1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_SRC_CROSSCALL_CLIENT_H_ 6 #define SANDBOX_SRC_CROSSCALL_CLIENT_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include "sandbox/win/src/crosscall_params.h" 12 #include "sandbox/win/src/sandbox.h" 13 14 // This header defines the CrossCall(..) family of templated functions 15 // Their purpose is to simulate the syntax of regular call but to generate 16 // and IPC from the client-side. 17 // 18 // The basic pattern is to 19 // 1) use template argument deduction to compute the size of each 20 // parameter and the appropriate copy method 21 // 2) pack the parameters in the appropriate ActualCallParams< > object 22 // 3) call the IPC interface IPCProvider::DoCall( ) 23 // 24 // The general interface of CrossCall is: 25 // ResultCode CrossCall(IPCProvider& ipc_provider, 26 // uint32_t tag, 27 // const Par1& p1, const Par2& p2,...pn 28 // CrossCallReturn* answer) 29 // 30 // where: 31 // ipc_provider: is a specific implementation of the ipc transport see 32 // sharedmem_ipc_server.h for an example. 33 // tag : is the unique id for this IPC call. Is used to route the call to 34 // the appropriate service. 35 // p1, p2,.. pn : The input parameters of the IPC. Use only simple types 36 // and wide strings (can add support for others). 37 // answer : If the IPC was successful. The server-side answer is here. The 38 // interpretation of the answer is private to client and server. 39 // 40 // The return value is ALL_OK if the IPC was delivered to the server, other 41 // return codes indicate that the IPC transport failed to deliver it. 42 namespace sandbox { 43 44 // this is the assumed channel size. This can be overridden in a given 45 // IPC implementation. 46 const uint32_t kIPCChannelSize = 1024; 47 48 // The copy helper uses templates to deduce the appropriate copy function to 49 // copy the input parameters in the buffer that is going to be send across the 50 // IPC. These template facility can be made more sophisticated as need arises. 51 52 // The default copy helper. It catches the general case where no other 53 // specialized template matches better. We set the type to UINT32_TYPE, so this 54 // only works with objects whose size is 32 bits. 55 template<typename T> 56 class CopyHelper { 57 public: 58 CopyHelper(const T& t) : t_(t) {} 59 60 // Returns the pointer to the start of the input. 61 const void* GetStart() const { 62 return &t_; 63 } 64 65 // Update the stored value with the value in the buffer. This is not 66 // supported for this type. 67 bool Update(void* buffer) { 68 // Not supported; 69 return true; 70 } 71 72 // Returns the size of the input in bytes. 73 uint32_t GetSize() const { return sizeof(T); } 74 75 // Returns true if the current type is used as an In or InOut parameter. 76 bool IsInOut() { 77 return false; 78 } 79 80 // Returns this object's type. 81 ArgType GetType() { 82 static_assert(sizeof(T) == sizeof(uint32_t), "specialization needed"); 83 return UINT32_TYPE; 84 } 85 86 private: 87 const T& t_; 88 }; 89 90 // This copy helper template specialization if for the void pointer 91 // case both 32 and 64 bit. 92 template<> 93 class CopyHelper<void*> { 94 public: 95 CopyHelper(void* t) : t_(t) {} 96 97 // Returns the pointer to the start of the input. 98 const void* GetStart() const { 99 return &t_; 100 } 101 102 // Update the stored value with the value in the buffer. This is not 103 // supported for this type. 104 bool Update(void* buffer) { 105 // Not supported; 106 return true; 107 } 108 109 // Returns the size of the input in bytes. 110 uint32_t GetSize() const { return sizeof(t_); } 111 112 // Returns true if the current type is used as an In or InOut parameter. 113 bool IsInOut() { 114 return false; 115 } 116 117 // Returns this object's type. 118 ArgType GetType() { 119 return VOIDPTR_TYPE; 120 } 121 122 private: 123 const void* t_; 124 }; 125 126 // This copy helper template specialization catches the cases where the 127 // parameter is a pointer to a string. 128 template<> 129 class CopyHelper<const wchar_t*> { 130 public: 131 CopyHelper(const wchar_t* t) 132 : t_(t) { 133 } 134 135 // Returns the pointer to the start of the string. 136 const void* GetStart() const { 137 return t_; 138 } 139 140 // Update the stored value with the value in the buffer. This is not 141 // supported for this type. 142 bool Update(void* buffer) { 143 // Not supported; 144 return true; 145 } 146 147 // Returns the size of the string in bytes. We define a NULL string to 148 // be of zero length. 149 uint32_t GetSize() const { 150 __try { 151 return (!t_) ? 0 152 : static_cast<uint32_t>(StringLength(t_) * sizeof(t_[0])); 153 } 154 __except(EXCEPTION_EXECUTE_HANDLER) { 155 return UINT32_MAX; 156 } 157 } 158 159 // Returns true if the current type is used as an In or InOut parameter. 160 bool IsInOut() { 161 return false; 162 } 163 164 ArgType GetType() { 165 return WCHAR_TYPE; 166 } 167 168 private: 169 // We provide our not very optimized version of wcslen(), since we don't 170 // want to risk having the linker use the version in the CRT since the CRT 171 // might not be present when we do an early IPC call. 172 static size_t __cdecl StringLength(const wchar_t* wcs) { 173 const wchar_t *eos = wcs; 174 while (*eos++); 175 return static_cast<size_t>(eos - wcs - 1); 176 } 177 178 const wchar_t* t_; 179 }; 180 181 // Specialization for non-const strings. We just reuse the implementation of the 182 // const string specialization. 183 template<> 184 class CopyHelper<wchar_t*> : public CopyHelper<const wchar_t*> { 185 public: 186 typedef CopyHelper<const wchar_t*> Base; 187 CopyHelper(wchar_t* t) : Base(t) {} 188 189 const void* GetStart() const { 190 return Base::GetStart(); 191 } 192 193 bool Update(void* buffer) { 194 return Base::Update(buffer); 195 } 196 197 uint32_t GetSize() const { return Base::GetSize(); } 198 199 bool IsInOut() { 200 return Base::IsInOut(); 201 } 202 203 ArgType GetType() { 204 return Base::GetType(); 205 } 206 }; 207 208 // Specialization for wchar_t arrays strings. We just reuse the implementation 209 // of the const string specialization. 210 template<size_t n> 211 class CopyHelper<const wchar_t[n]> : public CopyHelper<const wchar_t*> { 212 public: 213 typedef const wchar_t array[n]; 214 typedef CopyHelper<const wchar_t*> Base; 215 CopyHelper(array t) : Base(t) {} 216 217 const void* GetStart() const { 218 return Base::GetStart(); 219 } 220 221 bool Update(void* buffer) { 222 return Base::Update(buffer); 223 } 224 225 uint32_t GetSize() const { return Base::GetSize(); } 226 227 bool IsInOut() { 228 return Base::IsInOut(); 229 } 230 231 ArgType GetType() { 232 return Base::GetType(); 233 } 234 }; 235 236 // Generic encapsulation class containing a pointer to a buffer and the 237 // size of the buffer. It is used by the IPC to be able to pass in/out 238 // parameters. 239 class InOutCountedBuffer : public CountedBuffer { 240 public: 241 InOutCountedBuffer(void* buffer, uint32_t size) 242 : CountedBuffer(buffer, size) {} 243 }; 244 245 // This copy helper template specialization catches the cases where the 246 // parameter is a an input/output buffer. 247 template<> 248 class CopyHelper<InOutCountedBuffer> { 249 public: 250 CopyHelper(const InOutCountedBuffer t) : t_(t) {} 251 252 // Returns the pointer to the start of the string. 253 const void* GetStart() const { 254 return t_.Buffer(); 255 } 256 257 // Updates the buffer with the value from the new buffer in parameter. 258 bool Update(void* buffer) { 259 // We are touching user memory, this has to be done from inside a try 260 // except. 261 __try { 262 memcpy(t_.Buffer(), buffer, t_.Size()); 263 } 264 __except(EXCEPTION_EXECUTE_HANDLER) { 265 return false; 266 } 267 return true; 268 } 269 270 // Returns the size of the string in bytes. We define a NULL string to 271 // be of zero length. 272 uint32_t GetSize() const { return t_.Size(); } 273 274 // Returns true if the current type is used as an In or InOut parameter. 275 bool IsInOut() { 276 return true; 277 } 278 279 ArgType GetType() { 280 return INOUTPTR_TYPE; 281 } 282 283 private: 284 const InOutCountedBuffer t_; 285 }; 286 287 // The following two macros make it less error prone the generation 288 // of CrossCall functions with ever more input parameters. 289 290 #define XCALL_GEN_PARAMS_OBJ(num, params) \ 291 typedef ActualCallParams<num, kIPCChannelSize> ActualParams; \ 292 void* raw_mem = ipc_provider.GetBuffer(); \ 293 if (NULL == raw_mem) \ 294 return SBOX_ERROR_NO_SPACE; \ 295 ActualParams* params = new(raw_mem) ActualParams(tag); 296 297 #define XCALL_GEN_COPY_PARAM(num, params) \ 298 static_assert(kMaxIpcParams >= num, "too many parameters"); \ 299 CopyHelper<Par##num> ch##num(p##num); \ 300 if (!params->CopyParamIn(num - 1, ch##num.GetStart(), ch##num.GetSize(), \ 301 ch##num.IsInOut(), ch##num.GetType())) \ 302 return SBOX_ERROR_NO_SPACE; 303 304 #define XCALL_GEN_UPDATE_PARAM(num, params) \ 305 if (!ch##num.Update(params->GetParamPtr(num-1))) {\ 306 ipc_provider.FreeBuffer(raw_mem); \ 307 return SBOX_ERROR_BAD_PARAMS; \ 308 } 309 310 #define XCALL_GEN_FREE_CHANNEL() \ 311 ipc_provider.FreeBuffer(raw_mem); 312 313 // CrossCall template with one input parameter 314 template <typename IPCProvider, typename Par1> 315 ResultCode CrossCall(IPCProvider& ipc_provider, 316 uint32_t tag, 317 const Par1& p1, 318 CrossCallReturn* answer) { 319 XCALL_GEN_PARAMS_OBJ(1, call_params); 320 XCALL_GEN_COPY_PARAM(1, call_params); 321 322 ResultCode result = ipc_provider.DoCall(call_params, answer); 323 324 if (SBOX_ERROR_CHANNEL_ERROR != result) { 325 XCALL_GEN_UPDATE_PARAM(1, call_params); 326 XCALL_GEN_FREE_CHANNEL(); 327 } 328 329 return result; 330 } 331 332 // CrossCall template with two input parameters. 333 template <typename IPCProvider, typename Par1, typename Par2> 334 ResultCode CrossCall(IPCProvider& ipc_provider, 335 uint32_t tag, 336 const Par1& p1, 337 const Par2& p2, 338 CrossCallReturn* answer) { 339 XCALL_GEN_PARAMS_OBJ(2, call_params); 340 XCALL_GEN_COPY_PARAM(1, call_params); 341 XCALL_GEN_COPY_PARAM(2, call_params); 342 343 ResultCode result = ipc_provider.DoCall(call_params, answer); 344 345 if (SBOX_ERROR_CHANNEL_ERROR != result) { 346 XCALL_GEN_UPDATE_PARAM(1, call_params); 347 XCALL_GEN_UPDATE_PARAM(2, call_params); 348 XCALL_GEN_FREE_CHANNEL(); 349 } 350 return result; 351 } 352 353 // CrossCall template with three input parameters. 354 template <typename IPCProvider, typename Par1, typename Par2, typename Par3> 355 ResultCode CrossCall(IPCProvider& ipc_provider, 356 uint32_t tag, 357 const Par1& p1, 358 const Par2& p2, 359 const Par3& p3, 360 CrossCallReturn* answer) { 361 XCALL_GEN_PARAMS_OBJ(3, call_params); 362 XCALL_GEN_COPY_PARAM(1, call_params); 363 XCALL_GEN_COPY_PARAM(2, call_params); 364 XCALL_GEN_COPY_PARAM(3, call_params); 365 366 ResultCode result = ipc_provider.DoCall(call_params, answer); 367 368 if (SBOX_ERROR_CHANNEL_ERROR != result) { 369 XCALL_GEN_UPDATE_PARAM(1, call_params); 370 XCALL_GEN_UPDATE_PARAM(2, call_params); 371 XCALL_GEN_UPDATE_PARAM(3, call_params); 372 XCALL_GEN_FREE_CHANNEL(); 373 } 374 return result; 375 } 376 377 // CrossCall template with four input parameters. 378 template <typename IPCProvider, 379 typename Par1, 380 typename Par2, 381 typename Par3, 382 typename Par4> 383 ResultCode CrossCall(IPCProvider& ipc_provider, 384 uint32_t tag, 385 const Par1& p1, 386 const Par2& p2, 387 const Par3& p3, 388 const Par4& p4, 389 CrossCallReturn* answer) { 390 XCALL_GEN_PARAMS_OBJ(4, call_params); 391 XCALL_GEN_COPY_PARAM(1, call_params); 392 XCALL_GEN_COPY_PARAM(2, call_params); 393 XCALL_GEN_COPY_PARAM(3, call_params); 394 XCALL_GEN_COPY_PARAM(4, call_params); 395 396 ResultCode result = ipc_provider.DoCall(call_params, answer); 397 398 if (SBOX_ERROR_CHANNEL_ERROR != result) { 399 XCALL_GEN_UPDATE_PARAM(1, call_params); 400 XCALL_GEN_UPDATE_PARAM(2, call_params); 401 XCALL_GEN_UPDATE_PARAM(3, call_params); 402 XCALL_GEN_UPDATE_PARAM(4, call_params); 403 XCALL_GEN_FREE_CHANNEL(); 404 } 405 return result; 406 } 407 408 // CrossCall template with five input parameters. 409 template <typename IPCProvider, 410 typename Par1, 411 typename Par2, 412 typename Par3, 413 typename Par4, 414 typename Par5> 415 ResultCode CrossCall(IPCProvider& ipc_provider, 416 uint32_t tag, 417 const Par1& p1, 418 const Par2& p2, 419 const Par3& p3, 420 const Par4& p4, 421 const Par5& p5, 422 CrossCallReturn* answer) { 423 XCALL_GEN_PARAMS_OBJ(5, call_params); 424 XCALL_GEN_COPY_PARAM(1, call_params); 425 XCALL_GEN_COPY_PARAM(2, call_params); 426 XCALL_GEN_COPY_PARAM(3, call_params); 427 XCALL_GEN_COPY_PARAM(4, call_params); 428 XCALL_GEN_COPY_PARAM(5, call_params); 429 430 ResultCode result = ipc_provider.DoCall(call_params, answer); 431 432 if (SBOX_ERROR_CHANNEL_ERROR != result) { 433 XCALL_GEN_UPDATE_PARAM(1, call_params); 434 XCALL_GEN_UPDATE_PARAM(2, call_params); 435 XCALL_GEN_UPDATE_PARAM(3, call_params); 436 XCALL_GEN_UPDATE_PARAM(4, call_params); 437 XCALL_GEN_UPDATE_PARAM(5, call_params); 438 XCALL_GEN_FREE_CHANNEL(); 439 } 440 return result; 441 } 442 443 // CrossCall template with six input parameters. 444 template <typename IPCProvider, 445 typename Par1, 446 typename Par2, 447 typename Par3, 448 typename Par4, 449 typename Par5, 450 typename Par6> 451 ResultCode CrossCall(IPCProvider& ipc_provider, 452 uint32_t tag, 453 const Par1& p1, 454 const Par2& p2, 455 const Par3& p3, 456 const Par4& p4, 457 const Par5& p5, 458 const Par6& p6, 459 CrossCallReturn* answer) { 460 XCALL_GEN_PARAMS_OBJ(6, call_params); 461 XCALL_GEN_COPY_PARAM(1, call_params); 462 XCALL_GEN_COPY_PARAM(2, call_params); 463 XCALL_GEN_COPY_PARAM(3, call_params); 464 XCALL_GEN_COPY_PARAM(4, call_params); 465 XCALL_GEN_COPY_PARAM(5, call_params); 466 XCALL_GEN_COPY_PARAM(6, call_params); 467 468 ResultCode result = ipc_provider.DoCall(call_params, answer); 469 470 if (SBOX_ERROR_CHANNEL_ERROR != result) { 471 XCALL_GEN_UPDATE_PARAM(1, call_params); 472 XCALL_GEN_UPDATE_PARAM(2, call_params); 473 XCALL_GEN_UPDATE_PARAM(3, call_params); 474 XCALL_GEN_UPDATE_PARAM(4, call_params); 475 XCALL_GEN_UPDATE_PARAM(5, call_params); 476 XCALL_GEN_UPDATE_PARAM(6, call_params); 477 XCALL_GEN_FREE_CHANNEL(); 478 } 479 return result; 480 } 481 482 // CrossCall template with seven input parameters. 483 template <typename IPCProvider, 484 typename Par1, 485 typename Par2, 486 typename Par3, 487 typename Par4, 488 typename Par5, 489 typename Par6, 490 typename Par7> 491 ResultCode CrossCall(IPCProvider& ipc_provider, 492 uint32_t tag, 493 const Par1& p1, 494 const Par2& p2, 495 const Par3& p3, 496 const Par4& p4, 497 const Par5& p5, 498 const Par6& p6, 499 const Par7& p7, 500 CrossCallReturn* answer) { 501 XCALL_GEN_PARAMS_OBJ(7, call_params); 502 XCALL_GEN_COPY_PARAM(1, call_params); 503 XCALL_GEN_COPY_PARAM(2, call_params); 504 XCALL_GEN_COPY_PARAM(3, call_params); 505 XCALL_GEN_COPY_PARAM(4, call_params); 506 XCALL_GEN_COPY_PARAM(5, call_params); 507 XCALL_GEN_COPY_PARAM(6, call_params); 508 XCALL_GEN_COPY_PARAM(7, call_params); 509 510 ResultCode result = ipc_provider.DoCall(call_params, answer); 511 512 if (SBOX_ERROR_CHANNEL_ERROR != result) { 513 XCALL_GEN_UPDATE_PARAM(1, call_params); 514 XCALL_GEN_UPDATE_PARAM(2, call_params); 515 XCALL_GEN_UPDATE_PARAM(3, call_params); 516 XCALL_GEN_UPDATE_PARAM(4, call_params); 517 XCALL_GEN_UPDATE_PARAM(5, call_params); 518 XCALL_GEN_UPDATE_PARAM(6, call_params); 519 XCALL_GEN_UPDATE_PARAM(7, call_params); 520 XCALL_GEN_FREE_CHANNEL(); 521 } 522 return result; 523 } 524 } // namespace sandbox 525 526 #endif // SANDBOX_SRC_CROSSCALL_CLIENT_H__ 527
