sandbox/src/sandbox_policy_base.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_SRC_SANDBOX_POLICY_BASE_H_
   6 #define SANDBOX_SRC_SANDBOX_POLICY_BASE_H_
   7
   8 #include <windows.h>
   9
  10 #include <list>
  11 #include <vector>
  12
  13 #include "base/basictypes.h"
  14 #include "base/string16.h"
  15 #include "sandbox/src/crosscall_server.h"
  16 #include "sandbox/src/handle_closer.h"
  17 #include "sandbox/src/ipc_tags.h"
  18 #include "sandbox/src/policy_engine_opcodes.h"
  19 #include "sandbox/src/policy_engine_params.h"
  20 #include "sandbox/src/sandbox_policy.h"
  21 #include "sandbox/src/win_utils.h"
  22
  23 namespace sandbox {
  24
  25 class LowLevelPolicy;
  26 class TargetProcess;
  27 struct PolicyGlobal;
  28
  29 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,
  30 // so we have to provide the appropriate handler on the OnMessageReady method.
  31 // There is a static_cast for the handler, and the compiler only performs the
  32 // cast if the first base class is Dispatcher.
  33 class PolicyBase : public Dispatcher, public TargetPolicy {
  34  public:
  35   PolicyBase();
  36
  37   virtual void AddRef() {
  38     ::InterlockedIncrement(&ref_count);
  39   }
  40
  41   virtual void Release() {
  42     if (0 == ::InterlockedDecrement(&ref_count))
  43       delete this;
  44   }
  45
  46   virtual ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) {
  47     if (initial < lockdown) {
  48       return SBOX_ERROR_BAD_PARAMS;
  49     }
  50     initial_level_ = initial;
  51     lockdown_level_ = lockdown;
  52     return SBOX_ALL_OK;
  53   }
  54
  55   virtual ResultCode SetJobLevel(JobLevel job_level, uint32 ui_exceptions) {
  56     job_level_ = job_level;
  57     ui_exceptions_ = ui_exceptions;
  58     return SBOX_ALL_OK;
  59   }
  60
  61   virtual ResultCode SetAlternateDesktop(bool alternate_winstation) {
  62     use_alternate_desktop_ = true;
  63     use_alternate_winstation_ = alternate_winstation;
  64     return CreateAlternateDesktop(alternate_winstation);
  65   }
  66
  67   virtual std::wstring GetAlternateDesktop() const;
  68
  69   virtual ResultCode CreateAlternateDesktop(bool alternate_winstation);
  70
  71   virtual void DestroyAlternateDesktop() {
  72     if (alternate_desktop_handle_) {
  73       ::CloseDesktop(alternate_desktop_handle_);
  74       alternate_desktop_handle_ = NULL;
  75     }
  76
  77     if (alternate_winstation_handle_) {
  78       ::CloseWindowStation(alternate_winstation_handle_);
  79       alternate_winstation_handle_ = NULL;
  80     }
  81   }
  82
  83   virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) {
  84     integrity_level_ = integrity_level;
  85     return SBOX_ALL_OK;
  86   }
  87
  88   virtual ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) {
  89     delayed_integrity_level_ = integrity_level;
  90     return SBOX_ALL_OK;
  91   }
  92
  93   virtual void SetStrictInterceptions() {
  94     relaxed_interceptions_ = false;
  95   }
  96
  97   virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
  98                              const wchar_t* pattern);
  99
 100   virtual ResultCode AddDllToUnload(const wchar_t* dll_name) {
 101     blacklisted_dlls_.push_back(std::wstring(dll_name));
 102     return SBOX_ALL_OK;
 103   }
 104
 105   virtual ResultCode AddKernelObjectToClose(const char16* handle_type,
 106                                             const char16* handle_name) {
 107     return handle_closer_.AddHandle(handle_type, handle_name);
 108   }
 109
 110   // Creates a Job object with the level specified in a previous call to
 111   // SetJobLevel(). Returns the standard windows of ::GetLastError().
 112   DWORD MakeJobObject(HANDLE* job);
 113   // Creates the two tokens with the levels specified in a previous call to
 114   // SetTokenLevel(). Returns the standard windows of ::GetLastError().
 115   DWORD MakeTokens(HANDLE* initial, HANDLE* lockdown);
 116   // Adds a target process to the internal list of targets. Internally a
 117   // call to TargetProcess::Init() is issued.
 118   bool AddTarget(TargetProcess* target);
 119   // Called when there are no more active processes in a Job.
 120   // Removes a Job object associated with this policy and the target associated
 121   // with the job.
 122   bool OnJobEmpty(HANDLE job);
 123
 124   // Overrides Dispatcher::OnMessageReady.
 125   virtual Dispatcher* OnMessageReady(IPCParams* ipc, CallbackGeneric* callback);
 126
 127   // Dispatcher interface.
 128   virtual bool SetupService(InterceptionManager* manager, int service);
 129
 130   virtual EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
 131
 132  private:
 133   ~PolicyBase();
 134
 135   // Test IPC providers.
 136   bool Ping(IPCInfo* ipc, void* cookie);
 137
 138   // Returns a dispatcher from ipc_targets_.
 139   Dispatcher* GetDispatcher(int ipc_tag);
 140
 141   // Sets up interceptions for a new target.
 142   bool SetupAllInterceptions(TargetProcess* target);
 143
 144   // Sets up the handle closer for a new target.
 145   bool SetupHandleCloser(TargetProcess* target);
 146
 147   // This lock synchronizes operations on the targets_ collection.
 148   CRITICAL_SECTION lock_;
 149   // Maintains the list of target process associated with this policy.
 150   // The policy takes ownership of them.
 151   typedef std::list<TargetProcess*> TargetSet;
 152   TargetSet targets_;
 153   // Standard object-lifetime reference counter.
 154   volatile LONG ref_count;
 155   // The user-defined global policy settings.
 156   TokenLevel lockdown_level_;
 157   TokenLevel initial_level_;
 158   JobLevel job_level_;
 159   uint32 ui_exceptions_;
 160   bool use_alternate_desktop_;
 161   bool use_alternate_winstation_;
 162   IntegrityLevel integrity_level_;
 163   IntegrityLevel delayed_integrity_level_;
 164   // The array of objects that will answer IPC calls.
 165   Dispatcher* ipc_targets_[IPC_LAST_TAG];
 166   // Object in charge of generating the low level policy.
 167   LowLevelPolicy* policy_maker_;
 168   // Memory structure that stores the low level policy.
 169   PolicyGlobal* policy_;
 170   // Helps the file system policy initialization.
 171   bool file_system_init_;
 172   // Operation mode for the interceptions.
 173   bool relaxed_interceptions_;
 174   // The list of dlls to unload in the target process.
 175   std::vector<std::wstring> blacklisted_dlls_;
 176   // This is a map of handle-types to names that we need to close in the
 177   // target process. A null set means we need to close all handles of the
 178   // given type.
 179   HandleCloser handle_closer_;
 180
 181   static HDESK alternate_desktop_handle_;
 182   static HWINSTA alternate_winstation_handle_;
 183
 184   DISALLOW_COPY_AND_ASSIGN(PolicyBase);
 185 };
 186
 187 }  // namespace sandbox
 188
 189 #endif  // SANDBOX_SRC_SANDBOX_POLICY_BASE_H_