Don't show supervised user as "already on this device" while they're being imported.
[chromium-blink-merge.git] / sandbox / win / src / target_services.cc
blobb43a3b8a8a72492c9bccf079cfc0b927b209e98c
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/target_services.h"
7 #include <process.h>
9 #include "base/basictypes.h"
10 #include "base/win/windows_version.h"
11 #include "sandbox/win/src/crosscall_client.h"
12 #include "sandbox/win/src/handle_closer_agent.h"
13 #include "sandbox/win/src/handle_interception.h"
14 #include "sandbox/win/src/ipc_tags.h"
15 #include "sandbox/win/src/process_mitigations.h"
16 #include "sandbox/win/src/restricted_token_utils.h"
17 #include "sandbox/win/src/sandbox.h"
18 #include "sandbox/win/src/sandbox_types.h"
19 #include "sandbox/win/src/sharedmem_ipc_client.h"
20 #include "sandbox/win/src/sandbox_nt_util.h"
22 namespace {
24 // Flushing a cached key is triggered by just opening the key and closing the
25 // resulting handle. RegDisablePredefinedCache() is the documented way to flush
26 // HKCU so do not use it with this function.
27 bool FlushRegKey(HKEY root) {
28 HKEY key;
29 if (ERROR_SUCCESS == ::RegOpenKeyExW(root, NULL, 0, MAXIMUM_ALLOWED, &key)) {
30 if (ERROR_SUCCESS != ::RegCloseKey(key))
31 return false;
33 return true;
36 // This function forces advapi32.dll to release some internally cached handles
37 // that were made during calls to RegOpenkey and RegOpenKeyEx if it is called
38 // with a more restrictive token. Returns true if the flushing is succesful
39 // although this behavior is undocumented and there is no guarantee that in
40 // fact this will happen in future versions of windows.
41 bool FlushCachedRegHandles() {
42 return (FlushRegKey(HKEY_LOCAL_MACHINE) &&
43 FlushRegKey(HKEY_CLASSES_ROOT) &&
44 FlushRegKey(HKEY_USERS));
47 // Checks if we have handle entries pending and runs the closer.
48 bool CloseOpenHandles() {
49 if (sandbox::HandleCloserAgent::NeedsHandlesClosed()) {
50 sandbox::HandleCloserAgent handle_closer;
52 handle_closer.InitializeHandlesToClose();
53 if (!handle_closer.CloseHandles())
54 return false;
57 return true;
60 } // namespace
62 namespace sandbox {
64 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level =
65 INTEGRITY_LEVEL_LAST;
66 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations = 0;
68 TargetServicesBase::TargetServicesBase() {
71 ResultCode TargetServicesBase::Init() {
72 process_state_.SetInitCalled();
73 return SBOX_ALL_OK;
76 // Failure here is a breach of security so the process is terminated.
77 void TargetServicesBase::LowerToken() {
78 if (ERROR_SUCCESS !=
79 SetProcessIntegrityLevel(g_shared_delayed_integrity_level))
80 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_INTEGRITY);
81 process_state_.SetRevertedToSelf();
82 // If the client code as called RegOpenKey, advapi32.dll has cached some
83 // handles. The following code gets rid of them.
84 if (!::RevertToSelf())
85 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_DROPTOKEN);
86 if (!FlushCachedRegHandles())
87 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_FLUSHANDLES);
88 if (ERROR_SUCCESS != ::RegDisablePredefinedCache())
89 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CACHEDISABLE);
90 if (!CloseOpenHandles())
91 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CLOSEHANDLES);
92 // Enabling mitigations must happen last otherwise handle closing breaks
93 if (g_shared_delayed_mitigations &&
94 !ApplyProcessMitigationsToCurrentProcess(g_shared_delayed_mitigations))
95 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_MITIGATION);
98 ProcessState* TargetServicesBase::GetState() {
99 return &process_state_;
102 TargetServicesBase* TargetServicesBase::GetInstance() {
103 static TargetServicesBase instance;
104 return &instance;
107 // The broker services a 'test' IPC service with the IPC_PING_TAG tag.
108 bool TargetServicesBase::TestIPCPing(int version) {
109 void* memory = GetGlobalIPCMemory();
110 if (NULL == memory) {
111 return false;
113 SharedMemIPCClient ipc(memory);
114 CrossCallReturn answer = {0};
116 if (1 == version) {
117 uint32 tick1 = ::GetTickCount();
118 uint32 cookie = 717115;
119 ResultCode code = CrossCall(ipc, IPC_PING1_TAG, cookie, &answer);
121 if (SBOX_ALL_OK != code) {
122 return false;
124 // We should get two extended returns values from the IPC, one is the
125 // tick count on the broker and the other is the cookie times two.
126 if ((answer.extended_count != 2)) {
127 return false;
129 // We test the first extended answer to be within the bounds of the tick
130 // count only if there was no tick count wraparound.
131 uint32 tick2 = ::GetTickCount();
132 if (tick2 >= tick1) {
133 if ((answer.extended[0].unsigned_int < tick1) ||
134 (answer.extended[0].unsigned_int > tick2)) {
135 return false;
139 if (answer.extended[1].unsigned_int != cookie * 2) {
140 return false;
142 } else if (2 == version) {
143 uint32 cookie = 717111;
144 InOutCountedBuffer counted_buffer(&cookie, sizeof(cookie));
145 ResultCode code = CrossCall(ipc, IPC_PING2_TAG, counted_buffer, &answer);
147 if (SBOX_ALL_OK != code) {
148 return false;
150 if (cookie != 717111 * 3) {
151 return false;
153 } else {
154 return false;
156 return true;
159 bool ProcessState::IsKernel32Loaded() {
160 return process_state_ != 0;
163 bool ProcessState::InitCalled() {
164 return process_state_ > 1;
167 bool ProcessState::RevertedToSelf() {
168 return process_state_ > 2;
171 void ProcessState::SetKernel32Loaded() {
172 if (!process_state_)
173 process_state_ = 1;
176 void ProcessState::SetInitCalled() {
177 if (process_state_ < 2)
178 process_state_ = 2;
181 void ProcessState::SetRevertedToSelf() {
182 if (process_state_ < 3)
183 process_state_ = 3;
186 ResultCode TargetServicesBase::DuplicateHandle(HANDLE source_handle,
187 DWORD target_process_id,
188 HANDLE* target_handle,
189 DWORD desired_access,
190 DWORD options) {
191 return sandbox::DuplicateHandleProxy(source_handle, target_process_id,
192 target_handle, desired_access, options);
195 } // namespace sandbox