Chromium Code Reviews Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/broker_services.h" | 5 #include "sandbox/win/src/broker_services.h" |
| 6 | 6 |
| 7 #include <AclAPI.h> | |
| 8 | |
| 7 #include "base/logging.h" | 9 #include "base/logging.h" |
| 8 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/threading/platform_thread.h" | 11 #include "base/threading/platform_thread.h" |
| 10 #include "base/win/scoped_handle.h" | 12 #include "base/win/scoped_handle.h" |
| 11 #include "base/win/scoped_process_information.h" | 13 #include "base/win/scoped_process_information.h" |
| 12 #include "base/win/startup_information.h" | 14 #include "base/win/startup_information.h" |
| 13 #include "base/win/windows_version.h" | 15 #include "base/win/windows_version.h" |
| 14 #include "sandbox/win/src/app_container.h" | 16 #include "sandbox/win/src/app_container.h" |
| 15 #include "sandbox/win/src/process_mitigations.h" | 17 #include "sandbox/win/src/process_mitigations.h" |
| 16 #include "sandbox/win/src/sandbox_policy_base.h" | 18 #include "sandbox/win/src/sandbox_policy_base.h" |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 146 | 148 |
| 147 // Cancel the wait events and delete remaining peer trackers. | 149 // Cancel the wait events and delete remaining peer trackers. |
| 148 for (PeerTrackerMap::iterator it = peer_map_.begin(); | 150 for (PeerTrackerMap::iterator it = peer_map_.begin(); |
| 149 it != peer_map_.end(); ++it) { | 151 it != peer_map_.end(); ++it) { |
| 150 DeregisterPeerTracker(it->second); | 152 DeregisterPeerTracker(it->second); |
| 151 } | 153 } |
| 152 | 154 |
| 153 // If job_port_ isn't NULL, assumes that the lock has been initialized. | 155 // If job_port_ isn't NULL, assumes that the lock has been initialized. |
| 154 if (job_port_) | 156 if (job_port_) |
| 155 ::DeleteCriticalSection(&lock_); | 157 ::DeleteCriticalSection(&lock_); |
| 158 | |
| 159 // Close any token in the cache. | |
| 160 for (TokenCacheMap::iterator it = token_cache_.begin(); | |
| 161 it != token_cache_.end(); ++it) { | |
| 162 ::CloseHandle(it->second.first); | |
| 163 ::CloseHandle(it->second.second); | |
| 164 } | |
| 156 } | 165 } |
| 157 | 166 |
| 158 TargetPolicy* BrokerServicesBase::CreatePolicy() { | 167 TargetPolicy* BrokerServicesBase::CreatePolicy() { |
| 159 // If you change the type of the object being created here you must also | 168 // If you change the type of the object being created here you must also |
| 160 // change the downcast to it in SpawnTarget(). | 169 // change the downcast to it in SpawnTarget(). |
| 161 return new PolicyBase; | 170 return new PolicyBase; |
| 162 } | 171 } |
| 163 | 172 |
| 164 void BrokerServicesBase::FreeResources(JobTracker* tracker) { | 173 void BrokerServicesBase::FreeResources(JobTracker* tracker) { |
| 165 if (NULL != tracker->policy) { | 174 if (NULL != tracker->policy) { |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 292 | 301 |
| 293 AutoLock lock(&lock_); | 302 AutoLock lock(&lock_); |
| 294 | 303 |
| 295 // This downcast is safe as long as we control CreatePolicy() | 304 // This downcast is safe as long as we control CreatePolicy() |
| 296 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); | 305 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); |
| 297 | 306 |
| 298 // Construct the tokens and the job object that we are going to associate | 307 // Construct the tokens and the job object that we are going to associate |
| 299 // with the soon to be created target process. | 308 // with the soon to be created target process. |
| 300 HANDLE initial_token_temp; | 309 HANDLE initial_token_temp; |
| 301 HANDLE lockdown_token_temp; | 310 HANDLE lockdown_token_temp; |
| 302 ResultCode result = policy_base->MakeTokens(&initial_token_temp, | 311 ResultCode result = SBOX_ALL_OK; |
| 303 &lockdown_token_temp); | 312 |
| 304 if (SBOX_ALL_OK != result) | 313 // Make sure our token values aren't too large to pack into token_key. |
| 305 return result; | 314 static_assert(USER_LAST < 8, "TokenLevel too large"); |
| 315 static_assert(INTEGRITY_LEVEL_LAST < 8, "IntegrityLevel too large"); | |
| 316 | |
| 317 // Pack the various token values into a key we can use foir indexing. | |
| 318 uint32_t token_key = (policy_base->GetInitialTokenLevel() * 8) + | |
| 319 (policy_base->GetLockdownTokenLevel() * 8 * 8) + | |
| 320 (policy_base->GetIntegrityLevel() * 8 * 8 * 8); | |
|
cpu_(ooo_6.6-7.5)
2014/06/04 00:29:27
hmmm .. this looks ugly. lets talk about this craz
jschuh
2014/06/04 04:00:58
Done.
| |
| 321 | |
| 322 TokenCacheMap::iterator it = token_cache_.find(token_key); | |
| 323 if (it != token_cache_.end()) { | |
| 324 initial_token_temp = it->second.first; | |
| 325 lockdown_token_temp = it->second.second; | |
| 326 } else { | |
| 327 result = policy_base->MakeTokens(&initial_token_temp, | |
| 328 &lockdown_token_temp); | |
| 329 if (SBOX_ALL_OK != result) | |
| 330 return result; | |
| 331 token_cache_[token_key] = | |
| 332 std::pair<HANDLE, HANDLE>(initial_token_temp, lockdown_token_temp); | |
| 333 } | |
| 334 | |
| 335 if (!::DuplicateToken(initial_token_temp, SecurityImpersonation, | |
| 336 &initial_token_temp)) { | |
| 337 return SBOX_ERROR_GENERIC; | |
| 338 } | |
| 339 | |
| 340 if (!::DuplicateTokenEx(lockdown_token_temp, TOKEN_ALL_ACCESS, 0, | |
| 341 SecurityIdentification, TokenPrimary, | |
| 342 &lockdown_token_temp)) { | |
| 343 return SBOX_ERROR_GENERIC; | |
| 344 } | |
| 306 | 345 |
| 307 base::win::ScopedHandle initial_token(initial_token_temp); | 346 base::win::ScopedHandle initial_token(initial_token_temp); |
| 308 base::win::ScopedHandle lockdown_token(lockdown_token_temp); | 347 base::win::ScopedHandle lockdown_token(lockdown_token_temp); |
| 309 | 348 |
| 310 HANDLE job_temp; | 349 HANDLE job_temp; |
| 311 result = policy_base->MakeJobObject(&job_temp); | 350 result = policy_base->MakeJobObject(&job_temp); |
| 312 if (SBOX_ALL_OK != result) | 351 if (SBOX_ALL_OK != result) |
| 313 return result; | 352 return result; |
| 314 | 353 |
| 315 base::win::ScopedHandle job(job_temp); | 354 base::win::ScopedHandle job(job_temp); |
| (...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 501 return SBOX_ERROR_UNSUPPORTED; | 540 return SBOX_ERROR_UNSUPPORTED; |
| 502 | 541 |
| 503 base::string16 name = LookupAppContainer(sid); | 542 base::string16 name = LookupAppContainer(sid); |
| 504 if (name.empty()) | 543 if (name.empty()) |
| 505 return SBOX_ERROR_INVALID_APP_CONTAINER; | 544 return SBOX_ERROR_INVALID_APP_CONTAINER; |
| 506 | 545 |
| 507 return DeleteAppContainer(sid); | 546 return DeleteAppContainer(sid); |
| 508 } | 547 } |
| 509 | 548 |
| 510 } // namespace sandbox | 549 } // namespace sandbox |
| OLD | NEW |
