sandbox/win/src/sandbox_policy_base.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
   6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
   7
   8 #include <windows.h>
   9
  10 #include <list>
  11 #include <vector>
  12
  13 #include "base/basictypes.h"
  14 #include "base/compiler_specific.h"
  15 #include "base/strings/string16.h"
  16 #include "sandbox/win/src/crosscall_server.h"
  17 #include "sandbox/win/src/handle_closer.h"
  18 #include "sandbox/win/src/ipc_tags.h"
  19 #include "sandbox/win/src/policy_engine_opcodes.h"
  20 #include "sandbox/win/src/policy_engine_params.h"
  21 #include "sandbox/win/src/sandbox_policy.h"
  22 #include "sandbox/win/src/win_utils.h"
  23
  24 namespace sandbox {
  25
  26 class AppContainerAttributes;
  27 class LowLevelPolicy;
  28 class TargetProcess;
  29 struct PolicyGlobal;
  30
  31 typedef std::vector<HANDLE> HandleList;
  32
  33 // We act as a policy dispatcher, implementing the handler for the "ping" IPC,
  34 // so we have to provide the appropriate handler on the OnMessageReady method.
  35 // There is a static_cast for the handler, and the compiler only performs the
  36 // cast if the first base class is Dispatcher.
  37 class PolicyBase : public Dispatcher, public TargetPolicy {
  38  public:
  39   PolicyBase();
  40
  41   // TargetPolicy:
  42   void AddRef() override;
  43   void Release() override;
  44   ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) override;
  45   TokenLevel GetInitialTokenLevel() const override;
  46   TokenLevel GetLockdownTokenLevel() const override;
  47   ResultCode SetJobLevel(JobLevel job_level, uint32 ui_exceptions) override;
  48   ResultCode SetJobMemoryLimit(size_t memory_limit) override;
  49   ResultCode SetAlternateDesktop(bool alternate_winstation) override;
  50   base::string16 GetAlternateDesktop() const override;
  51   ResultCode CreateAlternateDesktop(bool alternate_winstation) override;
  52   void DestroyAlternateDesktop() override;
  53   ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override;
  54   IntegrityLevel GetIntegrityLevel() const override;
  55   ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) override;
  56   ResultCode SetAppContainer(const wchar_t* sid) override;
  57   ResultCode SetCapability(const wchar_t* sid) override;
  58   ResultCode SetLowBox(const wchar_t* sid) override;
  59   ResultCode SetProcessMitigations(MitigationFlags flags) override;
  60   MitigationFlags GetProcessMitigations() override;
  61   ResultCode SetDelayedProcessMitigations(MitigationFlags flags) override;
  62   MitigationFlags GetDelayedProcessMitigations() const override;
  63   void SetStrictInterceptions() override;
  64   ResultCode SetStdoutHandle(HANDLE handle) override;
  65   ResultCode SetStderrHandle(HANDLE handle) override;
  66   ResultCode AddRule(SubSystem subsystem,
  67                      Semantics semantics,
  68                      const wchar_t* pattern) override;
  69   ResultCode AddDllToUnload(const wchar_t* dll_name) override;
  70   ResultCode AddKernelObjectToClose(const base::char16* handle_type,
  71                                     const base::char16* handle_name) override;
  72   void* AddHandleToShare(HANDLE handle) override;
  73
  74   // Dispatcher:
  75   Dispatcher* OnMessageReady(IPCParams* ipc,
  76                              CallbackGeneric* callback) override;
  77   bool SetupService(InterceptionManager* manager, int service) override;
  78
  79   // Creates a Job object with the level specified in a previous call to
  80   // SetJobLevel().
  81   ResultCode MakeJobObject(HANDLE* job);
  82
  83   // Creates the two tokens with the levels specified in a previous call to
  84   // SetTokenLevel().
  85   ResultCode MakeTokens(HANDLE* initial, HANDLE* lockdown);
  86
  87   const AppContainerAttributes* GetAppContainer() const;
  88
  89   const PSID GetLowBoxSid() const;
  90
  91   // Adds a target process to the internal list of targets. Internally a
  92   // call to TargetProcess::Init() is issued.
  93   bool AddTarget(TargetProcess* target);
  94
  95   // Called when there are no more active processes in a Job.
  96   // Removes a Job object associated with this policy and the target associated
  97   // with the job.
  98   bool OnJobEmpty(HANDLE job);
  99
 100   EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
 101
 102   HANDLE GetStdoutHandle();
 103   HANDLE GetStderrHandle();
 104
 105   // Returns the list of handles being shared with the target process.
 106   HandleList GetHandlesBeingShared();
 107
 108   // Closes the handles being shared with the target and clears out the list.
 109   void ClearSharedHandles();
 110
 111  private:
 112   ~PolicyBase() override;
 113
 114   // Test IPC providers.
 115   bool Ping(IPCInfo* ipc, void* cookie);
 116
 117   // Returns a dispatcher from ipc_targets_.
 118   Dispatcher* GetDispatcher(int ipc_tag);
 119
 120   // Sets up interceptions for a new target.
 121   bool SetupAllInterceptions(TargetProcess* target);
 122
 123   // Sets up the handle closer for a new target.
 124   bool SetupHandleCloser(TargetProcess* target);
 125
 126   ResultCode AddRuleInternal(SubSystem subsystem,
 127                              Semantics semantics,
 128                              const wchar_t* pattern);
 129
 130   // This lock synchronizes operations on the targets_ collection.
 131   CRITICAL_SECTION lock_;
 132   // Maintains the list of target process associated with this policy.
 133   // The policy takes ownership of them.
 134   typedef std::list<TargetProcess*> TargetSet;
 135   TargetSet targets_;
 136   // Standard object-lifetime reference counter.
 137   volatile LONG ref_count;
 138   // The user-defined global policy settings.
 139   TokenLevel lockdown_level_;
 140   TokenLevel initial_level_;
 141   JobLevel job_level_;
 142   uint32 ui_exceptions_;
 143   size_t memory_limit_;
 144   bool use_alternate_desktop_;
 145   bool use_alternate_winstation_;
 146   // Helps the file system policy initialization.
 147   bool file_system_init_;
 148   bool relaxed_interceptions_;
 149   HANDLE stdout_handle_;
 150   HANDLE stderr_handle_;
 151   IntegrityLevel integrity_level_;
 152   IntegrityLevel delayed_integrity_level_;
 153   MitigationFlags mitigations_;
 154   MitigationFlags delayed_mitigations_;
 155   // The array of objects that will answer IPC calls.
 156   Dispatcher* ipc_targets_[IPC_LAST_TAG];
 157   // Object in charge of generating the low level policy.
 158   LowLevelPolicy* policy_maker_;
 159   // Memory structure that stores the low level policy.
 160   PolicyGlobal* policy_;
 161   // The list of dlls to unload in the target process.
 162   std::vector<base::string16> blacklisted_dlls_;
 163   // This is a map of handle-types to names that we need to close in the
 164   // target process. A null set means we need to close all handles of the
 165   // given type.
 166   HandleCloser handle_closer_;
 167   std::vector<base::string16> capabilities_;
 168   scoped_ptr<AppContainerAttributes> appcontainer_list_;
 169   PSID lowbox_sid_;
 170
 171   static HDESK alternate_desktop_handle_;
 172   static HWINSTA alternate_winstation_handle_;
 173   static IntegrityLevel alternate_desktop_integrity_level_label_;
 174
 175   // Contains the list of handles being shared with the target process.
 176   // This list contains handles other than the stderr/stdout handles which are
 177   // shared with the target at times.
 178   std::vector<HANDLE> handles_to_share_;
 179
 180   DISALLOW_COPY_AND_ASSIGN(PolicyBase);
 181 };
 182
 183 }  // namespace sandbox
 184
 185 #endif  // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_