OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | |
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | |
7 | |
8 #include <windows.h> | |
9 #include <stddef.h> | |
10 #include <stdint.h> | |
11 | |
12 #include <list> | |
13 #include <vector> | |
14 | |
15 #include "base/compiler_specific.h" | |
16 #include "base/macros.h" | |
17 #include "base/memory/scoped_ptr.h" | |
18 #include "base/process/launch.h" | |
19 #include "base/strings/string16.h" | |
20 #include "base/win/scoped_handle.h" | |
21 #include "sandbox/win/src/crosscall_server.h" | |
22 #include "sandbox/win/src/handle_closer.h" | |
23 #include "sandbox/win/src/ipc_tags.h" | |
24 #include "sandbox/win/src/policy_engine_opcodes.h" | |
25 #include "sandbox/win/src/policy_engine_params.h" | |
26 #include "sandbox/win/src/sandbox_policy.h" | |
27 #include "sandbox/win/src/win_utils.h" | |
28 | |
29 namespace sandbox { | |
30 | |
31 class AppContainerAttributes; | |
32 class LowLevelPolicy; | |
33 class TargetProcess; | |
34 struct PolicyGlobal; | |
35 | |
36 class PolicyBase final : public TargetPolicy { | |
37 public: | |
38 PolicyBase(); | |
39 | |
40 // TargetPolicy: | |
41 void AddRef() override; | |
42 void Release() override; | |
43 ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) override; | |
44 TokenLevel GetInitialTokenLevel() const override; | |
45 TokenLevel GetLockdownTokenLevel() const override; | |
46 ResultCode SetJobLevel(JobLevel job_level, uint32_t ui_exceptions) override; | |
47 JobLevel GetJobLevel() const override; | |
48 ResultCode SetJobMemoryLimit(size_t memory_limit) override; | |
49 ResultCode SetAlternateDesktop(bool alternate_winstation) override; | |
50 base::string16 GetAlternateDesktop() const override; | |
51 ResultCode CreateAlternateDesktop(bool alternate_winstation) override; | |
52 void DestroyAlternateDesktop() override; | |
53 ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override; | |
54 IntegrityLevel GetIntegrityLevel() const override; | |
55 ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) override; | |
56 ResultCode SetAppContainer(const wchar_t* sid) override; | |
57 ResultCode SetCapability(const wchar_t* sid) override; | |
58 ResultCode SetLowBox(const wchar_t* sid) override; | |
59 ResultCode SetProcessMitigations(MitigationFlags flags) override; | |
60 MitigationFlags GetProcessMitigations() override; | |
61 ResultCode SetDelayedProcessMitigations(MitigationFlags flags) override; | |
62 MitigationFlags GetDelayedProcessMitigations() const override; | |
63 void SetDisconnectCsrss() override; | |
64 void SetStrictInterceptions() override; | |
65 ResultCode SetStdoutHandle(HANDLE handle) override; | |
66 ResultCode SetStderrHandle(HANDLE handle) override; | |
67 ResultCode AddRule(SubSystem subsystem, | |
68 Semantics semantics, | |
69 const wchar_t* pattern) override; | |
70 ResultCode AddDllToUnload(const wchar_t* dll_name) override; | |
71 ResultCode AddKernelObjectToClose(const base::char16* handle_type, | |
72 const base::char16* handle_name) override; | |
73 void AddHandleToShare(HANDLE handle) override; | |
74 void SetLockdownDefaultDacl() override; | |
75 | |
76 // Creates a Job object with the level specified in a previous call to | |
77 // SetJobLevel(). | |
78 ResultCode MakeJobObject(base::win::ScopedHandle* job); | |
79 | |
80 // Creates the two tokens with the levels specified in a previous call to | |
81 // SetTokenLevel(). Also creates a lowbox token if specified based on the | |
82 // lowbox SID. | |
83 ResultCode MakeTokens(base::win::ScopedHandle* initial, | |
84 base::win::ScopedHandle* lockdown, | |
85 base::win::ScopedHandle* lowbox); | |
86 | |
87 const AppContainerAttributes* GetAppContainer() const; | |
88 | |
89 PSID GetLowBoxSid() const; | |
90 | |
91 // Adds a target process to the internal list of targets. Internally a | |
92 // call to TargetProcess::Init() is issued. | |
93 bool AddTarget(TargetProcess* target); | |
94 | |
95 // Called when there are no more active processes in a Job. | |
96 // Removes a Job object associated with this policy and the target associated | |
97 // with the job. | |
98 bool OnJobEmpty(HANDLE job); | |
99 | |
100 EvalResult EvalPolicy(int service, CountedParameterSetBase* params); | |
101 | |
102 HANDLE GetStdoutHandle(); | |
103 HANDLE GetStderrHandle(); | |
104 | |
105 // Returns the list of handles being shared with the target process. | |
106 const base::HandlesToInheritVector& GetHandlesBeingShared(); | |
107 | |
108 private: | |
109 ~PolicyBase(); | |
110 | |
111 // Sets up interceptions for a new target. | |
112 bool SetupAllInterceptions(TargetProcess* target); | |
113 | |
114 // Sets up the handle closer for a new target. | |
115 bool SetupHandleCloser(TargetProcess* target); | |
116 | |
117 ResultCode AddRuleInternal(SubSystem subsystem, | |
118 Semantics semantics, | |
119 const wchar_t* pattern); | |
120 | |
121 // This lock synchronizes operations on the targets_ collection. | |
122 CRITICAL_SECTION lock_; | |
123 // Maintains the list of target process associated with this policy. | |
124 // The policy takes ownership of them. | |
125 typedef std::list<TargetProcess*> TargetSet; | |
126 TargetSet targets_; | |
127 // Standard object-lifetime reference counter. | |
128 volatile LONG ref_count; | |
129 // The user-defined global policy settings. | |
130 TokenLevel lockdown_level_; | |
131 TokenLevel initial_level_; | |
132 JobLevel job_level_; | |
133 uint32_t ui_exceptions_; | |
134 size_t memory_limit_; | |
135 bool use_alternate_desktop_; | |
136 bool use_alternate_winstation_; | |
137 // Helps the file system policy initialization. | |
138 bool file_system_init_; | |
139 bool relaxed_interceptions_; | |
140 HANDLE stdout_handle_; | |
141 HANDLE stderr_handle_; | |
142 IntegrityLevel integrity_level_; | |
143 IntegrityLevel delayed_integrity_level_; | |
144 MitigationFlags mitigations_; | |
145 MitigationFlags delayed_mitigations_; | |
146 bool is_csrss_connected_; | |
147 // Object in charge of generating the low level policy. | |
148 LowLevelPolicy* policy_maker_; | |
149 // Memory structure that stores the low level policy. | |
150 PolicyGlobal* policy_; | |
151 // The list of dlls to unload in the target process. | |
152 std::vector<base::string16> blacklisted_dlls_; | |
153 // This is a map of handle-types to names that we need to close in the | |
154 // target process. A null set means we need to close all handles of the | |
155 // given type. | |
156 HandleCloser handle_closer_; | |
157 std::vector<base::string16> capabilities_; | |
158 scoped_ptr<AppContainerAttributes> appcontainer_list_; | |
159 PSID lowbox_sid_; | |
160 base::win::ScopedHandle lowbox_directory_; | |
161 scoped_ptr<Dispatcher> dispatcher_; | |
162 bool lockdown_default_dacl_; | |
163 | |
164 static HDESK alternate_desktop_handle_; | |
165 static HWINSTA alternate_winstation_handle_; | |
166 static IntegrityLevel alternate_desktop_integrity_level_label_; | |
167 | |
168 // Contains the list of handles being shared with the target process. | |
169 // This list contains handles other than the stderr/stdout handles which are | |
170 // shared with the target at times. | |
171 base::HandlesToInheritVector handles_to_share_; | |
172 | |
173 DISALLOW_COPY_AND_ASSIGN(PolicyBase); | |
174 }; | |
175 | |
176 } // namespace sandbox | |
177 | |
178 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | |
OLD | NEW |