Chromium Code Reviews Chromium Code Reviews
Issue 10690058:
Add sandbox support for Windows process mitigations (Closed)
Base URL: https://src.chromium.org/svn/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
| 11 #include "sandbox/win/src/app_container.h" | 11 #include "sandbox/win/src/app_container.h" |
| 12 #include "sandbox/win/src/filesystem_dispatcher.h" | 12 #include "sandbox/win/src/filesystem_dispatcher.h" |
| 13 #include "sandbox/win/src/filesystem_policy.h" | 13 #include "sandbox/win/src/filesystem_policy.h" |
| 14 #include "sandbox/win/src/handle_dispatcher.h" | 14 #include "sandbox/win/src/handle_dispatcher.h" |
| 15 #include "sandbox/win/src/handle_policy.h" | 15 #include "sandbox/win/src/handle_policy.h" |
| 16 #include "sandbox/win/src/job.h" | 16 #include "sandbox/win/src/job.h" |
| 17 #include "sandbox/win/src/interception.h" | 17 #include "sandbox/win/src/interception.h" |
| 18 #include "sandbox/win/src/process_mitigations.h" | |
| 18 #include "sandbox/win/src/named_pipe_dispatcher.h" | 19 #include "sandbox/win/src/named_pipe_dispatcher.h" |
| 19 #include "sandbox/win/src/named_pipe_policy.h" | 20 #include "sandbox/win/src/named_pipe_policy.h" |
| 20 #include "sandbox/win/src/policy_broker.h" | 21 #include "sandbox/win/src/policy_broker.h" |
| 21 #include "sandbox/win/src/policy_engine_processor.h" | 22 #include "sandbox/win/src/policy_engine_processor.h" |
| 22 #include "sandbox/win/src/policy_low_level.h" | 23 #include "sandbox/win/src/policy_low_level.h" |
| 23 #include "sandbox/win/src/process_thread_dispatcher.h" | 24 #include "sandbox/win/src/process_thread_dispatcher.h" |
| 24 #include "sandbox/win/src/process_thread_policy.h" | 25 #include "sandbox/win/src/process_thread_policy.h" |
| 25 #include "sandbox/win/src/registry_dispatcher.h" | 26 #include "sandbox/win/src/registry_dispatcher.h" |
| 26 #include "sandbox/win/src/registry_policy.h" | 27 #include "sandbox/win/src/registry_policy.h" |
| 27 #include "sandbox/win/src/restricted_token_utils.h" | 28 #include "sandbox/win/src/restricted_token_utils.h" |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 46 memset(mem, 0, kTotalPolicySz); | 47 memset(mem, 0, kTotalPolicySz); |
| 47 sandbox::PolicyGlobal* policy = reinterpret_cast<sandbox::PolicyGlobal*>(mem); | 48 sandbox::PolicyGlobal* policy = reinterpret_cast<sandbox::PolicyGlobal*>(mem); |
| 48 policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal); | 49 policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal); |
| 49 return policy; | 50 return policy; |
| 50 } | 51 } |
| 51 } | 52 } |
| 52 | 53 |
| 53 namespace sandbox { | 54 namespace sandbox { |
| 54 | 55 |
| 55 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; | 56 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; |
| 56 | 57 |
|
rvargas (doing something else)
2012/09/08 02:23:32
remove
jschuh
2012/09/10 23:58:48
Done.
| |
| 58 SANDBOX_INTERCEPT uint64 g_shared_delayed_mitigations; | |
| 59 | |
| 57 // Initializes static members. | 60 // Initializes static members. |
| 58 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; | 61 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; |
| 59 HDESK PolicyBase::alternate_desktop_handle_ = NULL; | 62 HDESK PolicyBase::alternate_desktop_handle_ = NULL; |
| 60 | 63 |
| 61 PolicyBase::PolicyBase() | 64 PolicyBase::PolicyBase() |
| 62 : ref_count(1), | 65 : ref_count(1), |
| 63 lockdown_level_(USER_LOCKDOWN), | 66 lockdown_level_(USER_LOCKDOWN), |
| 64 initial_level_(USER_LOCKDOWN), | 67 initial_level_(USER_LOCKDOWN), |
| 65 job_level_(JOB_LOCKDOWN), | 68 job_level_(JOB_LOCKDOWN), |
| 66 ui_exceptions_(0), | 69 ui_exceptions_(0), |
| 67 use_alternate_desktop_(false), | 70 use_alternate_desktop_(false), |
| 68 use_alternate_winstation_(false), | 71 use_alternate_winstation_(false), |
| 69 file_system_init_(false), | 72 file_system_init_(false), |
| 70 relaxed_interceptions_(true), | 73 relaxed_interceptions_(true), |
| 71 integrity_level_(INTEGRITY_LEVEL_LAST), | 74 integrity_level_(INTEGRITY_LEVEL_LAST), |
| 72 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), | 75 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), |
| 76 mitigations_(0), | |
| 77 delayed_mitigations_(0), | |
| 73 policy_maker_(NULL), | 78 policy_maker_(NULL), |
| 74 policy_(NULL) { | 79 policy_(NULL) { |
| 75 ::InitializeCriticalSection(&lock_); | 80 ::InitializeCriticalSection(&lock_); |
| 76 // Initialize the IPC dispatcher array. | 81 // Initialize the IPC dispatcher array. |
| 77 memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); | 82 memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); |
| 78 Dispatcher* dispatcher = NULL; | 83 Dispatcher* dispatcher = NULL; |
| 79 | 84 |
| 80 dispatcher = new FilesystemDispatcher(this); | 85 dispatcher = new FilesystemDispatcher(this); |
| 81 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; | 86 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; |
| 82 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; | 87 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; |
| (...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 269 return rv; | 274 return rv; |
| 270 | 275 |
| 271 return SBOX_ALL_OK; | 276 return SBOX_ALL_OK; |
| 272 } | 277 } |
| 273 | 278 |
| 274 ResultCode PolicyBase::SetCapability(const wchar_t* sid) { | 279 ResultCode PolicyBase::SetCapability(const wchar_t* sid) { |
| 275 capabilities_.push_back(sid); | 280 capabilities_.push_back(sid); |
| 276 return SBOX_ALL_OK; | 281 return SBOX_ALL_OK; |
| 277 } | 282 } |
| 278 | 283 |
| 284 ResultCode PolicyBase::SetProcessMitigations(uint64 flags) { | |
| 285 if (!CanSetProcessMitigationsPreStartup(flags)) | |
| 286 return SBOX_ERROR_BAD_PARAMS; | |
| 287 mitigations_ = flags; | |
| 288 return SBOX_ALL_OK; | |
| 289 } | |
| 290 | |
| 291 uint64 PolicyBase::GetProcessMitigations() { | |
| 292 return mitigations_; | |
| 293 } | |
| 294 | |
| 295 ResultCode PolicyBase::SetDelayedProcessMitigations(uint64 flags) { | |
| 296 if (!CanSetProcessMitigationsPostStartup(flags)) | |
| 297 return SBOX_ERROR_BAD_PARAMS; | |
| 298 delayed_mitigations_ = flags; | |
| 299 return SBOX_ALL_OK; | |
| 300 } | |
| 301 | |
| 302 uint64 PolicyBase::GetDelayedProcessMitigations() { | |
| 303 return delayed_mitigations_; | |
| 304 } | |
| 305 | |
| 279 void PolicyBase::SetStrictInterceptions() { | 306 void PolicyBase::SetStrictInterceptions() { |
| 280 relaxed_interceptions_ = false; | 307 relaxed_interceptions_ = false; |
| 281 } | 308 } |
| 282 | 309 |
| 283 ResultCode PolicyBase::AddRule(SubSystem subsystem, Semantics semantics, | 310 ResultCode PolicyBase::AddRule(SubSystem subsystem, Semantics semantics, |
| 284 const wchar_t* pattern) { | 311 const wchar_t* pattern) { |
| 285 if (NULL == policy_) { | 312 if (NULL == policy_) { |
| 286 policy_ = MakeBrokerPolicyMemory(); | 313 policy_ = MakeBrokerPolicyMemory(); |
| 287 DCHECK(policy_); | 314 DCHECK(policy_); |
| 288 policy_maker_ = new LowLevelPolicy(policy_); | 315 policy_maker_ = new LowLevelPolicy(policy_); |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 443 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) | 470 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) |
| 444 return NULL; | 471 return NULL; |
| 445 | 472 |
| 446 return appcontainer_list_.get(); | 473 return appcontainer_list_.get(); |
| 447 } | 474 } |
| 448 | 475 |
| 449 bool PolicyBase::AddTarget(TargetProcess* target) { | 476 bool PolicyBase::AddTarget(TargetProcess* target) { |
| 450 if (NULL != policy_) | 477 if (NULL != policy_) |
| 451 policy_maker_->Done(); | 478 policy_maker_->Done(); |
| 452 | 479 |
| 480 if (!SetProcessMitigationsForSuspendedProcess(target->Process(), | |
| 481 mitigations_)) { | |
| 482 return false; | |
| 483 } | |
| 484 | |
| 453 if (!SetupAllInterceptions(target)) | 485 if (!SetupAllInterceptions(target)) |
| 454 return false; | 486 return false; |
| 455 | 487 |
| 456 if (!SetupHandleCloser(target)) | 488 if (!SetupHandleCloser(target)) |
| 457 return false; | 489 return false; |
| 458 | 490 |
| 459 // Initialize the sandbox infrastructure for the target. | 491 // Initialize the sandbox infrastructure for the target. |
| 460 if (ERROR_SUCCESS != target->Init(this, policy_, kIPCMemSize, kPolMemSize)) | 492 if (ERROR_SUCCESS != target->Init(this, policy_, kIPCMemSize, kPolMemSize)) |
| 461 return false; | 493 return false; |
| 462 | 494 |
| 463 g_shared_delayed_integrity_level = delayed_integrity_level_; | 495 g_shared_delayed_integrity_level = delayed_integrity_level_; |
| 464 ResultCode ret = target->TransferVariable( | 496 ResultCode ret = target->TransferVariable( |
| 465 "g_shared_delayed_integrity_level", | 497 "g_shared_delayed_integrity_level", |
| 466 &g_shared_delayed_integrity_level, | 498 &g_shared_delayed_integrity_level, |
| 467 sizeof(g_shared_delayed_integrity_level)); | 499 sizeof(g_shared_delayed_integrity_level)); |
| 468 g_shared_delayed_integrity_level = INTEGRITY_LEVEL_LAST; | 500 g_shared_delayed_integrity_level = INTEGRITY_LEVEL_LAST; |
| 469 if (SBOX_ALL_OK != ret) | 501 if (SBOX_ALL_OK != ret) |
| 470 return false; | 502 return false; |
| 471 | 503 |
| 504 // Add in delayed mitigations and pseudo-mitigations enforced at startup. | |
| 505 g_shared_delayed_mitigations = delayed_mitigations_ | | |
| 506 GetPostStartupProcessMitigations(mitigations_); | |
| 507 if (!CanSetProcessMitigationsPostStartup(g_shared_delayed_mitigations)) | |
| 508 return false; | |
| 509 | |
| 510 ret = target->TransferVariable("g_shared_delayed_mitigations", | |
| 511 &g_shared_delayed_mitigations, | |
| 512 sizeof(g_shared_delayed_mitigations)); | |
| 513 g_shared_delayed_mitigations = 0; | |
| 514 if (SBOX_ALL_OK != ret) | |
| 515 return false; | |
| 516 | |
| 472 AutoLock lock(&lock_); | 517 AutoLock lock(&lock_); |
| 473 targets_.push_back(target); | 518 targets_.push_back(target); |
| 474 return true; | 519 return true; |
| 475 } | 520 } |
| 476 | 521 |
| 477 bool PolicyBase::OnJobEmpty(HANDLE job) { | 522 bool PolicyBase::OnJobEmpty(HANDLE job) { |
| 478 AutoLock lock(&lock_); | 523 AutoLock lock(&lock_); |
| 479 TargetSet::iterator it; | 524 TargetSet::iterator it; |
| 480 for (it = targets_.begin(); it != targets_.end(); ++it) { | 525 for (it = targets_.begin(); it != targets_.end(); ++it) { |
| 481 if ((*it)->Job() == job) | 526 if ((*it)->Job() == job) |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 578 | 623 |
| 579 // Finally, setup imports on the target so the interceptions can work. | 624 // Finally, setup imports on the target so the interceptions can work. |
| 580 return SetupNtdllImports(target); | 625 return SetupNtdllImports(target); |
| 581 } | 626 } |
| 582 | 627 |
| 583 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 628 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
| 584 return handle_closer_.InitializeTargetHandles(target); | 629 return handle_closer_.InitializeTargetHandles(target); |
| 585 } | 630 } |
| 586 | 631 |
| 587 } // namespace sandbox | 632 } // namespace sandbox |
| OLD | NEW |
