The Tor Browser / file comparison
comparison: security/sandbox/win/src/sandbox_policy_base.h
security/sandbox/win/src/sandbox_policy_base.h
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:3e7790eff6ec |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | |
| 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | |
| 7 | |
| 8 #include <windows.h> | |
| 9 | |
| 10 #include <list> | |
| 11 #include <vector> | |
| 12 | |
| 13 #include "base/basictypes.h" | |
| 14 #include "base/compiler_specific.h" | |
| 15 #include "base/strings/string16.h" | |
| 16 #include "sandbox/win/src/crosscall_server.h" | |
| 17 #include "sandbox/win/src/handle_closer.h" | |
| 18 #include "sandbox/win/src/ipc_tags.h" | |
| 19 #include "sandbox/win/src/policy_engine_opcodes.h" | |
| 20 #include "sandbox/win/src/policy_engine_params.h" | |
| 21 #include "sandbox/win/src/sandbox_policy.h" | |
| 22 #include "sandbox/win/src/win_utils.h" | |
| 23 | |
| 24 namespace sandbox { | |
| 25 | |
| 26 class AppContainerAttributes; | |
| 27 class LowLevelPolicy; | |
| 28 class TargetProcess; | |
| 29 struct PolicyGlobal; | |
| 30 | |
| 31 // We act as a policy dispatcher, implementing the handler for the "ping" IPC, | |
| 32 // so we have to provide the appropriate handler on the OnMessageReady method. | |
| 33 // There is a static_cast for the handler, and the compiler only performs the | |
| 34 // cast if the first base class is Dispatcher. | |
| 35 class PolicyBase : public Dispatcher, public TargetPolicy { | |
| 36 public: | |
| 37 PolicyBase(); | |
| 38 | |
| 39 // TargetPolicy: | |
| 40 virtual void AddRef() OVERRIDE; | |
| 41 virtual void Release() OVERRIDE; | |
| 42 virtual ResultCode SetTokenLevel(TokenLevel initial, | |
| 43 TokenLevel lockdown) OVERRIDE; | |
| 44 virtual ResultCode SetJobLevel(JobLevel job_level, | |
| 45 uint32 ui_exceptions) OVERRIDE; | |
| 46 virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE; | |
| 47 virtual string16 GetAlternateDesktop() const OVERRIDE; | |
| 48 virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE; | |
| 49 virtual void DestroyAlternateDesktop() OVERRIDE; | |
| 50 virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE; | |
| 51 virtual ResultCode SetDelayedIntegrityLevel( | |
| 52 IntegrityLevel integrity_level) OVERRIDE; | |
| 53 virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE; | |
| 54 virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE; | |
| 55 virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE; | |
| 56 virtual MitigationFlags GetProcessMitigations() OVERRIDE; | |
| 57 virtual ResultCode SetDelayedProcessMitigations( | |
| 58 MitigationFlags flags) OVERRIDE; | |
| 59 virtual MitigationFlags GetDelayedProcessMitigations() OVERRIDE; | |
| 60 virtual void SetStrictInterceptions() OVERRIDE; | |
| 61 virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE; | |
| 62 virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE; | |
| 63 virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, | |
| 64 const wchar_t* pattern) OVERRIDE; | |
| 65 virtual ResultCode AddDllToUnload(const wchar_t* dll_name); | |
| 66 virtual ResultCode AddKernelObjectToClose(const char16* handle_type, | |
| 67 const char16* handle_name) OVERRIDE; | |
| 68 | |
| 69 // Dispatcher: | |
| 70 virtual Dispatcher* OnMessageReady(IPCParams* ipc, | |
| 71 CallbackGeneric* callback) OVERRIDE; | |
| 72 virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE; | |
| 73 | |
| 74 // Creates a Job object with the level specified in a previous call to | |
| 75 // SetJobLevel(). | |
| 76 ResultCode MakeJobObject(HANDLE* job); | |
| 77 | |
| 78 // Creates the two tokens with the levels specified in a previous call to | |
| 79 // SetTokenLevel(). | |
| 80 ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown); | |
| 81 | |
| 82 const AppContainerAttributes* GetAppContainer(); | |
| 83 | |
| 84 // Adds a target process to the internal list of targets. Internally a | |
| 85 // call to TargetProcess::Init() is issued. | |
| 86 bool AddTarget(TargetProcess* target); | |
| 87 | |
| 88 // Called when there are no more active processes in a Job. | |
| 89 // Removes a Job object associated with this policy and the target associated | |
| 90 // with the job. | |
| 91 bool OnJobEmpty(HANDLE job); | |
| 92 | |
| 93 EvalResult EvalPolicy(int service, CountedParameterSetBase* params); | |
| 94 | |
| 95 HANDLE GetStdoutHandle(); | |
| 96 HANDLE GetStderrHandle(); | |
| 97 | |
| 98 private: | |
| 99 ~PolicyBase(); | |
| 100 | |
| 101 // Test IPC providers. | |
| 102 bool Ping(IPCInfo* ipc, void* cookie); | |
| 103 | |
| 104 // Returns a dispatcher from ipc_targets_. | |
| 105 Dispatcher* GetDispatcher(int ipc_tag); | |
| 106 | |
| 107 // Sets up interceptions for a new target. | |
| 108 bool SetupAllInterceptions(TargetProcess* target); | |
| 109 | |
| 110 // Sets up the handle closer for a new target. | |
| 111 bool SetupHandleCloser(TargetProcess* target); | |
| 112 | |
| 113 // This lock synchronizes operations on the targets_ collection. | |
| 114 CRITICAL_SECTION lock_; | |
| 115 // Maintains the list of target process associated with this policy. | |
| 116 // The policy takes ownership of them. | |
| 117 typedef std::list<TargetProcess*> TargetSet; | |
| 118 TargetSet targets_; | |
| 119 // Standard object-lifetime reference counter. | |
| 120 volatile LONG ref_count; | |
| 121 // The user-defined global policy settings. | |
| 122 TokenLevel lockdown_level_; | |
| 123 TokenLevel initial_level_; | |
| 124 JobLevel job_level_; | |
| 125 uint32 ui_exceptions_; | |
| 126 bool use_alternate_desktop_; | |
| 127 bool use_alternate_winstation_; | |
| 128 // Helps the file system policy initialization. | |
| 129 bool file_system_init_; | |
| 130 bool relaxed_interceptions_; | |
| 131 HANDLE stdout_handle_; | |
| 132 HANDLE stderr_handle_; | |
| 133 IntegrityLevel integrity_level_; | |
| 134 IntegrityLevel delayed_integrity_level_; | |
| 135 MitigationFlags mitigations_; | |
| 136 MitigationFlags delayed_mitigations_; | |
| 137 // The array of objects that will answer IPC calls. | |
| 138 Dispatcher* ipc_targets_[IPC_LAST_TAG]; | |
| 139 // Object in charge of generating the low level policy. | |
| 140 LowLevelPolicy* policy_maker_; | |
| 141 // Memory structure that stores the low level policy. | |
| 142 PolicyGlobal* policy_; | |
| 143 // The list of dlls to unload in the target process. | |
| 144 std::vector<string16> blacklisted_dlls_; | |
| 145 // This is a map of handle-types to names that we need to close in the | |
| 146 // target process. A null set means we need to close all handles of the | |
| 147 // given type. | |
| 148 HandleCloser handle_closer_; | |
| 149 std::vector<string16> capabilities_; | |
| 150 scoped_ptr<AppContainerAttributes> appcontainer_list_; | |
| 151 | |
| 152 static HDESK alternate_desktop_handle_; | |
| 153 static HWINSTA alternate_winstation_handle_; | |
| 154 | |
| 155 DISALLOW_COPY_AND_ASSIGN(PolicyBase); | |
| 156 }; | |
| 157 | |
| 158 } // namespace sandbox | |
| 159 | |
| 160 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
