Continuing work on the sandbox

chromium_bindings/CMakeLists.txt

@@ -9,6 +9,6 @@ find_package(JNI REQUIRED)
 include_directories(${JNI_INCLUDE_DIRS})
 include_directories(chromium/third_party/abseil-cpp/)
 include_directories(chromium/third_party/googletest/src/googletest/include)
-add_library(chromium_bindings
+add_library(chromium_bindings SHARED
         src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp
         src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.h)

chromium_bindings/build.gradle.kts

@@ -37,6 +37,7 @@ project.afterEvaluate {
         compilerArgs.add("-I")
         compilerArgs.add(project.projectDir.resolve("chromium/third_party/googletest/src/googletest/include").absolutePath)
         compilerArgs.add("-std=c++20")
+        compilerArgs.add("-fsanitize=address,undefined") // i do not trust my c++ skills
     }
 
     val linkRelease: AbstractLinkTask by tasks

chromium_bindings/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp

@@ -3,9 +3,24 @@
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_factory.h"
 
-bool isMcSessionID(LPWSTR arg) {
-    size_t len = wcslen(arg);
-
+LPWSTR convertJObjectArrayToLPWSTR(JNIEnv *env, jobjectArray args) {
+    int count = 0;
+    for (jsize i = 0; i < env->GetArrayLength(args); i++) {
+        auto str = (jstring) env->GetObjectArrayElement(args, i);
+        count += env->GetStringLength(str);
+        count++; // space char
+    }
+    count++;
+    auto combinedString = new WCHAR[count];
+    int index = 0;
+    for (jsize i = 0; i < env->GetArrayLength(args); i++) {
+        auto str = (jstring) env->GetObjectArrayElement(args, i);
+        const jchar* chars = env->GetStringChars(str, nullptr);
+        for (jsize j = 0; j < env->GetStringLength(str); j++) {
+            combinedString[index] = chars[j];
+        }
+        env->ReleaseStringChars(str, chars);
+    }
 }
 
 bool runParent(JNIEnv *env, sandbox::BrokerServices *broker_service, jobjectArray rwMounts, jobjectArray roMounts, jobjectArray args) {
@@ -28,28 +43,19 @@ bool runParent(JNIEnv *env, sandbox::BrokerServices *broker_service, jobjectArra
     //Add additional rules here
     for (jsize i = 0; i < env->GetArrayLength(rwMounts); i++) {
         auto str = (jstring) env->GetObjectArrayElement(rwMounts, i);
-        const jchar *chars = env->GetStringChars(str, nullptr);
+        const jchar* chars = env->GetStringChars(str, nullptr);
         config->AddRule(sandbox::SubSystem::kFiles, sandbox::Semantics::kFilesAllowAny,
                         reinterpret_cast<const wchar_t *>(chars));
-        env->ReleaseStringChars(str, chars);
     }
     for (jsize i = 0; i < env->GetArrayLength(roMounts); i++) {
         auto str = (jstring) env->GetObjectArrayElement(roMounts, i);
         const jchar *chars = env->GetStringChars(str, nullptr);
         config->AddRule(sandbox::SubSystem::kFiles, sandbox::Semantics::kFilesAllowReadonly,
                         reinterpret_cast<const wchar_t *>(chars));
-        env->ReleaseStringChars(str, chars);
-    }
-    int count = 0;
-    LPWSTR* commandLineArgs = CommandLineToArgvW(GetCommandLineW(), &count);
-    wchar_t str[] = L"<noSessionAccessToken>";
-    for (int i = 0; i < count; i++) {
-        if (isMcSessionID(commandLineArgs[i])) {
-            commandLineArgs[i] = str;
-        }
     }
-    broker_service->SpawnTarget(commandLineArgs[0], GetCommandLineW(), std::move(policy), nullptr, &pi);
-
+    auto exe = (jstring) env->GetObjectArrayElement(args, 0);
+    const jchar *exeChars = env->GetStringChars(exe, nullptr);
+    broker_service->SpawnTarget(reinterpret_cast<const wchar_t *>(exeChars), GetCommandLineW(), std::move(policy), nullptr, &pi);
     // Just like CreateProcess, you need to close these yourself unless you need to reference them later
     CloseHandle(pi.hThread);
     CloseHandle(pi.hProcess);