OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "sandbox/win/src/handle_dispatcher.h" | |
6 | |
7 #include <stdint.h> | |
8 | |
9 #include "base/win/scoped_handle.h" | |
10 #include "sandbox/win/src/handle_interception.h" | |
11 #include "sandbox/win/src/handle_policy.h" | |
12 #include "sandbox/win/src/ipc_tags.h" | |
13 #include "sandbox/win/src/policy_broker.h" | |
14 #include "sandbox/win/src/policy_params.h" | |
15 #include "sandbox/win/src/sandbox.h" | |
16 #include "sandbox/win/src/sandbox_nt_util.h" | |
17 #include "sandbox/win/src/sandbox_types.h" | |
18 #include "sandbox/win/src/sandbox_utils.h" | |
19 | |
20 namespace sandbox { | |
21 | |
22 HandleDispatcher::HandleDispatcher(PolicyBase* policy_base) | |
23 : policy_base_(policy_base) { | |
24 static const IPCCall duplicate_handle_proxy = { | |
25 {IPC_DUPLICATEHANDLEPROXY_TAG, | |
26 {VOIDPTR_TYPE, UINT32_TYPE, UINT32_TYPE, UINT32_TYPE}}, | |
27 reinterpret_cast<CallbackGeneric>( | |
28 &HandleDispatcher::DuplicateHandleProxy)}; | |
29 | |
30 ipc_calls_.push_back(duplicate_handle_proxy); | |
31 } | |
32 | |
33 bool HandleDispatcher::SetupService(InterceptionManager* manager, | |
34 int service) { | |
35 // We perform no interceptions for handles right now. | |
36 switch (service) { | |
37 case IPC_DUPLICATEHANDLEPROXY_TAG: | |
38 return true; | |
39 } | |
40 | |
41 return false; | |
42 } | |
43 | |
44 bool HandleDispatcher::DuplicateHandleProxy(IPCInfo* ipc, | |
45 HANDLE source_handle, | |
46 uint32_t target_process_id, | |
47 uint32_t desired_access, | |
48 uint32_t options) { | |
49 static NtQueryObject QueryObject = NULL; | |
50 if (!QueryObject) | |
51 ResolveNTFunctionPtr("NtQueryObject", &QueryObject); | |
52 | |
53 // Get a copy of the handle for use in the broker process. | |
54 HANDLE handle_temp; | |
55 if (!::DuplicateHandle(ipc->client_info->process, source_handle, | |
56 ::GetCurrentProcess(), &handle_temp, | |
57 0, FALSE, DUPLICATE_SAME_ACCESS | options)) { | |
58 ipc->return_info.win32_result = ::GetLastError(); | |
59 return false; | |
60 } | |
61 options &= ~DUPLICATE_CLOSE_SOURCE; | |
62 base::win::ScopedHandle handle(handle_temp); | |
63 | |
64 // Get the object type (32 characters is safe; current max is 14). | |
65 BYTE buffer[sizeof(OBJECT_TYPE_INFORMATION) + 32 * sizeof(wchar_t)]; | |
66 OBJECT_TYPE_INFORMATION* type_info = | |
67 reinterpret_cast<OBJECT_TYPE_INFORMATION*>(buffer); | |
68 ULONG size = sizeof(buffer) - sizeof(wchar_t); | |
69 NTSTATUS error = | |
70 QueryObject(handle.Get(), ObjectTypeInformation, type_info, size, &size); | |
71 if (!NT_SUCCESS(error)) { | |
72 ipc->return_info.nt_status = error; | |
73 return false; | |
74 } | |
75 type_info->Name.Buffer[type_info->Name.Length / sizeof(wchar_t)] = L'\0'; | |
76 | |
77 CountedParameterSet<HandleTarget> params; | |
78 params[HandleTarget::NAME] = ParamPickerMake(type_info->Name.Buffer); | |
79 params[HandleTarget::TARGET] = ParamPickerMake(target_process_id); | |
80 | |
81 EvalResult eval = policy_base_->EvalPolicy(IPC_DUPLICATEHANDLEPROXY_TAG, | |
82 params.GetBase()); | |
83 ipc->return_info.win32_result = | |
84 HandlePolicy::DuplicateHandleProxyAction(eval, handle.Get(), | |
85 target_process_id, | |
86 &ipc->return_info.handle, | |
87 desired_access, options); | |
88 return true; | |
89 } | |
90 | |
91 } // namespace sandbox | |
92 | |
OLD | NEW |