sandbox/win/src/sandbox_policy_base.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
   6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
   7
   8 #include <windows.h>
   9
  10 #include <list>
  11 #include <vector>
  12
  13 #include "base/basictypes.h"
  14 #include "base/compiler_specific.h"
  15 #include "base/strings/string16.h"
  16 #include "sandbox/win/src/crosscall_server.h"
  17 #include "sandbox/win/src/handle_closer.h"
  18 #include "sandbox/win/src/ipc_tags.h"
  19 #include "sandbox/win/src/policy_engine_opcodes.h"
  20 #include "sandbox/win/src/policy_engine_params.h"
  21 #include "sandbox/win/src/sandbox_policy.h"
  22 #include "sandbox/win/src/win_utils.h"
  23
  24 namespace sandbox {
  25
  26 class AppContainerAttributes;
  27 class LowLevelPolicy;
  28 class TargetProcess;
  29 struct PolicyGlobal;
  30
  31 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,
  32 // so we have to provide the appropriate handler on the OnMessageReady method.
  33 // There is a static_cast for the handler, and the compiler only performs the
  34 // cast if the first base class is Dispatcher.
  35 class PolicyBase : public Dispatcher, public TargetPolicy {
  36  public:
  37   PolicyBase();
  38
  39   // TargetPolicy:
  40   virtual void AddRef() OVERRIDE;
  41   virtual void Release() OVERRIDE;
  42   virtual ResultCode SetTokenLevel(TokenLevel initial,
  43                                    TokenLevel lockdown) OVERRIDE;
  44   virtual ResultCode SetJobLevel(JobLevel job_level,
  45                                  uint32 ui_exceptions) OVERRIDE;
  46   virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE;
  47   virtual string16 GetAlternateDesktop() const OVERRIDE;
  48   virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE;
  49   virtual void DestroyAlternateDesktop() OVERRIDE;
  50   virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE;
  51   virtual ResultCode SetDelayedIntegrityLevel(
  52       IntegrityLevel integrity_level) OVERRIDE;
  53   virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE;
  54   virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE;
  55   virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE;
  56   virtual MitigationFlags GetProcessMitigations() OVERRIDE;
  57   virtual ResultCode SetDelayedProcessMitigations(
  58       MitigationFlags flags) OVERRIDE;
  59   virtual MitigationFlags GetDelayedProcessMitigations() OVERRIDE;
  60   virtual void SetStrictInterceptions() OVERRIDE;
  61   virtual ResultCode SetStdoutHandle(HANDLE handle) OVERRIDE;
  62   virtual ResultCode SetStderrHandle(HANDLE handle) OVERRIDE;
  63   virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
  64                              const wchar_t* pattern) OVERRIDE;
  65   virtual ResultCode AddDllToUnload(const wchar_t* dll_name);
  66   virtual ResultCode AddKernelObjectToClose(const char16* handle_type,
  67                                             const char16* handle_name) OVERRIDE;
  68
  69   // Dispatcher:
  70   virtual Dispatcher* OnMessageReady(IPCParams* ipc,
  71                                      CallbackGeneric* callback) OVERRIDE;
  72   virtual bool SetupService(InterceptionManager* manager, int service) OVERRIDE;
  73
  74   // Creates a Job object with the level specified in a previous call to
  75   // SetJobLevel().
  76   ResultCode MakeJobObject(HANDLE* job);
  77
  78   // Creates the two tokens with the levels specified in a previous call to
  79   // SetTokenLevel().
  80   ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown);
  81
  82   const AppContainerAttributes* GetAppContainer();
  83
  84   // Adds a target process to the internal list of targets. Internally a
  85   // call to TargetProcess::Init() is issued.
  86   bool AddTarget(TargetProcess* target);
  87
  88   // Called when there are no more active processes in a Job.
  89   // Removes a Job object associated with this policy and the target associated
  90   // with the job.
  91   bool OnJobEmpty(HANDLE job);
  92
  93   EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
  94
  95   HANDLE GetStdoutHandle();
  96   HANDLE GetStderrHandle();
  97
  98  private:
  99   ~PolicyBase();
 100
 101   // Test IPC providers.
 102   bool Ping(IPCInfo* ipc, void* cookie);
 103
 104   // Returns a dispatcher from ipc_targets_.
 105   Dispatcher* GetDispatcher(int ipc_tag);
 106
 107   // Sets up interceptions for a new target.
 108   bool SetupAllInterceptions(TargetProcess* target);
 109
 110   // Sets up the handle closer for a new target.
 111   bool SetupHandleCloser(TargetProcess* target);
 112
 113   // This lock synchronizes operations on the targets_ collection.
 114   CRITICAL_SECTION lock_;
 115   // Maintains the list of target process associated with this policy.
 116   // The policy takes ownership of them.
 117   typedef std::list<TargetProcess*> TargetSet;
 118   TargetSet targets_;
 119   // Standard object-lifetime reference counter.
 120   volatile LONG ref_count;
 121   // The user-defined global policy settings.
 122   TokenLevel lockdown_level_;
 123   TokenLevel initial_level_;
 124   JobLevel job_level_;
 125   uint32 ui_exceptions_;
 126   bool use_alternate_desktop_;
 127   bool use_alternate_winstation_;
 128   // Helps the file system policy initialization.
 129   bool file_system_init_;
 130   bool relaxed_interceptions_;
 131   HANDLE stdout_handle_;
 132   HANDLE stderr_handle_;
 133   IntegrityLevel integrity_level_;
 134   IntegrityLevel delayed_integrity_level_;
 135   MitigationFlags mitigations_;
 136   MitigationFlags delayed_mitigations_;
 137   // The array of objects that will answer IPC calls.
 138   Dispatcher* ipc_targets_[IPC_LAST_TAG];
 139   // Object in charge of generating the low level policy.
 140   LowLevelPolicy* policy_maker_;
 141   // Memory structure that stores the low level policy.
 142   PolicyGlobal* policy_;
 143   // The list of dlls to unload in the target process.
 144   std::vector<string16> blacklisted_dlls_;
 145   // This is a map of handle-types to names that we need to close in the
 146   // target process. A null set means we need to close all handles of the
 147   // given type.
 148   HandleCloser handle_closer_;
 149   std::vector<string16> capabilities_;
 150   scoped_ptr<AppContainerAttributes> appcontainer_list_;
 151
 152   static HDESK alternate_desktop_handle_;
 153   static HWINSTA alternate_winstation_handle_;
 154
 155   DISALLOW_COPY_AND_ASSIGN(PolicyBase);
 156 };
 157
 158 }  // namespace sandbox
 159
 160 #endif  // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_