| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| 7 | 7 |
| 8 #include <windows.h> | 8 #include <windows.h> |
| 9 | 9 |
| 10 #include <list> | 10 #include <list> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/basictypes.h" | 13 #include "base/basictypes.h" |
| 14 #include "base/compiler_specific.h" | 14 #include "base/compiler_specific.h" |
| 15 #include "base/memory/ref_counted.h" |
| 15 #include "base/strings/string16.h" | 16 #include "base/strings/string16.h" |
| 16 #include "base/win/scoped_handle.h" | 17 #include "base/win/scoped_handle.h" |
| 17 #include "sandbox/win/src/app_container.h" | 18 #include "sandbox/win/src/app_container.h" |
| 18 #include "sandbox/win/src/crosscall_server.h" | 19 #include "sandbox/win/src/crosscall_server.h" |
| 19 #include "sandbox/win/src/handle_closer.h" | 20 #include "sandbox/win/src/handle_closer.h" |
| 20 #include "sandbox/win/src/ipc_tags.h" | 21 #include "sandbox/win/src/ipc_tags.h" |
| 21 #include "sandbox/win/src/policy_engine_opcodes.h" | 22 #include "sandbox/win/src/policy_engine_opcodes.h" |
| 22 #include "sandbox/win/src/policy_engine_params.h" | 23 #include "sandbox/win/src/policy_engine_params.h" |
| 23 #include "sandbox/win/src/policy_low_level.h" | 24 #include "sandbox/win/src/policy_low_level.h" |
| 24 #include "sandbox/win/src/sandbox_policy.h" | 25 #include "sandbox/win/src/sandbox_policy.h" |
| 25 #include "sandbox/win/src/sandbox_types.h" | 26 #include "sandbox/win/src/sandbox_types.h" |
| 26 #include "sandbox/win/src/security_level.h" | 27 #include "sandbox/win/src/security_level.h" |
| 27 #include "sandbox/win/src/target_process.h" | 28 #include "sandbox/win/src/target_process.h" |
| 28 #include "sandbox/win/src/win_utils.h" | 29 #include "sandbox/win/src/win_utils.h" |
| 29 | 30 |
| 30 namespace sandbox { | 31 namespace sandbox { |
| 31 | 32 |
| 32 typedef std::vector<base::win::ScopedHandle*> HandleList; | 33 typedef std::vector<base::win::ScopedHandle*> HandleList; |
| 33 | 34 |
| 34 // A Windows sandbox policy. All public methods are virtual since they may be | 35 // A Windows sandbox policy. All public methods are virtual since they may be |
| 35 // called from a dll, while the implementation of the methods lives in the main | 36 // called from a dll, while the implementation of the methods lives in the main |
| 36 // exe. | 37 // exe. |
| 37 class TargetPolicy { | 38 class TargetPolicy : public base::RefCountedThreadSafe<TargetPolicy> { |
| 38 public: | 39 public: |
| 39 TargetPolicy(); | 40 TargetPolicy(); |
| 40 | 41 |
| 41 // Windows subsystems that can have specific rules. | 42 // Windows subsystems that can have specific rules. |
| 42 // Note: The process subsystem(SUBSY_PROCESS) does not evaluate the request | 43 // Note: The process subsystem(SUBSY_PROCESS) does not evaluate the request |
| 43 // exactly like the CreateProcess API does. See the comment at the top of | 44 // exactly like the CreateProcess API does. See the comment at the top of |
| 44 // process_thread_dispatcher.cc for more details. | 45 // process_thread_dispatcher.cc for more details. |
| 45 enum SubSystem { | 46 enum SubSystem { |
| 46 SUBSYS_FILES, // Creation and opening of files and pipes. | 47 SUBSYS_FILES, // Creation and opening of files and pipes. |
| 47 SUBSYS_NAMED_PIPES, // Creation of named pipes. | 48 SUBSYS_NAMED_PIPES, // Creation of named pipes. |
| (...skipping 26 matching lines...) Expand all Loading... |
| 74 // the sandboxed application is at least INTERACTIVE. | 75 // the sandboxed application is at least INTERACTIVE. |
| 75 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. | 76 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. |
| 76 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. | 77 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
| 77 REG_ALLOW_READONLY, // Allows readonly access to a registry key. | 78 REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
| 78 REG_ALLOW_ANY, // Allows read and write access to a registry key. | 79 REG_ALLOW_ANY, // Allows read and write access to a registry key. |
| 79 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can | 80 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can |
| 80 // be used to allow the DLLs to load and initialize | 81 // be used to allow the DLLs to load and initialize |
| 81 // even if the process cannot access that subsystem. | 82 // even if the process cannot access that subsystem. |
| 82 }; | 83 }; |
| 83 | 84 |
| 84 // Increments the reference count of this object. The reference count must | |
| 85 // be incremented if this interface is given to another component. | |
| 86 virtual void AddRef(); | |
| 87 | |
| 88 // Decrements the reference count of this object. When the reference count | |
| 89 // is zero the object is automatically destroyed. | |
| 90 // Indicates that the caller is done with this interface. After calling | |
| 91 // release no other method should be called. | |
| 92 virtual void Release(); | |
| 93 | |
| 94 // Sets the security level for the target process' two tokens. | 85 // Sets the security level for the target process' two tokens. |
| 95 // This setting is permanent and cannot be changed once the target process is | 86 // This setting is permanent and cannot be changed once the target process is |
| 96 // spawned. | 87 // spawned. |
| 97 // initial: the security level for the initial token. This is the token that | 88 // initial: the security level for the initial token. This is the token that |
| 98 // is used by the process from the creation of the process until the moment | 89 // is used by the process from the creation of the process until the moment |
| 99 // the process calls TargetServices::LowerToken() or the process calls | 90 // the process calls TargetServices::LowerToken() or the process calls |
| 100 // win32's RevertToSelf(). Once this happens the initial token is no longer | 91 // win32's RevertToSelf(). Once this happens the initial token is no longer |
| 101 // available and the lockdown token is in effect. Using an initial token is | 92 // available and the lockdown token is in effect. Using an initial token is |
| 102 // not compatible with AppContainer, see SetAppContainer. | 93 // not compatible with AppContainer, see SetAppContainer. |
| 103 // lockdown: the security level for the token that comes into force after the | 94 // lockdown: the security level for the token that comes into force after the |
| (...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 321 Semantics semantics, | 312 Semantics semantics, |
| 322 const wchar_t* pattern); | 313 const wchar_t* pattern); |
| 323 | 314 |
| 324 // This lock synchronizes operations on the targets_ collection. | 315 // This lock synchronizes operations on the targets_ collection. |
| 325 CRITICAL_SECTION lock_; | 316 CRITICAL_SECTION lock_; |
| 326 | 317 |
| 327 // Maintains the list of target process associated with this policy. | 318 // Maintains the list of target process associated with this policy. |
| 328 // The policy takes ownership of them. | 319 // The policy takes ownership of them. |
| 329 typedef std::list<TargetProcess*> TargetSet; | 320 typedef std::list<TargetProcess*> TargetSet; |
| 330 TargetSet targets_; | 321 TargetSet targets_; |
| 331 // Standard object-lifetime reference counter. | |
| 332 volatile LONG ref_count; | |
| 333 // The user-defined global policy settings. | 322 // The user-defined global policy settings. |
| 334 TokenLevel lockdown_level_; | 323 TokenLevel lockdown_level_; |
| 335 TokenLevel initial_level_; | 324 TokenLevel initial_level_; |
| 336 JobLevel job_level_; | 325 JobLevel job_level_; |
| 337 uint32 ui_exceptions_; | 326 uint32 ui_exceptions_; |
| 338 size_t memory_limit_; | 327 size_t memory_limit_; |
| 339 bool use_alternate_desktop_; | 328 bool use_alternate_desktop_; |
| 340 bool use_alternate_winstation_; | 329 bool use_alternate_winstation_; |
| 341 // Helps the file system policy initialization. | 330 // Helps the file system policy initialization. |
| 342 bool file_system_init_; | 331 bool file_system_init_; |
| (...skipping 28 matching lines...) Expand all Loading... |
| 371 // This list contains handles other than the stderr/stdout handles which are | 360 // This list contains handles other than the stderr/stdout handles which are |
| 372 // shared with the target at times. | 361 // shared with the target at times. |
| 373 HandleList handles_to_share_; | 362 HandleList handles_to_share_; |
| 374 | 363 |
| 375 DISALLOW_COPY_AND_ASSIGN(TargetPolicy); | 364 DISALLOW_COPY_AND_ASSIGN(TargetPolicy); |
| 376 }; | 365 }; |
| 377 | 366 |
| 378 } // namespace sandbox | 367 } // namespace sandbox |
| 379 | 368 |
| 380 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 369 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1378523002:
Use scoped_refptr and RefCountedThreadSafe for TargetPolicy.
Base URL: https://chromium.googlesource.com/chromium/src.git@master