michael@0: // Copyright (c) 2011 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ michael@0: #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ michael@0: michael@0: #include michael@0: michael@0: #include michael@0: #include michael@0: michael@0: #include "base/basictypes.h" michael@0: #include "base/compiler_specific.h" michael@0: #include "base/strings/string16.h" michael@0: #include "sandbox/win/src/crosscall_server.h" michael@0: #include "sandbox/win/src/handle_closer.h" michael@0: #include "sandbox/win/src/ipc_tags.h" michael@0: #include "sandbox/win/src/policy_engine_opcodes.h" michael@0: #include "sandbox/win/src/policy_engine_params.h" michael@0: #include "sandbox/win/src/sandbox_policy.h" michael@0: #include "sandbox/win/src/win_utils.h" michael@0: michael@0: namespace sandbox { michael@0: michael@0: class AppContainerAttributes; michael@0: class LowLevelPolicy; michael@0: class TargetProcess; michael@0: struct PolicyGlobal; michael@0: michael@0: // We act as a policy dispatcher, implementing the handler for the "ping" IPC, michael@0: // so we have to provide the appropriate handler on the OnMessageReady method. michael@0: // There is a static_cast for the handler, and the compiler only performs the michael@0: // cast if the first base class is Dispatcher. michael@0: class PolicyBase : public Dispatcher, public TargetPolicy { michael@0: public: michael@0: PolicyBase(); michael@0: michael@0: // TargetPolicy: michael@0: virtual void AddRef() OVERRIDE; michael@0: virtual void Release() OVERRIDE; michael@0: virtual ResultCode SetTokenLevel(TokenLevel initial, michael@0: TokenLevel lockdown) OVERRIDE; michael@0: virtual ResultCode SetJobLevel(JobLevel job_level, michael@0: uint32 ui_exceptions) OVERRIDE; michael@0: virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE; michael@0: virtual string16 GetAlternateDesktop() const OVERRIDE; michael@0: virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE; michael@0: virtual void DestroyAlternateDesktop() OVERRIDE; michael@0: virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE; michael@0: virtual ResultCode SetDelayedIntegrityLevel( michael@0: IntegrityLevel integrity_level) OVERRIDE; michael@0: virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE; michael@0: virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE; michael@0: virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE; michael@0: virtual MitigationFlags GetProcessMitigations() OVERRIDE; michael@0: virtual ResultCode SetDelayedProcessMitigations( michael@0: MitigationFlags flags) OVERRIDE; michael@0: virtual MitigationFlags GetDelayedProcessMitigations() OVERRIDE; michael@0: virtual void SetStrictInterceptions() OVERRIDE; michael@0: virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE; michael@0: virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE; michael@0: virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, michael@0: const wchar_t* pattern) OVERRIDE; michael@0: virtual ResultCode AddDllToUnload(const wchar_t* dll_name); michael@0: virtual ResultCode AddKernelObjectToClose(const char16* handle_type, michael@0: const char16* handle_name) OVERRIDE; michael@0: michael@0: // Dispatcher: michael@0: virtual Dispatcher* OnMessageReady(IPCParams* ipc, michael@0: CallbackGeneric* callback) OVERRIDE; michael@0: virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE; michael@0: michael@0: // Creates a Job object with the level specified in a previous call to michael@0: // SetJobLevel(). michael@0: ResultCode MakeJobObject(HANDLE* job); michael@0: michael@0: // Creates the two tokens with the levels specified in a previous call to michael@0: // SetTokenLevel(). michael@0: ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown); michael@0: michael@0: const AppContainerAttributes* GetAppContainer(); michael@0: michael@0: // Adds a target process to the internal list of targets. Internally a michael@0: // call to TargetProcess::Init() is issued. michael@0: bool AddTarget(TargetProcess* target); michael@0: michael@0: // Called when there are no more active processes in a Job. michael@0: // Removes a Job object associated with this policy and the target associated michael@0: // with the job. michael@0: bool OnJobEmpty(HANDLE job); michael@0: michael@0: EvalResult EvalPolicy(int service, CountedParameterSetBase* params); michael@0: michael@0: HANDLE GetStdoutHandle(); michael@0: HANDLE GetStderrHandle(); michael@0: michael@0: private: michael@0: ~PolicyBase(); michael@0: michael@0: // Test IPC providers. michael@0: bool Ping(IPCInfo* ipc, void* cookie); michael@0: michael@0: // Returns a dispatcher from ipc_targets_. michael@0: Dispatcher* GetDispatcher(int ipc_tag); michael@0: michael@0: // Sets up interceptions for a new target. michael@0: bool SetupAllInterceptions(TargetProcess* target); michael@0: michael@0: // Sets up the handle closer for a new target. michael@0: bool SetupHandleCloser(TargetProcess* target); michael@0: michael@0: // This lock synchronizes operations on the targets_ collection. michael@0: CRITICAL_SECTION lock_; michael@0: // Maintains the list of target process associated with this policy. michael@0: // The policy takes ownership of them. michael@0: typedef std::list TargetSet; michael@0: TargetSet targets_; michael@0: // Standard object-lifetime reference counter. michael@0: volatile LONG ref_count; michael@0: // The user-defined global policy settings. michael@0: TokenLevel lockdown_level_; michael@0: TokenLevel initial_level_; michael@0: JobLevel job_level_; michael@0: uint32 ui_exceptions_; michael@0: bool use_alternate_desktop_; michael@0: bool use_alternate_winstation_; michael@0: // Helps the file system policy initialization. michael@0: bool file_system_init_; michael@0: bool relaxed_interceptions_; michael@0: HANDLE stdout_handle_; michael@0: HANDLE stderr_handle_; michael@0: IntegrityLevel integrity_level_; michael@0: IntegrityLevel delayed_integrity_level_; michael@0: MitigationFlags mitigations_; michael@0: MitigationFlags delayed_mitigations_; michael@0: // The array of objects that will answer IPC calls. michael@0: Dispatcher* ipc_targets_[IPC_LAST_TAG]; michael@0: // Object in charge of generating the low level policy. michael@0: LowLevelPolicy* policy_maker_; michael@0: // Memory structure that stores the low level policy. michael@0: PolicyGlobal* policy_; michael@0: // The list of dlls to unload in the target process. michael@0: std::vector blacklisted_dlls_; michael@0: // This is a map of handle-types to names that we need to close in the michael@0: // target process. A null set means we need to close all handles of the michael@0: // given type. michael@0: HandleCloser handle_closer_; michael@0: std::vector capabilities_; michael@0: scoped_ptr appcontainer_list_; michael@0: michael@0: static HDESK alternate_desktop_handle_; michael@0: static HWINSTA alternate_winstation_handle_; michael@0: michael@0: DISALLOW_COPY_AND_ASSIGN(PolicyBase); michael@0: }; michael@0: michael@0: } // namespace sandbox michael@0: michael@0: #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_