| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include <sddl.h> | 7 #include <sddl.h> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
| 13 #include "base/strings/stringprintf.h" | 13 #include "base/strings/stringprintf.h" |
| 14 #include "base/win/windows_version.h" | 14 #include "base/win/windows_version.h" |
| 15 #include "sandbox/win/src/app_container.h" | 15 #include "sandbox/win/src/app_container.h" |
| 16 #include "sandbox/win/src/filesystem_dispatcher.h" | 16 #include "sandbox/win/src/filesystem_dispatcher.h" |
| 17 #include "sandbox/win/src/filesystem_policy.h" | 17 #include "sandbox/win/src/filesystem_policy.h" |
| 18 #include "sandbox/win/src/handle_dispatcher.h" | 18 #include "sandbox/win/src/handle_dispatcher.h" |
| 19 #include "sandbox/win/src/handle_policy.h" | 19 #include "sandbox/win/src/handle_policy.h" |
| 20 #include "sandbox/win/src/job.h" | 20 #include "sandbox/win/src/job.h" |
| 21 #include "sandbox/win/src/interception.h" | 21 #include "sandbox/win/src/interception.h" |
| 22 #include "sandbox/win/src/lpc_dispatcher.h" |
| 23 #include "sandbox/win/src/lpc_policy.h" |
| 22 #include "sandbox/win/src/process_mitigations.h" | 24 #include "sandbox/win/src/process_mitigations.h" |
| 23 #include "sandbox/win/src/named_pipe_dispatcher.h" | 25 #include "sandbox/win/src/named_pipe_dispatcher.h" |
| 24 #include "sandbox/win/src/named_pipe_policy.h" | 26 #include "sandbox/win/src/named_pipe_policy.h" |
| 25 #include "sandbox/win/src/policy_broker.h" | 27 #include "sandbox/win/src/policy_broker.h" |
| 26 #include "sandbox/win/src/policy_engine_processor.h" | 28 #include "sandbox/win/src/policy_engine_processor.h" |
| 27 #include "sandbox/win/src/policy_low_level.h" | 29 #include "sandbox/win/src/policy_low_level.h" |
| 28 #include "sandbox/win/src/process_mitigations_win32k_dispatcher.h" | 30 #include "sandbox/win/src/process_mitigations_win32k_dispatcher.h" |
| 29 #include "sandbox/win/src/process_mitigations_win32k_policy.h" | 31 #include "sandbox/win/src/process_mitigations_win32k_policy.h" |
| 30 #include "sandbox/win/src/process_thread_dispatcher.h" | 32 #include "sandbox/win/src/process_thread_dispatcher.h" |
| 31 #include "sandbox/win/src/process_thread_policy.h" | 33 #include "sandbox/win/src/process_thread_policy.h" |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 170 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; | 172 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; |
| 171 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; | 173 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; |
| 172 | 174 |
| 173 dispatcher = new HandleDispatcher(this); | 175 dispatcher = new HandleDispatcher(this); |
| 174 ipc_targets_[IPC_DUPLICATEHANDLEPROXY_TAG] = dispatcher; | 176 ipc_targets_[IPC_DUPLICATEHANDLEPROXY_TAG] = dispatcher; |
| 175 | 177 |
| 176 dispatcher = new ProcessMitigationsWin32KDispatcher(this); | 178 dispatcher = new ProcessMitigationsWin32KDispatcher(this); |
| 177 ipc_targets_[IPC_GDI_GDIDLLINITIALIZE_TAG] = dispatcher; | 179 ipc_targets_[IPC_GDI_GDIDLLINITIALIZE_TAG] = dispatcher; |
| 178 ipc_targets_[IPC_GDI_GETSTOCKOBJECT_TAG] = dispatcher; | 180 ipc_targets_[IPC_GDI_GETSTOCKOBJECT_TAG] = dispatcher; |
| 179 ipc_targets_[IPC_USER_REGISTERCLASSW_TAG] = dispatcher; | 181 ipc_targets_[IPC_USER_REGISTERCLASSW_TAG] = dispatcher; |
| 182 |
| 183 dispatcher = new LpcDispatcher(this); |
| 184 ipc_targets_[IPC_NTCONNECTALPCPORT_TAG] = dispatcher; |
| 180 } | 185 } |
| 181 | 186 |
| 182 PolicyBase::~PolicyBase() { | 187 PolicyBase::~PolicyBase() { |
| 183 ClearSharedHandles(); | 188 ClearSharedHandles(); |
| 184 | 189 |
| 185 TargetSet::iterator it; | 190 TargetSet::iterator it; |
| 186 for (it = targets_.begin(); it != targets_.end(); ++it) { | 191 for (it = targets_.begin(); it != targets_.end(); ++it) { |
| 187 TargetProcess* target = (*it); | 192 TargetProcess* target = (*it); |
| 188 delete target; | 193 delete target; |
| 189 } | 194 } |
| (...skipping 676 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 866 | 871 |
| 867 case SUBSYS_WIN32K_LOCKDOWN: { | 872 case SUBSYS_WIN32K_LOCKDOWN: { |
| 868 if (!ProcessMitigationsWin32KLockdownPolicy::GenerateRules( | 873 if (!ProcessMitigationsWin32KLockdownPolicy::GenerateRules( |
| 869 pattern, semantics, policy_maker_)) { | 874 pattern, semantics, policy_maker_)) { |
| 870 NOTREACHED(); | 875 NOTREACHED(); |
| 871 return SBOX_ERROR_BAD_PARAMS; | 876 return SBOX_ERROR_BAD_PARAMS; |
| 872 } | 877 } |
| 873 break; | 878 break; |
| 874 } | 879 } |
| 875 | 880 |
| 881 case SUBSYS_LPC: { |
| 882 if (!LpcPolicy::GenerateRules(pattern, semantics, policy_maker_)) { |
| 883 NOTREACHED(); |
| 884 return SBOX_ERROR_BAD_PARAMS; |
| 885 } |
| 886 break; |
| 887 } |
| 888 |
| 876 default: { return SBOX_ERROR_UNSUPPORTED; } | 889 default: { return SBOX_ERROR_UNSUPPORTED; } |
| 877 } | 890 } |
| 878 | 891 |
| 879 return SBOX_ALL_OK; | 892 return SBOX_ALL_OK; |
| 880 } | 893 } |
| 881 | 894 |
| 882 } // namespace sandbox | 895 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1296223005:
Continuing changes for lpc proxy
Base URL: https://chromium.googlesource.com/chromium/src.git@master