diff -r 000000000000 -r 6474c204b198 security/sandbox/win/src/broker_services.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/sandbox/win/src/broker_services.h Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,114 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef SANDBOX_WIN_SRC_BROKER_SERVICES_H_ +#define SANDBOX_WIN_SRC_BROKER_SERVICES_H_ + +#include +#include +#include +#include "base/basictypes.h" +#include "base/compiler_specific.h" +#include "base/win/scoped_handle.h" +#include "sandbox/win/src/crosscall_server.h" +#include "sandbox/win/src/job.h" +#include "sandbox/win/src/sandbox.h" +#include "sandbox/win/src/sharedmem_ipc_server.h" +#include "sandbox/win/src/win2k_threadpool.h" +#include "sandbox/win/src/win_utils.h" + +namespace { + +struct JobTracker; +struct PeerTracker; + +} // namespace + +namespace sandbox { + +class PolicyBase; + +// BrokerServicesBase --------------------------------------------------------- +// Broker implementation version 0 +// +// This is an implementation of the interface BrokerServices and +// of the associated TargetProcess interface. In this implementation +// TargetProcess is a friend of BrokerServices where the later manages a +// collection of the former. +class BrokerServicesBase : public BrokerServices, + public SingletonBase { + public: + BrokerServicesBase(); + + ~BrokerServicesBase(); + + // BrokerServices interface. + virtual ResultCode Init() OVERRIDE; + virtual TargetPolicy* CreatePolicy() OVERRIDE; + virtual ResultCode SpawnTarget(const wchar_t* exe_path, + const wchar_t* command_line, + TargetPolicy* policy, + PROCESS_INFORMATION* target) OVERRIDE; + virtual ResultCode WaitForAllTargets() OVERRIDE; + virtual ResultCode AddTargetPeer(HANDLE peer_process) OVERRIDE; + virtual ResultCode InstallAppContainer(const wchar_t* sid, + const wchar_t* name) OVERRIDE; + virtual ResultCode UninstallAppContainer(const wchar_t* sid) OVERRIDE; + + // Checks if the supplied process ID matches one of the broker's active + // target processes + // Returns: + // true if there is an active target process for this ID, otherwise false. + bool IsActiveTarget(DWORD process_id); + + private: + // Releases the Job and notifies the associated Policy object to its + // resources as well. + static void FreeResources(JobTracker* tracker); + + // The routine that the worker thread executes. It is in charge of + // notifications and cleanup-related tasks. + static DWORD WINAPI TargetEventsThread(PVOID param); + + // Removes a target peer from the process list if it expires. + static VOID CALLBACK RemovePeer(PVOID parameter, BOOLEAN timeout); + + // The completion port used by the job objects to communicate events to + // the worker thread. + HANDLE job_port_; + + // Handle to a manual-reset event that is signaled when the total target + // process count reaches zero. + HANDLE no_targets_; + + // Handle to the worker thread that reacts to job notifications. + HANDLE job_thread_; + + // Lock used to protect the list of targets from being modified by 2 + // threads at the same time. + CRITICAL_SECTION lock_; + + // provides a pool of threads that are used to wait on the IPC calls. + ThreadProvider* thread_pool_; + + // List of the trackers for closing and cleanup purposes. + typedef std::list JobTrackerList; + JobTrackerList tracker_list_; + + // Maps peer process IDs to the saved handle and wait event. + // Prevents peer callbacks from accessing the broker after destruction. + typedef std::map PeerTrackerMap; + PeerTrackerMap peer_map_; + + // Provides a fast lookup to identify sandboxed processes that belong to a + // job. Consult |jobless_process_handles_| for handles of pocess without job. + std::set child_process_ids_; + + DISALLOW_COPY_AND_ASSIGN(BrokerServicesBase); +}; + +} // namespace sandbox + + +#endif // SANDBOX_WIN_SRC_BROKER_SERVICES_H_