| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/src/sandbox_policy_base.h" | 5 #include "sandbox/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "sandbox/src/filesystem_dispatcher.h" | 10 #include "sandbox/src/filesystem_dispatcher.h" |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 policy_(NULL), | 64 policy_(NULL), |
| 65 policy_maker_(NULL), | 65 policy_maker_(NULL), |
| 66 file_system_init_(false), | 66 file_system_init_(false), |
| 67 relaxed_interceptions_(true), | 67 relaxed_interceptions_(true), |
| 68 use_alternate_desktop_(false), | 68 use_alternate_desktop_(false), |
| 69 use_alternate_winstation_(false) { | 69 use_alternate_winstation_(false) { |
| 70 ::InitializeCriticalSection(&lock_); | 70 ::InitializeCriticalSection(&lock_); |
| 71 // Initialize the IPC dispatcher array. | 71 // Initialize the IPC dispatcher array. |
| 72 memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); | 72 memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); |
| 73 Dispatcher* dispatcher = NULL; | 73 Dispatcher* dispatcher = NULL; |
| 74 dispatcher = new ThreadProcessDispatcher(this); |
| 75 ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher; |
| 76 ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher; |
| 77 ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher; |
| 78 ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; |
| 79 ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; |
| 74 #if !defined(_WIN64) | 80 #if !defined(_WIN64) |
| 75 // Bug 27218: We don't have dispatch for some x64 syscalls. | 81 // Bug 27218: We don't have dispatch for some x64 syscalls. |
| 76 dispatcher = new FilesystemDispatcher(this); | 82 dispatcher = new FilesystemDispatcher(this); |
| 77 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; | 83 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; |
| 78 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; | 84 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; |
| 79 ipc_targets_[IPC_NTSETINFO_RENAME_TAG] = dispatcher; | 85 ipc_targets_[IPC_NTSETINFO_RENAME_TAG] = dispatcher; |
| 80 ipc_targets_[IPC_NTQUERYATTRIBUTESFILE_TAG] = dispatcher; | 86 ipc_targets_[IPC_NTQUERYATTRIBUTESFILE_TAG] = dispatcher; |
| 81 ipc_targets_[IPC_NTQUERYFULLATTRIBUTESFILE_TAG] = dispatcher; | 87 ipc_targets_[IPC_NTQUERYFULLATTRIBUTESFILE_TAG] = dispatcher; |
| 82 dispatcher = new ThreadProcessDispatcher(this); | 88 |
| 83 ipc_targets_[IPC_NTOPENTHREAD_TAG] = dispatcher; | |
| 84 ipc_targets_[IPC_NTOPENPROCESS_TAG] = dispatcher; | |
| 85 ipc_targets_[IPC_CREATEPROCESSW_TAG] = dispatcher; | |
| 86 ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; | |
| 87 ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; | |
| 88 dispatcher = new NamedPipeDispatcher(this); | 89 dispatcher = new NamedPipeDispatcher(this); |
| 89 ipc_targets_[IPC_CREATENAMEDPIPEW_TAG] = dispatcher; | 90 ipc_targets_[IPC_CREATENAMEDPIPEW_TAG] = dispatcher; |
| 91 |
| 90 dispatcher = new SyncDispatcher(this); | 92 dispatcher = new SyncDispatcher(this); |
| 91 ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; | 93 ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; |
| 92 ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; | 94 ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; |
| 95 |
| 93 dispatcher = new RegistryDispatcher(this); | 96 dispatcher = new RegistryDispatcher(this); |
| 94 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; | 97 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; |
| 95 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; | 98 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; |
| 96 #endif | 99 #endif |
| 97 } | 100 } |
| 98 | 101 |
| 99 PolicyBase::~PolicyBase() { | 102 PolicyBase::~PolicyBase() { |
| 100 TargetSet::iterator it; | 103 TargetSet::iterator it; |
| 101 for (it = targets_.begin(); it != targets_.end(); ++it) { | 104 for (it = targets_.begin(); it != targets_.end(); ++it) { |
| 102 TargetProcess* target = (*it); | 105 TargetProcess* target = (*it); |
| 103 delete target; | 106 delete target; |
| 104 } | 107 } |
| 108 delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; |
| 105 #if !defined(_WIN64) | 109 #if !defined(_WIN64) |
| 106 // Bug 27218: We don't have dispatch for some x64 syscalls. | 110 // Bug 27218: We don't have dispatch for some x64 syscalls. |
| 107 delete ipc_targets_[IPC_NTCREATEFILE_TAG]; | 111 delete ipc_targets_[IPC_NTCREATEFILE_TAG]; |
| 108 delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; | |
| 109 delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG]; | 112 delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG]; |
| 110 delete ipc_targets_[IPC_CREATEEVENT_TAG]; | 113 delete ipc_targets_[IPC_CREATEEVENT_TAG]; |
| 111 delete ipc_targets_[IPC_NTCREATEKEY_TAG]; | 114 delete ipc_targets_[IPC_NTCREATEKEY_TAG]; |
| 112 delete policy_maker_; | 115 delete policy_maker_; |
| 113 delete policy_; | 116 delete policy_; |
| 114 #endif | 117 #endif |
| 115 ::DeleteCriticalSection(&lock_); | 118 ::DeleteCriticalSection(&lock_); |
| 116 } | 119 } |
| 117 | 120 |
| 118 DWORD PolicyBase::MakeJobObject(HANDLE* job) { | 121 DWORD PolicyBase::MakeJobObject(HANDLE* job) { |
| (...skipping 324 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 443 return false; | 446 return false; |
| 444 | 447 |
| 445 if (!manager.InitializeInterceptions()) | 448 if (!manager.InitializeInterceptions()) |
| 446 return false; | 449 return false; |
| 447 | 450 |
| 448 // Finally, setup imports on the target so the interceptions can work. | 451 // Finally, setup imports on the target so the interceptions can work. |
| 449 return SetupNtdllImports(target); | 452 return SetupNtdllImports(target); |
| 450 } | 453 } |
| 451 | 454 |
| 452 } // namespace sandbox | 455 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 873006:
Re-land second sandbox round of changes... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/