Sandbox policy and intercepts for the MITIGATION_WIN32K_DISABLE policy for renderer processes.

sandbox/win/src/sandbox_policy_base.cc

Index: sandbox/win/src/sandbox_policy_base.cc
diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc
index 758a8bea58c59a226a0463f724bcc32e770422fb..1eb1ce87a09536459069cb20cdd75a0ef3ca6a0c 100644
--- a/sandbox/win/src/sandbox_policy_base.cc
+++ b/sandbox/win/src/sandbox_policy_base.cc
@@ -21,6 +21,8 @@
 #include "sandbox/win/src/policy_broker.h"
 #include "sandbox/win/src/policy_engine_processor.h"
 #include "sandbox/win/src/policy_low_level.h"
+#include "sandbox/win/src/process_mitigations_win32k_dispatcher.h"
+#include "sandbox/win/src/process_mitigations_win32k_policy.h"

[jschuh, 2014/06/06 03:23:37]

Remove this include because you're removing the file.

[ananta, 2014/06/06 23:57:35]

Ditto

 #include "sandbox/win/src/process_thread_dispatcher.h"
 #include "sandbox/win/src/process_thread_policy.h"
 #include "sandbox/win/src/registry_dispatcher.h"
@@ -124,6 +126,11 @@ PolicyBase::PolicyBase()
 
   dispatcher = new HandleDispatcher(this);
   ipc_targets_[IPC_DUPLICATEHANDLEPROXY_TAG] = dispatcher;
+
+  dispatcher = new ProcessMitigationsWin32KDispatcher(this);

[rvargas (doing something else), 2014/06/06 21:22:24]

I guess this is the core of the matter.

I'd like to keep the consistency... so I want to have a formal dispatcher, even
if it doesn't do anything on the broker side.

One way or another, this is a policy driven interception (even if there is no
IPC), so we may do without a low level policy, but all the current
infrastructure assumes a dispatcher means low level policy, so the option would
be change that.

On the other hand, we could do policy look up on the target, say to decide if we
should fake success or failure, but that is most likely overkill for what we
need at this point (assuming we don't find out very soon that we need more
interceptions).

[ananta, 2014/06/06 23:57:35]

Leaving this as is. Sort of agree that maintaining existing structure is better.

+  ipc_targets_[IPC_GDI_GDIDLLINITIALIZE_TAG] = dispatcher;
+  ipc_targets_[IPC_GDI_GETSTOCKOBJECT_TAG] = dispatcher;
+  ipc_targets_[IPC_USER_REGISTERCLASSW_TAG] = dispatcher;
 }
 
 PolicyBase::~PolicyBase() {
@@ -401,6 +408,16 @@ ResultCode PolicyBase::AddRule(SubSystem subsystem, Semantics semantics,
       }
       break;
     }
+
+    case SUBSYS_WIN32K_LOCKDOWN: {
+      if (!ProcessMitigationsWin32KLockdownPolicy::GenerateRules(
+              pattern, semantics,policy_maker_)) {
+        NOTREACHED();
+        return SBOX_ERROR_BAD_PARAMS;
+      }
+      break;
+    }

[jschuh, 2014/06/06 03:23:37]

Remove this whole case.

[ananta, 2014/06/06 23:57:35]

Leaving this as is.

+
     default: {
       return SBOX_ERROR_UNSUPPORTED;
     }