michael@0: // Copyright (c) 2012 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #include "sandbox/win/src/handle_policy.h" michael@0: michael@0: #include michael@0: michael@0: #include "base/win/scoped_handle.h" michael@0: #include "sandbox/win/src/broker_services.h" michael@0: #include "sandbox/win/src/ipc_tags.h" michael@0: #include "sandbox/win/src/policy_engine_opcodes.h" michael@0: #include "sandbox/win/src/policy_params.h" michael@0: #include "sandbox/win/src/sandbox_types.h" michael@0: #include "sandbox/win/src/sandbox_utils.h" michael@0: michael@0: namespace sandbox { michael@0: michael@0: bool HandlePolicy::GenerateRules(const wchar_t* type_name, michael@0: TargetPolicy::Semantics semantics, michael@0: LowLevelPolicy* policy) { michael@0: PolicyRule duplicate_rule(ASK_BROKER); michael@0: michael@0: switch (semantics) { michael@0: case TargetPolicy::HANDLES_DUP_ANY: { michael@0: if (!duplicate_rule.AddNumberMatch(IF_NOT, HandleTarget::TARGET, michael@0: ::GetCurrentProcessId(), EQUAL)) { michael@0: return false; michael@0: } michael@0: break; michael@0: } michael@0: michael@0: case TargetPolicy::HANDLES_DUP_BROKER: { michael@0: if (!duplicate_rule.AddNumberMatch(IF, HandleTarget::TARGET, michael@0: ::GetCurrentProcessId(), EQUAL)) { michael@0: return false; michael@0: } michael@0: break; michael@0: } michael@0: michael@0: default: michael@0: return false; michael@0: } michael@0: if (!duplicate_rule.AddStringMatch(IF, HandleTarget::NAME, type_name, michael@0: CASE_INSENSITIVE)) { michael@0: return false; michael@0: } michael@0: if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &duplicate_rule)) { michael@0: return false; michael@0: } michael@0: return true; michael@0: } michael@0: michael@0: DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result, michael@0: const ClientInfo& client_info, michael@0: HANDLE source_handle, michael@0: DWORD target_process_id, michael@0: HANDLE* target_handle, michael@0: DWORD desired_access, michael@0: DWORD options) { michael@0: // The only action supported is ASK_BROKER which means duplicate the handle. michael@0: if (ASK_BROKER != eval_result) { michael@0: return ERROR_ACCESS_DENIED; michael@0: } michael@0: michael@0: base::win::ScopedHandle remote_target_process; michael@0: if (target_process_id != ::GetCurrentProcessId()) { michael@0: // Sandboxed children are dynamic, so we check that manually. michael@0: if (!BrokerServicesBase::GetInstance()->IsActiveTarget(target_process_id)) { michael@0: return ERROR_ACCESS_DENIED; michael@0: } michael@0: michael@0: remote_target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE, michael@0: target_process_id)); michael@0: if (!remote_target_process.IsValid()) michael@0: return ::GetLastError(); michael@0: } michael@0: michael@0: // If the policy didn't block us and we have no valid target, then the broker michael@0: // (this process) is the valid target. michael@0: HANDLE target_process = remote_target_process.IsValid() ? michael@0: remote_target_process.Get() : ::GetCurrentProcess(); michael@0: DWORD result = ERROR_SUCCESS; michael@0: if (!::DuplicateHandle(client_info.process, source_handle, target_process, michael@0: target_handle, desired_access, FALSE, michael@0: options)) { michael@0: return ::GetLastError(); michael@0: } michael@0: michael@0: return ERROR_SUCCESS; michael@0: } michael@0: michael@0: } // namespace sandbox michael@0: