michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ michael@0: /* vim: set ts=2 et sw=2 tw=80: */ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "sandboxBroker.h" michael@0: #include "sandbox/win/src/sandbox.h" michael@0: #include "sandbox/win/src/sandbox_factory.h" michael@0: michael@0: namespace mozilla michael@0: { michael@0: michael@0: sandbox::BrokerServices *SandboxBroker::sBrokerService = nullptr; michael@0: michael@0: SandboxBroker::SandboxBroker() michael@0: { michael@0: if (!sBrokerService) { michael@0: sBrokerService = sandbox::SandboxFactory::GetBrokerServices(); michael@0: if (sBrokerService) { michael@0: sandbox::ResultCode result = sBrokerService->Init(); michael@0: if (result != sandbox::SBOX_ALL_OK) { michael@0: sBrokerService = nullptr; michael@0: } michael@0: } michael@0: } michael@0: michael@0: // We'll start to increase the restrictions over time. michael@0: mPolicy = sBrokerService->CreatePolicy(); michael@0: } michael@0: michael@0: bool michael@0: SandboxBroker::AllowPipe(const wchar_t *aPath) michael@0: { michael@0: return mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, michael@0: sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, aPath); michael@0: } michael@0: michael@0: bool michael@0: SandboxBroker::LaunchApp(const wchar_t *aPath, michael@0: const wchar_t *aArguments, michael@0: void **aProcessHandle) michael@0: { michael@0: // If the broker service isn't already initialized, do it now michael@0: if (!sBrokerService || !mPolicy) { michael@0: return false; michael@0: } michael@0: michael@0: // Setup the sandbox policy, this is initially: michael@0: // Low integrity, unrestricted, in the same window station, within the michael@0: // same desktop, and has no job object. michael@0: // We'll start to increase the restrictions over time. michael@0: mPolicy->SetJobLevel(sandbox::JOB_NONE, 0); michael@0: mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, michael@0: sandbox::USER_RESTRICTED_SAME_ACCESS); michael@0: mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); michael@0: michael@0: // Set an alternate Desktop within a new window station michael@0: mPolicy->SetAlternateDesktop(false); michael@0: michael@0: // Ceate the sandboxed process michael@0: PROCESS_INFORMATION targetInfo; michael@0: sandbox::ResultCode result; michael@0: result = sBrokerService->SpawnTarget(aPath, aArguments, mPolicy, &targetInfo); michael@0: michael@0: // The sandboxed process is started in a suspended state, resumeit now that michael@0: // we'eve set things up. michael@0: ResumeThread(targetInfo.hThread); michael@0: CloseHandle(targetInfo.hThread); michael@0: michael@0: // Return the process handle to the caller michael@0: *aProcessHandle = targetInfo.hProcess; michael@0: michael@0: return true; michael@0: } michael@0: michael@0: SandboxBroker::~SandboxBroker() michael@0: { michael@0: if (mPolicy) { michael@0: mPolicy->Release(); michael@0: mPolicy = nullptr; michael@0: } michael@0: } michael@0: michael@0: }