• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
7 
8 #include <windows.h>
9 
10 #include <list>
11 #include <vector>
12 
13 #include "base/basictypes.h"
14 #include "base/compiler_specific.h"
15 #include "base/strings/string16.h"
16 #include "sandbox/win/src/crosscall_server.h"
17 #include "sandbox/win/src/handle_closer.h"
18 #include "sandbox/win/src/ipc_tags.h"
19 #include "sandbox/win/src/policy_engine_opcodes.h"
20 #include "sandbox/win/src/policy_engine_params.h"
21 #include "sandbox/win/src/sandbox_policy.h"
22 #include "sandbox/win/src/win_utils.h"
23 
24 namespace sandbox {
25 
26 class AppContainerAttributes;
27 class LowLevelPolicy;
28 class TargetProcess;
29 struct PolicyGlobal;
30 
31 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,
32 // so we have to provide the appropriate handler on the OnMessageReady method.
33 // There is a static_cast for the handler, and the compiler only performs the
34 // cast if the first base class is Dispatcher.
35 class PolicyBase : public Dispatcher, public TargetPolicy {
36  public:
37   PolicyBase();
38 
39   // TargetPolicy:
40   virtual void AddRef() OVERRIDE;
41   virtual void Release() OVERRIDE;
42   virtual ResultCode SetTokenLevel(TokenLevel initial,
43                                    TokenLevel lockdown) OVERRIDE;
44   virtual TokenLevel GetInitialTokenLevel() const OVERRIDE;
45   virtual TokenLevel GetLockdownTokenLevel() const OVERRIDE;
46   virtual ResultCode SetJobLevel(JobLevel job_level,
47                                  uint32 ui_exceptions) OVERRIDE;
48   virtual ResultCode SetJobMemoryLimit(size_t memory_limit) OVERRIDE;
49   virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE;
50   virtual base::string16 GetAlternateDesktop() const OVERRIDE;
51   virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE;
52   virtual void DestroyAlternateDesktop() OVERRIDE;
53   virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE;
54   virtual IntegrityLevel GetIntegrityLevel() const OVERRIDE;
55   virtual ResultCode SetDelayedIntegrityLevel(
56       IntegrityLevel integrity_level) OVERRIDE;
57   virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE;
58   virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE;
59   virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE;
60   virtual MitigationFlags GetProcessMitigations() OVERRIDE;
61   virtual ResultCode SetDelayedProcessMitigations(
62       MitigationFlags flags) OVERRIDE;
63   virtual MitigationFlags GetDelayedProcessMitigations() const OVERRIDE;
64   virtual void SetStrictInterceptions() OVERRIDE;
65   virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE;
66   virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE;
67   virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
68                              const wchar_t* pattern) OVERRIDE;
69   virtual ResultCode AddDllToUnload(const wchar_t* dll_name);
70   virtual ResultCode AddKernelObjectToClose(
71       const base::char16* handle_type,
72       const base::char16* handle_name) OVERRIDE;
73 
74   // Dispatcher:
75   virtual Dispatcher* OnMessageReady(IPCParams* ipc,
76                                      CallbackGeneric* callback) OVERRIDE;
77   virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE;
78 
79   // Creates a Job object with the level specified in a previous call to
80   // SetJobLevel().
81   ResultCode MakeJobObject(HANDLE* job);
82 
83   // Creates the two tokens with the levels specified in a previous call to
84   // SetTokenLevel().
85   ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown);
86 
87   const AppContainerAttributes* GetAppContainer();
88 
89   // Adds a target process to the internal list of targets. Internally a
90   // call to TargetProcess::Init() is issued.
91   bool AddTarget(TargetProcess* target);
92 
93   // Called when there are no more active processes in a Job.
94   // Removes a Job object associated with this policy and the target associated
95   // with the job.
96   bool OnJobEmpty(HANDLE job);
97 
98   EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
99 
100   HANDLE GetStdoutHandle();
101   HANDLE GetStderrHandle();
102 
103  private:
104   ~PolicyBase();
105 
106   // Test IPC providers.
107   bool Ping(IPCInfo* ipc, void* cookie);
108 
109   // Returns a dispatcher from ipc_targets_.
110   Dispatcher* GetDispatcher(int ipc_tag);
111 
112   // Sets up interceptions for a new target.
113   bool SetupAllInterceptions(TargetProcess* target);
114 
115   // Sets up the handle closer for a new target.
116   bool SetupHandleCloser(TargetProcess* target);
117 
118   ResultCode AddRuleInternal(SubSystem subsystem,
119                              Semantics semantics,
120                              const wchar_t* pattern);
121 
122   // This lock synchronizes operations on the targets_ collection.
123   CRITICAL_SECTION lock_;
124   // Maintains the list of target process associated with this policy.
125   // The policy takes ownership of them.
126   typedef std::list<TargetProcess*> TargetSet;
127   TargetSet targets_;
128   // Standard object-lifetime reference counter.
129   volatile LONG ref_count;
130   // The user-defined global policy settings.
131   TokenLevel lockdown_level_;
132   TokenLevel initial_level_;
133   JobLevel job_level_;
134   uint32 ui_exceptions_;
135   size_t memory_limit_;
136   bool use_alternate_desktop_;
137   bool use_alternate_winstation_;
138   // Helps the file system policy initialization.
139   bool file_system_init_;
140   bool relaxed_interceptions_;
141   HANDLE stdout_handle_;
142   HANDLE stderr_handle_;
143   IntegrityLevel integrity_level_;
144   IntegrityLevel delayed_integrity_level_;
145   MitigationFlags mitigations_;
146   MitigationFlags delayed_mitigations_;
147   // The array of objects that will answer IPC calls.
148   Dispatcher* ipc_targets_[IPC_LAST_TAG];
149   // Object in charge of generating the low level policy.
150   LowLevelPolicy* policy_maker_;
151   // Memory structure that stores the low level policy.
152   PolicyGlobal* policy_;
153   // The list of dlls to unload in the target process.
154   std::vector<base::string16> blacklisted_dlls_;
155   // This is a map of handle-types to names that we need to close in the
156   // target process. A null set means we need to close all handles of the
157   // given type.
158   HandleCloser handle_closer_;
159   std::vector<base::string16> capabilities_;
160   scoped_ptr<AppContainerAttributes> appcontainer_list_;
161 
162   static HDESK alternate_desktop_handle_;
163   static HWINSTA alternate_winstation_handle_;
164   static IntegrityLevel alternate_desktop_integrity_level_label_;
165 
166   DISALLOW_COPY_AND_ASSIGN(PolicyBase);
167 };
168 
169 }  // namespace sandbox
170 
171 #endif  // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
172