diff options
author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-18 20:59:35 +0000 |
---|---|---|
committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-18 20:59:35 +0000 |
commit | 404fbfc12f85014f70e1de7958aad0d0f67aa214 (patch) | |
tree | 4f2fea186cd0ceaa318752629168fe1b36f42aa3 /sandbox/src/sandbox_policy_base.h | |
parent | 0a34b6aaf62824ad6dd176402f7ef175de181a1f (diff) | |
download | chromium_src-404fbfc12f85014f70e1de7958aad0d0f67aa214.zip chromium_src-404fbfc12f85014f70e1de7958aad0d0f67aa214.tar.gz chromium_src-404fbfc12f85014f70e1de7958aad0d0f67aa214.tar.bz2 |
Add a sandbox API to allow closing open handles at lockdown.
BUG=58069
BUG=74242
TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.*
Review URL: http://codereview.chromium.org/7253054
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92887 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/src/sandbox_policy_base.h')
-rw-r--r-- | sandbox/src/sandbox_policy_base.h | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/sandbox/src/sandbox_policy_base.h b/sandbox/src/sandbox_policy_base.h index 6294ed8..b9afc6e 100644 --- a/sandbox/src/sandbox_policy_base.h +++ b/sandbox/src/sandbox_policy_base.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -7,15 +7,17 @@ #include <windows.h> #include <list> +#include <vector> #include "base/basictypes.h" +#include "base/string16.h" +#include "sandbox/src/crosscall_server.h" +#include "sandbox/src/handle_closer.h" #include "sandbox/src/ipc_tags.h" +#include "sandbox/src/policy_engine_opcodes.h" +#include "sandbox/src/policy_engine_params.h" #include "sandbox/src/sandbox_policy.h" #include "sandbox/src/win_utils.h" -#include "sandbox/src/crosscall_server.h" - -#include "sandbox/src/policy_engine_params.h" -#include "sandbox/src/policy_engine_opcodes.h" namespace sandbox { @@ -100,6 +102,11 @@ class PolicyBase : public Dispatcher, public TargetPolicy { return SBOX_ALL_OK; } + virtual ResultCode AddKernelObjectToClose(const char16* handle_type, + const char16* handle_name) { + return handle_closer_.AddHandle(handle_type, handle_name); + } + // Creates a Job object with the level specified in a previous call to // SetJobLevel(). Returns the standard windows of ::GetLastError(). DWORD MakeJobObject(HANDLE* job); @@ -134,6 +141,9 @@ class PolicyBase : public Dispatcher, public TargetPolicy { // Sets up interceptions for a new target. bool SetupAllInterceptions(TargetProcess* target); + // Sets up the handle closer for a new target. + bool SetupHandleCloser(TargetProcess* target); + // This lock synchronizes operations on the targets_ collection. CRITICAL_SECTION lock_; // Maintains the list of target process associated with this policy. @@ -163,6 +173,10 @@ class PolicyBase : public Dispatcher, public TargetPolicy { bool relaxed_interceptions_; // The list of dlls to unload in the target process. std::vector<std::wstring> blacklisted_dlls_; + // This is a map of handle-types to names that we need to close in the + // target process. A null set means we need to close all handles of the + // given type. + HandleCloser handle_closer_; static HDESK alternate_desktop_handle_; static HWINSTA alternate_winstation_handle_; |