| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef SANDBOX_TESTS_COMMON_CONTROLLER_H_ | |
| 6 #define SANDBOX_TESTS_COMMON_CONTROLLER_H__ | |
| 7 | |
| 8 #include <windows.h> | |
| 9 #include <string> | |
| 10 | |
| 11 #include "base/win/scoped_handle.h" | |
| 12 #include "sandbox/src/sandbox.h" | |
| 13 | |
| 14 namespace sandbox { | |
| 15 | |
| 16 // See winerror.h for details. | |
| 17 #define SEVERITY_INFO_FLAGS 0x40000000 | |
| 18 #define SEVERITY_ERROR_FLAGS 0xC0000000 | |
| 19 #define CUSTOMER_CODE 0x20000000 | |
| 20 #define SBOX_TESTS_FACILITY 0x05B10000 | |
| 21 | |
| 22 // All the possible error codes returned by the child process in | |
| 23 // the sandbox. | |
| 24 enum SboxTestResult { | |
| 25 SBOX_TEST_FIRST_RESULT = CUSTOMER_CODE | SBOX_TESTS_FACILITY, | |
| 26 SBOX_TEST_SUCCEEDED, | |
| 27 SBOX_TEST_PING_OK, | |
| 28 SBOX_TEST_FIRST_INFO = SBOX_TEST_FIRST_RESULT | SEVERITY_INFO_FLAGS, | |
| 29 SBOX_TEST_DENIED, // Access was denied. | |
| 30 SBOX_TEST_NOT_FOUND, // The resource was not found. | |
| 31 SBOX_TEST_FIRST_ERROR = SBOX_TEST_FIRST_RESULT | SEVERITY_ERROR_FLAGS, | |
| 32 SBOX_TEST_INVALID_PARAMETER, | |
| 33 SBOX_TEST_FAILED_TO_RUN_TEST, | |
| 34 SBOX_TEST_FAILED_TO_EXECUTE_COMMAND, | |
| 35 SBOX_TEST_TIMED_OUT, | |
| 36 SBOX_TEST_FAILED, | |
| 37 SBOX_TEST_LAST_RESULT | |
| 38 }; | |
| 39 | |
| 40 inline bool IsSboxTestsResult(SboxTestResult result) { | |
| 41 unsigned int code = static_cast<unsigned int>(result); | |
| 42 unsigned int first = static_cast<unsigned int>(SBOX_TEST_FIRST_RESULT); | |
| 43 unsigned int last = static_cast<unsigned int>(SBOX_TEST_LAST_RESULT); | |
| 44 return (code > first) && (code < last); | |
| 45 } | |
| 46 | |
| 47 enum SboxTestsState { | |
| 48 MIN_STATE = 1, | |
| 49 BEFORE_INIT, | |
| 50 BEFORE_REVERT, | |
| 51 AFTER_REVERT, | |
| 52 EVERY_STATE, | |
| 53 MAX_STATE | |
| 54 }; | |
| 55 | |
| 56 #define SBOX_TESTS_API __declspec(dllexport) | |
| 57 #define SBOX_TESTS_COMMAND extern "C" SBOX_TESTS_API | |
| 58 | |
| 59 extern "C" { | |
| 60 typedef int (*CommandFunction)(int argc, wchar_t **argv); | |
| 61 } | |
| 62 | |
| 63 // Class to facilitate the launch of a test inside the sandbox. | |
| 64 class TestRunner { | |
| 65 public: | |
| 66 TestRunner(JobLevel job_level, TokenLevel startup_token, | |
| 67 TokenLevel main_token); | |
| 68 | |
| 69 TestRunner(); | |
| 70 | |
| 71 ~TestRunner(); | |
| 72 | |
| 73 // Adds a rule to the policy. The parameters are the same as the AddRule | |
| 74 // function in the sandbox. | |
| 75 bool AddRule(TargetPolicy::SubSystem subsystem, | |
| 76 TargetPolicy::Semantics semantics, | |
| 77 const wchar_t* pattern); | |
| 78 | |
| 79 // Adds a filesystem rules with the path of a file in system32. The function | |
| 80 // appends "pattern" to "system32" and then call AddRule. Return true if the | |
| 81 // function succeeds. | |
| 82 bool AddRuleSys32(TargetPolicy::Semantics semantics, const wchar_t* pattern); | |
| 83 | |
| 84 // Adds a filesystem rules to the policy. Returns true if the functions | |
| 85 // succeeds. | |
| 86 bool AddFsRule(TargetPolicy::Semantics semantics, const wchar_t* pattern); | |
| 87 | |
| 88 // Starts a child process in the sandbox and ask it to run |command|. Returns | |
| 89 // a SboxTestResult. By default, the test runs AFTER_REVERT. | |
| 90 int RunTest(const wchar_t* command); | |
| 91 | |
| 92 // Sets the timeout value for the child to run the command and return. | |
| 93 void SetTimeout(DWORD timeout_ms); | |
| 94 | |
| 95 // Sets TestRunner to return without waiting for the process to exit. | |
| 96 void SetAsynchronous(bool is_async) { is_async_ = is_async; } | |
| 97 | |
| 98 // Sets TestRunner to return without waiting for the process to exit. | |
| 99 void SetUnsandboxed(bool is_no_sandbox) { no_sandbox_ = is_no_sandbox; } | |
| 100 | |
| 101 // Sets the desired state for the test to run. | |
| 102 void SetTestState(SboxTestsState desired_state); | |
| 103 | |
| 104 // Returns the pointers to the policy object. It can be used to modify | |
| 105 // the policy manually. | |
| 106 TargetPolicy* GetPolicy(); | |
| 107 | |
| 108 // Return the process handle for an asynchronous test. | |
| 109 HANDLE process() { return target_process_; } | |
| 110 | |
| 111 // Return the process ID for an asynchronous test. | |
| 112 DWORD process_id() { return target_process_id_; } | |
| 113 | |
| 114 private: | |
| 115 // Initializes the data in the object. Sets is_init_ to tree if the | |
| 116 // function succeeds. This is meant to be called from the constructor. | |
| 117 void Init(JobLevel job_level, TokenLevel startup_token, | |
| 118 TokenLevel main_token); | |
| 119 | |
| 120 // The actual runner. | |
| 121 int InternalRunTest(const wchar_t* command); | |
| 122 | |
| 123 BrokerServices* broker_; | |
| 124 TargetPolicy* policy_; | |
| 125 DWORD timeout_; | |
| 126 SboxTestsState state_; | |
| 127 bool is_init_; | |
| 128 bool is_async_; | |
| 129 bool no_sandbox_; | |
| 130 base::win::ScopedHandle target_process_; | |
| 131 DWORD target_process_id_; | |
| 132 }; | |
| 133 | |
| 134 // Returns the broker services. | |
| 135 BrokerServices* GetBroker(); | |
| 136 | |
| 137 // Constructs a full path to a file inside the system32 (or syswow64) folder. | |
| 138 std::wstring MakePathToSys(const wchar_t* name, bool is_obj_man_path); | |
| 139 | |
| 140 // Runs the given test on the target process. | |
| 141 int DispatchCall(int argc, wchar_t **argv); | |
| 142 | |
| 143 } // namespace sandbox | |
| 144 | |
| 145 #endif // SANDBOX_TESTS_COMMON_CONTROLLER_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10689170:
Move the Windows sandbox to sandbox/win (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src