| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/tests/common/controller.h" | 5 #include "sandbox/tests/common/controller.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/sys_string_conversions.h" | 9 #include "base/sys_string_conversions.h" |
| 10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
| 11 #include "sandbox/src/sandbox_factory.h" | 11 #include "sandbox/src/sandbox_factory.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 if (SBOX_ALL_OK != broker->Init()) | 74 if (SBOX_ALL_OK != broker->Init()) |
| 75 return NULL; | 75 return NULL; |
| 76 | 76 |
| 77 is_initialized = true; | 77 is_initialized = true; |
| 78 } | 78 } |
| 79 | 79 |
| 80 return broker; | 80 return broker; |
| 81 } | 81 } |
| 82 | 82 |
| 83 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, | 83 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, |
| 84 TokenLevel main_token) : is_init_(false) { | 84 TokenLevel main_token) |
| 85 : is_init_(false), is_async_(false), target_process_id_(0) { |
| 85 Init(job_level, startup_token, main_token); | 86 Init(job_level, startup_token, main_token); |
| 86 } | 87 } |
| 87 | 88 |
| 88 TestRunner::TestRunner() : is_init_(false) { | 89 TestRunner::TestRunner() |
| 90 : is_init_(false), is_async_(false), target_process_id_(0) { |
| 89 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); | 91 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
| 90 } | 92 } |
| 91 | 93 |
| 92 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, | 94 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, |
| 93 TokenLevel main_token) { | 95 TokenLevel main_token) { |
| 94 broker_ = NULL; | 96 broker_ = NULL; |
| 95 policy_ = NULL; | 97 policy_ = NULL; |
| 96 timeout_ = kDefaultTimeout; | 98 timeout_ = kDefaultTimeout; |
| 97 state_ = AFTER_REVERT; | 99 state_ = AFTER_REVERT; |
| 100 is_async_= false; |
| 101 target_process_id_ = 0; |
| 98 | 102 |
| 99 broker_ = GetBroker(); | 103 broker_ = GetBroker(); |
| 100 if (!broker_) | 104 if (!broker_) |
| 101 return; | 105 return; |
| 102 | 106 |
| 103 policy_ = broker_->CreatePolicy(); | 107 policy_ = broker_->CreatePolicy(); |
| 104 if (!policy_) | 108 if (!policy_) |
| 105 return; | 109 return; |
| 106 | 110 |
| 107 policy_->SetJobLevel(job_level, 0); | 111 policy_->SetJobLevel(job_level, 0); |
| 108 policy_->SetTokenLevel(startup_token, main_token); | 112 policy_->SetTokenLevel(startup_token, main_token); |
| 109 | 113 |
| 110 is_init_ = true; | 114 is_init_ = true; |
| 111 } | 115 } |
| 112 | 116 |
| 113 TargetPolicy* TestRunner::GetPolicy() { | 117 TargetPolicy* TestRunner::GetPolicy() { |
| 114 return policy_; | 118 return policy_; |
| 115 } | 119 } |
| 116 | 120 |
| 117 TestRunner::~TestRunner() { | 121 TestRunner::~TestRunner() { |
| 122 if (broker_ && broker_->IsActiveTarget(target_process_id_)) |
| 123 ::TerminateProcess(target_process_, 0); |
| 124 |
| 118 if (policy_) | 125 if (policy_) |
| 119 policy_->Release(); | 126 policy_->Release(); |
| 120 } | 127 } |
| 121 | 128 |
| 122 bool TestRunner::AddRule(TargetPolicy::SubSystem subsystem, | 129 bool TestRunner::AddRule(TargetPolicy::SubSystem subsystem, |
| 123 TargetPolicy::Semantics semantics, | 130 TargetPolicy::Semantics semantics, |
| 124 const wchar_t* pattern) { | 131 const wchar_t* pattern) { |
| 125 if (!is_init_) | 132 if (!is_init_) |
| 126 return false; | 133 return false; |
| 127 | 134 |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 170 full_command += L" "; | 177 full_command += L" "; |
| 171 full_command += command; | 178 full_command += command; |
| 172 | 179 |
| 173 return InternalRunTest(full_command.c_str()); | 180 return InternalRunTest(full_command.c_str()); |
| 174 } | 181 } |
| 175 | 182 |
| 176 int TestRunner::InternalRunTest(const wchar_t* command) { | 183 int TestRunner::InternalRunTest(const wchar_t* command) { |
| 177 if (!is_init_) | 184 if (!is_init_) |
| 178 return SBOX_TEST_FAILED_TO_RUN_TEST; | 185 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 179 | 186 |
| 187 // For simplicity TestRunner supports only one process per instance. |
| 188 if (target_process_) { |
| 189 if (broker_ && broker_->IsActiveTarget(target_process_id_)) |
| 190 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 191 target_process_.Close(); |
| 192 target_process_id_ = 0; |
| 193 } |
| 194 |
| 180 // Get the path to the sandboxed process. | 195 // Get the path to the sandboxed process. |
| 181 wchar_t prog_name[MAX_PATH]; | 196 wchar_t prog_name[MAX_PATH]; |
| 182 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 197 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 183 | 198 |
| 184 // Launch the sandboxed process. | 199 // Launch the sandboxed process. |
| 185 ResultCode result = SBOX_ALL_OK; | 200 ResultCode result = SBOX_ALL_OK; |
| 186 PROCESS_INFORMATION target = {0}; | 201 PROCESS_INFORMATION target = {0}; |
| 187 | 202 |
| 188 std::wstring arguments(L"\""); | 203 std::wstring arguments(L"\""); |
| 189 arguments += prog_name; | 204 arguments += prog_name; |
| 190 arguments += L"\" -child "; | 205 arguments += L"\" -child "; |
| 191 arguments += command; | 206 arguments += command; |
| 192 | 207 |
| 193 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, | 208 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, |
| 194 &target); | 209 &target); |
| 195 | 210 |
| 196 if (SBOX_ALL_OK != result) | 211 if (SBOX_ALL_OK != result) |
| 197 return SBOX_TEST_FAILED_TO_RUN_TEST; | 212 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 198 | 213 |
| 199 ::ResumeThread(target.hThread); | 214 ::ResumeThread(target.hThread); |
| 200 | 215 |
| 216 // For an asynchronous run we don't bother waiting. |
| 217 if (is_async_) { |
| 218 target_process_.Set(target.hProcess); |
| 219 target_process_id_ = target.dwProcessId; |
| 220 ::CloseHandle(target.hThread); |
| 221 return SBOX_TEST_SUCCEEDED; |
| 222 } |
| 223 |
| 201 if (::IsDebuggerPresent()) { | 224 if (::IsDebuggerPresent()) { |
| 202 // Don't kill the target process on a time-out while we are debugging. | 225 // Don't kill the target process on a time-out while we are debugging. |
| 203 timeout_ = INFINITE; | 226 timeout_ = INFINITE; |
| 204 } | 227 } |
| 205 | 228 |
| 206 if (WAIT_TIMEOUT == ::WaitForSingleObject(target.hProcess, timeout_)) { | 229 if (WAIT_TIMEOUT == ::WaitForSingleObject(target.hProcess, timeout_)) { |
| 207 ::TerminateProcess(target.hProcess, SBOX_TEST_TIMED_OUT); | 230 ::TerminateProcess(target.hProcess, SBOX_TEST_TIMED_OUT); |
| 208 ::CloseHandle(target.hProcess); | 231 ::CloseHandle(target.hProcess); |
| 209 ::CloseHandle(target.hThread); | 232 ::CloseHandle(target.hThread); |
| 210 return SBOX_TEST_TIMED_OUT; | 233 return SBOX_TEST_TIMED_OUT; |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 283 if (BEFORE_REVERT == state) | 306 if (BEFORE_REVERT == state) |
| 284 return command(argc - 4, argv + 4); | 307 return command(argc - 4, argv + 4); |
| 285 else if (EVERY_STATE == state) | 308 else if (EVERY_STATE == state) |
| 286 command(argc - 4, argv + 4); | 309 command(argc - 4, argv + 4); |
| 287 | 310 |
| 288 target->LowerToken(); | 311 target->LowerToken(); |
| 289 return command(argc - 4, argv + 4); | 312 return command(argc - 4, argv + 4); |
| 290 } | 313 } |
| 291 | 314 |
| 292 } // namespace sandbox | 315 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9838083:
Add a sandbox API for broker handle duplication (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/