| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef SANDBOX_SRC_CROSSCALL_SERVER_H_ | |
| 6 #define SANDBOX_SRC_CROSSCALL_SERVER_H_ | |
| 7 | |
| 8 #include <stdint.h> | |
| 9 | |
| 10 #include <string> | |
| 11 #include <vector> | |
| 12 | |
| 13 #include "base/callback.h" | |
| 14 #include "base/macros.h" | |
| 15 #include "base/strings/string16.h" | |
| 16 #include "sandbox/win/src/crosscall_params.h" | |
| 17 | |
| 18 // This is the IPC server interface for CrossCall: The IPC for the Sandbox | |
| 19 // On the server, CrossCall needs two things: | |
| 20 // 1) threads: Or better said, someone to provide them, that is what the | |
| 21 // ThreadProvider interface is defined for. These thread(s) are | |
| 22 // the ones that will actually execute the IPC data retrieval. | |
| 23 // | |
| 24 // 2) a dispatcher: This interface represents the way to route and process | |
| 25 // an IPC call given the IPC tag. | |
| 26 // | |
| 27 // The other class included here CrossCallParamsEx is the server side version | |
| 28 // of the CrossCallParams class of /sandbox/crosscall_params.h The difference | |
| 29 // is that the sever version is paranoid about the correctness of the IPC | |
| 30 // message and will do all sorts of verifications. | |
| 31 // | |
| 32 // A general diagram of the interaction is as follows: | |
| 33 // | |
| 34 // ------------ | |
| 35 // | | | |
| 36 // ThreadProvider <--(1)Register--| IPC | | |
| 37 // | | Implemen | | |
| 38 // | | -tation | | |
| 39 // (2) | | OnMessage | |
| 40 // IPC fired --callback ------>| |--(3)---> Dispatcher | |
| 41 // | | | |
| 42 // ------------ | |
| 43 // | |
| 44 // The IPC implementation sits as a middleman between the handling of the | |
| 45 // specifics of scheduling a thread to service the IPC and the multiple | |
| 46 // entities that can potentially serve each particular IPC. | |
| 47 namespace sandbox { | |
| 48 | |
| 49 class InterceptionManager; | |
| 50 | |
| 51 // This function signature is required as the callback when an IPC call fires. | |
| 52 // context: a user-defined pointer that was set using ThreadProvider | |
| 53 // reason: 0 if the callback was fired because of a timeout. | |
| 54 // 1 if the callback was fired because of an event. | |
| 55 typedef void (__stdcall * CrossCallIPCCallback)(void* context, | |
| 56 unsigned char reason); | |
| 57 | |
| 58 // ThreadProvider models a thread factory. The idea is to decouple thread | |
| 59 // creation and lifetime from the inner guts of the IPC. The contract is | |
| 60 // simple: | |
| 61 // - the IPC implementation calls RegisterWait with a waitable object that | |
| 62 // becomes signaled when an IPC arrives and needs to be serviced. | |
| 63 // - when the waitable object becomes signaled, the thread provider conjures | |
| 64 // a thread that calls the callback (CrossCallIPCCallback) function | |
| 65 // - the callback function tries its best not to block and return quickly | |
| 66 // and should not assume that the next callback will use the same thread | |
| 67 // - when the callback returns the ThreadProvider owns again the thread | |
| 68 // and can destroy it or keep it around. | |
| 69 class ThreadProvider { | |
| 70 public: | |
| 71 // Registers a waitable object with the thread provider. | |
| 72 // client: A number to associate with all the RegisterWait calls, typically | |
| 73 // this is the address of the caller object. This parameter cannot | |
| 74 // be zero. | |
| 75 // waitable_object : a kernel object that can be waited on | |
| 76 // callback: a function pointer which is the function that will be called | |
| 77 // when the waitable object fires | |
| 78 // context: a user-provider pointer that is passed back to the callback | |
| 79 // when its called | |
| 80 virtual bool RegisterWait(const void* client, HANDLE waitable_object, | |
| 81 CrossCallIPCCallback callback, | |
| 82 void* context) = 0; | |
| 83 | |
| 84 // Removes all the registrations done with the same cookie parameter. | |
| 85 // This frees internal thread pool resources. | |
| 86 virtual bool UnRegisterWaits(void* cookie) = 0; | |
| 87 virtual ~ThreadProvider() {} | |
| 88 }; | |
| 89 | |
| 90 // Models the server-side of the original input parameters. | |
| 91 // Provides IPC buffer validation and it is capable of reading the parameters | |
| 92 // out of the IPC buffer. | |
| 93 class CrossCallParamsEx : public CrossCallParams { | |
| 94 public: | |
| 95 // Factory constructor. Pass an IPCbuffer (and buffer size) that contains a | |
| 96 // pending IPCcall. This constructor will: | |
| 97 // 1) validate the IPC buffer. returns NULL is the IPCbuffer is malformed. | |
| 98 // 2) make a copy of the IPCbuffer (parameter capture) | |
| 99 static CrossCallParamsEx* CreateFromBuffer(void* buffer_base, | |
| 100 uint32_t buffer_size, | |
| 101 uint32_t* output_size); | |
| 102 | |
| 103 // Provides IPCinput parameter raw access: | |
| 104 // index : the parameter to read; 0 is the first parameter | |
| 105 // returns NULL if the parameter is non-existent. If it exists it also | |
| 106 // returns the size in *size | |
| 107 void* GetRawParameter(uint32_t index, uint32_t* size, ArgType* type); | |
| 108 | |
| 109 // Gets a parameter that is four bytes in size. | |
| 110 // Returns false if the parameter does not exist or is not 32 bits wide. | |
| 111 bool GetParameter32(uint32_t index, uint32_t* param); | |
| 112 | |
| 113 // Gets a parameter that is void pointer in size. | |
| 114 // Returns false if the parameter does not exist or is not void pointer sized. | |
| 115 bool GetParameterVoidPtr(uint32_t index, void** param); | |
| 116 | |
| 117 // Gets a parameter that is a string. Returns false if the parameter does not | |
| 118 // exist. | |
| 119 bool GetParameterStr(uint32_t index, base::string16* string); | |
| 120 | |
| 121 // Gets a parameter that is an in/out buffer. Returns false is the parameter | |
| 122 // does not exist or if the size of the actual parameter is not equal to the | |
| 123 // expected size. | |
| 124 bool GetParameterPtr(uint32_t index, uint32_t expected_size, void** pointer); | |
| 125 | |
| 126 // Frees the memory associated with the IPC parameters. | |
| 127 static void operator delete(void* raw_memory) throw(); | |
| 128 | |
| 129 private: | |
| 130 // Only the factory method CreateFromBuffer can construct these objects. | |
| 131 CrossCallParamsEx(); | |
| 132 | |
| 133 ParamInfo param_info_[1]; | |
| 134 DISALLOW_COPY_AND_ASSIGN(CrossCallParamsEx); | |
| 135 }; | |
| 136 | |
| 137 // Simple helper function that sets the members of CrossCallReturn | |
| 138 // to the proper state to signal a basic error. | |
| 139 void SetCallError(ResultCode error, CrossCallReturn* call_return); | |
| 140 | |
| 141 // Sets the internal status of call_return to signify the that IPC call | |
| 142 // completed successfully. | |
| 143 void SetCallSuccess(CrossCallReturn* call_return); | |
| 144 | |
| 145 // Represents the client process that initiated the IPC which boils down to the | |
| 146 // process handle and the job object handle that contains the client process. | |
| 147 struct ClientInfo { | |
| 148 HANDLE process; | |
| 149 DWORD process_id; | |
| 150 }; | |
| 151 | |
| 152 // All IPC-related information to be passed to the IPC handler. | |
| 153 struct IPCInfo { | |
| 154 int ipc_tag; | |
| 155 const ClientInfo* client_info; | |
| 156 CrossCallReturn return_info; | |
| 157 }; | |
| 158 | |
| 159 // This structure identifies IPC signatures. | |
| 160 struct IPCParams { | |
| 161 int ipc_tag; | |
| 162 ArgType args[kMaxIpcParams]; | |
| 163 | |
| 164 bool Matches(IPCParams* other) const { | |
| 165 return !memcmp(this, other, sizeof(*other)); | |
| 166 } | |
| 167 }; | |
| 168 | |
| 169 // Models an entity that can process an IPC message or it can route to another | |
| 170 // one that could handle it. When an IPC arrives the IPC implementation will: | |
| 171 // 1) call OnMessageReady() with the tag of the pending IPC. If the dispatcher | |
| 172 // returns NULL it means that it cannot handle this IPC but if it returns | |
| 173 // non-null, it must be the pointer to a dispatcher that can handle it. | |
| 174 // 2) When the IPC finally obtains a valid Dispatcher the IPC | |
| 175 // implementation creates a CrossCallParamsEx from the raw IPC buffer. | |
| 176 // 3) It calls the returned callback, with the IPC info and arguments. | |
| 177 class Dispatcher { | |
| 178 public: | |
| 179 // Called from the IPC implementation to handle a specific IPC message. | |
| 180 typedef bool (Dispatcher::*CallbackGeneric)(); | |
| 181 typedef bool (Dispatcher::*Callback0)(IPCInfo* ipc); | |
| 182 typedef bool (Dispatcher::*Callback1)(IPCInfo* ipc, void* p1); | |
| 183 typedef bool (Dispatcher::*Callback2)(IPCInfo* ipc, void* p1, void* p2); | |
| 184 typedef bool (Dispatcher::*Callback3)(IPCInfo* ipc, void* p1, void* p2, | |
| 185 void* p3); | |
| 186 typedef bool (Dispatcher::*Callback4)(IPCInfo* ipc, void* p1, void* p2, | |
| 187 void* p3, void* p4); | |
| 188 typedef bool (Dispatcher::*Callback5)(IPCInfo* ipc, void* p1, void* p2, | |
| 189 void* p3, void* p4, void* p5); | |
| 190 typedef bool (Dispatcher::*Callback6)(IPCInfo* ipc, void* p1, void* p2, | |
| 191 void* p3, void* p4, void* p5, void* p6); | |
| 192 typedef bool (Dispatcher::*Callback7)(IPCInfo* ipc, void* p1, void* p2, | |
| 193 void* p3, void* p4, void* p5, void* p6, | |
| 194 void* p7); | |
| 195 typedef bool (Dispatcher::*Callback8)(IPCInfo* ipc, void* p1, void* p2, | |
| 196 void* p3, void* p4, void* p5, void* p6, | |
| 197 void* p7, void* p8); | |
| 198 typedef bool (Dispatcher::*Callback9)(IPCInfo* ipc, void* p1, void* p2, | |
| 199 void* p3, void* p4, void* p5, void* p6, | |
| 200 void* p7, void* p8, void* p9); | |
| 201 | |
| 202 // Called from the IPC implementation when an IPC message is ready override | |
| 203 // on a derived class to handle a set of IPC messages. Return NULL if your | |
| 204 // subclass does not handle the message or return the pointer to the subclass | |
| 205 // that can handle it. | |
| 206 virtual Dispatcher* OnMessageReady(IPCParams* ipc, CallbackGeneric* callback); | |
| 207 | |
| 208 // Called when a target proces is created, to setup the interceptions related | |
| 209 // with the given service (IPC). | |
| 210 virtual bool SetupService(InterceptionManager* manager, int service) = 0; | |
| 211 | |
| 212 Dispatcher(); | |
| 213 virtual ~Dispatcher(); | |
| 214 | |
| 215 protected: | |
| 216 // Structure that defines an IPC Call with all the parameters and the handler. | |
| 217 struct IPCCall { | |
| 218 IPCParams params; | |
| 219 CallbackGeneric callback; | |
| 220 }; | |
| 221 | |
| 222 // List of IPC Calls supported by the class. | |
| 223 std::vector<IPCCall> ipc_calls_; | |
| 224 }; | |
| 225 | |
| 226 } // namespace sandbox | |
| 227 | |
| 228 #endif // SANDBOX_SRC_CROSSCALL_SERVER_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master