Home | History | Annotate | Download | only in src 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
      6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
      7 
      8 #include <windows.h>
      9 
     10 #include <list>
     11 #include <vector>
     12 
     13 #include "base/basictypes.h"
     14 #include "base/compiler_specific.h"
     15 #include "base/strings/string16.h"
     16 #include "sandbox/win/src/crosscall_server.h"
     17 #include "sandbox/win/src/handle_closer.h"
     18 #include "sandbox/win/src/ipc_tags.h"
     19 #include "sandbox/win/src/policy_engine_opcodes.h"
     20 #include "sandbox/win/src/policy_engine_params.h"
     21 #include "sandbox/win/src/sandbox_policy.h"
     22 #include "sandbox/win/src/win_utils.h"
     23 
     24 namespace sandbox {
     25 
     26 class AppContainerAttributes;
     27 class LowLevelPolicy;
     28 class TargetProcess;
     29 struct PolicyGlobal;
     30 
     31 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,
     32 // so we have to provide the appropriate handler on the OnMessageReady method.
     33 // There is a static_cast for the handler, and the compiler only performs the
     34 // cast if the first base class is Dispatcher.
     35 class PolicyBase : public Dispatcher, public TargetPolicy {
     36  public:
     37   PolicyBase();
     38 
     39   // TargetPolicy:
     40   virtual void AddRef() OVERRIDE;
     41   virtual void Release() OVERRIDE;
     42   virtual ResultCode SetTokenLevel(TokenLevel initial,
     43                                    TokenLevel lockdown) OVERRIDE;
     44   virtual TokenLevel GetInitialTokenLevel() const OVERRIDE;
     45   virtual TokenLevel GetLockdownTokenLevel() const OVERRIDE;
     46   virtual ResultCode SetJobLevel(JobLevel job_level,
     47                                  uint32 ui_exceptions) OVERRIDE;
     48   virtual ResultCode SetJobMemoryLimit(size_t memory_limit) OVERRIDE;
     49   virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE;
     50   virtual base::string16 GetAlternateDesktop() const OVERRIDE;
     51   virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE;
     52   virtual void DestroyAlternateDesktop() OVERRIDE;
     53   virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE;
     54   virtual IntegrityLevel GetIntegrityLevel() const OVERRIDE;
     55   virtual ResultCode SetDelayedIntegrityLevel(
     56       IntegrityLevel integrity_level) OVERRIDE;
     57   virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE;
     58   virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE;
     59   virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE;
     60   virtual MitigationFlags GetProcessMitigations() OVERRIDE;
     61   virtual ResultCode SetDelayedProcessMitigations(
     62       MitigationFlags flags) OVERRIDE;
     63   virtual MitigationFlags GetDelayedProcessMitigations() const OVERRIDE;
     64   virtual void SetStrictInterceptions() OVERRIDE;
     65   virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE;
     66   virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE;
     67   virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
     68                              const wchar_t* pattern) OVERRIDE;
     69   virtual ResultCode AddDllToUnload(const wchar_t* dll_name);
     70   virtual ResultCode AddKernelObjectToClose(
     71       const base::char16* handle_type,
     72       const base::char16* handle_name) OVERRIDE;
     73 
     74   // Dispatcher:
     75   virtual Dispatcher* OnMessageReady(IPCParams* ipc,
     76                                      CallbackGeneric* callback) OVERRIDE;
     77   virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE;
     78 
     79   // Creates a Job object with the level specified in a previous call to
     80   // SetJobLevel().
     81   ResultCode MakeJobObject(HANDLE* job);
     82 
     83   // Creates the two tokens with the levels specified in a previous call to
     84   // SetTokenLevel().
     85   ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown);
     86 
     87   const AppContainerAttributes* GetAppContainer();
     88 
     89   // Adds a target process to the internal list of targets. Internally a
     90   // call to TargetProcess::Init() is issued.
     91   bool AddTarget(TargetProcess* target);
     92 
     93   // Called when there are no more active processes in a Job.
     94   // Removes a Job object associated with this policy and the target associated
     95   // with the job.
     96   bool OnJobEmpty(HANDLE job);
     97 
     98   EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
     99 
    100   HANDLE GetStdoutHandle();
    101   HANDLE GetStderrHandle();
    102 
    103  private:
    104   ~PolicyBase();
    105 
    106   // Test IPC providers.
    107   bool Ping(IPCInfo* ipc, void* cookie);
    108 
    109   // Returns a dispatcher from ipc_targets_.
    110   Dispatcher* GetDispatcher(int ipc_tag);
    111 
    112   // Sets up interceptions for a new target.
    113   bool SetupAllInterceptions(TargetProcess* target);
    114 
    115   // Sets up the handle closer for a new target.
    116   bool SetupHandleCloser(TargetProcess* target);
    117 
    118   // This lock synchronizes operations on the targets_ collection.
    119   CRITICAL_SECTION lock_;
    120   // Maintains the list of target process associated with this policy.
    121   // The policy takes ownership of them.
    122   typedef std::list<TargetProcess*> TargetSet;
    123   TargetSet targets_;
    124   // Standard object-lifetime reference counter.
    125   volatile LONG ref_count;
    126   // The user-defined global policy settings.
    127   TokenLevel lockdown_level_;
    128   TokenLevel initial_level_;
    129   JobLevel job_level_;
    130   uint32 ui_exceptions_;
    131   size_t memory_limit_;
    132   bool use_alternate_desktop_;
    133   bool use_alternate_winstation_;
    134   // Helps the file system policy initialization.
    135   bool file_system_init_;
    136   bool relaxed_interceptions_;
    137   HANDLE stdout_handle_;
    138   HANDLE stderr_handle_;
    139   IntegrityLevel integrity_level_;
    140   IntegrityLevel delayed_integrity_level_;
    141   MitigationFlags mitigations_;
    142   MitigationFlags delayed_mitigations_;
    143   // The array of objects that will answer IPC calls.
    144   Dispatcher* ipc_targets_[IPC_LAST_TAG];
    145   // Object in charge of generating the low level policy.
    146   LowLevelPolicy* policy_maker_;
    147   // Memory structure that stores the low level policy.
    148   PolicyGlobal* policy_;
    149   // The list of dlls to unload in the target process.
    150   std::vector<base::string16> blacklisted_dlls_;
    151   // This is a map of handle-types to names that we need to close in the
    152   // target process. A null set means we need to close all handles of the
    153   // given type.
    154   HandleCloser handle_closer_;
    155   std::vector<base::string16> capabilities_;
    156   scoped_ptr<AppContainerAttributes> appcontainer_list_;
    157 
    158   static HDESK alternate_desktop_handle_;
    159   static HWINSTA alternate_winstation_handle_;
    160 
    161   DISALLOW_COPY_AND_ASSIGN(PolicyBase);
    162 };
    163 
    164 }  // namespace sandbox
    165 
    166 #endif  // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
    167