1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/handle_closer.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,75 @@
1.4 +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#ifndef SANDBOX_SRC_HANDLE_CLOSER_H_
1.9 +#define SANDBOX_SRC_HANDLE_CLOSER_H_
1.10 +
1.11 +#include <map>
1.12 +#include <set>
1.13 +
1.14 +#include "base/basictypes.h"
1.15 +#include "base/strings/string16.h"
1.16 +#include "sandbox/win/src/interception.h"
1.17 +#include "sandbox/win/src/sandbox_types.h"
1.18 +#include "sandbox/win/src/target_process.h"
1.19 +
1.20 +namespace sandbox {
1.21 +
1.22 +// This is a map of handle-types to names that we need to close in the
1.23 +// target process. A null set means we need to close all handles of the
1.24 +// given type.
1.25 +typedef std::map<const string16, std::set<const string16> > HandleMap;
1.26 +
1.27 +// Type and set of corresponding handle names to close.
1.28 +struct HandleListEntry {
1.29 + size_t record_bytes; // Rounded to sizeof(size_t) bytes.
1.30 + size_t offset_to_names; // Nul terminated strings of name_count names.
1.31 + size_t name_count;
1.32 + char16 handle_type[1];
1.33 +};
1.34 +
1.35 +// Global parameters and a pointer to the list of entries.
1.36 +struct HandleCloserInfo {
1.37 + size_t record_bytes; // Rounded to sizeof(size_t) bytes.
1.38 + size_t num_handle_types;
1.39 + struct HandleListEntry handle_entries[1];
1.40 +};
1.41 +
1.42 +SANDBOX_INTERCEPT HandleCloserInfo* g_handle_closer_info;
1.43 +
1.44 +// Adds handles to close after lockdown.
1.45 +class HandleCloser {
1.46 + public:
1.47 + HandleCloser();
1.48 +
1.49 + // Adds a handle that will be closed in the target process after lockdown.
1.50 + // A NULL value for handle_name indicates all handles of the specified type.
1.51 + // An empty string for handle_name indicates the handle is unnamed.
1.52 + ResultCode AddHandle(const char16* handle_type, const char16* handle_name);
1.53 +
1.54 + // Serializes and copies the closer table into the target process.
1.55 + bool InitializeTargetHandles(TargetProcess* target);
1.56 +
1.57 + // Adds any interceptions that may be required due to closed system handles.
1.58 + bool SetupHandleInterceptions(InterceptionManager* manager);
1.59 +
1.60 + private:
1.61 + // Calculates the memory needed to copy the serialized handles list (rounded
1.62 + // to the nearest machine-word size).
1.63 + size_t GetBufferSize();
1.64 +
1.65 + // Serializes the handle list into the target process.
1.66 + bool SetupHandleList(void* buffer, size_t buffer_bytes);
1.67 +
1.68 + HandleMap handles_to_close_;
1.69 +
1.70 + DISALLOW_COPY_AND_ASSIGN(HandleCloser);
1.71 +};
1.72 +
1.73 +// Returns the object manager's name associated with a handle
1.74 +bool GetHandleName(HANDLE handle, string16* handle_name);
1.75 +
1.76 +} // namespace sandbox
1.77 +
1.78 +#endif // SANDBOX_SRC_HANDLE_CLOSER_H_
