sandbox/win/src/sandbox_policy_base.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
   6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
   7
   8 #include <windows.h>
   9
  10 #include <list>
  11 #include <vector>
  12
  13 #include "base/basictypes.h"
  14 #include "base/compiler_specific.h"
  15 #include "base/strings/string16.h"
  16 #include "base/win/scoped_handle.h"
  17 #include "sandbox/win/src/crosscall_server.h"
  18 #include "sandbox/win/src/handle_closer.h"
  19 #include "sandbox/win/src/ipc_tags.h"
  20 #include "sandbox/win/src/policy_engine_opcodes.h"
  21 #include "sandbox/win/src/policy_engine_params.h"
  22 #include "sandbox/win/src/sandbox_policy.h"
  23 #include "sandbox/win/src/win_utils.h"
  24
  25 namespace sandbox {
  26
  27 class AppContainerAttributes;
  28 class LowLevelPolicy;
  29 class TargetProcess;
  30 struct PolicyGlobal;
  31
  32 typedef std::vector<base::win::ScopedHandle*> HandleList;
  33
  34 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,
  35 // so we have to provide the appropriate handler on the OnMessageReady method.
  36 // There is a static_cast for the handler, and the compiler only performs the
  37 // cast if the first base class is Dispatcher.
  38 class PolicyBase : public Dispatcher, public TargetPolicy {
  39  public:
  40   PolicyBase();
  41
  42   // TargetPolicy:
  43   void AddRef() override;
  44   void Release() override;
  45   ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) override;
  46   TokenLevel GetInitialTokenLevel() const override;
  47   TokenLevel GetLockdownTokenLevel() const override;
  48   ResultCode SetJobLevel(JobLevel job_level, uint32 ui_exceptions) override;
  49   ResultCode SetJobMemoryLimit(size_t memory_limit) override;
  50   ResultCode SetAlternateDesktop(bool alternate_winstation) override;
  51   base::string16 GetAlternateDesktop() const override;
  52   ResultCode CreateAlternateDesktop(bool alternate_winstation) override;
  53   void DestroyAlternateDesktop() override;
  54   ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override;
  55   IntegrityLevel GetIntegrityLevel() const override;
  56   ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) override;
  57   ResultCode SetAppContainer(const wchar_t* sid) override;
  58   ResultCode SetCapability(const wchar_t* sid) override;
  59   ResultCode SetLowBox(const wchar_t* sid) override;
  60   ResultCode SetProcessMitigations(MitigationFlags flags) override;
  61   MitigationFlags GetProcessMitigations() override;
  62   ResultCode SetDelayedProcessMitigations(MitigationFlags flags) override;
  63   MitigationFlags GetDelayedProcessMitigations() const override;
  64   void SetStrictInterceptions() override;
  65   ResultCode SetStdoutHandle(HANDLE handle) override;
  66   ResultCode SetStderrHandle(HANDLE handle) override;
  67   ResultCode AddRule(SubSystem subsystem,
  68                      Semantics semantics,
  69                      const wchar_t* pattern) override;
  70   ResultCode AddDllToUnload(const wchar_t* dll_name) override;
  71   ResultCode AddKernelObjectToClose(const base::char16* handle_type,
  72                                     const base::char16* handle_name) override;
  73   void* AddHandleToShare(HANDLE handle) override;
  74
  75   // Dispatcher:
  76   Dispatcher* OnMessageReady(IPCParams* ipc,
  77                              CallbackGeneric* callback) override;
  78   bool SetupService(InterceptionManager* manager, int service) override;
  79
  80   // Creates a Job object with the level specified in a previous call to
  81   // SetJobLevel().
  82   ResultCode MakeJobObject(base::win::ScopedHandle* job);
  83
  84   // Creates the two tokens with the levels specified in a previous call to
  85   // SetTokenLevel().
  86   ResultCode MakeTokens(base::win::ScopedHandle* initial,
  87                         base::win::ScopedHandle* lockdown);
  88
  89   const AppContainerAttributes* GetAppContainer() const;
  90
  91   const PSID GetLowBoxSid() const;
  92
  93   // Adds a target process to the internal list of targets. Internally a
  94   // call to TargetProcess::Init() is issued.
  95   bool AddTarget(TargetProcess* target);
  96
  97   // Called when there are no more active processes in a Job.
  98   // Removes a Job object associated with this policy and the target associated
  99   // with the job.
 100   bool OnJobEmpty(HANDLE job);
 101
 102   EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
 103
 104   HANDLE GetStdoutHandle();
 105   HANDLE GetStderrHandle();
 106
 107   // Returns the list of handles being shared with the target process.
 108   const HandleList& GetHandlesBeingShared();
 109
 110   // Closes the handles being shared with the target and clears out the list.
 111   void ClearSharedHandles();
 112
 113  private:
 114   ~PolicyBase() override;
 115
 116   // Test IPC providers.
 117   bool Ping(IPCInfo* ipc, void* cookie);
 118
 119   // Returns a dispatcher from ipc_targets_.
 120   Dispatcher* GetDispatcher(int ipc_tag);
 121
 122   // Sets up interceptions for a new target.
 123   bool SetupAllInterceptions(TargetProcess* target);
 124
 125   // Sets up the handle closer for a new target.
 126   bool SetupHandleCloser(TargetProcess* target);
 127
 128   ResultCode AddRuleInternal(SubSystem subsystem,
 129                              Semantics semantics,
 130                              const wchar_t* pattern);
 131
 132   // This lock synchronizes operations on the targets_ collection.
 133   CRITICAL_SECTION lock_;
 134   // Maintains the list of target process associated with this policy.
 135   // The policy takes ownership of them.
 136   typedef std::list<TargetProcess*> TargetSet;
 137   TargetSet targets_;
 138   // Standard object-lifetime reference counter.
 139   volatile LONG ref_count;
 140   // The user-defined global policy settings.
 141   TokenLevel lockdown_level_;
 142   TokenLevel initial_level_;
 143   JobLevel job_level_;
 144   uint32 ui_exceptions_;
 145   size_t memory_limit_;
 146   bool use_alternate_desktop_;
 147   bool use_alternate_winstation_;
 148   // Helps the file system policy initialization.
 149   bool file_system_init_;
 150   bool relaxed_interceptions_;
 151   HANDLE stdout_handle_;
 152   HANDLE stderr_handle_;
 153   IntegrityLevel integrity_level_;
 154   IntegrityLevel delayed_integrity_level_;
 155   MitigationFlags mitigations_;
 156   MitigationFlags delayed_mitigations_;
 157   // The array of objects that will answer IPC calls.
 158   Dispatcher* ipc_targets_[IPC_LAST_TAG];
 159   // Object in charge of generating the low level policy.
 160   LowLevelPolicy* policy_maker_;
 161   // Memory structure that stores the low level policy.
 162   PolicyGlobal* policy_;
 163   // The list of dlls to unload in the target process.
 164   std::vector<base::string16> blacklisted_dlls_;
 165   // This is a map of handle-types to names that we need to close in the
 166   // target process. A null set means we need to close all handles of the
 167   // given type.
 168   HandleCloser handle_closer_;
 169   std::vector<base::string16> capabilities_;
 170   scoped_ptr<AppContainerAttributes> appcontainer_list_;
 171   PSID lowbox_sid_;
 172   base::win::ScopedHandle lowbox_directory_;
 173
 174   static HDESK alternate_desktop_handle_;
 175   static HWINSTA alternate_winstation_handle_;
 176   static IntegrityLevel alternate_desktop_integrity_level_label_;
 177
 178   // Contains the list of handles being shared with the target process.
 179   // This list contains handles other than the stderr/stdout handles which are
 180   // shared with the target at times.
 181   HandleList handles_to_share_;
 182
 183   DISALLOW_COPY_AND_ASSIGN(PolicyBase);
 184 };
 185
 186 }  // namespace sandbox
 187
 188 #endif  // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_