sandbox/win/src/handle_dispatcher.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/win/src/handle_dispatcher.h"
   6
   7 #include "base/win/scoped_handle.h"
   8 #include "sandbox/win/src/handle_interception.h"
   9 #include "sandbox/win/src/handle_policy.h"
  10 #include "sandbox/win/src/ipc_tags.h"
  11 #include "sandbox/win/src/policy_broker.h"
  12 #include "sandbox/win/src/policy_params.h"
  13 #include "sandbox/win/src/sandbox.h"
  14 #include "sandbox/win/src/sandbox_nt_util.h"
  15 #include "sandbox/win/src/sandbox_types.h"
  16 #include "sandbox/win/src/sandbox_utils.h"
  17
  18 namespace sandbox {
  19
  20 HandleDispatcher::HandleDispatcher(PolicyBase* policy_base)
  21     : policy_base_(policy_base) {
  22   static const IPCCall duplicate_handle_proxy = {
  23     {IPC_DUPLICATEHANDLEPROXY_TAG, VOIDPTR_TYPE, UINT32_TYPE, UINT32_TYPE,
  24      UINT32_TYPE},
  25     reinterpret_cast<CallbackGeneric>(&HandleDispatcher::DuplicateHandleProxy)
  26   };
  27
  28   ipc_calls_.push_back(duplicate_handle_proxy);
  29 }
  30
  31 bool HandleDispatcher::SetupService(InterceptionManager* manager,
  32                                     int service) {
  33   // We perform no interceptions for handles right now.
  34   switch (service) {
  35     case IPC_DUPLICATEHANDLEPROXY_TAG:
  36     return true;
  37   }
  38
  39   return false;
  40 }
  41
  42 bool HandleDispatcher::DuplicateHandleProxy(IPCInfo* ipc,
  43                                             HANDLE source_handle,
  44                                             uint32 target_process_id,
  45                                             uint32 desired_access,
  46                                             uint32 options) {
  47   static NtQueryObject QueryObject = NULL;
  48   if (!QueryObject)
  49     ResolveNTFunctionPtr("NtQueryObject", &QueryObject);
  50
  51   // Get a copy of the handle for use in the broker process.
  52   HANDLE handle_temp;
  53   if (!::DuplicateHandle(ipc->client_info->process, source_handle,
  54                          ::GetCurrentProcess(), &handle_temp,
  55                          0, FALSE, DUPLICATE_SAME_ACCESS | options)) {
  56     ipc->return_info.win32_result = ::GetLastError();
  57     return false;
  58   }
  59   options &= ~DUPLICATE_CLOSE_SOURCE;
  60   base::win::ScopedHandle handle(handle_temp);
  61
  62   // Get the object type (32 characters is safe; current max is 14).
  63   BYTE buffer[sizeof(OBJECT_TYPE_INFORMATION) + 32 * sizeof(wchar_t)];
  64   OBJECT_TYPE_INFORMATION* type_info =
  65       reinterpret_cast<OBJECT_TYPE_INFORMATION*>(buffer);
  66   ULONG size = sizeof(buffer) - sizeof(wchar_t);
  67   NTSTATUS error =
  68       QueryObject(handle.Get(), ObjectTypeInformation, type_info, size, &size);
  69   if (!NT_SUCCESS(error)) {
  70     ipc->return_info.nt_status = error;
  71     return false;
  72   }
  73   type_info->Name.Buffer[type_info->Name.Length / sizeof(wchar_t)] = L'\0';
  74
  75   CountedParameterSet<HandleTarget> params;
  76   params[HandleTarget::NAME] = ParamPickerMake(type_info->Name.Buffer);
  77   params[HandleTarget::TARGET] = ParamPickerMake(target_process_id);
  78
  79   EvalResult eval = policy_base_->EvalPolicy(IPC_DUPLICATEHANDLEPROXY_TAG,
  80                                              params.GetBase());
  81   ipc->return_info.win32_result =
  82       HandlePolicy::DuplicateHandleProxyAction(eval, handle.Get(),
  83                                                target_process_id,
  84                                                &ipc->return_info.handle,
  85                                                desired_access, options);
  86   return true;
  87 }
  88
  89 }  // namespace sandbox
  90