OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/common/sandbox_policy.h" | 5 #include "chrome/common/sandbox_policy.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "app/win_util.h" | 9 #include "app/win_util.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
293 // AppData itself. | 293 // AppData itself. |
294 if (!AddDirectory(base::DIR_APP_DATA, L"..", false, | 294 if (!AddDirectory(base::DIR_APP_DATA, L"..", false, |
295 sandbox::TargetPolicy::FILES_ALLOW_READONLY, | 295 sandbox::TargetPolicy::FILES_ALLOW_READONLY, |
296 policy)) | 296 policy)) |
297 return false; | 297 return false; |
298 } | 298 } |
299 | 299 |
300 return true; | 300 return true; |
301 } | 301 } |
302 | 302 |
| 303 // Creates a sandbox for the built-in flash plugin running in a restricted |
| 304 // environment. This is a work in progress and for the time being do not |
| 305 // pay attention to the duplication between this function and the above |
| 306 // function. For more information see bug 50796. |
| 307 bool ApplyPolicyForBuiltInFlashPlugin(sandbox::TargetPolicy* policy) { |
| 308 // TODO(cpu): Lock down the job level more. |
| 309 policy->SetJobLevel(sandbox::JOB_INTERACTIVE, 0); |
| 310 |
| 311 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; |
| 312 if (win_util::GetWinVersion() > win_util::WINVERSION_XP) |
| 313 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; |
| 314 policy->SetTokenLevel(initial_token, sandbox::USER_LIMITED); |
| 315 |
| 316 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
| 317 |
| 318 // TODO(cpu): Proxy registry access and remove this policies. |
| 319 if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\ADOBE", |
| 320 sandbox::TargetPolicy::REG_ALLOW_ANY, |
| 321 policy)) |
| 322 return false; |
| 323 |
| 324 if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\MACROMEDIA", |
| 325 sandbox::TargetPolicy::REG_ALLOW_ANY, |
| 326 policy)) |
| 327 return false; |
| 328 |
| 329 if (win_util::GetWinVersion() >= win_util::WINVERSION_VISTA) { |
| 330 if (!AddKeyAndSubkeys(L"HKEY_CURRENT_USER\\SOFTWARE\\AppDataLow", |
| 331 sandbox::TargetPolicy::REG_ALLOW_ANY, |
| 332 policy)) |
| 333 return false; |
| 334 } |
| 335 |
| 336 return true; |
| 337 } |
| 338 |
303 // Adds the custom policy rules for a given plugin. |trusted_plugins| contains | 339 // Adds the custom policy rules for a given plugin. |trusted_plugins| contains |
304 // the comma separate list of plugin dll names that should not be sandboxed. | 340 // the comma separate list of plugin dll names that should not be sandboxed. |
305 bool AddPolicyForPlugin(const CommandLine* cmd_line, | 341 bool AddPolicyForPlugin(const CommandLine* cmd_line, |
306 sandbox::TargetPolicy* policy) { | 342 sandbox::TargetPolicy* policy) { |
307 std::wstring plugin_dll = cmd_line-> | 343 std::wstring plugin_dll = cmd_line-> |
308 GetSwitchValue(switches::kPluginPath); | 344 GetSwitchValue(switches::kPluginPath); |
309 std::wstring trusted_plugins = CommandLine::ForCurrentProcess()-> | 345 std::wstring trusted_plugins = CommandLine::ForCurrentProcess()-> |
310 GetSwitchValue(switches::kTrustedPlugins); | 346 GetSwitchValue(switches::kTrustedPlugins); |
311 // Add the policy for the pipes. | 347 // Add the policy for the pipes. |
312 sandbox::ResultCode result = sandbox::SBOX_ALL_OK; | 348 sandbox::ResultCode result = sandbox::SBOX_ALL_OK; |
313 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | 349 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, |
314 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 350 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
315 L"\\\\.\\pipe\\chrome.*"); | 351 L"\\\\.\\pipe\\chrome.*"); |
316 if (result != sandbox::SBOX_ALL_OK) { | 352 if (result != sandbox::SBOX_ALL_OK) { |
317 NOTREACHED(); | 353 NOTREACHED(); |
318 return false; | 354 return false; |
319 } | 355 } |
320 | 356 |
| 357 // The built-in flash gets a custom, more restricted sandbox. |
| 358 FilePath builtin_flash; |
| 359 if (PathService::Get(chrome::FILE_FLASH_PLUGIN, &builtin_flash)) { |
| 360 FilePath plugin_path(plugin_dll); |
| 361 if (plugin_path == builtin_flash) |
| 362 return ApplyPolicyForBuiltInFlashPlugin(policy); |
| 363 } |
| 364 |
321 PluginPolicyCategory policy_category = | 365 PluginPolicyCategory policy_category = |
322 GetPolicyCategoryForPlugin(plugin_dll, trusted_plugins); | 366 GetPolicyCategoryForPlugin(plugin_dll, trusted_plugins); |
323 | 367 |
324 switch (policy_category) { | 368 switch (policy_category) { |
325 case PLUGIN_GROUP_TRUSTED: | 369 case PLUGIN_GROUP_TRUSTED: |
326 return ApplyPolicyForTrustedPlugin(policy); | 370 return ApplyPolicyForTrustedPlugin(policy); |
327 case PLUGIN_GROUP_UNTRUSTED: | 371 case PLUGIN_GROUP_UNTRUSTED: |
328 return ApplyPolicyForUntrustedPlugin(policy); | 372 return ApplyPolicyForUntrustedPlugin(policy); |
329 default: | 373 default: |
330 NOTREACHED(); | 374 NOTREACHED(); |
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
494 | 538 |
495 // Help the process a little. It can't start the debugger by itself if | 539 // Help the process a little. It can't start the debugger by itself if |
496 // the process is in a sandbox. | 540 // the process is in a sandbox. |
497 if (child_needs_help) | 541 if (child_needs_help) |
498 DebugUtil::SpawnDebuggerOnProcess(target.dwProcessId); | 542 DebugUtil::SpawnDebuggerOnProcess(target.dwProcessId); |
499 | 543 |
500 return process; | 544 return process; |
501 } | 545 } |
502 | 546 |
503 } // namespace sandbox | 547 } // namespace sandbox |
OLD | NEW |