OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "sandbox/win/src/top_level_dispatcher.h" |
| 6 |
| 7 #include <string.h> |
| 8 |
| 9 #include "base/basictypes.h" |
| 10 #include "base/logging.h" |
| 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "sandbox/win/src/crosscall_server.h" |
| 13 #include "sandbox/win/src/filesystem_dispatcher.h" |
| 14 #include "sandbox/win/src/handle_dispatcher.h" |
| 15 #include "sandbox/win/src/interception.h" |
| 16 #include "sandbox/win/src/internal_types.h" |
| 17 #include "sandbox/win/src/ipc_tags.h" |
| 18 #include "sandbox/win/src/named_pipe_dispatcher.h" |
| 19 #include "sandbox/win/src/process_mitigations_win32k_dispatcher.h" |
| 20 #include "sandbox/win/src/process_thread_dispatcher.h" |
| 21 #include "sandbox/win/src/registry_dispatcher.h" |
| 22 #include "sandbox/win/src/sandbox_policy_base.h" |
| 23 #include "sandbox/win/src/sync_dispatcher.h" |
| 24 |
| 25 namespace sandbox { |
| 26 |
| 27 TopLevelDispatcher::TopLevelDispatcher(PolicyBase* policy) : policy_(policy) { |
| 28 // Initialize the IPC dispatcher array. |
| 29 memset(ipc_targets_, 0, sizeof(ipc_targets_)); |
| 30 Dispatcher* dispatcher; |
| 31 |
| 32 dispatcher = new FilesystemDispatcher(policy_); |
| 33 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; |
| 34 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; |
| 35 ipc_targets_[IPC_NTSETINFO_RENAME_TAG] = dispatcher; |
| 36 ipc_targets_[IPC_NTQUERYATTRIBUTESFILE_TAG] = dispatcher; |
| 37 ipc_targets_[IPC_NTQUERYFULLATTRIBUTESFILE_TAG] = dispatcher; |
| 38 filesystem_dispatcher_.reset(dispatcher); |
| 39 |
| 40 dispatcher = new NamedPipeDispatcher(policy_); |
| 41 ipc_targets_[IPC_CREATENAMEDPIPEW_TAG] = dispatcher; |
| 42 named_pipe_dispatcher_.reset(dispatcher); |
| 43 |
| 44 dispatcher = new ThreadProcessDispatcher(policy_); |
| 45 ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher; |
| 46 ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher; |
| 47 ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher; |
| 48 ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; |
| 49 ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; |
| 50 thread_process_dispatcher_.reset(dispatcher); |
| 51 |
| 52 dispatcher = new SyncDispatcher(policy_); |
| 53 ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; |
| 54 ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; |
| 55 sync_dispatcher_.reset(dispatcher); |
| 56 |
| 57 dispatcher = new RegistryDispatcher(policy_); |
| 58 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; |
| 59 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; |
| 60 registry_dispatcher_.reset(dispatcher); |
| 61 |
| 62 dispatcher = new HandleDispatcher(policy_); |
| 63 ipc_targets_[IPC_DUPLICATEHANDLEPROXY_TAG] = dispatcher; |
| 64 handle_dispatcher_.reset(dispatcher); |
| 65 |
| 66 dispatcher = new ProcessMitigationsWin32KDispatcher(policy_); |
| 67 ipc_targets_[IPC_GDI_GDIDLLINITIALIZE_TAG] = dispatcher; |
| 68 ipc_targets_[IPC_GDI_GETSTOCKOBJECT_TAG] = dispatcher; |
| 69 ipc_targets_[IPC_USER_REGISTERCLASSW_TAG] = dispatcher; |
| 70 process_mitigations_win32k_dispatcher_.reset(dispatcher); |
| 71 } |
| 72 |
| 73 TopLevelDispatcher::~TopLevelDispatcher() {} |
| 74 |
| 75 // When an IPC is ready in any of the targets we get called. We manage an array |
| 76 // of IPC dispatchers which are keyed on the IPC tag so we normally delegate |
| 77 // to the appropriate dispatcher unless we can handle the IPC call ourselves. |
| 78 Dispatcher* TopLevelDispatcher::OnMessageReady(IPCParams* ipc, |
| 79 CallbackGeneric* callback) { |
| 80 DCHECK(callback); |
| 81 static const IPCParams ping1 = {IPC_PING1_TAG, {UINT32_TYPE}}; |
| 82 static const IPCParams ping2 = {IPC_PING2_TAG, {INOUTPTR_TYPE}}; |
| 83 |
| 84 if (ping1.Matches(ipc) || ping2.Matches(ipc)) { |
| 85 *callback = reinterpret_cast<CallbackGeneric>( |
| 86 static_cast<Callback1>(&TopLevelDispatcher::Ping)); |
| 87 return this; |
| 88 } |
| 89 |
| 90 Dispatcher* dispatcher = GetDispatcher(ipc->ipc_tag); |
| 91 if (!dispatcher) { |
| 92 NOTREACHED(); |
| 93 return NULL; |
| 94 } |
| 95 return dispatcher->OnMessageReady(ipc, callback); |
| 96 } |
| 97 |
| 98 // Delegate to the appropriate dispatcher. |
| 99 bool TopLevelDispatcher::SetupService(InterceptionManager* manager, |
| 100 int service) { |
| 101 if (IPC_PING1_TAG == service || IPC_PING2_TAG == service) |
| 102 return true; |
| 103 |
| 104 Dispatcher* dispatcher = GetDispatcher(service); |
| 105 if (!dispatcher) { |
| 106 NOTREACHED(); |
| 107 return false; |
| 108 } |
| 109 return dispatcher->SetupService(manager, service); |
| 110 } |
| 111 |
| 112 // We service IPC_PING_TAG message which is a way to test a round trip of the |
| 113 // IPC subsystem. We receive a integer cookie and we are expected to return the |
| 114 // cookie times two (or three) and the current tick count. |
| 115 bool TopLevelDispatcher::Ping(IPCInfo* ipc, void* arg1) { |
| 116 switch (ipc->ipc_tag) { |
| 117 case IPC_PING1_TAG: { |
| 118 IPCInt ipc_int(arg1); |
| 119 uint32 cookie = ipc_int.As32Bit(); |
| 120 ipc->return_info.extended_count = 2; |
| 121 ipc->return_info.extended[0].unsigned_int = ::GetTickCount(); |
| 122 ipc->return_info.extended[1].unsigned_int = 2 * cookie; |
| 123 return true; |
| 124 } |
| 125 case IPC_PING2_TAG: { |
| 126 CountedBuffer* io_buffer = reinterpret_cast<CountedBuffer*>(arg1); |
| 127 if (sizeof(uint32) != io_buffer->Size()) |
| 128 return false; |
| 129 |
| 130 uint32* cookie = reinterpret_cast<uint32*>(io_buffer->Buffer()); |
| 131 *cookie = (*cookie) * 3; |
| 132 return true; |
| 133 } |
| 134 default: |
| 135 return false; |
| 136 } |
| 137 } |
| 138 |
| 139 Dispatcher* TopLevelDispatcher::GetDispatcher(int ipc_tag) { |
| 140 if (ipc_tag >= IPC_LAST_TAG || ipc_tag <= IPC_UNUSED_TAG) |
| 141 return NULL; |
| 142 |
| 143 return ipc_targets_[ipc_tag]; |
| 144 } |
| 145 |
| 146 } // namespace sandbox |
OLD | NEW |