1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_SRC_SANDBOX_POLICY_BASE_H_
6 #define SANDBOX_SRC_SANDBOX_POLICY_BASE_H_
13 #include "base/basictypes.h"
14 #include "base/string16.h"
15 #include "sandbox/src/crosscall_server.h"
16 #include "sandbox/src/handle_closer.h"
17 #include "sandbox/src/ipc_tags.h"
18 #include "sandbox/src/policy_engine_opcodes.h"
19 #include "sandbox/src/policy_engine_params.h"
20 #include "sandbox/src/sandbox_policy.h"
21 #include "sandbox/src/win_utils.h"
29 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,
30 // so we have to provide the appropriate handler on the OnMessageReady method.
31 // There is a static_cast for the handler, and the compiler only performs the
32 // cast if the first base class is Dispatcher.
33 class PolicyBase
: public Dispatcher
, public TargetPolicy
{
37 virtual void AddRef() {
38 ::InterlockedIncrement(&ref_count
);
41 virtual void Release() {
42 if (0 == ::InterlockedDecrement(&ref_count
))
46 virtual ResultCode
SetTokenLevel(TokenLevel initial
, TokenLevel lockdown
) {
47 if (initial
< lockdown
) {
48 return SBOX_ERROR_BAD_PARAMS
;
50 initial_level_
= initial
;
51 lockdown_level_
= lockdown
;
55 virtual ResultCode
SetJobLevel(JobLevel job_level
, uint32 ui_exceptions
) {
56 job_level_
= job_level
;
57 ui_exceptions_
= ui_exceptions
;
61 virtual ResultCode
SetAlternateDesktop(bool alternate_winstation
) {
62 use_alternate_desktop_
= true;
63 use_alternate_winstation_
= alternate_winstation
;
64 return CreateAlternateDesktop(alternate_winstation
);
67 virtual std::wstring
GetAlternateDesktop() const;
69 virtual ResultCode
CreateAlternateDesktop(bool alternate_winstation
);
71 virtual void DestroyAlternateDesktop() {
72 if (alternate_desktop_handle_
) {
73 ::CloseDesktop(alternate_desktop_handle_
);
74 alternate_desktop_handle_
= NULL
;
77 if (alternate_winstation_handle_
) {
78 ::CloseWindowStation(alternate_winstation_handle_
);
79 alternate_winstation_handle_
= NULL
;
83 virtual ResultCode
SetIntegrityLevel(IntegrityLevel integrity_level
) {
84 integrity_level_
= integrity_level
;
88 virtual ResultCode
SetDelayedIntegrityLevel(IntegrityLevel integrity_level
) {
89 delayed_integrity_level_
= integrity_level
;
93 virtual void SetStrictInterceptions() {
94 relaxed_interceptions_
= false;
97 virtual ResultCode
AddRule(SubSystem subsystem
, Semantics semantics
,
98 const wchar_t* pattern
);
100 virtual ResultCode
AddDllToUnload(const wchar_t* dll_name
) {
101 blacklisted_dlls_
.push_back(std::wstring(dll_name
));
105 virtual ResultCode
AddKernelObjectToClose(const char16
* handle_type
,
106 const char16
* handle_name
) {
107 return handle_closer_
.AddHandle(handle_type
, handle_name
);
110 // Creates a Job object with the level specified in a previous call to
111 // SetJobLevel(). Returns the standard windows of ::GetLastError().
112 DWORD
MakeJobObject(HANDLE
* job
);
113 // Creates the two tokens with the levels specified in a previous call to
114 // SetTokenLevel(). Returns the standard windows of ::GetLastError().
115 DWORD
MakeTokens(HANDLE
* initial
, HANDLE
* lockdown
);
116 // Adds a target process to the internal list of targets. Internally a
117 // call to TargetProcess::Init() is issued.
118 bool AddTarget(TargetProcess
* target
);
119 // Called when there are no more active processes in a Job.
120 // Removes a Job object associated with this policy and the target associated
122 bool OnJobEmpty(HANDLE job
);
124 // Overrides Dispatcher::OnMessageReady.
125 virtual Dispatcher
* OnMessageReady(IPCParams
* ipc
, CallbackGeneric
* callback
);
127 // Dispatcher interface.
128 virtual bool SetupService(InterceptionManager
* manager
, int service
);
130 virtual EvalResult
EvalPolicy(int service
, CountedParameterSetBase
* params
);
135 // Test IPC providers.
136 bool Ping(IPCInfo
* ipc
, void* cookie
);
138 // Returns a dispatcher from ipc_targets_.
139 Dispatcher
* GetDispatcher(int ipc_tag
);
141 // Sets up interceptions for a new target.
142 bool SetupAllInterceptions(TargetProcess
* target
);
144 // Sets up the handle closer for a new target.
145 bool SetupHandleCloser(TargetProcess
* target
);
147 // This lock synchronizes operations on the targets_ collection.
148 CRITICAL_SECTION lock_
;
149 // Maintains the list of target process associated with this policy.
150 // The policy takes ownership of them.
151 typedef std::list
<TargetProcess
*> TargetSet
;
153 // Standard object-lifetime reference counter.
154 volatile LONG ref_count
;
155 // The user-defined global policy settings.
156 TokenLevel lockdown_level_
;
157 TokenLevel initial_level_
;
159 uint32 ui_exceptions_
;
160 bool use_alternate_desktop_
;
161 bool use_alternate_winstation_
;
162 IntegrityLevel integrity_level_
;
163 IntegrityLevel delayed_integrity_level_
;
164 // The array of objects that will answer IPC calls.
165 Dispatcher
* ipc_targets_
[IPC_LAST_TAG
];
166 // Object in charge of generating the low level policy.
167 LowLevelPolicy
* policy_maker_
;
168 // Memory structure that stores the low level policy.
169 PolicyGlobal
* policy_
;
170 // Helps the file system policy initialization.
171 bool file_system_init_
;
172 // Operation mode for the interceptions.
173 bool relaxed_interceptions_
;
174 // The list of dlls to unload in the target process.
175 std::vector
<std::wstring
> blacklisted_dlls_
;
176 // This is a map of handle-types to names that we need to close in the
177 // target process. A null set means we need to close all handles of the
179 HandleCloser handle_closer_
;
181 static HDESK alternate_desktop_handle_
;
182 static HWINSTA alternate_winstation_handle_
;
184 DISALLOW_COPY_AND_ASSIGN(PolicyBase
);
187 } // namespace sandbox
189 #endif // SANDBOX_SRC_SANDBOX_POLICY_BASE_H_