1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,85 @@
1.4 +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
1.5 +/* vim: set ts=2 et sw=2 tw=80: */
1.6 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.7 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.9 +
1.10 +#include "sandboxBroker.h"
1.11 +#include "sandbox/win/src/sandbox.h"
1.12 +#include "sandbox/win/src/sandbox_factory.h"
1.13 +
1.14 +namespace mozilla
1.15 +{
1.16 +
1.17 +sandbox::BrokerServices *SandboxBroker::sBrokerService = nullptr;
1.18 +
1.19 +SandboxBroker::SandboxBroker()
1.20 +{
1.21 + if (!sBrokerService) {
1.22 + sBrokerService = sandbox::SandboxFactory::GetBrokerServices();
1.23 + if (sBrokerService) {
1.24 + sandbox::ResultCode result = sBrokerService->Init();
1.25 + if (result != sandbox::SBOX_ALL_OK) {
1.26 + sBrokerService = nullptr;
1.27 + }
1.28 + }
1.29 + }
1.30 +
1.31 + // We'll start to increase the restrictions over time.
1.32 + mPolicy = sBrokerService->CreatePolicy();
1.33 +}
1.34 +
1.35 +bool
1.36 +SandboxBroker::AllowPipe(const wchar_t *aPath)
1.37 +{
1.38 + return mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
1.39 + sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, aPath);
1.40 +}
1.41 +
1.42 +bool
1.43 +SandboxBroker::LaunchApp(const wchar_t *aPath,
1.44 + const wchar_t *aArguments,
1.45 + void **aProcessHandle)
1.46 +{
1.47 + // If the broker service isn't already initialized, do it now
1.48 + if (!sBrokerService || !mPolicy) {
1.49 + return false;
1.50 + }
1.51 +
1.52 + // Setup the sandbox policy, this is initially:
1.53 + // Low integrity, unrestricted, in the same window station, within the
1.54 + // same desktop, and has no job object.
1.55 + // We'll start to increase the restrictions over time.
1.56 + mPolicy->SetJobLevel(sandbox::JOB_NONE, 0);
1.57 + mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
1.58 + sandbox::USER_RESTRICTED_SAME_ACCESS);
1.59 + mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
1.60 +
1.61 + // Set an alternate Desktop within a new window station
1.62 + mPolicy->SetAlternateDesktop(false);
1.63 +
1.64 + // Ceate the sandboxed process
1.65 + PROCESS_INFORMATION targetInfo;
1.66 + sandbox::ResultCode result;
1.67 + result = sBrokerService->SpawnTarget(aPath, aArguments, mPolicy, &targetInfo);
1.68 +
1.69 + // The sandboxed process is started in a suspended state, resumeit now that
1.70 + // we'eve set things up.
1.71 + ResumeThread(targetInfo.hThread);
1.72 + CloseHandle(targetInfo.hThread);
1.73 +
1.74 + // Return the process handle to the caller
1.75 + *aProcessHandle = targetInfo.hProcess;
1.76 +
1.77 + return true;
1.78 +}
1.79 +
1.80 +SandboxBroker::~SandboxBroker()
1.81 +{
1.82 + if (mPolicy) {
1.83 + mPolicy->Release();
1.84 + mPolicy = nullptr;
1.85 + }
1.86 +}
1.87 +
1.88 +}
