Changeset 56817 in vbox for trunk/src/VBox/HostDrivers/Support

Timestamp:

Jul 6, 2015 1:20:19 PM (10 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

101468

Message:

Attempt at fixing VirtualBoxVM (untested).

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• SUPLibInternal.h (modified) (1 diff)
• SUPR3HardenedMain.cpp (modified) (2 diffs)
• SUPR3HardenedVerify.cpp (modified) (5 diffs)

trunk/src/VBox/HostDrivers/Support/SUPLibInternal.h

@@ -440 +440 @@
 
 
-DECLHIDDEN(int)     supR3HardenedVerifyAll(bool fFatal, const char *pszProgName, const char *pszExePath);
+DECLHIDDEN(int)     supR3HardenedVerifyAll(bool fFatal, const char *pszProgName, const char *pszExePath, uint32_t fMainFlags);
 DECLHIDDEN(int)     supR3HardenedVerifyFixedDir(SUPINSTDIR enmDir, bool fFatal);
 DECLHIDDEN(int)     supR3HardenedVerifyFixedFile(const char *pszFilename, bool fFatal);

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

@@ -1910 +1910 @@
         SUP_DPRINTF(("SUPR3HardenedMain: Respawn #1\n"));
         supR3HardenedWinInit(SUPSECMAIN_FLAGS_DONT_OPEN_DEV, false /*fAvastKludge*/);
-        supR3HardenedVerifyAll(true /* fFatal */, pszProgName, g_szSupLibHardenedExePath);
+        supR3HardenedVerifyAll(true /* fFatal */, pszProgName, g_szSupLibHardenedExePath, fFlags);
         return supR3HardenedWinReSpawn(1 /*iWhich*/);
     }
@@ -1927 +1927 @@
      * Validate the installation.
      */
-    supR3HardenedVerifyAll(true /* fFatal */, pszProgName, g_szSupLibHardenedExePath);
+    supR3HardenedVerifyAll(true /* fFatal */, pszProgName, g_szSupLibHardenedExePath, fFlags);
 
     /*

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp

@@ -189 +189 @@
     {   kSupIFT_Exe,  kSupID_AppBin,             true, "VirtualBox" SUPLIB_EXE_SUFF },
     {   kSupIFT_Dll,  kSupID_AppPrivArch,        true, "VirtualBox" SUPLIB_DLL_SUFF },
+# ifdef RT_OS_DARWIN
+    {   kSupIFT_Exe,  kSupID_AppBin,             true, "VirtualBoxVM" SUPLIB_EXE_SUFF },
+# endif
 # if !defined(RT_OS_DARWIN) && !defined(RT_OS_WINDOWS) && !defined(RT_OS_OS2)
     {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VBoxKeyboard" SUPLIB_DLL_SUFF },
@@ -853 +856 @@
  * @param   fLeaveOpen          The leave open setting used by
  *                              supR3HardenedVerifyAll.
- */
-static int supR3HardenedVerifyProgram(const char *pszProgName, const char *pszExePath, bool fFatal, bool fLeaveOpen)
+ * @param   fMainFlags          Flags supplied to SUPR3HardenedMain.
+ */
+static int supR3HardenedVerifyProgram(const char *pszProgName, const char *pszExePath, bool fFatal,
+                                      bool fLeaveOpen, uint32_t fMainFlags)
 {
     /*
      * Search the table looking for the executable and the DLL/DYLIB/SO.
+     * Note! On darwin we have a hack in place for VirtualBoxVM helper app
+     *       to share VirtualBox.dylib with the VirtualBox app.  This ASSUMES
+     *       that cchProgNameDll is equal or shorter to the exe name.
      */
     int             rc = VINF_SUCCESS;
     bool            fExe = false;
     bool            fDll = false;
-    size_t const    cchProgName = suplibHardenedStrLen(pszProgName);
+    size_t const    cchProgNameExe = suplibHardenedStrLen(pszProgName);
+#ifndef RT_OS_DARWIN
+    size_t const    cchProgNameDll = cchProgNameExe;
+#else
+    size_t const    cchProgNameDll = fMainFlags & SUPSECMAIN_FLAGS_OSX_VM_APP
+                                   ? sizeof("VirtualBox") - 1
+                                   : cchProgNameExe;
+    if (cchProgNameDll > cchProgNameExe)
+        return supR3HardenedError(VERR_INTERNAL_ERROR, fFatal,
+                                  "supR3HardenedVerifyProgram: SUPSECMAIN_FLAGS_OSX_VM_APP + '%s'", pszProgName);
+#endif
     for (unsigned iFile = 0; iFile < RT_ELEMENTS(g_aSupInstallFiles); iFile++)
-        if (!suplibHardenedStrNCmp(pszProgName, g_aSupInstallFiles[iFile].pszFile, cchProgName))
+        if (!suplibHardenedStrNCmp(pszProgName, g_aSupInstallFiles[iFile].pszFile, cchProgNameDll))
         {
-            if (    (   g_aSupInstallFiles[iFile].enmType == kSupIFT_Dll
-                     || g_aSupInstallFiles[iFile].enmType == kSupIFT_TestDll)
-                &&  !suplibHardenedStrCmp(&g_aSupInstallFiles[iFile].pszFile[cchProgName], SUPLIB_DLL_SUFF))
+            if (   (   g_aSupInstallFiles[iFile].enmType == kSupIFT_Dll
+                    || g_aSupInstallFiles[iFile].enmType == kSupIFT_TestDll)
+                && !suplibHardenedStrCmp(&g_aSupInstallFiles[iFile].pszFile[cchProgNameDll], SUPLIB_DLL_SUFF))
             {
                 /* This only has to be found (once). */
@@ -881 +899 @@
             else if (   (   g_aSupInstallFiles[iFile].enmType == kSupIFT_Exe
                          || g_aSupInstallFiles[iFile].enmType == kSupIFT_TestExe)
-                     && !suplibHardenedStrCmp(&g_aSupInstallFiles[iFile].pszFile[cchProgName], SUPLIB_EXE_SUFF))
+                     && (   cchProgNameExe == cchProgNameDll
+                         || !suplibHardenedStrNCmp(pszProgName, g_aSupInstallFiles[iFile].pszFile, cchProgNameExe))
+                     && !suplibHardenedStrCmp(&g_aSupInstallFiles[iFile].pszFile[cchProgNameExe], SUPLIB_EXE_SUFF))
             {
                 /* Here we'll have to check that the specific program is the same as the entry. */
@@ -927 +947 @@
  *                              DLL/DYLIB/SO are valid.
  * @param   pszExePath          The path to the executable.
- */
-DECLHIDDEN(int) supR3HardenedVerifyAll(bool fFatal, const char *pszProgName, const char *pszExePath)
+ * @param   fMainFlags          Flags supplied to SUPR3HardenedMain.
+ */
+DECLHIDDEN(int) supR3HardenedVerifyAll(bool fFatal, const char *pszProgName, const char *pszExePath, uint32_t fMainFlags)
 {
     /*
@@ -955 +976 @@
      * sign things.
      */
-    int rc2 = supR3HardenedVerifyProgram(pszProgName, pszExePath, fFatal, fLeaveOpen);
+    int rc2 = supR3HardenedVerifyProgram(pszProgName, pszExePath, fFatal, fLeaveOpen, fMainFlags);
     if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
         rc2 = rc;