OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_WIN_SRC_TARGET_PROCESS_H_ | 5 #ifndef SANDBOX_WIN_SRC_TARGET_PROCESS_H_ |
6 #define SANDBOX_WIN_SRC_TARGET_PROCESS_H_ | 6 #define SANDBOX_WIN_SRC_TARGET_PROCESS_H_ |
7 | 7 |
8 #include <windows.h> | 8 #include <windows.h> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 14 matching lines...) Expand all Loading... |
25 namespace sandbox { | 25 namespace sandbox { |
26 | 26 |
27 class AttributeList; | 27 class AttributeList; |
28 class SharedMemIPCServer; | 28 class SharedMemIPCServer; |
29 class ThreadProvider; | 29 class ThreadProvider; |
30 | 30 |
31 // TargetProcess models a target instance (child process). Objects of this | 31 // TargetProcess models a target instance (child process). Objects of this |
32 // class are owned by the Policy used to create them. | 32 // class are owned by the Policy used to create them. |
33 class TargetProcess { | 33 class TargetProcess { |
34 public: | 34 public: |
35 // The constructor takes ownership of |initial_token| and |lockdown_token|. | 35 // The constructor takes ownership of |initial_token|, |lockdown_token| |
| 36 // and |lowbox_token|. |
36 TargetProcess(base::win::ScopedHandle initial_token, | 37 TargetProcess(base::win::ScopedHandle initial_token, |
37 base::win::ScopedHandle lockdown_token, | 38 base::win::ScopedHandle lockdown_token, |
38 HANDLE job, ThreadProvider* thread_pool); | 39 base::win::ScopedHandle lowbox_token, |
| 40 HANDLE job, |
| 41 ThreadProvider* thread_pool); |
39 ~TargetProcess(); | 42 ~TargetProcess(); |
40 | 43 |
41 // TODO(cpu): Currently there does not seem to be a reason to implement | 44 // TODO(cpu): Currently there does not seem to be a reason to implement |
42 // reference counting for this class since is internal, but kept the | 45 // reference counting for this class since is internal, but kept the |
43 // the same interface so the interception framework does not need to be | 46 // the same interface so the interception framework does not need to be |
44 // touched at this point. | 47 // touched at this point. |
45 void AddRef() {} | 48 void AddRef() {} |
46 void Release() {} | 49 void Release() {} |
47 | 50 |
48 // Creates the new target process. The process is created suspended. | 51 // Creates the new target process. The process is created suspended. |
49 // When |set_lockdown_token_after_create| is set, the lockdown token | |
50 // is replaced after the process is created | |
51 DWORD Create(const wchar_t* exe_path, | 52 DWORD Create(const wchar_t* exe_path, |
52 const wchar_t* command_line, | 53 const wchar_t* command_line, |
53 bool inherit_handles, | 54 bool inherit_handles, |
54 bool set_lockdown_token_after_create, | |
55 const base::win::StartupInformation& startup_info, | 55 const base::win::StartupInformation& startup_info, |
56 base::win::ScopedProcessInformation* target_info); | 56 base::win::ScopedProcessInformation* target_info); |
57 | 57 |
58 // Destroys the target process. | 58 // Destroys the target process. |
59 void Terminate(); | 59 void Terminate(); |
60 | 60 |
61 // Creates the IPC objects such as the BrokerDispatcher and the | 61 // Creates the IPC objects such as the BrokerDispatcher and the |
62 // IPC server. The IPC server uses the services of the thread_pool. | 62 // IPC server. The IPC server uses the services of the thread_pool. |
63 DWORD Init(Dispatcher* ipc_dispatcher, void* policy, | 63 DWORD Init(Dispatcher* ipc_dispatcher, void* policy, |
64 uint32 shared_IPC_size, uint32 shared_policy_size); | 64 uint32 shared_IPC_size, uint32 shared_policy_size); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
96 | 96 |
97 // Transfers a 32-bit variable between the broker and the target. | 97 // Transfers a 32-bit variable between the broker and the target. |
98 ResultCode TransferVariable(const char* name, void* address, size_t size); | 98 ResultCode TransferVariable(const char* name, void* address, size_t size); |
99 | 99 |
100 private: | 100 private: |
101 // Details of the target process. | 101 // Details of the target process. |
102 base::win::ScopedProcessInformation sandbox_process_info_; | 102 base::win::ScopedProcessInformation sandbox_process_info_; |
103 // The token associated with the process. It provides the core of the | 103 // The token associated with the process. It provides the core of the |
104 // sbox security. | 104 // sbox security. |
105 base::win::ScopedHandle lockdown_token_; | 105 base::win::ScopedHandle lockdown_token_; |
| 106 // The lowbox token associated with the process. This token is set after the |
| 107 // process creation. |
| 108 base::win::ScopedHandle lowbox_token_; |
106 // The token given to the initial thread so that the target process can | 109 // The token given to the initial thread so that the target process can |
107 // start. It has more powers than the lockdown_token. | 110 // start. It has more powers than the lockdown_token. |
108 base::win::ScopedHandle initial_token_; | 111 base::win::ScopedHandle initial_token_; |
109 // Kernel handle to the shared memory used by the IPC server. | 112 // Kernel handle to the shared memory used by the IPC server. |
110 base::win::ScopedHandle shared_section_; | 113 base::win::ScopedHandle shared_section_; |
111 // Job object containing the target process. | 114 // Job object containing the target process. |
112 HANDLE job_; | 115 HANDLE job_; |
113 // Reference to the IPC subsystem. | 116 // Reference to the IPC subsystem. |
114 scoped_ptr<SharedMemIPCServer> ipc_server_; | 117 scoped_ptr<SharedMemIPCServer> ipc_server_; |
115 // Provides the threads used by the IPC. This class does not own this pointer. | 118 // Provides the threads used by the IPC. This class does not own this pointer. |
(...skipping 11 matching lines...) Expand all Loading... |
127 }; | 130 }; |
128 | 131 |
129 // Creates a mock TargetProcess used for testing interceptions. | 132 // Creates a mock TargetProcess used for testing interceptions. |
130 // TODO(cpu): It seems that this method is not going to be used anymore. | 133 // TODO(cpu): It seems that this method is not going to be used anymore. |
131 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address); | 134 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address); |
132 | 135 |
133 | 136 |
134 } // namespace sandbox | 137 } // namespace sandbox |
135 | 138 |
136 #endif // SANDBOX_WIN_SRC_TARGET_PROCESS_H_ | 139 #endif // SANDBOX_WIN_SRC_TARGET_PROCESS_H_ |
OLD | NEW |