Home | History | Annotate | Download | only in src 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
      6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
      7 
      8 #include <windows.h>
      9 
     10 #include <list>
     11 #include <vector>
     12 
     13 #include "base/basictypes.h"
     14 #include "base/compiler_specific.h"
     15 #include "base/strings/string16.h"
     16 #include "sandbox/win/src/crosscall_server.h"
     17 #include "sandbox/win/src/handle_closer.h"
     18 #include "sandbox/win/src/ipc_tags.h"
     19 #include "sandbox/win/src/policy_engine_opcodes.h"
     20 #include "sandbox/win/src/policy_engine_params.h"
     21 #include "sandbox/win/src/sandbox_policy.h"
     22 #include "sandbox/win/src/win_utils.h"
     23 
     24 namespace sandbox {
     25 
     26 class AppContainerAttributes;
     27 class LowLevelPolicy;
     28 class TargetProcess;
     29 struct PolicyGlobal;
     30 
     31 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,
     32 // so we have to provide the appropriate handler on the OnMessageReady method.
     33 // There is a static_cast for the handler, and the compiler only performs the
     34 // cast if the first base class is Dispatcher.
     35 class PolicyBase : public Dispatcher, public TargetPolicy {
     36  public:
     37   PolicyBase();
     38 
     39   // TargetPolicy:
     40   virtual void AddRef() OVERRIDE;
     41   virtual void Release() OVERRIDE;
     42   virtual ResultCode SetTokenLevel(TokenLevel initial,
     43                                    TokenLevel lockdown) OVERRIDE;
     44   virtual ResultCode SetJobLevel(JobLevel job_level,
     45                                  uint32 ui_exceptions) OVERRIDE;
     46   virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE;
     47   virtual string16 GetAlternateDesktop() const OVERRIDE;
     48   virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE;
     49   virtual void DestroyAlternateDesktop() OVERRIDE;
     50   virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE;
     51   virtual ResultCode SetDelayedIntegrityLevel(
     52       IntegrityLevel integrity_level) OVERRIDE;
     53   virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE;
     54   virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE;
     55   virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE;
     56   virtual MitigationFlags GetProcessMitigations() OVERRIDE;
     57   virtual ResultCode SetDelayedProcessMitigations(
     58       MitigationFlags flags) OVERRIDE;
     59   virtual MitigationFlags GetDelayedProcessMitigations() OVERRIDE;
     60   virtual void SetStrictInterceptions() OVERRIDE;
     61   virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE;
     62   virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE;
     63   virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
     64                              const wchar_t* pattern) OVERRIDE;
     65   virtual ResultCode AddDllToUnload(const wchar_t* dll_name);
     66   virtual ResultCode AddKernelObjectToClose(const char16* handle_type,
     67                                             const char16* handle_name) OVERRIDE;
     68 
     69   // Dispatcher:
     70   virtual Dispatcher* OnMessageReady(IPCParams* ipc,
     71                                      CallbackGeneric* callback) OVERRIDE;
     72   virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE;
     73 
     74   // Creates a Job object with the level specified in a previous call to
     75   // SetJobLevel().
     76   ResultCode MakeJobObject(HANDLE* job);
     77 
     78   // Creates the two tokens with the levels specified in a previous call to
     79   // SetTokenLevel().
     80   ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown);
     81 
     82   const AppContainerAttributes* GetAppContainer();
     83 
     84   // Adds a target process to the internal list of targets. Internally a
     85   // call to TargetProcess::Init() is issued.
     86   bool AddTarget(TargetProcess* target);
     87 
     88   // Called when there are no more active processes in a Job.
     89   // Removes a Job object associated with this policy and the target associated
     90   // with the job.
     91   bool OnJobEmpty(HANDLE job);
     92 
     93   EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
     94 
     95   HANDLE GetStdoutHandle();
     96   HANDLE GetStderrHandle();
     97 
     98  private:
     99   ~PolicyBase();
    100 
    101   // Test IPC providers.
    102   bool Ping(IPCInfo* ipc, void* cookie);
    103 
    104   // Returns a dispatcher from ipc_targets_.
    105   Dispatcher* GetDispatcher(int ipc_tag);
    106 
    107   // Sets up interceptions for a new target.
    108   bool SetupAllInterceptions(TargetProcess* target);
    109 
    110   // Sets up the handle closer for a new target.
    111   bool SetupHandleCloser(TargetProcess* target);
    112 
    113   // This lock synchronizes operations on the targets_ collection.
    114   CRITICAL_SECTION lock_;
    115   // Maintains the list of target process associated with this policy.
    116   // The policy takes ownership of them.
    117   typedef std::list<TargetProcess*> TargetSet;
    118   TargetSet targets_;
    119   // Standard object-lifetime reference counter.
    120   volatile LONG ref_count;
    121   // The user-defined global policy settings.
    122   TokenLevel lockdown_level_;
    123   TokenLevel initial_level_;
    124   JobLevel job_level_;
    125   uint32 ui_exceptions_;
    126   bool use_alternate_desktop_;
    127   bool use_alternate_winstation_;
    128   // Helps the file system policy initialization.
    129   bool file_system_init_;
    130   bool relaxed_interceptions_;
    131   HANDLE stdout_handle_;
    132   HANDLE stderr_handle_;
    133   IntegrityLevel integrity_level_;
    134   IntegrityLevel delayed_integrity_level_;
    135   MitigationFlags mitigations_;
    136   MitigationFlags delayed_mitigations_;
    137   // The array of objects that will answer IPC calls.
    138   Dispatcher* ipc_targets_[IPC_LAST_TAG];
    139   // Object in charge of generating the low level policy.
    140   LowLevelPolicy* policy_maker_;
    141   // Memory structure that stores the low level policy.
    142   PolicyGlobal* policy_;
    143   // The list of dlls to unload in the target process.
    144   std::vector<string16> blacklisted_dlls_;
    145   // This is a map of handle-types to names that we need to close in the
    146   // target process. A null set means we need to close all handles of the
    147   // given type.
    148   HandleCloser handle_closer_;
    149   std::vector<string16> capabilities_;
    150   scoped_ptr<AppContainerAttributes> appcontainer_list_;
    151 
    152   static HDESK alternate_desktop_handle_;
    153   static HWINSTA alternate_winstation_handle_;
    154 
    155   DISALLOW_COPY_AND_ASSIGN(PolicyBase);
    156 };
    157 
    158 }  // namespace sandbox
    159 
    160 #endif  // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
    161