security/sandbox/win/src/handle_policy.cc@6474c204b198
security/sandbox/win/src/handle_policy.cc
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/handle_policy.h"
7 #include <string>
9 #include "base/win/scoped_handle.h"
10 #include "sandbox/win/src/broker_services.h"
11 #include "sandbox/win/src/ipc_tags.h"
12 #include "sandbox/win/src/policy_engine_opcodes.h"
13 #include "sandbox/win/src/policy_params.h"
14 #include "sandbox/win/src/sandbox_types.h"
15 #include "sandbox/win/src/sandbox_utils.h"
17 namespace sandbox {
19 bool HandlePolicy::GenerateRules(const wchar_t* type_name,
20 TargetPolicy::Semantics semantics,
21 LowLevelPolicy* policy) {
22 PolicyRule duplicate_rule(ASK_BROKER);
24 switch (semantics) {
25 case TargetPolicy::HANDLES_DUP_ANY: {
26 if (!duplicate_rule.AddNumberMatch(IF_NOT, HandleTarget::TARGET,
27 ::GetCurrentProcessId(), EQUAL)) {
28 return false;
29 }
30 break;
31 }
33 case TargetPolicy::HANDLES_DUP_BROKER: {
34 if (!duplicate_rule.AddNumberMatch(IF, HandleTarget::TARGET,
35 ::GetCurrentProcessId(), EQUAL)) {
36 return false;
37 }
38 break;
39 }
41 default:
42 return false;
43 }
44 if (!duplicate_rule.AddStringMatch(IF, HandleTarget::NAME, type_name,
45 CASE_INSENSITIVE)) {
46 return false;
47 }
48 if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &duplicate_rule)) {
49 return false;
50 }
51 return true;
52 }
54 DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,
55 const ClientInfo& client_info,
56 HANDLE source_handle,
57 DWORD target_process_id,
58 HANDLE* target_handle,
59 DWORD desired_access,
60 DWORD options) {
61 // The only action supported is ASK_BROKER which means duplicate the handle.
62 if (ASK_BROKER != eval_result) {
63 return ERROR_ACCESS_DENIED;
64 }
66 base::win::ScopedHandle remote_target_process;
67 if (target_process_id != ::GetCurrentProcessId()) {
68 // Sandboxed children are dynamic, so we check that manually.
69 if (!BrokerServicesBase::GetInstance()->IsActiveTarget(target_process_id)) {
70 return ERROR_ACCESS_DENIED;
71 }
73 remote_target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
74 target_process_id));
75 if (!remote_target_process.IsValid())
76 return ::GetLastError();
77 }
79 // If the policy didn't block us and we have no valid target, then the broker
80 // (this process) is the valid target.
81 HANDLE target_process = remote_target_process.IsValid() ?
82 remote_target_process.Get() : ::GetCurrentProcess();
83 DWORD result = ERROR_SUCCESS;
84 if (!::DuplicateHandle(client_info.process, source_handle, target_process,
85 target_handle, desired_access, FALSE,
86 options)) {
87 return ::GetLastError();
88 }
90 return ERROR_SUCCESS;
91 }
93 } // namespace sandbox
