sandbox/win/src/sandbox_policy_base.cc - Issue 1460903002: Unify PolicyBase into TargetPolicy.

Unified Diff: sandbox/win/src/sandbox_policy_base.cc

Issue 1460903002: Unify PolicyBase into TargetPolicy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@policy_dispatcher

Patch Set: Rebase. Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/win/src/sandbox_policy_base.cc

diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc

index bcb7587464fefba61872b2c9ab809b40a84f7d48..39ac0710411272be46a34c00fe1f346e40189a95 100644

--- a/sandbox/win/src/sandbox_policy_base.cc

+++ b/sandbox/win/src/sandbox_policy_base.cc

@@ -2,7 +2,7 @@

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.

-#include "sandbox/win/src/sandbox_policy_base.h"

+#include "sandbox/win/src/sandbox_policy.h"

#include <sddl.h>

@@ -45,8 +45,8 @@ const size_t kPolMemSize = kOneMemPage * 14;

// Helper function to allocate space (on the heap) for policy.

sandbox::PolicyGlobal* MakeBrokerPolicyMemory() {

const size_t kTotalPolicySz = kPolMemSize;

- sandbox::PolicyGlobal* policy = static_cast<sandbox::PolicyGlobal*>

- (::operator new(kTotalPolicySz));

+ sandbox::PolicyGlobal* policy =

+ static_cast<sandbox::PolicyGlobal*>(::operator new(kTotalPolicySz));

DCHECK(policy);

memset(policy, 0, kTotalPolicySz);

policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal);

@@ -74,9 +74,10 @@ HANDLE CreateLowBoxObjectDirectory(PSID lowbox_sid) {

if (!::ConvertSidToStringSid(lowbox_sid, &sid_string))

return NULL;

- base::string16 directory_path = base::StringPrintf(

- L"\\Sessions\\%d\\AppContainerNamedObjects\\%ls",

- session_id, sid_string).c_str();

+ base::string16 directory_path =

+ base::StringPrintf(L"\\Sessions\\%d\\AppContainerNamedObjects\\%ls",

+ session_id, sid_string)

+ .c_str();

::LocalFree(sid_string);

NtCreateDirectoryObjectFunction CreateObjectDirectory = NULL;

@@ -84,17 +85,12 @@ HANDLE CreateLowBoxObjectDirectory(PSID lowbox_sid) {

OBJECT_ATTRIBUTES obj_attr;

UNICODE_STRING obj_name;

- sandbox::InitObjectAttribs(directory_path,

- OBJ_CASE_INSENSITIVE | OBJ_OPENIF,

- NULL,

- &obj_attr,

- &obj_name,

- NULL);

+ sandbox::InitObjectAttribs(directory_path, OBJ_CASE_INSENSITIVE | OBJ_OPENIF,

+ NULL, &obj_attr, &obj_name, NULL);

HANDLE handle = NULL;

- NTSTATUS status = CreateObjectDirectory(&handle,

- DIRECTORY_ALL_ACCESS,

- &obj_attr);

+ NTSTATUS status =

+ CreateObjectDirectory(&handle, DIRECTORY_ALL_ACCESS, &obj_attr);

if (!NT_SUCCESS(status))

return NULL;

@@ -110,12 +106,12 @@ SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level;

SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations;

// Initializes static members.

-HWINSTA PolicyBase::alternate_winstation_handle_ = NULL;

-HDESK PolicyBase::alternate_desktop_handle_ = NULL;

-IntegrityLevel PolicyBase::alternate_desktop_integrity_level_label_ =

+HWINSTA TargetPolicy::alternate_winstation_handle_ = NULL;

+HDESK TargetPolicy::alternate_desktop_handle_ = NULL;

+IntegrityLevel TargetPolicy::alternate_desktop_integrity_level_label_ =

INTEGRITY_LEVEL_SYSTEM;

-PolicyBase::PolicyBase()

+TargetPolicy::TargetPolicy()

: ref_count(1),

lockdown_level_(USER_LOCKDOWN),

initial_level_(USER_LOCKDOWN),

@@ -139,7 +135,7 @@ PolicyBase::PolicyBase()

dispatcher_.reset(new TopLevelDispatcher(this));

}

-PolicyBase::~PolicyBase() {

+TargetPolicy::~TargetPolicy() {

ClearSharedHandles();

TargetSet::iterator it;

@@ -156,16 +152,17 @@ PolicyBase::~PolicyBase() {

::DeleteCriticalSection(&lock_);

}

-void PolicyBase::AddRef() {

+void TargetPolicy::AddRef() {

::InterlockedIncrement(&ref_count);

}

-void PolicyBase::Release() {

+void TargetPolicy::Release() {

if (0 == ::InterlockedDecrement(&ref_count))

delete this;

}

-ResultCode PolicyBase::SetTokenLevel(TokenLevel initial, TokenLevel lockdown) {

+ResultCode TargetPolicy::SetTokenLevel(TokenLevel initial,

+ TokenLevel lockdown) {

if (initial < lockdown) {

return SBOX_ERROR_BAD_PARAMS;

}

@@ -174,15 +171,15 @@ ResultCode PolicyBase::SetTokenLevel(TokenLevel initial, TokenLevel lockdown) {

return SBOX_ALL_OK;

}

-TokenLevel PolicyBase::GetInitialTokenLevel() const {

+TokenLevel TargetPolicy::GetInitialTokenLevel() const {

return initial_level_;

}

-TokenLevel PolicyBase::GetLockdownTokenLevel() const{

+TokenLevel TargetPolicy::GetLockdownTokenLevel() const {

return lockdown_level_;

}

-ResultCode PolicyBase::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) {

+ResultCode TargetPolicy::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) {

if (memory_limit_ && job_level == JOB_NONE) {

return SBOX_ERROR_BAD_PARAMS;

}

@@ -191,7 +188,7 @@ ResultCode PolicyBase::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) {

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::SetJobMemoryLimit(size_t memory_limit) {

+ResultCode TargetPolicy::SetJobMemoryLimit(size_t memory_limit) {

if (memory_limit && job_level_ == JOB_NONE) {

return SBOX_ERROR_BAD_PARAMS;

}

@@ -199,13 +196,13 @@ ResultCode PolicyBase::SetJobMemoryLimit(size_t memory_limit) {

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::SetAlternateDesktop(bool alternate_winstation) {

+ResultCode TargetPolicy::SetAlternateDesktop(bool alternate_winstation) {

use_alternate_desktop_ = true;

use_alternate_winstation_ = alternate_winstation;

return CreateAlternateDesktop(alternate_winstation);

}

-base::string16 PolicyBase::GetAlternateDesktop() const {

+base::string16 TargetPolicy::GetAlternateDesktop() const {

// No alternate desktop or winstation. Return an empty string.

if (!use_alternate_desktop_ && !use_alternate_winstation_) {

return base::string16();

@@ -217,8 +214,8 @@ base::string16 PolicyBase::GetAlternateDesktop() const {

if (use_alternate_desktop_ && !alternate_desktop_handle_) {

return base::string16();

}

- if (use_alternate_winstation_ && (!alternate_desktop_handle_ ||

- !alternate_winstation_handle_)) {

+ if (use_alternate_winstation_ &&

+ (!alternate_desktop_handle_ || !alternate_winstation_handle_)) {

return base::string16();

}

@@ -226,7 +223,7 @@ base::string16 PolicyBase::GetAlternateDesktop() const {

alternate_desktop_handle_);

}

-ResultCode PolicyBase::CreateAlternateDesktop(bool alternate_winstation) {

+ResultCode TargetPolicy::CreateAlternateDesktop(bool alternate_winstation) {

if (alternate_winstation) {

// Previously called with alternate_winstation = false?

if (!alternate_winstation_handle_ && alternate_desktop_handle_)

@@ -280,7 +277,7 @@ ResultCode PolicyBase::CreateAlternateDesktop(bool alternate_winstation) {

return SBOX_ALL_OK;

}

-void PolicyBase::DestroyAlternateDesktop() {

+void TargetPolicy::DestroyAlternateDesktop() {

if (alternate_desktop_handle_) {

::CloseDesktop(alternate_desktop_handle_);

alternate_desktop_handle_ = NULL;

@@ -292,22 +289,22 @@ void PolicyBase::DestroyAlternateDesktop() {

}

-ResultCode PolicyBase::SetIntegrityLevel(IntegrityLevel integrity_level) {

+ResultCode TargetPolicy::SetIntegrityLevel(IntegrityLevel integrity_level) {

integrity_level_ = integrity_level;

return SBOX_ALL_OK;

}

-IntegrityLevel PolicyBase::GetIntegrityLevel() const {

+IntegrityLevel TargetPolicy::GetIntegrityLevel() const {

return integrity_level_;

}

-ResultCode PolicyBase::SetDelayedIntegrityLevel(

+ResultCode TargetPolicy::SetDelayedIntegrityLevel(

IntegrityLevel integrity_level) {

delayed_integrity_level_ = integrity_level;

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) {

+ResultCode TargetPolicy::SetAppContainer(const wchar_t* sid) {

if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)

return SBOX_ALL_OK;

@@ -331,12 +328,12 @@ ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) {

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::SetCapability(const wchar_t* sid) {

+ResultCode TargetPolicy::SetCapability(const wchar_t* sid) {

capabilities_.push_back(sid);

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::SetLowBox(const wchar_t* sid) {

+ResultCode TargetPolicy::SetLowBox(const wchar_t* sid) {

if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)

return SBOX_ERROR_UNSUPPORTED;

@@ -355,71 +352,69 @@ ResultCode PolicyBase::SetLowBox(const wchar_t* sid) {

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::SetProcessMitigations(

- MitigationFlags flags) {

+ResultCode TargetPolicy::SetProcessMitigations(MitigationFlags flags) {

if (!CanSetProcessMitigationsPreStartup(flags))

return SBOX_ERROR_BAD_PARAMS;

mitigations_ = flags;

return SBOX_ALL_OK;

}

-MitigationFlags PolicyBase::GetProcessMitigations() {

+MitigationFlags TargetPolicy::GetProcessMitigations() {

return mitigations_;

}

-ResultCode PolicyBase::SetDelayedProcessMitigations(

- MitigationFlags flags) {

+ResultCode TargetPolicy::SetDelayedProcessMitigations(MitigationFlags flags) {

if (!CanSetProcessMitigationsPostStartup(flags))

return SBOX_ERROR_BAD_PARAMS;

delayed_mitigations_ = flags;

return SBOX_ALL_OK;

}

-MitigationFlags PolicyBase::GetDelayedProcessMitigations() const {

+MitigationFlags TargetPolicy::GetDelayedProcessMitigations() const {

return delayed_mitigations_;

}

-void PolicyBase::SetStrictInterceptions() {

+void TargetPolicy::SetStrictInterceptions() {

relaxed_interceptions_ = false;

}

-ResultCode PolicyBase::SetStdoutHandle(HANDLE handle) {

+ResultCode TargetPolicy::SetStdoutHandle(HANDLE handle) {

if (!IsInheritableHandle(handle))

return SBOX_ERROR_BAD_PARAMS;

stdout_handle_ = handle;

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::SetStderrHandle(HANDLE handle) {

+ResultCode TargetPolicy::SetStderrHandle(HANDLE handle) {

if (!IsInheritableHandle(handle))

return SBOX_ERROR_BAD_PARAMS;

stderr_handle_ = handle;

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::AddRule(SubSystem subsystem,

- Semantics semantics,

- const wchar_t* pattern) {

+ResultCode TargetPolicy::AddRule(SubSystem subsystem,

+ Semantics semantics,

+ const wchar_t* pattern) {

ResultCode result = AddRuleInternal(subsystem, semantics, pattern);

- LOG_IF(ERROR, result != SBOX_ALL_OK) << "Failed to add sandbox rule."

- << " error = " << result

- << ", subsystem = " << subsystem

- << ", semantics = " << semantics

- << ", pattern = '" << pattern << "'";

+ LOG_IF(ERROR, result != SBOX_ALL_OK)

+ << "Failed to add sandbox rule."

+ << " error = " << result << ", subsystem = " << subsystem

+ << ", semantics = " << semantics << ", pattern = '" << pattern << "'";

return result;

}

-ResultCode PolicyBase::AddDllToUnload(const wchar_t* dll_name) {

+ResultCode TargetPolicy::AddDllToUnload(const wchar_t* dll_name) {

blacklisted_dlls_.push_back(dll_name);

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::AddKernelObjectToClose(const base::char16* handle_type,

- const base::char16* handle_name) {

+ResultCode TargetPolicy::AddKernelObjectToClose(

+ const base::char16* handle_type,

+ const base::char16* handle_name) {

return handle_closer_.AddHandle(handle_type, handle_name);

}

-void* PolicyBase::AddHandleToShare(HANDLE handle) {

+void* TargetPolicy::AddHandleToShare(HANDLE handle) {

if (base::win::GetVersion() < base::win::VERSION_VISTA)

return nullptr;

@@ -435,20 +430,20 @@ void* PolicyBase::AddHandleToShare(HANDLE handle) {

return duped_handle;

}

-const HandleList& PolicyBase::GetHandlesBeingShared() {

+const HandleList& TargetPolicy::GetHandlesBeingShared() {

return handles_to_share_;

}

-void PolicyBase::ClearSharedHandles() {

+void TargetPolicy::ClearSharedHandles() {

STLDeleteElements(&handles_to_share_);

}

-ResultCode PolicyBase::MakeJobObject(base::win::ScopedHandle* job) {

+ResultCode TargetPolicy::MakeJobObject(base::win::ScopedHandle* job) {

if (job_level_ != JOB_NONE) {

// Create the windows job object.

Job job_obj;

- DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_,

- memory_limit_);

+ DWORD result =

+ job_obj.Init(job_level_, NULL, ui_exceptions_, memory_limit_);

if (ERROR_SUCCESS != result)

return SBOX_ERROR_GENERIC;

@@ -459,9 +454,9 @@ ResultCode PolicyBase::MakeJobObject(base::win::ScopedHandle* job) {

return SBOX_ALL_OK;

}

-ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial,

- base::win::ScopedHandle* lockdown,

- base::win::ScopedHandle* lowbox) {

+ResultCode TargetPolicy::MakeTokens(base::win::ScopedHandle* initial,

+ base::win::ScopedHandle* lockdown,

+ base::win::ScopedHandle* lowbox) {

if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer() &&

lowbox_sid_) {

return SBOX_ERROR_BAD_PARAMS;

@@ -469,7 +464,7 @@ ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial,

// Create the 'naked' token. This will be the permanent token associated

// with the process and therefore with any thread that is not impersonating.

- DWORD result = CreateRestrictedToken(lockdown_level_, integrity_level_,

+ DWORD result = CreateRestrictedToken(lockdown_level_, integrity_level_,

PRIMARY, lockdown);

if (ERROR_SUCCESS != result)

return SBOX_ERROR_GENERIC;

@@ -485,10 +480,9 @@ ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial,

// Integrity label enum is reversed (higher level is a lower value).

static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED,

"Integrity level ordering reversed.");

- result = SetObjectIntegrityLabel(alternate_desktop_handle_,

- SE_WINDOW_OBJECT,

- L"",

- GetIntegrityLevelString(integrity_level_));

+ result =

+ SetObjectIntegrityLabel(alternate_desktop_handle_, SE_WINDOW_OBJECT,

+ L"", GetIntegrityLevelString(integrity_level_));

if (ERROR_SUCCESS != result)

return SBOX_ERROR_GENERIC;

@@ -524,10 +518,9 @@ ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial,

HANDLE saved_handles[1] = {lowbox_directory_.Get()};

DWORD saved_handles_count = lowbox_directory_.IsValid() ? 1 : 0;

- NTSTATUS status = CreateLowBoxToken(&token_lowbox, lockdown->Get(),

- TOKEN_ALL_ACCESS, &obj_attr,

- lowbox_sid_, 0, NULL,

- saved_handles_count, saved_handles);

+ NTSTATUS status = CreateLowBoxToken(

+ &token_lowbox, lockdown->Get(), TOKEN_ALL_ACCESS, &obj_attr,

+ lowbox_sid_, 0, NULL, saved_handles_count, saved_handles);

if (!NT_SUCCESS(status))

return SBOX_ERROR_GENERIC;

@@ -546,18 +539,18 @@ ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial,

return SBOX_ALL_OK;

}

-const AppContainerAttributes* PolicyBase::GetAppContainer() const {

+const AppContainerAttributes* TargetPolicy::GetAppContainer() const {

if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer())

return NULL;

return appcontainer_list_.get();

}

-PSID PolicyBase::GetLowBoxSid() const {

+PSID TargetPolicy::GetLowBoxSid() const {

return lowbox_sid_;

}

-bool PolicyBase::AddTarget(TargetProcess* target) {

+bool TargetPolicy::AddTarget(TargetProcess* target) {

if (NULL != policy_)

policy_maker_->Done();

@@ -579,16 +572,15 @@ bool PolicyBase::AddTarget(TargetProcess* target) {

g_shared_delayed_integrity_level = delayed_integrity_level_;

ResultCode ret = target->TransferVariable(

- "g_shared_delayed_integrity_level",

- &g_shared_delayed_integrity_level,

- sizeof(g_shared_delayed_integrity_level));

+ "g_shared_delayed_integrity_level", &g_shared_delayed_integrity_level,

+ sizeof(g_shared_delayed_integrity_level));

g_shared_delayed_integrity_level = INTEGRITY_LEVEL_LAST;

if (SBOX_ALL_OK != ret)

return false;

// Add in delayed mitigations and pseudo-mitigations enforced at startup.

- g_shared_delayed_mitigations = delayed_mitigations_ |

- FilterPostStartupProcessMitigations(mitigations_);

+ g_shared_delayed_mitigations =

+ delayed_mitigations_ | FilterPostStartupProcessMitigations(mitigations_);

if (!CanSetProcessMitigationsPostStartup(g_shared_delayed_mitigations))

return false;

@@ -604,7 +596,7 @@ bool PolicyBase::AddTarget(TargetProcess* target) {

return true;

}

-bool PolicyBase::OnJobEmpty(HANDLE job) {

+bool TargetPolicy::OnJobEmpty(HANDLE job) {

AutoLock lock(&lock_);

TargetSet::iterator it;

for (it = targets_.begin(); it != targets_.end(); ++it) {

@@ -620,8 +612,8 @@ bool PolicyBase::OnJobEmpty(HANDLE job) {

return true;

}

-EvalResult PolicyBase::EvalPolicy(int service,

- CountedParameterSetBase* params) {

+EvalResult TargetPolicy::EvalPolicy(int service,

+ CountedParameterSetBase* params) {

if (NULL != policy_) {

if (NULL == policy_->entry[service]) {

// There is no policy for this particular service. This is not a big

@@ -635,9 +627,8 @@ EvalResult PolicyBase::EvalPolicy(int service,

}

PolicyProcessor pol_evaluator(policy_->entry[service]);

- PolicyResult result = pol_evaluator.Evaluate(kShortEval,

- params->parameters,

- params->count);

+ PolicyResult result =

+ pol_evaluator.Evaluate(kShortEval, params->parameters, params->count);

if (POLICY_MATCH == result) {

return pol_evaluator.GetAction();

}

@@ -647,15 +638,15 @@ EvalResult PolicyBase::EvalPolicy(int service,

return DENY_ACCESS;

}

-HANDLE PolicyBase::GetStdoutHandle() {

+HANDLE TargetPolicy::GetStdoutHandle() {

return stdout_handle_;

}

-HANDLE PolicyBase::GetStderrHandle() {

+HANDLE TargetPolicy::GetStderrHandle() {

return stderr_handle_;

}

-bool PolicyBase::SetupAllInterceptions(TargetProcess* target) {

+bool TargetPolicy::SetupAllInterceptions(TargetProcess* target) {

InterceptionManager manager(target, relaxed_interceptions_);

if (policy_) {

@@ -682,13 +673,13 @@ bool PolicyBase::SetupAllInterceptions(TargetProcess* target) {

return SetupNtdllImports(target);

}

-bool PolicyBase::SetupHandleCloser(TargetProcess* target) {

+bool TargetPolicy::SetupHandleCloser(TargetProcess* target) {

return handle_closer_.InitializeTargetHandles(target);

}

-ResultCode PolicyBase::AddRuleInternal(SubSystem subsystem,

- Semantics semantics,

- const wchar_t* pattern) {

+ResultCode TargetPolicy::AddRuleInternal(SubSystem subsystem,

+ Semantics semantics,

+ const wchar_t* pattern) {

if (NULL == policy_) {

policy_ = MakeBrokerPolicyMemory();

DCHECK(policy_);

« sandbox/win/src/sandbox_policy.h ('K') | « sandbox/win/src/sandbox_policy_base.h ('k') | sandbox/win/src/sync_dispatcher.h » ('j') | no next file with comments »