The Tor Browser / file revision

security/sandbox/win/src/sandbox_policy_base.h@6474c204b198

security/sandbox/win/src/sandbox_policy_base.h

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

     2 // Use of this source code is governed by a BSD-style license that can be

     3 // found in the LICENSE file.

     4 

     5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_

     6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_

     7 

     8 #include <windows.h>

     9 

    10 #include <list>

    11 #include <vector>

    12 

    13 #include "base/basictypes.h"

    14 #include "base/compiler_specific.h"

    15 #include "base/strings/string16.h"

    16 #include "sandbox/win/src/crosscall_server.h"

    17 #include "sandbox/win/src/handle_closer.h"

    18 #include "sandbox/win/src/ipc_tags.h"

    19 #include "sandbox/win/src/policy_engine_opcodes.h"

    20 #include "sandbox/win/src/policy_engine_params.h"

    21 #include "sandbox/win/src/sandbox_policy.h"

    22 #include "sandbox/win/src/win_utils.h"

    23 

    24 namespace sandbox {

    25 

    26 class AppContainerAttributes;

    27 class LowLevelPolicy;

    28 class TargetProcess;

    29 struct PolicyGlobal;

    30 

    31 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,

    32 // so we have to provide the appropriate handler on the OnMessageReady method.

    33 // There is a static_cast for the handler, and the compiler only performs the

    34 // cast if the first base class is Dispatcher.

    35 class PolicyBase : public Dispatcher, public TargetPolicy {

    36  public:

    37   PolicyBase();

    38 

    39   // TargetPolicy:

    40   virtual void AddRef() OVERRIDE;

    41   virtual void Release() OVERRIDE;

    42   virtual ResultCode SetTokenLevel(TokenLevel initial,

    43                                    TokenLevel lockdown) OVERRIDE;

    44   virtual ResultCode SetJobLevel(JobLevel job_level,

    45                                  uint32 ui_exceptions) OVERRIDE;

    46   virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE;

    47   virtual string16 GetAlternateDesktop() const OVERRIDE;

    48   virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE;

    49   virtual void DestroyAlternateDesktop() OVERRIDE;

    50   virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE;

    51   virtual ResultCode SetDelayedIntegrityLevel(

    52       IntegrityLevel integrity_level) OVERRIDE;

    53   virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE;

    54   virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE;

    55   virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE;

    56   virtual MitigationFlags GetProcessMitigations() OVERRIDE;

    57   virtual ResultCode SetDelayedProcessMitigations(

    58       MitigationFlags flags) OVERRIDE;

    59   virtual MitigationFlags GetDelayedProcessMitigations() OVERRIDE;

    60   virtual void SetStrictInterceptions() OVERRIDE;

    61   virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE;

    62   virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE;

    63   virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,

    64                              const wchar_t* pattern) OVERRIDE;

    65   virtual ResultCode AddDllToUnload(const wchar_t* dll_name);

    66   virtual ResultCode AddKernelObjectToClose(const char16* handle_type,

    67                                             const char16* handle_name) OVERRIDE;

    68 

    69   // Dispatcher:

    70   virtual Dispatcher* OnMessageReady(IPCParams* ipc,

    71                                      CallbackGeneric* callback) OVERRIDE;

    72   virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE;

    73 

    74   // Creates a Job object with the level specified in a previous call to

    75   // SetJobLevel().

    76   ResultCode MakeJobObject(HANDLE* job);

    77 

    78   // Creates the two tokens with the levels specified in a previous call to

    79   // SetTokenLevel().

    80   ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown);

    81 

    82   const AppContainerAttributes* GetAppContainer();

    83 

    84   // Adds a target process to the internal list of targets. Internally a

    85   // call to TargetProcess::Init() is issued.

    86   bool AddTarget(TargetProcess* target);

    87 

    88   // Called when there are no more active processes in a Job.

    89   // Removes a Job object associated with this policy and the target associated

    90   // with the job.

    91   bool OnJobEmpty(HANDLE job);

    92 

    93   EvalResult EvalPolicy(int service, CountedParameterSetBase* params);

    94 

    95   HANDLE GetStdoutHandle();

    96   HANDLE GetStderrHandle();

    97 

    98  private:

    99   ~PolicyBase();

   100 

   101   // Test IPC providers.

   102   bool Ping(IPCInfo* ipc, void* cookie);

   103 

   104   // Returns a dispatcher from ipc_targets_.

   105   Dispatcher* GetDispatcher(int ipc_tag);

   106 

   107   // Sets up interceptions for a new target.

   108   bool SetupAllInterceptions(TargetProcess* target);

   109 

   110   // Sets up the handle closer for a new target.

   111   bool SetupHandleCloser(TargetProcess* target);

   112 

   113   // This lock synchronizes operations on the targets_ collection.

   114   CRITICAL_SECTION lock_;

   115   // Maintains the list of target process associated with this policy.

   116   // The policy takes ownership of them.

   117   typedef std::list<TargetProcess*> TargetSet;

   118   TargetSet targets_;

   119   // Standard object-lifetime reference counter.

   120   volatile LONG ref_count;

   121   // The user-defined global policy settings.

   122   TokenLevel lockdown_level_;

   123   TokenLevel initial_level_;

   124   JobLevel job_level_;

   125   uint32 ui_exceptions_;

   126   bool use_alternate_desktop_;

   127   bool use_alternate_winstation_;

   128   // Helps the file system policy initialization.

   129   bool file_system_init_;

   130   bool relaxed_interceptions_;

   131   HANDLE stdout_handle_;

   132   HANDLE stderr_handle_;

   133   IntegrityLevel integrity_level_;

   134   IntegrityLevel delayed_integrity_level_;

   135   MitigationFlags mitigations_;

   136   MitigationFlags delayed_mitigations_;

   137   // The array of objects that will answer IPC calls.

   138   Dispatcher* ipc_targets_[IPC_LAST_TAG];

   139   // Object in charge of generating the low level policy.

   140   LowLevelPolicy* policy_maker_;

   141   // Memory structure that stores the low level policy.

   142   PolicyGlobal* policy_;

   143   // The list of dlls to unload in the target process.

   144   std::vector<string16> blacklisted_dlls_;

   145   // This is a map of handle-types to names that we need to close in the

   146   // target process. A null set means we need to close all handles of the

   147   // given type.

   148   HandleCloser handle_closer_;

   149   std::vector<string16> capabilities_;

   150   scoped_ptr<AppContainerAttributes> appcontainer_list_;

   151 

   152   static HDESK alternate_desktop_handle_;

   153   static HWINSTA alternate_winstation_handle_;

   154 

   155   DISALLOW_COPY_AND_ASSIGN(PolicyBase);

   156 };

   157 

   158 }  // namespace sandbox

   159 

   160 #endif  // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial