1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/sandbox_policy_base.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,160 @@
1.4 +// Copyright (c) 2011 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
1.9 +#define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
1.10 +
1.11 +#include <windows.h>
1.12 +
1.13 +#include <list>
1.14 +#include <vector>
1.15 +
1.16 +#include "base/basictypes.h"
1.17 +#include "base/compiler_specific.h"
1.18 +#include "base/strings/string16.h"
1.19 +#include "sandbox/win/src/crosscall_server.h"
1.20 +#include "sandbox/win/src/handle_closer.h"
1.21 +#include "sandbox/win/src/ipc_tags.h"
1.22 +#include "sandbox/win/src/policy_engine_opcodes.h"
1.23 +#include "sandbox/win/src/policy_engine_params.h"
1.24 +#include "sandbox/win/src/sandbox_policy.h"
1.25 +#include "sandbox/win/src/win_utils.h"
1.26 +
1.27 +namespace sandbox {
1.28 +
1.29 +class AppContainerAttributes;
1.30 +class LowLevelPolicy;
1.31 +class TargetProcess;
1.32 +struct PolicyGlobal;
1.33 +
1.34 +// We act as a policy dispatcher, implementing the handler for the "ping" IPC,
1.35 +// so we have to provide the appropriate handler on the OnMessageReady method.
1.36 +// There is a static_cast for the handler, and the compiler only performs the
1.37 +// cast if the first base class is Dispatcher.
1.38 +class PolicyBase : public Dispatcher, public TargetPolicy {
1.39 + public:
1.40 + PolicyBase();
1.41 +
1.42 + // TargetPolicy:
1.43 + virtual void AddRef() OVERRIDE;
1.44 + virtual void Release() OVERRIDE;
1.45 + virtual ResultCode SetTokenLevel(TokenLevel initial,
1.46 + TokenLevel lockdown) OVERRIDE;
1.47 + virtual ResultCode SetJobLevel(JobLevel job_level,
1.48 + uint32 ui_exceptions) OVERRIDE;
1.49 + virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE;
1.50 + virtual string16 GetAlternateDesktop() const OVERRIDE;
1.51 + virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE;
1.52 + virtual void DestroyAlternateDesktop() OVERRIDE;
1.53 + virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE;
1.54 + virtual ResultCode SetDelayedIntegrityLevel(
1.55 + IntegrityLevel integrity_level) OVERRIDE;
1.56 + virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE;
1.57 + virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE;
1.58 + virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE;
1.59 + virtual MitigationFlags GetProcessMitigations() OVERRIDE;
1.60 + virtual ResultCode SetDelayedProcessMitigations(
1.61 + MitigationFlags flags) OVERRIDE;
1.62 + virtual MitigationFlags GetDelayedProcessMitigations() OVERRIDE;
1.63 + virtual void SetStrictInterceptions() OVERRIDE;
1.64 + virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE;
1.65 + virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE;
1.66 + virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
1.67 + const wchar_t* pattern) OVERRIDE;
1.68 + virtual ResultCode AddDllToUnload(const wchar_t* dll_name);
1.69 + virtual ResultCode AddKernelObjectToClose(const char16* handle_type,
1.70 + const char16* handle_name) OVERRIDE;
1.71 +
1.72 + // Dispatcher:
1.73 + virtual Dispatcher* OnMessageReady(IPCParams* ipc,
1.74 + CallbackGeneric* callback) OVERRIDE;
1.75 + virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE;
1.76 +
1.77 + // Creates a Job object with the level specified in a previous call to
1.78 + // SetJobLevel().
1.79 + ResultCode MakeJobObject(HANDLE* job);
1.80 +
1.81 + // Creates the two tokens with the levels specified in a previous call to
1.82 + // SetTokenLevel().
1.83 + ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown);
1.84 +
1.85 + const AppContainerAttributes* GetAppContainer();
1.86 +
1.87 + // Adds a target process to the internal list of targets. Internally a
1.88 + // call to TargetProcess::Init() is issued.
1.89 + bool AddTarget(TargetProcess* target);
1.90 +
1.91 + // Called when there are no more active processes in a Job.
1.92 + // Removes a Job object associated with this policy and the target associated
1.93 + // with the job.
1.94 + bool OnJobEmpty(HANDLE job);
1.95 +
1.96 + EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
1.97 +
1.98 + HANDLE GetStdoutHandle();
1.99 + HANDLE GetStderrHandle();
1.100 +
1.101 + private:
1.102 + ~PolicyBase();
1.103 +
1.104 + // Test IPC providers.
1.105 + bool Ping(IPCInfo* ipc, void* cookie);
1.106 +
1.107 + // Returns a dispatcher from ipc_targets_.
1.108 + Dispatcher* GetDispatcher(int ipc_tag);
1.109 +
1.110 + // Sets up interceptions for a new target.
1.111 + bool SetupAllInterceptions(TargetProcess* target);
1.112 +
1.113 + // Sets up the handle closer for a new target.
1.114 + bool SetupHandleCloser(TargetProcess* target);
1.115 +
1.116 + // This lock synchronizes operations on the targets_ collection.
1.117 + CRITICAL_SECTION lock_;
1.118 + // Maintains the list of target process associated with this policy.
1.119 + // The policy takes ownership of them.
1.120 + typedef std::list<TargetProcess*> TargetSet;
1.121 + TargetSet targets_;
1.122 + // Standard object-lifetime reference counter.
1.123 + volatile LONG ref_count;
1.124 + // The user-defined global policy settings.
1.125 + TokenLevel lockdown_level_;
1.126 + TokenLevel initial_level_;
1.127 + JobLevel job_level_;
1.128 + uint32 ui_exceptions_;
1.129 + bool use_alternate_desktop_;
1.130 + bool use_alternate_winstation_;
1.131 + // Helps the file system policy initialization.
1.132 + bool file_system_init_;
1.133 + bool relaxed_interceptions_;
1.134 + HANDLE stdout_handle_;
1.135 + HANDLE stderr_handle_;
1.136 + IntegrityLevel integrity_level_;
1.137 + IntegrityLevel delayed_integrity_level_;
1.138 + MitigationFlags mitigations_;
1.139 + MitigationFlags delayed_mitigations_;
1.140 + // The array of objects that will answer IPC calls.
1.141 + Dispatcher* ipc_targets_[IPC_LAST_TAG];
1.142 + // Object in charge of generating the low level policy.
1.143 + LowLevelPolicy* policy_maker_;
1.144 + // Memory structure that stores the low level policy.
1.145 + PolicyGlobal* policy_;
1.146 + // The list of dlls to unload in the target process.
1.147 + std::vector<string16> blacklisted_dlls_;
1.148 + // This is a map of handle-types to names that we need to close in the
1.149 + // target process. A null set means we need to close all handles of the
1.150 + // given type.
1.151 + HandleCloser handle_closer_;
1.152 + std::vector<string16> capabilities_;
1.153 + scoped_ptr<AppContainerAttributes> appcontainer_list_;
1.154 +
1.155 + static HDESK alternate_desktop_handle_;
1.156 + static HWINSTA alternate_winstation_handle_;
1.157 +
1.158 + DISALLOW_COPY_AND_ASSIGN(PolicyBase);
1.159 +};
1.160 +
1.161 +} // namespace sandbox
1.162 +
1.163 +#endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
