From 54b890eda1858c99773105a11056c5cf2e530804 Mon Sep 17 00:00:00 2001 From: PandaNinjas Date: Tue, 26 Sep 2023 16:13:47 -0700 Subject: [PATCH] Continuing work on the sandbox --- chromium_bindings/CMakeLists.txt | 2 +- chromium_bindings/build.gradle.kts | 1 + ...warefight_nosession_win_WindowsSandbox.cpp | 38 +++++++++++-------- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/chromium_bindings/CMakeLists.txt b/chromium_bindings/CMakeLists.txt index 562de72..76e73db 100644 --- a/chromium_bindings/CMakeLists.txt +++ b/chromium_bindings/CMakeLists.txt @@ -9,6 +9,6 @@ find_package(JNI REQUIRED) include_directories(${JNI_INCLUDE_DIRS}) include_directories(chromium/third_party/abseil-cpp/) include_directories(chromium/third_party/googletest/src/googletest/include) -add_library(chromium_bindings +add_library(chromium_bindings SHARED src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.h) diff --git a/chromium_bindings/build.gradle.kts b/chromium_bindings/build.gradle.kts index 0de2f2e..e435be2 100644 --- a/chromium_bindings/build.gradle.kts +++ b/chromium_bindings/build.gradle.kts @@ -37,6 +37,7 @@ project.afterEvaluate { compilerArgs.add("-I") compilerArgs.add(project.projectDir.resolve("chromium/third_party/googletest/src/googletest/include").absolutePath) compilerArgs.add("-std=c++20") + compilerArgs.add("-fsanitize=address,undefined") // i do not trust my c++ skills } val linkRelease: AbstractLinkTask by tasks diff --git a/chromium_bindings/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp b/chromium_bindings/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp index b342d9d..6a23253 100644 --- a/chromium_bindings/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp +++ b/chromium_bindings/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp @@ -3,9 +3,24 @@ #include "sandbox/win/src/sandbox.h" #include "sandbox/win/src/sandbox_factory.h" -bool isMcSessionID(LPWSTR arg) { - size_t len = wcslen(arg); - +LPWSTR convertJObjectArrayToLPWSTR(JNIEnv *env, jobjectArray args) { + int count = 0; + for (jsize i = 0; i < env->GetArrayLength(args); i++) { + auto str = (jstring) env->GetObjectArrayElement(args, i); + count += env->GetStringLength(str); + count++; // space char + } + count++; + auto combinedString = new WCHAR[count]; + int index = 0; + for (jsize i = 0; i < env->GetArrayLength(args); i++) { + auto str = (jstring) env->GetObjectArrayElement(args, i); + const jchar* chars = env->GetStringChars(str, nullptr); + for (jsize j = 0; j < env->GetStringLength(str); j++) { + combinedString[index] = chars[j]; + } + env->ReleaseStringChars(str, chars); + } } bool runParent(JNIEnv *env, sandbox::BrokerServices *broker_service, jobjectArray rwMounts, jobjectArray roMounts, jobjectArray args) { @@ -28,28 +43,19 @@ bool runParent(JNIEnv *env, sandbox::BrokerServices *broker_service, jobjectArra //Add additional rules here for (jsize i = 0; i < env->GetArrayLength(rwMounts); i++) { auto str = (jstring) env->GetObjectArrayElement(rwMounts, i); - const jchar *chars = env->GetStringChars(str, nullptr); + const jchar* chars = env->GetStringChars(str, nullptr); config->AddRule(sandbox::SubSystem::kFiles, sandbox::Semantics::kFilesAllowAny, reinterpret_cast(chars)); - env->ReleaseStringChars(str, chars); } for (jsize i = 0; i < env->GetArrayLength(roMounts); i++) { auto str = (jstring) env->GetObjectArrayElement(roMounts, i); const jchar *chars = env->GetStringChars(str, nullptr); config->AddRule(sandbox::SubSystem::kFiles, sandbox::Semantics::kFilesAllowReadonly, reinterpret_cast(chars)); - env->ReleaseStringChars(str, chars); - } - int count = 0; - LPWSTR* commandLineArgs = CommandLineToArgvW(GetCommandLineW(), &count); - wchar_t str[] = L""; - for (int i = 0; i < count; i++) { - if (isMcSessionID(commandLineArgs[i])) { - commandLineArgs[i] = str; - } } - broker_service->SpawnTarget(commandLineArgs[0], GetCommandLineW(), std::move(policy), nullptr, &pi); - + auto exe = (jstring) env->GetObjectArrayElement(args, 0); + const jchar *exeChars = env->GetStringChars(exe, nullptr); + broker_service->SpawnTarget(reinterpret_cast(exeChars), GetCommandLineW(), std::move(policy), nullptr, &pi); // Just like CreateProcess, you need to close these yourself unless you need to reference them later CloseHandle(pi.hThread); CloseHandle(pi.hProcess);