OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
7 | 7 |
8 #include <windows.h> | 8 #include <windows.h> |
9 | 9 |
10 #include <list> | 10 #include <list> |
11 #include <vector> | 11 #include <vector> |
12 | 12 |
13 #include "base/basictypes.h" | 13 #include "base/basictypes.h" |
14 #include "base/compiler_specific.h" | 14 #include "base/compiler_specific.h" |
| 15 #include "base/memory/ref_counted.h" |
15 #include "base/strings/string16.h" | 16 #include "base/strings/string16.h" |
16 #include "base/win/scoped_handle.h" | 17 #include "base/win/scoped_handle.h" |
17 #include "sandbox/win/src/app_container.h" | 18 #include "sandbox/win/src/app_container.h" |
18 #include "sandbox/win/src/crosscall_server.h" | 19 #include "sandbox/win/src/crosscall_server.h" |
19 #include "sandbox/win/src/handle_closer.h" | 20 #include "sandbox/win/src/handle_closer.h" |
20 #include "sandbox/win/src/ipc_tags.h" | 21 #include "sandbox/win/src/ipc_tags.h" |
21 #include "sandbox/win/src/policy_engine_opcodes.h" | 22 #include "sandbox/win/src/policy_engine_opcodes.h" |
22 #include "sandbox/win/src/policy_engine_params.h" | 23 #include "sandbox/win/src/policy_engine_params.h" |
23 #include "sandbox/win/src/policy_low_level.h" | 24 #include "sandbox/win/src/policy_low_level.h" |
24 #include "sandbox/win/src/sandbox_policy.h" | 25 #include "sandbox/win/src/sandbox_policy.h" |
25 #include "sandbox/win/src/sandbox_types.h" | 26 #include "sandbox/win/src/sandbox_types.h" |
26 #include "sandbox/win/src/security_level.h" | 27 #include "sandbox/win/src/security_level.h" |
27 #include "sandbox/win/src/target_process.h" | 28 #include "sandbox/win/src/target_process.h" |
28 #include "sandbox/win/src/win_utils.h" | 29 #include "sandbox/win/src/win_utils.h" |
29 | 30 |
30 namespace sandbox { | 31 namespace sandbox { |
31 | 32 |
32 typedef std::vector<base::win::ScopedHandle*> HandleList; | 33 typedef std::vector<base::win::ScopedHandle*> HandleList; |
33 | 34 |
34 // A Windows sandbox policy. All public methods are virtual since they may be | 35 // A Windows sandbox policy. All public methods are virtual since they may be |
35 // called from a dll, while the implementation of the methods lives in the main | 36 // called from a dll, while the implementation of the methods lives in the main |
36 // exe. | 37 // exe. |
37 class TargetPolicy { | 38 class TargetPolicy : public base::RefCountedThreadSafe<TargetPolicy> { |
38 public: | 39 public: |
39 TargetPolicy(); | 40 TargetPolicy(); |
40 | 41 |
41 // Windows subsystems that can have specific rules. | 42 // Windows subsystems that can have specific rules. |
42 // Note: The process subsystem(SUBSY_PROCESS) does not evaluate the request | 43 // Note: The process subsystem(SUBSY_PROCESS) does not evaluate the request |
43 // exactly like the CreateProcess API does. See the comment at the top of | 44 // exactly like the CreateProcess API does. See the comment at the top of |
44 // process_thread_dispatcher.cc for more details. | 45 // process_thread_dispatcher.cc for more details. |
45 enum SubSystem { | 46 enum SubSystem { |
46 SUBSYS_FILES, // Creation and opening of files and pipes. | 47 SUBSYS_FILES, // Creation and opening of files and pipes. |
47 SUBSYS_NAMED_PIPES, // Creation of named pipes. | 48 SUBSYS_NAMED_PIPES, // Creation of named pipes. |
(...skipping 26 matching lines...) Expand all Loading... |
74 // the sandboxed application is at least INTERACTIVE. | 75 // the sandboxed application is at least INTERACTIVE. |
75 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. | 76 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. |
76 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. | 77 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
77 REG_ALLOW_READONLY, // Allows readonly access to a registry key. | 78 REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
78 REG_ALLOW_ANY, // Allows read and write access to a registry key. | 79 REG_ALLOW_ANY, // Allows read and write access to a registry key. |
79 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can | 80 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can |
80 // be used to allow the DLLs to load and initialize | 81 // be used to allow the DLLs to load and initialize |
81 // even if the process cannot access that subsystem. | 82 // even if the process cannot access that subsystem. |
82 }; | 83 }; |
83 | 84 |
84 // Increments the reference count of this object. The reference count must | |
85 // be incremented if this interface is given to another component. | |
86 virtual void AddRef(); | |
87 | |
88 // Decrements the reference count of this object. When the reference count | |
89 // is zero the object is automatically destroyed. | |
90 // Indicates that the caller is done with this interface. After calling | |
91 // release no other method should be called. | |
92 virtual void Release(); | |
93 | |
94 // Sets the security level for the target process' two tokens. | 85 // Sets the security level for the target process' two tokens. |
95 // This setting is permanent and cannot be changed once the target process is | 86 // This setting is permanent and cannot be changed once the target process is |
96 // spawned. | 87 // spawned. |
97 // initial: the security level for the initial token. This is the token that | 88 // initial: the security level for the initial token. This is the token that |
98 // is used by the process from the creation of the process until the moment | 89 // is used by the process from the creation of the process until the moment |
99 // the process calls TargetServices::LowerToken() or the process calls | 90 // the process calls TargetServices::LowerToken() or the process calls |
100 // win32's RevertToSelf(). Once this happens the initial token is no longer | 91 // win32's RevertToSelf(). Once this happens the initial token is no longer |
101 // available and the lockdown token is in effect. Using an initial token is | 92 // available and the lockdown token is in effect. Using an initial token is |
102 // not compatible with AppContainer, see SetAppContainer. | 93 // not compatible with AppContainer, see SetAppContainer. |
103 // lockdown: the security level for the token that comes into force after the | 94 // lockdown: the security level for the token that comes into force after the |
(...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
321 Semantics semantics, | 312 Semantics semantics, |
322 const wchar_t* pattern); | 313 const wchar_t* pattern); |
323 | 314 |
324 // This lock synchronizes operations on the targets_ collection. | 315 // This lock synchronizes operations on the targets_ collection. |
325 CRITICAL_SECTION lock_; | 316 CRITICAL_SECTION lock_; |
326 | 317 |
327 // Maintains the list of target process associated with this policy. | 318 // Maintains the list of target process associated with this policy. |
328 // The policy takes ownership of them. | 319 // The policy takes ownership of them. |
329 typedef std::list<TargetProcess*> TargetSet; | 320 typedef std::list<TargetProcess*> TargetSet; |
330 TargetSet targets_; | 321 TargetSet targets_; |
331 // Standard object-lifetime reference counter. | |
332 volatile LONG ref_count; | |
333 // The user-defined global policy settings. | 322 // The user-defined global policy settings. |
334 TokenLevel lockdown_level_; | 323 TokenLevel lockdown_level_; |
335 TokenLevel initial_level_; | 324 TokenLevel initial_level_; |
336 JobLevel job_level_; | 325 JobLevel job_level_; |
337 uint32 ui_exceptions_; | 326 uint32 ui_exceptions_; |
338 size_t memory_limit_; | 327 size_t memory_limit_; |
339 bool use_alternate_desktop_; | 328 bool use_alternate_desktop_; |
340 bool use_alternate_winstation_; | 329 bool use_alternate_winstation_; |
341 // Helps the file system policy initialization. | 330 // Helps the file system policy initialization. |
342 bool file_system_init_; | 331 bool file_system_init_; |
(...skipping 28 matching lines...) Expand all Loading... |
371 // This list contains handles other than the stderr/stdout handles which are | 360 // This list contains handles other than the stderr/stdout handles which are |
372 // shared with the target at times. | 361 // shared with the target at times. |
373 HandleList handles_to_share_; | 362 HandleList handles_to_share_; |
374 | 363 |
375 DISALLOW_COPY_AND_ASSIGN(TargetPolicy); | 364 DISALLOW_COPY_AND_ASSIGN(TargetPolicy); |
376 }; | 365 }; |
377 | 366 |
378 } // namespace sandbox | 367 } // namespace sandbox |
379 | 368 |
380 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 369 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
OLD | NEW |