Add sandbox support for associating peer processes

sandbox/src/broker_services.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/src/broker_services.h"
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/threading/platform_thread.h"
 #include "base/win/scoped_handle.h"
@@ skipping 27 matching lines @@
 }
 
 // the different commands that you can send to the worker thread that
 // executes TargetEventsThread().
 enum {
   THREAD_CTRL_NONE,
   THREAD_CTRL_QUIT,
   THREAD_CTRL_LAST
 };
 
-}
+// Helper structure that allows the Broker to associate a job notification
+// with a job object and with a policy.
+struct JobTracker {
+  HANDLE job;
+  sandbox::PolicyBase* policy;
+  JobTracker(HANDLE cjob, sandbox::PolicyBase* cpolicy)
+      : job(cjob), policy(cpolicy) {
+  }
+};
+
+// Helper structure that allows the broker to track peer processes
+struct PeerTracker {
+  HANDLE wait_object_;
+  base::win::ScopedHandle process_;
+  PeerTracker() : wait_object_(NULL) {
+  }
+};
+
+}  // namespace
 
 namespace sandbox {
 
 BrokerServicesBase::BrokerServicesBase()
     : thread_pool_(NULL), job_port_(NULL), no_targets_(NULL),
       job_thread_(NULL) {
 }
 
 // The broker uses a dedicated worker thread that services the job completion
 // port to perform policy notifications and associated cleanup tasks.
@@ skipping 19 matching lines @@
 
 // The destructor should only be called when the Broker process is terminating.
 // Since BrokerServicesBase is a singleton, this is called from the CRT
 // termination handlers, if this code lives on a DLL it is called during
 // DLL_PROCESS_DETACH in other words, holding the loader lock, so we cannot
 // wait for threads here.
 BrokerServicesBase::~BrokerServicesBase() {
   // If there is no port Init() was never called successfully.
   if (!job_port_)
     return;
+
+  {  // Cancel the wait events for all the peers.
+    AutoLock lock(&lock_);
+    for (PeerTrackerMap::iterator it = peer_map_.begin();
+         it != peer_map_.end(); ++it) {
+      ::UnregisterWaitEx(it->second->wait_object_, NULL);
+      delete it->second;
+    }
+  }

[cpu_(ooo_6.6-7.5), 2012/04/12 02:17:52]

sounds like you want peer_map.clear() after 113 so the callback does not find a
wait object that is was already unregistered.

[jschuh, 2012/04/12 03:04:23]

Oops. Looks like I accidentally dropped the "erase" on the last upload. Thanks
for catching it.

+
   // Closing the port causes, that no more Job notifications are delivered to
   // the worker thread and also causes the thread to exit. This is what we
   // want to do since we are going to close all outstanding Jobs and notifying
   // the policy objects ourselves.
   ::PostQueuedCompletionStatus(job_port_, 0, THREAD_CTRL_QUIT, FALSE);
   ::CloseHandle(job_port_);
 
   if (WAIT_TIMEOUT == ::WaitForSingleObject(job_thread_, 1000)) {
     // Cannot clean broker services.
     NOTREACHED();
@@ skipping 207 matching lines @@
 }
 
 
 ResultCode BrokerServicesBase::WaitForAllTargets() {
   ::WaitForSingleObject(no_targets_, INFINITE);
   return SBOX_ALL_OK;
 }
 
 bool BrokerServicesBase::IsActiveTarget(DWORD process_id) {
   AutoLock lock(&lock_);
-  return child_process_ids_.find(process_id) != child_process_ids_.end();
+  return child_process_ids_.find(process_id) != child_process_ids_.end() ||
+         peer_map_.find(process_id) != peer_map_.end();
+}
+
+VOID CALLBACK BrokerServicesBase::RemovePeerData(PVOID parameter, BOOLEAN) {
+  DWORD process_id = reinterpret_cast<DWORD>(parameter);
+  BrokerServicesBase* broker = BrokerServicesBase::GetInstance();
+
+  AutoLock lock(&broker->lock_);
+  PeerTrackerMap::iterator it = broker->peer_map_.find(process_id);
+  // Failure means we're shutting down, and the destructor will clean up.
+  if (::UnregisterWaitEx(it->second->wait_object_, NULL)) {
+    broker->peer_map_.erase(it);
+    delete it->second;
+  }
+}
+
+ResultCode BrokerServicesBase::AddTargetPeer(HANDLE peer_process) {
+  DWORD process_id = ::GetProcessId(peer_process);
+  if (!process_id)
+    return SBOX_ERROR_GENERIC;
+
+  scoped_ptr<PeerTracker> peer(new PeerTracker);
+  if (!::DuplicateHandle(::GetCurrentProcess(), peer_process,
+                         ::GetCurrentProcess(), peer->process_.Receive(),
+                         SYNCHRONIZE, FALSE, 0)) {
+    return SBOX_ERROR_GENERIC;
+  }
+
+  AutoLock lock(&lock_);
+  if (!peer_map_.insert(std::make_pair(process_id, peer.get())).second)
+    return SBOX_ERROR_BAD_PARAMS;
+
+  if (!::RegisterWaitForSingleObject(&peer->wait_object_,
+                                     peer->process_, RemovePeerData,
+                                     reinterpret_cast<void*>(process_id),
+                                     INFINITE, WT_EXECUTEONLYONCE)) {
+    peer_map_.erase(process_id);
+    return SBOX_ERROR_GENERIC;
+  }
+
+  // Leak the pointer since it will be cleaned up by the callback.
+  peer.release();
+  return SBOX_ALL_OK;
 }
 
 }  // namespace sandbox