
|
||||||
// We'll get a double null terminated string.
|
|
||||||
DWORD vol_length = ::QueryDosDeviceW(drive, vol_name, MAX_PATH);
|
|
||||||
if (vol_length < 2 || vol_length == MAX_PATH)
|
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
// Ignore the nulls at the end.
|
|
||||||
vol_length = static_cast<DWORD>(wcslen(vol_name));
|
|
||||||
|
|
||||||
// The two paths should be the same length.
|
// The two paths should be the same length.
|
||||||
if (vol_length + path.size() - 2 != actual_path.size())
|
if (nt_vol.size() + path.size() - vol_path_len != actual_path.size()) {
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// Check up to the drive letter.
|
// Check the volume matches.
|
||||||
if (!EqualPath(actual_path, vol_name, vol_length))
|
if (!EqualPath(actual_path, nt_vol.c_str(), nt_vol.size())) {
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// Check the path after the drive letter.
|
// Check the path after the volume matches.
|
||||||
if (!EqualPath(actual_path, vol_length, path, 2))
|
if (!EqualPath(actual_path, nt_vol.size(), path, vol_path_len)) {
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,4 +5,5 @@ https://hg.mozilla.org/mozilla-central/rev/efa7518e43b0
|
|||||||
https://hg.mozilla.org/mozilla-central/rev/421446ab2347
|
https://hg.mozilla.org/mozilla-central/rev/421446ab2347
|
||||||
https://hg.mozilla.org/mozilla-central/rev/beb74056ac2d
|
https://hg.mozilla.org/mozilla-central/rev/beb74056ac2d
|
||||||
https://hg.mozilla.org/mozilla-central/rev/7df8d6639971
|
https://hg.mozilla.org/mozilla-central/rev/7df8d6639971
|
||||||
https://bugzilla.mozilla.org/show_bug.cgi?id=1157864 sandbox-cdefs.patch
|
https://hg.mozilla.org/mozilla-central/rev/1178c11561bc
|
||||||
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1173371 bug1173371part2.patch
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user