search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "Merged all Chromoting Host code into remoting_core.dll (Windows)."
[chromium-blink-merge.git] / sandbox / win / src / app_container.cc
blobee978b9515de5578d7e10a70404f687de76001a4
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "sandbox/win/src/app_container.h"
6
7 #include <Sddl.h>
8 #include <vector>
9
10 #include "base/logging.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/win/startup_information.h"
13 #include "sandbox/win/src/internal_types.h"
14
15 namespace {
16
17 // Converts the passed in sid string to a PSID that must be relased with
18 // LocalFree.
19 PSID ConvertSid(const string16& sid) {
20 PSID local_sid;
21 if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
22 return NULL;
23 return local_sid;
24 }
25
26 } // namespace
27
28 namespace sandbox {
29
30 AppContainerAttributes::AppContainerAttributes() {
31 memset(&capabilities_, 0, sizeof(capabilities_));
32 }
33
34 AppContainerAttributes::~AppContainerAttributes() {
35 for (size_t i = 0; i < attributes_.size(); i++)
36 LocalFree(attributes_[i].Sid);
37 LocalFree(capabilities_.AppContainerSid);
38 }
39
40 ResultCode AppContainerAttributes::SetAppContainer(
41 const string16& app_container_sid,
42 const std::vector<string16>& capabilities) {
43 DCHECK(!capabilities_.AppContainerSid);
44 DCHECK(attributes_.empty());
45 capabilities_.AppContainerSid = ConvertSid(app_container_sid);
46 if (!capabilities_.AppContainerSid)
47 return SBOX_ERROR_INVALID_APP_CONTAINER;
48
49 for (size_t i = 0; i < capabilities.size(); i++) {
50 SID_AND_ATTRIBUTES sid_and_attributes;
51 sid_and_attributes.Sid = ConvertSid(capabilities[i]);
52 if (!sid_and_attributes.Sid)
53 return SBOX_ERROR_INVALID_CAPABILITY;
54
55 sid_and_attributes.Attributes = SE_GROUP_ENABLED;
56 attributes_.push_back(sid_and_attributes);
57 }
58
59 if (capabilities.size()) {
60 capabilities_.CapabilityCount = static_cast<DWORD>(capabilities.size());
61 capabilities_.Capabilities = &attributes_[0];
62 }
63 return SBOX_ALL_OK;
64 }
65
66 ResultCode AppContainerAttributes::ShareForStartup(
67 base::win::StartupInformation* startup_information) const {
68 // The only thing we support so far is an AppContainer.
69 if (!capabilities_.AppContainerSid)
70 return SBOX_ERROR_INVALID_APP_CONTAINER;
71
72 if (!startup_information->UpdateProcThreadAttribute(
73 PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES,
74 const_cast<SECURITY_CAPABILITIES*>(&capabilities_),
75 sizeof(capabilities_))) {
76 DPLOG(ERROR) << "Failed UpdateProcThreadAttribute";
77 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER;
78 }
79 return SBOX_ALL_OK;
80 }
81
82 bool AppContainerAttributes::HasAppContainer() const {
83 return (capabilities_.AppContainerSid != NULL);
84 }
85
86 ResultCode CreateAppContainer(const string16& sid, const string16& name) {
87 PSID local_sid;
88 if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
89 return SBOX_ERROR_INVALID_APP_CONTAINER;
90
91 typedef HRESULT (WINAPI* AppContainerRegisterSidPtr)(PSID sid,
92 LPCWSTR moniker,
93 LPCWSTR display_name);
94 static AppContainerRegisterSidPtr AppContainerRegisterSid = NULL;
95
96 if (!AppContainerRegisterSid) {
97 HMODULE module = GetModuleHandle(kKerneldllName);
98 AppContainerRegisterSid = reinterpret_cast<AppContainerRegisterSidPtr>(
99 GetProcAddress(module, "AppContainerRegisterSid"));
100 }
101
102 ResultCode operation_result = SBOX_ERROR_GENERIC;
103 if (AppContainerRegisterSid) {
104 HRESULT rv = AppContainerRegisterSid(local_sid, name.c_str(), name.c_str());
105 if (SUCCEEDED(rv))
106 operation_result = SBOX_ALL_OK;
107 else
108 DLOG(ERROR) << "AppContainerRegisterSid error:" << std::hex << rv;
109 }
110 LocalFree(local_sid);
111 return operation_result;
112 }
113
114 ResultCode DeleteAppContainer(const string16& sid) {
115 PSID local_sid;
116 if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
117 return SBOX_ERROR_INVALID_APP_CONTAINER;
118
119 typedef HRESULT (WINAPI* AppContainerUnregisterSidPtr)(PSID sid);
120 static AppContainerUnregisterSidPtr AppContainerUnregisterSid = NULL;
121
122 if (!AppContainerUnregisterSid) {
123 HMODULE module = GetModuleHandle(kKerneldllName);
124 AppContainerUnregisterSid = reinterpret_cast<AppContainerUnregisterSidPtr>(
125 GetProcAddress(module, "AppContainerUnregisterSid"));
126 }
127
128 ResultCode operation_result = SBOX_ERROR_GENERIC;
129 if (AppContainerUnregisterSid) {
130 HRESULT rv = AppContainerUnregisterSid(local_sid);
131 if (SUCCEEDED(rv))
132 operation_result = SBOX_ALL_OK;
133 else
134 DLOG(ERROR) << "AppContainerUnregisterSid error:" << std::hex << rv;
135 }
136 LocalFree(local_sid);
137 return operation_result;
138 }
139
140 string16 LookupAppContainer(const string16& sid) {
141 PSID local_sid;
142 if (!ConvertStringSidToSid(sid.c_str(), &local_sid))
143 return string16();
144
145 typedef HRESULT (WINAPI* AppContainerLookupMonikerPtr)(PSID sid,
146 LPWSTR* moniker);
147 typedef BOOLEAN (WINAPI* AppContainerFreeMemoryPtr)(void* ptr);
148
149 static AppContainerLookupMonikerPtr AppContainerLookupMoniker = NULL;
150 static AppContainerFreeMemoryPtr AppContainerFreeMemory = NULL;
151
152 if (!AppContainerLookupMoniker || !AppContainerFreeMemory) {
153 HMODULE module = GetModuleHandle(kKerneldllName);
154 AppContainerLookupMoniker = reinterpret_cast<AppContainerLookupMonikerPtr>(
155 GetProcAddress(module, "AppContainerLookupMoniker"));
156 AppContainerFreeMemory = reinterpret_cast<AppContainerFreeMemoryPtr>(
157 GetProcAddress(module, "AppContainerFreeMemory"));
158 }
159
160 if (!AppContainerLookupMoniker || !AppContainerFreeMemory)
161 return string16();
162
163 wchar_t* buffer = NULL;
164 HRESULT rv = AppContainerLookupMoniker(local_sid, &buffer);
165 if (FAILED(rv))
166 return string16();
167
168 string16 name(buffer);
169 if (!AppContainerFreeMemory(buffer))
170 NOTREACHED();
171 return name;
172 }
173
174 } // namespace sandbox