Unify PolicyBase into TargetPolicy.

sandbox/win/src/broker_services.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/broker_services.h"
 
 #include <AclAPI.h>
+#include <vector>
 
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "base/threading/platform_thread.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
 #include "base/win/startup_information.h"
 #include "base/win/windows_version.h"
 #include "sandbox/win/src/app_container.h"
 #include "sandbox/win/src/process_mitigations.h"
-#include "sandbox/win/src/sandbox_policy_base.h"
 #include "sandbox/win/src/sandbox.h"
+#include "sandbox/win/src/sandbox_policy.h"
 #include "sandbox/win/src/target_process.h"
 #include "sandbox/win/src/win2k_threadpool.h"
 #include "sandbox/win/src/win_utils.h"
 
 namespace {
 
 // Utility function to associate a completion port to a job object.
 bool AssociateCompletionPort(HANDLE job, HANDLE port, void* key) {
   JOBOBJECT_ASSOCIATE_COMPLETION_PORT job_acp = { key, port };
   return ::SetInformationJobObject(job,
@@ skipping 18 matching lines @@
 enum {
   THREAD_CTRL_NONE,
   THREAD_CTRL_REMOVE_PEER,
   THREAD_CTRL_QUIT,
   THREAD_CTRL_LAST,
 };
 
 // Helper structure that allows the Broker to associate a job notification
 // with a job object and with a policy.
 struct JobTracker {
-  JobTracker(base::win::ScopedHandle job, sandbox::PolicyBase* policy)
+  JobTracker(base::win::ScopedHandle job, sandbox::TargetPolicy* policy)
       : job(job.Pass()), policy(policy) {
   }
   ~JobTracker() {
     FreeResources();
   }
 
   // Releases the Job and notifies the associated Policy object to release its
   // resources as well.
   void FreeResources();
 
   base::win::ScopedHandle job;
-  sandbox::PolicyBase* policy;
+  sandbox::TargetPolicy* policy;
 };
 
 void JobTracker::FreeResources() {
   if (policy) {
     BOOL res = ::TerminateJobObject(job.Get(), sandbox::SBOX_ALL_OK);
     DCHECK(res);
     // Closing the job causes the target process to be destroyed so this needs
     // to happen before calling OnJobEmpty().
     HANDLE stale_job_handle = job.Get();
     job.Close();
@@ skipping 84 matching lines @@
   // Cancel the wait events and delete remaining peer trackers.
   for (PeerTrackerMap::iterator it = peer_map_.begin();
        it != peer_map_.end(); ++it) {
     DeregisterPeerTracker(it->second);
   }
 
   ::DeleteCriticalSection(&lock_);
 }
 
 TargetPolicy* BrokerServicesBase::CreatePolicy() {
-  // If you change the type of the object being created here you must also
-  // change the downcast to it in SpawnTarget().
-  return new PolicyBase;
+  return new TargetPolicy;
 }
 
 // The worker thread stays in a loop waiting for asynchronous notifications
 // from the job objects. Right now we only care about knowing when the last
 // process on a job terminates, but in general this is the place to tell
 // the policy about events.
 DWORD WINAPI BrokerServicesBase::TargetEventsThread(PVOID param) {
   if (NULL == param)
     return 1;
 
@@ skipping 107 matching lines @@
 
   // Even though the resources touched by SpawnTarget can be accessed in
   // multiple threads, the method itself cannot be called from more than
   // 1 thread. This is to protect the global variables used while setting up
   // the child process.
   static DWORD thread_id = ::GetCurrentThreadId();
   DCHECK(thread_id == ::GetCurrentThreadId());
 
   AutoLock lock(&lock_);
 
-  // This downcast is safe as long as we control CreatePolicy()
-  PolicyBase* policy_base = static_cast<PolicyBase*>(policy);
-
-  if (policy_base->GetAppContainer() && policy_base->GetLowBoxSid())
+  if (policy->GetAppContainer() && policy->GetLowBoxSid())
     return SBOX_ERROR_BAD_PARAMS;
 
   // Construct the tokens and the job object that we are going to associate
   // with the soon to be created target process.
   base::win::ScopedHandle initial_token;
   base::win::ScopedHandle lockdown_token;
   base::win::ScopedHandle lowbox_token;
   ResultCode result = SBOX_ALL_OK;
 
-  result =
-      policy_base->MakeTokens(&initial_token, &lockdown_token, &lowbox_token);
+  result = policy->MakeTokens(&initial_token, &lockdown_token, &lowbox_token);
   if (SBOX_ALL_OK != result)
     return result;
 
   base::win::ScopedHandle job;
-  result = policy_base->MakeJobObject(&job);
+  result = policy->MakeJobObject(&job);
   if (SBOX_ALL_OK != result)
     return result;
 
   // Initialize the startup information from the policy.
   base::win::StartupInformation startup_info;
   // The liftime of |mitigations| and |inherit_handle_list| have to be at least
   // as long as |startup_info| because |UpdateProcThreadAttribute| requires that
   // its |lpValue| parameter persist until |DeleteProcThreadAttributeList| is
   // called; StartupInformation's destructor makes such a call.
   DWORD64 mitigations;
 
   std::vector<HANDLE> inherited_handle_list;
 
-  base::string16 desktop = policy_base->GetAlternateDesktop();
+  base::string16 desktop = policy->GetAlternateDesktop();
   if (!desktop.empty()) {
     startup_info.startup_info()->lpDesktop =
         const_cast<wchar_t*>(desktop.c_str());
   }
 
   bool inherit_handles = false;
 
   if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
     int attribute_count = 0;
-    const AppContainerAttributes* app_container =
-        policy_base->GetAppContainer();
+    const AppContainerAttributes* app_container = policy->GetAppContainer();
     if (app_container)
       ++attribute_count;
 
     size_t mitigations_size;
     ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(),
                                       &mitigations, &mitigations_size);
     if (mitigations)
       ++attribute_count;
 
-    HANDLE stdout_handle = policy_base->GetStdoutHandle();
-    HANDLE stderr_handle = policy_base->GetStderrHandle();
+    HANDLE stdout_handle = policy->GetStdoutHandle();
+    HANDLE stderr_handle = policy->GetStderrHandle();
 
     if (stdout_handle != INVALID_HANDLE_VALUE)
       inherited_handle_list.push_back(stdout_handle);
 
     // Handles in the list must be unique.
     if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE)
       inherited_handle_list.push_back(stderr_handle);
 
-    const HandleList& policy_handle_list = policy_base->GetHandlesBeingShared();
+    const HandleList& policy_handle_list = policy->GetHandlesBeingShared();
 
     for (auto handle : policy_handle_list)
       inherited_handle_list.push_back(handle->Get());
 
     if (inherited_handle_list.size())
       ++attribute_count;
 
     if (!startup_info.InitializeProcThreadAttributeList(attribute_count))
       return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
 
@@ skipping 36 matching lines @@
   // Create the TargetProces object and spawn the target suspended. Note that
   // Brokerservices does not own the target object. It is owned by the Policy.
   base::win::ScopedProcessInformation process_info;
   TargetProcess* target =
       new TargetProcess(initial_token.Pass(), lockdown_token.Pass(),
                         lowbox_token.Pass(), job.Get(), thread_pool_);
 
   DWORD win_result = target->Create(exe_path, command_line, inherit_handles,
                                     startup_info, &process_info);
 
-  policy_base->ClearSharedHandles();
+  policy->ClearSharedHandles();
 
   if (ERROR_SUCCESS != win_result) {
     SpawnCleanup(target, win_result);
     return SBOX_ERROR_CREATE_PROCESS;
   }
 
   // Now the policy is the owner of the target.
-  if (!policy_base->AddTarget(target)) {
+  if (!policy->AddTarget(target)) {
     return SpawnCleanup(target, 0);
   }
 
   // We are going to keep a pointer to the policy because we'll call it when
   // the job object generates notifications using the completion port.
-  policy_base->AddRef();
+  policy->AddRef();
   if (job.IsValid()) {
-    scoped_ptr<JobTracker> tracker(new JobTracker(job.Pass(), policy_base));
+    scoped_ptr<JobTracker> tracker(new JobTracker(job.Pass(), policy));
 
     // There is no obvious recovery after failure here. Previous version with
     // SpawnCleanup() caused deletion of TargetProcess twice. crbug.com/480639
     CHECK(AssociateCompletionPort(tracker->job.Get(), job_port_.Get(),
                                   tracker.get()));
 
     // Save the tracker because in cleanup we might need to force closing
     // the Jobs.
     tracker_list_.push_back(tracker.release());
     child_process_ids_.insert(process_info.process_id());
@@ skipping 85 matching lines @@
     return SBOX_ERROR_UNSUPPORTED;
 
   base::string16 name = LookupAppContainer(sid);
   if (name.empty())
     return SBOX_ERROR_INVALID_APP_CONTAINER;
 
   return DeleteAppContainer(sid);
 }
 
 }  // namespace sandbox