| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_SRC_SANDBOX_POLICY_BASE_H_ | 5 #ifndef SANDBOX_SRC_SANDBOX_POLICY_BASE_H_ |
| 6 #define SANDBOX_SRC_SANDBOX_POLICY_BASE_H_ | 6 #define SANDBOX_SRC_SANDBOX_POLICY_BASE_H_ |
| 7 | 7 |
| 8 #include <Windows.h> | 8 #include <windows.h> |
| 9 #include <list> | 9 #include <list> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "sandbox/src/ipc_tags.h" | 12 #include "sandbox/src/ipc_tags.h" |
| 13 #include "sandbox/src/sandbox_policy.h" | 13 #include "sandbox/src/sandbox_policy.h" |
| 14 #include "sandbox/src/win_utils.h" | 14 #include "sandbox/src/win_utils.h" |
| 15 #include "sandbox/src/crosscall_server.h" | 15 #include "sandbox/src/crosscall_server.h" |
| 16 | 16 |
| 17 #include "sandbox/src/policy_engine_params.h" | 17 #include "sandbox/src/policy_engine_params.h" |
| 18 #include "sandbox/src/policy_engine_opcodes.h" | 18 #include "sandbox/src/policy_engine_opcodes.h" |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 50 lockdown_level_ = lockdown; | 50 lockdown_level_ = lockdown; |
| 51 return SBOX_ALL_OK; | 51 return SBOX_ALL_OK; |
| 52 } | 52 } |
| 53 | 53 |
| 54 virtual ResultCode SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { | 54 virtual ResultCode SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { |
| 55 job_level_ = job_level; | 55 job_level_ = job_level; |
| 56 ui_exceptions_ = ui_exceptions; | 56 ui_exceptions_ = ui_exceptions; |
| 57 return SBOX_ALL_OK; | 57 return SBOX_ALL_OK; |
| 58 } | 58 } |
| 59 | 59 |
| 60 virtual ResultCode SetDesktop(const wchar_t* desktop) { | 60 virtual ResultCode SetAlternateDesktop(bool alternate_winstation) { |
| 61 desktop_ = desktop; | 61 use_alternate_desktop_ = true; |
| 62 return SBOX_ALL_OK; | 62 use_alternate_winstation_ = alternate_winstation; |
| 63 return CreateAlternateDesktop(alternate_winstation); |
| 64 } |
| 65 |
| 66 virtual std::wstring GetAlternateDesktop() const; |
| 67 |
| 68 virtual ResultCode CreateAlternateDesktop(bool alternate_winstation); |
| 69 |
| 70 virtual void DestroyAlternateDesktop() { |
| 71 if (alternate_desktop_handle_) { |
| 72 ::CloseDesktop(alternate_desktop_handle_); |
| 73 alternate_desktop_handle_ = NULL; |
| 74 } |
| 75 |
| 76 if (alternate_winstation_handle_) { |
| 77 ::CloseWindowStation(alternate_winstation_handle_); |
| 78 alternate_winstation_handle_ = NULL; |
| 79 } |
| 63 } | 80 } |
| 64 | 81 |
| 65 virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) { | 82 virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) { |
| 66 integrity_level_ = integrity_level; | 83 integrity_level_ = integrity_level; |
| 67 return SBOX_ALL_OK; | 84 return SBOX_ALL_OK; |
| 68 } | 85 } |
| 69 | 86 |
| 70 virtual ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) { | 87 virtual ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) { |
| 71 delayed_integrity_level_ = integrity_level; | 88 delayed_integrity_level_ = integrity_level; |
| 72 return SBOX_ALL_OK; | 89 return SBOX_ALL_OK; |
| 73 } | 90 } |
| 74 | 91 |
| 75 virtual void SetStrictInterceptions() { | 92 virtual void SetStrictInterceptions() { |
| 76 relaxed_interceptions_ = false; | 93 relaxed_interceptions_ = false; |
| 77 } | 94 } |
| 78 | 95 |
| 79 virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, | 96 virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, |
| 80 const wchar_t* pattern); | 97 const wchar_t* pattern); |
| 81 | 98 |
| 82 virtual ResultCode AddDllToUnload(const wchar_t* dll_name) { | 99 virtual ResultCode AddDllToUnload(const wchar_t* dll_name) { |
| 83 blacklisted_dlls_.push_back(std::wstring(dll_name)); | 100 blacklisted_dlls_.push_back(std::wstring(dll_name)); |
| 84 return SBOX_ALL_OK; | 101 return SBOX_ALL_OK; |
| 85 } | 102 } |
| 86 | 103 |
| 87 std::wstring GetDesktop() const { | |
| 88 return desktop_; | |
| 89 } | |
| 90 | |
| 91 // Creates a Job object with the level specified in a previous call to | 104 // Creates a Job object with the level specified in a previous call to |
| 92 // SetJobLevel(). Returns the standard windows of ::GetLastError(). | 105 // SetJobLevel(). Returns the standard windows of ::GetLastError(). |
| 93 DWORD MakeJobObject(HANDLE* job); | 106 DWORD MakeJobObject(HANDLE* job); |
| 94 // Creates the two tokens with the levels specified in a previous call to | 107 // Creates the two tokens with the levels specified in a previous call to |
| 95 // SetTokenLevel(). Returns the standard windows of ::GetLastError(). | 108 // SetTokenLevel(). Returns the standard windows of ::GetLastError(). |
| 96 DWORD MakeTokens(HANDLE* initial, HANDLE* lockdown); | 109 DWORD MakeTokens(HANDLE* initial, HANDLE* lockdown); |
| 97 // Adds a target process to the internal list of targets. Internally a | 110 // Adds a target process to the internal list of targets. Internally a |
| 98 // call to TargetProcess::Init() is issued. | 111 // call to TargetProcess::Init() is issued. |
| 99 bool AddTarget(TargetProcess* target); | 112 bool AddTarget(TargetProcess* target); |
| 100 // Called when there are no more active processes in a Job. | 113 // Called when there are no more active processes in a Job. |
| (...skipping 25 matching lines...) Expand all Loading... |
| 126 // The policy takes ownership of them. | 139 // The policy takes ownership of them. |
| 127 typedef std::list<TargetProcess*> TargetSet; | 140 typedef std::list<TargetProcess*> TargetSet; |
| 128 TargetSet targets_; | 141 TargetSet targets_; |
| 129 // Standard object-lifetime reference counter. | 142 // Standard object-lifetime reference counter. |
| 130 volatile LONG ref_count; | 143 volatile LONG ref_count; |
| 131 // The user-defined global policy settings. | 144 // The user-defined global policy settings. |
| 132 TokenLevel lockdown_level_; | 145 TokenLevel lockdown_level_; |
| 133 TokenLevel initial_level_; | 146 TokenLevel initial_level_; |
| 134 JobLevel job_level_; | 147 JobLevel job_level_; |
| 135 uint32 ui_exceptions_; | 148 uint32 ui_exceptions_; |
| 136 std::wstring desktop_; | 149 bool use_alternate_desktop_; |
| 150 bool use_alternate_winstation_; |
| 137 IntegrityLevel integrity_level_; | 151 IntegrityLevel integrity_level_; |
| 138 IntegrityLevel delayed_integrity_level_; | 152 IntegrityLevel delayed_integrity_level_; |
| 139 // The array of objects that will answer IPC calls. | 153 // The array of objects that will answer IPC calls. |
| 140 Dispatcher* ipc_targets_[IPC_LAST_TAG]; | 154 Dispatcher* ipc_targets_[IPC_LAST_TAG]; |
| 141 // Object in charge of generating the low level policy. | 155 // Object in charge of generating the low level policy. |
| 142 LowLevelPolicy* policy_maker_; | 156 LowLevelPolicy* policy_maker_; |
| 143 // Memory structure that stores the low level policy. | 157 // Memory structure that stores the low level policy. |
| 144 PolicyGlobal* policy_; | 158 PolicyGlobal* policy_; |
| 145 // Helps the file system policy initialization. | 159 // Helps the file system policy initialization. |
| 146 bool file_system_init_; | 160 bool file_system_init_; |
| 147 // Operation mode for the interceptions. | 161 // Operation mode for the interceptions. |
| 148 bool relaxed_interceptions_; | 162 bool relaxed_interceptions_; |
| 149 // The list of dlls to unload in the target process. | 163 // The list of dlls to unload in the target process. |
| 150 std::vector<std::wstring> blacklisted_dlls_; | 164 std::vector<std::wstring> blacklisted_dlls_; |
| 151 | 165 |
| 166 static HDESK alternate_desktop_handle_; |
| 167 static HWINSTA alternate_winstation_handle_; |
| 168 |
| 152 DISALLOW_COPY_AND_ASSIGN(PolicyBase); | 169 DISALLOW_COPY_AND_ASSIGN(PolicyBase); |
| 153 }; | 170 }; |
| 154 | 171 |
| 155 } // namespace sandbox | 172 } // namespace sandbox |
| 156 | 173 |
| 157 #endif // SANDBOX_SRC_SANDBOX_POLICY_BASE_H_ | 174 #endif // SANDBOX_SRC_SANDBOX_POLICY_BASE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 113190:
Add support for alternate window station. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/