The Tor Browser / file revision

security/sandbox/win/src/target_process.h@b8a032363ba2

security/sandbox/win/src/target_process.h

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

     2 // Use of this source code is governed by a BSD-style license that can be

     3 // found in the LICENSE file.

     4 

     5 #ifndef SANDBOX_WIN_SRC_TARGET_PROCESS_H_

     6 #define SANDBOX_WIN_SRC_TARGET_PROCESS_H_

     7 

     8 #include <windows.h>

     9 

    10 #include "base/basictypes.h"

    11 #include "base/memory/scoped_ptr.h"

    12 #include "base/win/scoped_handle.h"

    13 #include "base/win/scoped_process_information.h"

    14 #include "sandbox/win/src/crosscall_server.h"

    15 #include "sandbox/win/src/sandbox_types.h"

    16 

    17 namespace base {

    18 namespace win {

    19 

    20 class StartupInformation;

    21 

    22 };  // namespace win

    23 };  // namespace base

    24 

    25 namespace sandbox {

    26 

    27 class AttributeList;

    28 class SharedMemIPCServer;

    29 class ThreadProvider;

    30 

    31 // TargetProcess models a target instance (child process). Objects of this

    32 // class are owned by the Policy used to create them.

    33 class TargetProcess {

    34  public:

    35   // The constructor takes ownership of |initial_token| and |lockdown_token|.

    36   TargetProcess(HANDLE initial_token, HANDLE lockdown_token, HANDLE job,

    37                 ThreadProvider* thread_pool);

    38   ~TargetProcess();

    39 

    40   // TODO(cpu): Currently there does not seem to be a reason to implement

    41   // reference counting for this class since is internal, but kept the

    42   // the same interface so the interception framework does not need to be

    43   // touched at this point.

    44   void AddRef() {}

    45   void Release() {}

    46 

    47   // Creates the new target process. The process is created suspended.

    48   DWORD Create(const wchar_t* exe_path,

    49                const wchar_t* command_line,

    50                bool inherit_handles,

    51                const base::win::StartupInformation& startup_info,

    52                base::win::ScopedProcessInformation* target_info);

    53 

    54   // Destroys the target process.

    55   void Terminate();

    56 

    57   // Creates the IPC objects such as the BrokerDispatcher and the

    58   // IPC server. The IPC server uses the services of the thread_pool.

    59   DWORD Init(Dispatcher* ipc_dispatcher, void* policy,

    60              uint32 shared_IPC_size, uint32 shared_policy_size);

    61 

    62   // Returns the handle to the target process.

    63   HANDLE Process() const {

    64     return sandbox_process_info_.process_handle();

    65   }

    66 

    67   // Returns the handle to the job object that the target process belongs to.

    68   HANDLE Job() const {

    69     return job_;

    70   }

    71 

    72   // Returns the address of the target main exe. This is used by the

    73   // interceptions framework.

    74   HMODULE MainModule() const {

    75     return reinterpret_cast<HMODULE>(base_address_);

    76   }

    77 

    78   // Returns the name of the executable.

    79   const wchar_t* Name() const {

    80     return exe_name_.get();

    81   }

    82 

    83   // Returns the process id.

    84   DWORD ProcessId() const {

    85     return sandbox_process_info_.process_id();

    86   }

    87 

    88   // Returns the handle to the main thread.

    89   HANDLE MainThread() const {

    90     return sandbox_process_info_.thread_handle();

    91   }

    92 

    93   // Transfers a 32-bit variable between the broker and the target.

    94   ResultCode TransferVariable(const char* name, void* address, size_t size);

    95 

    96  private:

    97   // Details of the target process.

    98   base::win::ScopedProcessInformation sandbox_process_info_;

    99   // The token associated with the process. It provides the core of the

   100   // sbox security.

   101   base::win::ScopedHandle lockdown_token_;

   102   // The token given to the initial thread so that the target process can

   103   // start. It has more powers than the lockdown_token.

   104   base::win::ScopedHandle initial_token_;

   105   // Kernel handle to the shared memory used by the IPC server.

   106   base::win::ScopedHandle shared_section_;

   107   // Job object containing the target process.

   108   HANDLE job_;

   109   // Reference to the IPC subsystem.

   110   scoped_ptr<SharedMemIPCServer> ipc_server_;

   111   // Provides the threads used by the IPC. This class does not own this pointer.

   112   ThreadProvider* thread_pool_;

   113   // Base address of the main executable

   114   void* base_address_;

   115   // Full name of the target executable.

   116   scoped_ptr_malloc<wchar_t> exe_name_;

   117 

   118   // Function used for testing.

   119   friend TargetProcess* MakeTestTargetProcess(HANDLE process,

   120                                               HMODULE base_address);

   121 

   122   DISALLOW_IMPLICIT_CONSTRUCTORS(TargetProcess);

   123 };

   124 

   125 // Creates a mock TargetProcess used for testing interceptions.

   126 // TODO(cpu): It seems that this method is not going to be used anymore.

   127 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address);

   128 

   129 

   130 }  // namespace sandbox

   131 

   132 #endif  // SANDBOX_WIN_SRC_TARGET_PROCESS_H_

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial