| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/src/sandbox_policy_base.h" | 5 #include "sandbox/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "sandbox/src/filesystem_dispatcher.h" | 9 #include "sandbox/src/filesystem_dispatcher.h" |
| 10 #include "sandbox/src/filesystem_policy.h" | 10 #include "sandbox/src/filesystem_policy.h" |
| 11 #include "sandbox/src/job.h" | 11 #include "sandbox/src/job.h" |
| 12 #include "sandbox/src/interception.h" | 12 #include "sandbox/src/interception.h" |
| 13 #include "sandbox/src/named_pipe_dispatcher.h" | 13 #include "sandbox/src/named_pipe_dispatcher.h" |
| 14 #include "sandbox/src/named_pipe_policy.h" | 14 #include "sandbox/src/named_pipe_policy.h" |
| 15 #include "sandbox/src/policy_broker.h" | 15 #include "sandbox/src/policy_broker.h" |
| 16 #include "sandbox/src/policy_engine_processor.h" | 16 #include "sandbox/src/policy_engine_processor.h" |
| 17 #include "sandbox/src/policy_low_level.h" | 17 #include "sandbox/src/policy_low_level.h" |
| 18 #include "sandbox/src/process_thread_dispatcher.h" | 18 #include "sandbox/src/process_thread_dispatcher.h" |
| 19 #include "sandbox/src/process_thread_policy.h" | 19 #include "sandbox/src/process_thread_policy.h" |
| 20 #include "sandbox/src/registry_dispatcher.h" | 20 #include "sandbox/src/registry_dispatcher.h" |
| 21 #include "sandbox/src/registry_policy.h" | 21 #include "sandbox/src/registry_policy.h" |
| 22 #include "sandbox/src/restricted_token_utils.h" | 22 #include "sandbox/src/restricted_token_utils.h" |
| 23 #include "sandbox/src/sandbox_policy.h" | 23 #include "sandbox/src/sandbox_policy.h" |
| 24 #include "sandbox/src/sync_dispatcher.h" | 24 #include "sandbox/src/sync_dispatcher.h" |
| 25 #include "sandbox/src/sync_policy.h" | 25 #include "sandbox/src/sync_policy.h" |
| 26 #include "sandbox/src/target_process.h" | 26 #include "sandbox/src/target_process.h" |
| 27 #include "sandbox/src/window.h" |
| 27 | 28 |
| 28 namespace { | 29 namespace { |
| 29 // The standard windows size for one memory page. | 30 // The standard windows size for one memory page. |
| 30 const size_t kOneMemPage = 4096; | 31 const size_t kOneMemPage = 4096; |
| 31 // The IPC and Policy shared memory sizes. | 32 // The IPC and Policy shared memory sizes. |
| 32 const size_t kIPCMemSize = kOneMemPage * 2; | 33 const size_t kIPCMemSize = kOneMemPage * 2; |
| 33 const size_t kPolMemSize = kOneMemPage * 14; | 34 const size_t kPolMemSize = kOneMemPage * 14; |
| 34 | 35 |
| 35 // Helper function to allocate space (on the heap) for policy. | 36 // Helper function to allocate space (on the heap) for policy. |
| 36 sandbox::PolicyGlobal* MakeBrokerPolicyMemory() { | 37 sandbox::PolicyGlobal* MakeBrokerPolicyMemory() { |
| 37 const size_t kTotalPolicySz = kPolMemSize; | 38 const size_t kTotalPolicySz = kPolMemSize; |
| 38 char* mem = new char[kTotalPolicySz]; | 39 char* mem = new char[kTotalPolicySz]; |
| 39 DCHECK(mem); | 40 DCHECK(mem); |
| 40 memset(mem, 0, kTotalPolicySz); | 41 memset(mem, 0, kTotalPolicySz); |
| 41 sandbox::PolicyGlobal* policy = reinterpret_cast<sandbox::PolicyGlobal*>(mem); | 42 sandbox::PolicyGlobal* policy = reinterpret_cast<sandbox::PolicyGlobal*>(mem); |
| 42 policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal); | 43 policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal); |
| 43 return policy; | 44 return policy; |
| 44 } | 45 } |
| 45 } | 46 } |
| 46 | 47 |
| 47 namespace sandbox { | 48 namespace sandbox { |
| 48 | 49 |
| 49 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; | 50 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; |
| 50 | 51 |
| 52 // Initializes static members. |
| 53 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; |
| 54 HDESK PolicyBase::alternate_desktop_handle_ = NULL; |
| 55 |
| 51 PolicyBase::PolicyBase() | 56 PolicyBase::PolicyBase() |
| 52 : ref_count(1), | 57 : ref_count(1), |
| 53 lockdown_level_(USER_LOCKDOWN), | 58 lockdown_level_(USER_LOCKDOWN), |
| 54 initial_level_(USER_LOCKDOWN), | 59 initial_level_(USER_LOCKDOWN), |
| 55 job_level_(JOB_LOCKDOWN), | 60 job_level_(JOB_LOCKDOWN), |
| 56 integrity_level_(INTEGRITY_LEVEL_LAST), | 61 integrity_level_(INTEGRITY_LEVEL_LAST), |
| 57 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), | 62 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), |
| 58 policy_(NULL), | 63 policy_(NULL), |
| 59 policy_maker_(NULL), | 64 policy_maker_(NULL), |
| 60 file_system_init_(false), | 65 file_system_init_(false), |
| 61 relaxed_interceptions_(true) { | 66 relaxed_interceptions_(true), |
| 67 use_alternate_desktop_(false), |
| 68 use_alternate_winstation_(false) { |
| 62 ::InitializeCriticalSection(&lock_); | 69 ::InitializeCriticalSection(&lock_); |
| 63 // Initialize the IPC dispatcher array. | 70 // Initialize the IPC dispatcher array. |
| 64 memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); | 71 memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); |
| 65 Dispatcher* dispatcher = NULL; | 72 Dispatcher* dispatcher = NULL; |
| 66 dispatcher = new FilesystemDispatcher(this); | 73 dispatcher = new FilesystemDispatcher(this); |
| 67 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; | 74 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; |
| 68 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; | 75 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; |
| 69 ipc_targets_[IPC_NTSETINFO_RENAME_TAG] = dispatcher; | 76 ipc_targets_[IPC_NTSETINFO_RENAME_TAG] = dispatcher; |
| 70 ipc_targets_[IPC_NTQUERYATTRIBUTESFILE_TAG] = dispatcher; | 77 ipc_targets_[IPC_NTQUERYATTRIBUTESFILE_TAG] = dispatcher; |
| 71 ipc_targets_[IPC_NTQUERYFULLATTRIBUTESFILE_TAG] = dispatcher; | 78 ipc_targets_[IPC_NTQUERYFULLATTRIBUTESFILE_TAG] = dispatcher; |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 // what we need (before reaching main( )) | 132 // what we need (before reaching main( )) |
| 126 result = CreateRestrictedToken(initial, initial_level_, | 133 result = CreateRestrictedToken(initial, initial_level_, |
| 127 integrity_level_, IMPERSONATION); | 134 integrity_level_, IMPERSONATION); |
| 128 if (ERROR_SUCCESS != result) { | 135 if (ERROR_SUCCESS != result) { |
| 129 ::CloseHandle(*lockdown); | 136 ::CloseHandle(*lockdown); |
| 130 return result; | 137 return result; |
| 131 } | 138 } |
| 132 return SBOX_ALL_OK; | 139 return SBOX_ALL_OK; |
| 133 } | 140 } |
| 134 | 141 |
| 142 std::wstring PolicyBase::GetAlternateDesktop() const { |
| 143 // No alternate desktop or winstation. Return an empty string. |
| 144 if (!use_alternate_desktop_ && !use_alternate_winstation_) { |
| 145 return std::wstring(); |
| 146 } |
| 147 |
| 148 // The desktop and winstation should have been created by now. |
| 149 // If we hit this scenario, it means that the user ignored the failure |
| 150 // during SetAlternateDesktop, so we ignore it here too. |
| 151 if (use_alternate_desktop_ && !alternate_desktop_handle_) { |
| 152 return std::wstring(); |
| 153 } |
| 154 if (use_alternate_winstation_ && (!alternate_desktop_handle_ || |
| 155 !alternate_winstation_handle_)) { |
| 156 return std::wstring(); |
| 157 } |
| 158 |
| 159 return GetFullDesktopName(alternate_winstation_handle_, |
| 160 alternate_desktop_handle_); |
| 161 } |
| 162 |
| 163 ResultCode PolicyBase::CreateAlternateDesktop(bool alternate_winstation) { |
| 164 if (alternate_winstation) { |
| 165 // Previously called with alternate_winstation = false? |
| 166 if (!alternate_winstation_handle_ && alternate_desktop_handle_) |
| 167 return SBOX_ERROR_UNSUPPORTED; |
| 168 |
| 169 // Check if it's already created. |
| 170 if (alternate_winstation_handle_ && alternate_desktop_handle_) |
| 171 return SBOX_ALL_OK; |
| 172 |
| 173 DCHECK(!alternate_winstation_handle_); |
| 174 // Create the window station. |
| 175 ResultCode result = CreateAltWindowStation(&alternate_winstation_handle_); |
| 176 if (SBOX_ALL_OK != result) |
| 177 return result; |
| 178 |
| 179 // Verify that everything is fine. |
| 180 if (!alternate_winstation_handle_ || |
| 181 GetWindowObjectName(alternate_winstation_handle_).empty()) |
| 182 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; |
| 183 |
| 184 // Create the destkop. |
| 185 result = CreateAltDesktop(alternate_winstation_handle_, |
| 186 &alternate_desktop_handle_); |
| 187 if (SBOX_ALL_OK != result) |
| 188 return result; |
| 189 |
| 190 // Verify that everything is fine. |
| 191 if (!alternate_desktop_handle_ || |
| 192 GetWindowObjectName(alternate_desktop_handle_).empty()) |
| 193 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; |
| 194 } else { |
| 195 // Previously called with alternate_winstation = true? |
| 196 if (alternate_winstation_handle_) |
| 197 return SBOX_ERROR_UNSUPPORTED; |
| 198 |
| 199 // Check if it already exists. |
| 200 if (alternate_desktop_handle_) |
| 201 return SBOX_ALL_OK; |
| 202 |
| 203 // Create the destkop. |
| 204 ResultCode result = CreateAltDesktop(NULL, &alternate_desktop_handle_); |
| 205 if (SBOX_ALL_OK != result) |
| 206 return result; |
| 207 |
| 208 // Verify that everything is fine. |
| 209 if (!alternate_desktop_handle_ || |
| 210 GetWindowObjectName(alternate_desktop_handle_).empty()) |
| 211 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; |
| 212 } |
| 213 |
| 214 return SBOX_ALL_OK; |
| 215 } |
| 216 |
| 135 bool PolicyBase::AddTarget(TargetProcess* target) { | 217 bool PolicyBase::AddTarget(TargetProcess* target) { |
| 136 if (NULL != policy_) | 218 if (NULL != policy_) |
| 137 policy_maker_->Done(); | 219 policy_maker_->Done(); |
| 138 | 220 |
| 139 if (!SetupAllInterceptions(target)) | 221 if (!SetupAllInterceptions(target)) |
| 140 return false; | 222 return false; |
| 141 | 223 |
| 142 // Initialize the sandbox infrastructure for the target. | 224 // Initialize the sandbox infrastructure for the target. |
| 143 if (ERROR_SUCCESS != target->Init(this, policy_, kIPCMemSize, kPolMemSize)) | 225 if (ERROR_SUCCESS != target->Init(this, policy_, kIPCMemSize, kPolMemSize)) |
| 144 return false; | 226 return false; |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 357 return false; | 439 return false; |
| 358 | 440 |
| 359 if (!manager.InitializeInterceptions()) | 441 if (!manager.InitializeInterceptions()) |
| 360 return false; | 442 return false; |
| 361 | 443 |
| 362 // Finally, setup imports on the target so the interceptions can work. | 444 // Finally, setup imports on the target so the interceptions can work. |
| 363 return SetupNtdllImports(target); | 445 return SetupNtdllImports(target); |
| 364 } | 446 } |
| 365 | 447 |
| 366 } // namespace sandbox | 448 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 113190:
Add support for alternate window station. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/