OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/broker_services.h" | 5 #include "sandbox/win/src/broker_services.h" |
6 | 6 |
7 #include <AclAPI.h> | 7 #include <AclAPI.h> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/macros.h" | 10 #include "base/macros.h" |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 delete peer; | 106 delete peer; |
107 } else { | 107 } else { |
108 NOTREACHED(); | 108 NOTREACHED(); |
109 } | 109 } |
110 } | 110 } |
111 | 111 |
112 } // namespace | 112 } // namespace |
113 | 113 |
114 namespace sandbox { | 114 namespace sandbox { |
115 | 115 |
116 // TODO(rvargas): Replace this structure with a std::pair of ScopedHandles. | |
117 struct BrokerServicesBase::TokenPair { | |
118 TokenPair(base::win::ScopedHandle initial_token, | |
119 base::win::ScopedHandle lockdown_token) | |
120 : initial(initial_token.Pass()), | |
121 lockdown(lockdown_token.Pass()) { | |
122 } | |
123 | |
124 base::win::ScopedHandle initial; | |
125 base::win::ScopedHandle lockdown; | |
126 }; | |
127 | |
128 BrokerServicesBase::BrokerServicesBase() : thread_pool_(NULL) { | 116 BrokerServicesBase::BrokerServicesBase() : thread_pool_(NULL) { |
129 } | 117 } |
130 | 118 |
131 // The broker uses a dedicated worker thread that services the job completion | 119 // The broker uses a dedicated worker thread that services the job completion |
132 // port to perform policy notifications and associated cleanup tasks. | 120 // port to perform policy notifications and associated cleanup tasks. |
133 ResultCode BrokerServicesBase::Init() { | 121 ResultCode BrokerServicesBase::Init() { |
134 if (job_port_.IsValid() || (NULL != thread_pool_)) | 122 if (job_port_.IsValid() || (NULL != thread_pool_)) |
135 return SBOX_ERROR_UNEXPECTED_CALL; | 123 return SBOX_ERROR_UNEXPECTED_CALL; |
136 | 124 |
137 ::InitializeCriticalSection(&lock_); | 125 ::InitializeCriticalSection(&lock_); |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
319 // This downcast is safe as long as we control CreatePolicy() | 307 // This downcast is safe as long as we control CreatePolicy() |
320 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); | 308 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); |
321 | 309 |
322 if (policy_base->GetAppContainer() && policy_base->GetLowBoxSid()) | 310 if (policy_base->GetAppContainer() && policy_base->GetLowBoxSid()) |
323 return SBOX_ERROR_BAD_PARAMS; | 311 return SBOX_ERROR_BAD_PARAMS; |
324 | 312 |
325 // Construct the tokens and the job object that we are going to associate | 313 // Construct the tokens and the job object that we are going to associate |
326 // with the soon to be created target process. | 314 // with the soon to be created target process. |
327 base::win::ScopedHandle initial_token; | 315 base::win::ScopedHandle initial_token; |
328 base::win::ScopedHandle lockdown_token; | 316 base::win::ScopedHandle lockdown_token; |
| 317 base::win::ScopedHandle lowbox_token; |
329 ResultCode result = SBOX_ALL_OK; | 318 ResultCode result = SBOX_ALL_OK; |
330 | 319 |
331 result = policy_base->MakeTokens(&initial_token, &lockdown_token); | 320 result = |
| 321 policy_base->MakeTokens(&initial_token, &lockdown_token, &lowbox_token); |
332 if (SBOX_ALL_OK != result) | 322 if (SBOX_ALL_OK != result) |
333 return result; | 323 return result; |
334 | 324 |
335 base::win::ScopedHandle job; | 325 base::win::ScopedHandle job; |
336 result = policy_base->MakeJobObject(&job); | 326 result = policy_base->MakeJobObject(&job); |
337 if (SBOX_ALL_OK != result) | 327 if (SBOX_ALL_OK != result) |
338 return result; | 328 return result; |
339 | 329 |
340 // Initialize the startup information from the policy. | 330 // Initialize the startup information from the policy. |
341 base::win::StartupInformation startup_info; | 331 base::win::StartupInformation startup_info; |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
438 std::vector<DWORD> inherited_handle_information(inherited_handle_list.size()); | 428 std::vector<DWORD> inherited_handle_information(inherited_handle_list.size()); |
439 for (size_t i = 0; i < inherited_handle_list.size(); ++i) { | 429 for (size_t i = 0; i < inherited_handle_list.size(); ++i) { |
440 const HANDLE& inherited_handle = inherited_handle_list[i]; | 430 const HANDLE& inherited_handle = inherited_handle_list[i]; |
441 ::GetHandleInformation(inherited_handle, &inherited_handle_information[i]); | 431 ::GetHandleInformation(inherited_handle, &inherited_handle_information[i]); |
442 ::SetHandleInformation(inherited_handle, HANDLE_FLAG_PROTECT_FROM_CLOSE, 0); | 432 ::SetHandleInformation(inherited_handle, HANDLE_FLAG_PROTECT_FROM_CLOSE, 0); |
443 } | 433 } |
444 | 434 |
445 // Create the TargetProces object and spawn the target suspended. Note that | 435 // Create the TargetProces object and spawn the target suspended. Note that |
446 // Brokerservices does not own the target object. It is owned by the Policy. | 436 // Brokerservices does not own the target object. It is owned by the Policy. |
447 base::win::ScopedProcessInformation process_info; | 437 base::win::ScopedProcessInformation process_info; |
448 TargetProcess* target = new TargetProcess(initial_token.Pass(), | 438 TargetProcess* target = |
449 lockdown_token.Pass(), | 439 new TargetProcess(initial_token.Pass(), lockdown_token.Pass(), |
450 job.Get(), | 440 lowbox_token.Pass(), job.Get(), thread_pool_); |
451 thread_pool_); | |
452 | 441 |
453 DWORD win_result = target->Create(exe_path, command_line, inherit_handles, | 442 DWORD win_result = target->Create(exe_path, command_line, inherit_handles, |
454 policy_base->GetLowBoxSid() ? true : false, | |
455 startup_info, &process_info); | 443 startup_info, &process_info); |
456 | 444 |
457 // Restore the previous handle protection values. | 445 // Restore the previous handle protection values. |
458 for (size_t i = 0; i < inherited_handle_list.size(); ++i) { | 446 for (size_t i = 0; i < inherited_handle_list.size(); ++i) { |
459 ::SetHandleInformation(inherited_handle_list[i], | 447 ::SetHandleInformation(inherited_handle_list[i], |
460 HANDLE_FLAG_PROTECT_FROM_CLOSE, | 448 HANDLE_FLAG_PROTECT_FROM_CLOSE, |
461 inherited_handle_information[i]); | 449 inherited_handle_information[i]); |
462 } | 450 } |
463 | 451 |
464 policy_base->ClearSharedHandles(); | 452 policy_base->ClearSharedHandles(); |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
576 return SBOX_ERROR_UNSUPPORTED; | 564 return SBOX_ERROR_UNSUPPORTED; |
577 | 565 |
578 base::string16 name = LookupAppContainer(sid); | 566 base::string16 name = LookupAppContainer(sid); |
579 if (name.empty()) | 567 if (name.empty()) |
580 return SBOX_ERROR_INVALID_APP_CONTAINER; | 568 return SBOX_ERROR_INVALID_APP_CONTAINER; |
581 | 569 |
582 return DeleteAppContainer(sid); | 570 return DeleteAppContainer(sid); |
583 } | 571 } |
584 | 572 |
585 } // namespace sandbox | 573 } // namespace sandbox |
OLD | NEW |