| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/tests/common/controller.h" | 5 #include "sandbox/tests/common/controller.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/process.h" |
| 10 #include "base/process_util.h" |
| 9 #include "base/sys_string_conversions.h" | 11 #include "base/sys_string_conversions.h" |
| 10 #include "base/win/windows_version.h" | 12 #include "base/win/windows_version.h" |
| 11 #include "sandbox/src/sandbox_factory.h" | 13 #include "sandbox/src/sandbox_factory.h" |
| 12 #include "sandbox/src/sandbox_utils.h" | 14 #include "sandbox/src/sandbox_utils.h" |
| 13 | 15 |
| 14 namespace { | 16 namespace { |
| 15 | 17 |
| 16 static const int kDefaultTimeout = 3000; | 18 static const int kDefaultTimeout = 3000; |
| 17 | 19 |
| 18 // Constructs a full path to a file inside the system32 folder. | 20 // Constructs a full path to a file inside the system32 folder. |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 return NULL; | 84 return NULL; |
| 83 | 85 |
| 84 is_initialized = true; | 86 is_initialized = true; |
| 85 } | 87 } |
| 86 | 88 |
| 87 return broker; | 89 return broker; |
| 88 } | 90 } |
| 89 | 91 |
| 90 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, | 92 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, |
| 91 TokenLevel main_token) | 93 TokenLevel main_token) |
| 92 : is_init_(false), is_async_(false), target_process_id_(0) { | 94 : is_init_(false), is_async_(false), no_sandbox_(false), |
| 95 target_process_id_(0) { |
| 93 Init(job_level, startup_token, main_token); | 96 Init(job_level, startup_token, main_token); |
| 94 } | 97 } |
| 95 | 98 |
| 96 TestRunner::TestRunner() | 99 TestRunner::TestRunner() |
| 97 : is_init_(false), is_async_(false), target_process_id_(0) { | 100 : is_init_(false), is_async_(false), no_sandbox_(false), |
| 101 target_process_id_(0) { |
| 98 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); | 102 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
| 99 } | 103 } |
| 100 | 104 |
| 101 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, | 105 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, |
| 102 TokenLevel main_token) { | 106 TokenLevel main_token) { |
| 103 broker_ = NULL; | 107 broker_ = NULL; |
| 104 policy_ = NULL; | 108 policy_ = NULL; |
| 105 timeout_ = kDefaultTimeout; | 109 timeout_ = kDefaultTimeout; |
| 106 state_ = AFTER_REVERT; | 110 state_ = AFTER_REVERT; |
| 107 is_async_= false; | 111 is_async_= false; |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 202 // Get the path to the sandboxed process. | 206 // Get the path to the sandboxed process. |
| 203 wchar_t prog_name[MAX_PATH]; | 207 wchar_t prog_name[MAX_PATH]; |
| 204 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 208 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 205 | 209 |
| 206 // Launch the sandboxed process. | 210 // Launch the sandboxed process. |
| 207 ResultCode result = SBOX_ALL_OK; | 211 ResultCode result = SBOX_ALL_OK; |
| 208 PROCESS_INFORMATION target = {0}; | 212 PROCESS_INFORMATION target = {0}; |
| 209 | 213 |
| 210 std::wstring arguments(L"\""); | 214 std::wstring arguments(L"\""); |
| 211 arguments += prog_name; | 215 arguments += prog_name; |
| 212 arguments += L"\" -child "; | 216 arguments += L"\" -child"; |
| 217 arguments += no_sandbox_ ? L"-no-sandbox " : L" "; |
| 213 arguments += command; | 218 arguments += command; |
| 214 | 219 |
| 215 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, | 220 if (no_sandbox_) { |
| 216 &target); | 221 STARTUPINFO startup_info = {sizeof(STARTUPINFO)}; |
| 222 if (::CreateProcessW(prog_name, &arguments[0], NULL, NULL, FALSE, 0, |
| 223 NULL, NULL, &startup_info, &target)) { |
| 224 result = SBOX_ALL_OK; |
| 225 SandboxFactory::GetBrokerServices()->AddTargetPeer(target.hProcess); |
| 226 } else { |
| 227 result = SBOX_ERROR_GENERIC; |
| 228 } |
| 229 } else { |
| 230 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, |
| 231 &target); |
| 232 } |
| 217 | 233 |
| 218 if (SBOX_ALL_OK != result) | 234 if (SBOX_ALL_OK != result) |
| 219 return SBOX_TEST_FAILED_TO_RUN_TEST; | 235 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 220 | 236 |
| 221 ::ResumeThread(target.hThread); | 237 ::ResumeThread(target.hThread); |
| 222 | 238 |
| 223 // For an asynchronous run we don't bother waiting. | 239 // For an asynchronous run we don't bother waiting. |
| 224 if (is_async_) { | 240 if (is_async_) { |
| 225 target_process_.Set(target.hProcess); | 241 target_process_.Set(target.hProcess); |
| 226 target_process_id_ = target.dwProcessId; | 242 target_process_id_ = target.dwProcessId; |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 297 ::GetProcAddress(module, command_name.c_str())); | 313 ::GetProcAddress(module, command_name.c_str())); |
| 298 if (!command) | 314 if (!command) |
| 299 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | 315 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 300 | 316 |
| 301 if (BEFORE_INIT == state) | 317 if (BEFORE_INIT == state) |
| 302 return command(argc - 4, argv + 4); | 318 return command(argc - 4, argv + 4); |
| 303 else if (EVERY_STATE == state) | 319 else if (EVERY_STATE == state) |
| 304 command(argc - 4, argv + 4); | 320 command(argc - 4, argv + 4); |
| 305 | 321 |
| 306 TargetServices* target = SandboxFactory::GetTargetServices(); | 322 TargetServices* target = SandboxFactory::GetTargetServices(); |
| 307 if (!target) | 323 if (target) { |
| 324 if (SBOX_ALL_OK != target->Init()) |
| 325 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 326 |
| 327 if (BEFORE_REVERT == state) |
| 328 return command(argc - 4, argv + 4); |
| 329 else if (EVERY_STATE == state) |
| 330 command(argc - 4, argv + 4); |
| 331 |
| 332 target->LowerToken(); |
| 333 } else if (0 != _wcsicmp(argv[1], L"-child-no-sandbox")) { |
| 308 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | 334 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; |
| 335 } |
| 309 | 336 |
| 310 if (SBOX_ALL_OK != target->Init()) | |
| 311 return SBOX_TEST_FAILED_TO_EXECUTE_COMMAND; | |
| 312 | |
| 313 if (BEFORE_REVERT == state) | |
| 314 return command(argc - 4, argv + 4); | |
| 315 else if (EVERY_STATE == state) | |
| 316 command(argc - 4, argv + 4); | |
| 317 | |
| 318 target->LowerToken(); | |
| 319 return command(argc - 4, argv + 4); | 337 return command(argc - 4, argv + 4); |
| 320 } | 338 } |
| 321 | 339 |
| 322 } // namespace sandbox | 340 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9960045:
Add sandbox support for associating peer processes (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/