security/sandbox/win/src/target_process.h@b8a032363ba2 (annotated)
security/sandbox/win/src/target_process.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| michael@0 | 2 | // Use of this source code is governed by a BSD-style license that can be |
| michael@0 | 3 | // found in the LICENSE file. |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef SANDBOX_WIN_SRC_TARGET_PROCESS_H_ |
| michael@0 | 6 | #define SANDBOX_WIN_SRC_TARGET_PROCESS_H_ |
| michael@0 | 7 | |
| michael@0 | 8 | #include <windows.h> |
| michael@0 | 9 | |
| michael@0 | 10 | #include "base/basictypes.h" |
| michael@0 | 11 | #include "base/memory/scoped_ptr.h" |
| michael@0 | 12 | #include "base/win/scoped_handle.h" |
| michael@0 | 13 | #include "base/win/scoped_process_information.h" |
| michael@0 | 14 | #include "sandbox/win/src/crosscall_server.h" |
| michael@0 | 15 | #include "sandbox/win/src/sandbox_types.h" |
| michael@0 | 16 | |
| michael@0 | 17 | namespace base { |
| michael@0 | 18 | namespace win { |
| michael@0 | 19 | |
| michael@0 | 20 | class StartupInformation; |
| michael@0 | 21 | |
| michael@0 | 22 | }; // namespace win |
| michael@0 | 23 | }; // namespace base |
| michael@0 | 24 | |
| michael@0 | 25 | namespace sandbox { |
| michael@0 | 26 | |
| michael@0 | 27 | class AttributeList; |
| michael@0 | 28 | class SharedMemIPCServer; |
| michael@0 | 29 | class ThreadProvider; |
| michael@0 | 30 | |
| michael@0 | 31 | // TargetProcess models a target instance (child process). Objects of this |
| michael@0 | 32 | // class are owned by the Policy used to create them. |
| michael@0 | 33 | class TargetProcess { |
| michael@0 | 34 | public: |
| michael@0 | 35 | // The constructor takes ownership of |initial_token| and |lockdown_token|. |
| michael@0 | 36 | TargetProcess(HANDLE initial_token, HANDLE lockdown_token, HANDLE job, |
| michael@0 | 37 | ThreadProvider* thread_pool); |
| michael@0 | 38 | ~TargetProcess(); |
| michael@0 | 39 | |
| michael@0 | 40 | // TODO(cpu): Currently there does not seem to be a reason to implement |
| michael@0 | 41 | // reference counting for this class since is internal, but kept the |
| michael@0 | 42 | // the same interface so the interception framework does not need to be |
| michael@0 | 43 | // touched at this point. |
| michael@0 | 44 | void AddRef() {} |
| michael@0 | 45 | void Release() {} |
| michael@0 | 46 | |
| michael@0 | 47 | // Creates the new target process. The process is created suspended. |
| michael@0 | 48 | DWORD Create(const wchar_t* exe_path, |
| michael@0 | 49 | const wchar_t* command_line, |
| michael@0 | 50 | bool inherit_handles, |
| michael@0 | 51 | const base::win::StartupInformation& startup_info, |
| michael@0 | 52 | base::win::ScopedProcessInformation* target_info); |
| michael@0 | 53 | |
| michael@0 | 54 | // Destroys the target process. |
| michael@0 | 55 | void Terminate(); |
| michael@0 | 56 | |
| michael@0 | 57 | // Creates the IPC objects such as the BrokerDispatcher and the |
| michael@0 | 58 | // IPC server. The IPC server uses the services of the thread_pool. |
| michael@0 | 59 | DWORD Init(Dispatcher* ipc_dispatcher, void* policy, |
| michael@0 | 60 | uint32 shared_IPC_size, uint32 shared_policy_size); |
| michael@0 | 61 | |
| michael@0 | 62 | // Returns the handle to the target process. |
| michael@0 | 63 | HANDLE Process() const { |
| michael@0 | 64 | return sandbox_process_info_.process_handle(); |
| michael@0 | 65 | } |
| michael@0 | 66 | |
| michael@0 | 67 | // Returns the handle to the job object that the target process belongs to. |
| michael@0 | 68 | HANDLE Job() const { |
| michael@0 | 69 | return job_; |
| michael@0 | 70 | } |
| michael@0 | 71 | |
| michael@0 | 72 | // Returns the address of the target main exe. This is used by the |
| michael@0 | 73 | // interceptions framework. |
| michael@0 | 74 | HMODULE MainModule() const { |
| michael@0 | 75 | return reinterpret_cast<HMODULE>(base_address_); |
| michael@0 | 76 | } |
| michael@0 | 77 | |
| michael@0 | 78 | // Returns the name of the executable. |
| michael@0 | 79 | const wchar_t* Name() const { |
| michael@0 | 80 | return exe_name_.get(); |
| michael@0 | 81 | } |
| michael@0 | 82 | |
| michael@0 | 83 | // Returns the process id. |
| michael@0 | 84 | DWORD ProcessId() const { |
| michael@0 | 85 | return sandbox_process_info_.process_id(); |
| michael@0 | 86 | } |
| michael@0 | 87 | |
| michael@0 | 88 | // Returns the handle to the main thread. |
| michael@0 | 89 | HANDLE MainThread() const { |
| michael@0 | 90 | return sandbox_process_info_.thread_handle(); |
| michael@0 | 91 | } |
| michael@0 | 92 | |
| michael@0 | 93 | // Transfers a 32-bit variable between the broker and the target. |
| michael@0 | 94 | ResultCode TransferVariable(const char* name, void* address, size_t size); |
| michael@0 | 95 | |
| michael@0 | 96 | private: |
| michael@0 | 97 | // Details of the target process. |
| michael@0 | 98 | base::win::ScopedProcessInformation sandbox_process_info_; |
| michael@0 | 99 | // The token associated with the process. It provides the core of the |
| michael@0 | 100 | // sbox security. |
| michael@0 | 101 | base::win::ScopedHandle lockdown_token_; |
| michael@0 | 102 | // The token given to the initial thread so that the target process can |
| michael@0 | 103 | // start. It has more powers than the lockdown_token. |
| michael@0 | 104 | base::win::ScopedHandle initial_token_; |
| michael@0 | 105 | // Kernel handle to the shared memory used by the IPC server. |
| michael@0 | 106 | base::win::ScopedHandle shared_section_; |
| michael@0 | 107 | // Job object containing the target process. |
| michael@0 | 108 | HANDLE job_; |
| michael@0 | 109 | // Reference to the IPC subsystem. |
| michael@0 | 110 | scoped_ptr<SharedMemIPCServer> ipc_server_; |
| michael@0 | 111 | // Provides the threads used by the IPC. This class does not own this pointer. |
| michael@0 | 112 | ThreadProvider* thread_pool_; |
| michael@0 | 113 | // Base address of the main executable |
| michael@0 | 114 | void* base_address_; |
| michael@0 | 115 | // Full name of the target executable. |
| michael@0 | 116 | scoped_ptr_malloc<wchar_t> exe_name_; |
| michael@0 | 117 | |
| michael@0 | 118 | // Function used for testing. |
| michael@0 | 119 | friend TargetProcess* MakeTestTargetProcess(HANDLE process, |
| michael@0 | 120 | HMODULE base_address); |
| michael@0 | 121 | |
| michael@0 | 122 | DISALLOW_IMPLICIT_CONSTRUCTORS(TargetProcess); |
| michael@0 | 123 | }; |
| michael@0 | 124 | |
| michael@0 | 125 | // Creates a mock TargetProcess used for testing interceptions. |
| michael@0 | 126 | // TODO(cpu): It seems that this method is not going to be used anymore. |
| michael@0 | 127 | TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address); |
| michael@0 | 128 | |
| michael@0 | 129 | |
| michael@0 | 130 | } // namespace sandbox |
| michael@0 | 131 | |
| michael@0 | 132 | #endif // SANDBOX_WIN_SRC_TARGET_PROCESS_H_ |
