Add a sandbox API for broker handle duplication

BUG=119250 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=129627 Review URL: https://chromiumcodereview.appspot.com/9838083 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130029 0039d316-1c4b-4281-b951-d872f2087c98
author: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-03-31 02:12:33 +0000
committer: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-03-31 02:12:33 +0000
commit: 6a7da76aba9584bed52f91689fd59ac1807fb2d4 (patch)
tree: 525c6d1da7936adf18ecb2d8ea96b0dc02f5b070 /content/common/sandbox_policy.cc
parent: 42693665321217849740a80166d559367b852c97 (diff)
download: chromium_src-6a7da76aba9584bed52f91689fd59ac1807fb2d4.zip
chromium_src-6a7da76aba9584bed52f91689fd59ac1807fb2d4.tar.gz
chromium_src-6a7da76aba9584bed52f91689fd59ac1807fb2d4.tar.bz2
1 files changed, 61 insertions, 6 deletions
diff --git a/content/common/sandbox_policy.cc b/content/common/sandbox_policy.cc
index dc98fc0..01eeaef 100644
--- a/content/common/sandbox_policy.cc
+++ b/content/common/sandbox_policy.cc
@@ -15,6 +15,7 @@
 #include "base/process_util.h"
 #include "base/stringprintf.h"
 #include "base/string_util.h"
+#include "base/win/scoped_handle.h"
 #include "base/win/windows_version.h"
 #include "content/common/debug_flags.h"
 #include "content/public/common/content_client.h"
@@ -24,6 +25,7 @@
 #include "ui/gfx/gl/gl_switches.h"
 
 static sandbox::BrokerServices* g_broker_services = NULL;
+static sandbox::TargetServices* g_target_services = NULL;
 
 namespace {
 
@@ -365,7 +367,17 @@ bool AddPolicyForGPU(CommandLine* cmd_line, sandbox::TargetPolicy* policy) {
   return true;
 }
 
-void AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
+bool AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
+  // Renderers need to copy sections for plugin DIBs.
+  sandbox::ResultCode result;
+  result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
+                           sandbox::TargetPolicy::HANDLES_DUP_ANY,
+                           L"Section");
+  if (result != sandbox::SBOX_ALL_OK) {
+    NOTREACHED();
+    return false;
+  }
+
   policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0);
 
   sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
@@ -386,6 +398,8 @@ void AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
   }
 
   AddGenericDllEvictionPolicy(policy);
+
+  return true;
 }
 
 // The Pepper process as locked-down as a renderer execpt that it can
@@ -399,23 +413,63 @@ bool AddPolicyForPepperPlugin(sandbox::TargetPolicy* policy) {
     NOTREACHED();
     return false;
   }
-  AddPolicyForRenderer(policy);
-  return true;
+  return AddPolicyForRenderer(policy);
 }
 
 }  // namespace
 
 namespace sandbox {
 
-void InitBrokerServices(sandbox::BrokerServices* broker_services) {
+bool InitBrokerServices(sandbox::BrokerServices* broker_services) {
   // TODO(abarth): DCHECK(CalledOnValidThread());
   //               See <http://b/1287166>.
   DCHECK(broker_services);
   DCHECK(!g_broker_services);
-  broker_services->Init();
+  sandbox::ResultCode result = broker_services->Init();
   g_broker_services = broker_services;
+  return SBOX_ALL_OK == result;
 }
 
+bool InitTargetServices(sandbox::TargetServices* target_services) {
+  DCHECK(target_services);
+  DCHECK(!g_target_services);
+  sandbox::ResultCode result = target_services->Init();
+  g_target_services = target_services;
+  return SBOX_ALL_OK == result;
+}
+
+bool BrokerDuplicateHandle(HANDLE source_handle,
+                           DWORD target_process_id,
+                           HANDLE* target_handle,
+                           DWORD desired_access,
+                           DWORD options) {
+  // Just use DuplicateHandle() if we aren't in the sandbox.
+  if (!g_target_services) {
+    base::win::ScopedHandle target_process(::OpenProcess(PROCESS_DUP_HANDLE,
+                                                         FALSE,
+                                                         target_process_id));
+    if (!target_process.IsValid())
+      return false;
+
+    if (!::DuplicateHandle(::GetCurrentProcess(), source_handle,
+                           target_process, target_handle,
+                           desired_access, FALSE,
+                           options)) {
+      return false;
+    }
+
+    return true;
+  }
+
+  ResultCode result = g_target_services->DuplicateHandle(source_handle,
+                                                         target_process_id,
+                                                         target_handle,
+                                                         desired_access,
+                                                         options);
+  return SBOX_ALL_OK == result;
+}
+
+
 base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
                                            const FilePath& exposed_dir) {
   base::ProcessHandle process = 0;
@@ -524,7 +578,8 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
     if (!AddPolicyForPepperPlugin(policy))
       return 0;
   } else {
-    AddPolicyForRenderer(policy);
+    if (!AddPolicyForRenderer(policy))
+      return 0;
     // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.
     // Just have to figure out what needs to be warmed up first.
     if (type == content::PROCESS_TYPE_RENDERER ||
author	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-03-31 02:12:33 +0000
committer	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-03-31 02:12:33 +0000
commit	6a7da76aba9584bed52f91689fd59ac1807fb2d4 (patch)
tree	525c6d1da7936adf18ecb2d8ea96b0dc02f5b070 /content/common/sandbox_policy.cc
parent	42693665321217849740a80166d559367b852c97 (diff)
download	chromium_src-6a7da76aba9584bed52f91689fd59ac1807fb2d4.zip chromium_src-6a7da76aba9584bed52f91689fd59ac1807fb2d4.tar.gz chromium_src-6a7da76aba9584bed52f91689fd59ac1807fb2d4.tar.bz2