diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-19 22:21:26 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-19 22:21:26 +0000 |
| commit | d9b5d1768be62ec8584fae70d15d0b902a790abc (patch) | |
| tree | 7bceb03f01ee7839dc04b3553527ee1be1284086 /sandbox/src/sandbox_policy_base.h | |
| parent | e7007a7941e75d985b9b78ef5a80b9743f890809 (diff) | |
| download | chromium_src-d9b5d1768be62ec8584fae70d15d0b902a790abc.zip chromium_src-d9b5d1768be62ec8584fae70d15d0b902a790abc.tar.gz chromium_src-d9b5d1768be62ec8584fae70d15d0b902a790abc.tar.bz2 | |
Add a sandbox API to allow closing open handles at lockdown.
BUG=58069
BUG=74242
TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.*
Review URL: http://codereview.chromium.org/7253054
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93113 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/src/sandbox_policy_base.h')
| -rw-r--r-- | sandbox/src/sandbox_policy_base.h | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/sandbox/src/sandbox_policy_base.h b/sandbox/src/sandbox_policy_base.h index 6294ed8..b9afc6e 100644 --- a/sandbox/src/sandbox_policy_base.h +++ b/sandbox/src/sandbox_policy_base.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2006-2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -7,15 +7,17 @@ #include <windows.h> #include <list> +#include <vector> #include "base/basictypes.h" +#include "base/string16.h" +#include "sandbox/src/crosscall_server.h" +#include "sandbox/src/handle_closer.h" #include "sandbox/src/ipc_tags.h" +#include "sandbox/src/policy_engine_opcodes.h" +#include "sandbox/src/policy_engine_params.h" #include "sandbox/src/sandbox_policy.h" #include "sandbox/src/win_utils.h" -#include "sandbox/src/crosscall_server.h" - -#include "sandbox/src/policy_engine_params.h" -#include "sandbox/src/policy_engine_opcodes.h" namespace sandbox { @@ -100,6 +102,11 @@ class PolicyBase : public Dispatcher, public TargetPolicy { return SBOX_ALL_OK; } + virtual ResultCode AddKernelObjectToClose(const char16* handle_type, + const char16* handle_name) { + return handle_closer_.AddHandle(handle_type, handle_name); + } + // Creates a Job object with the level specified in a previous call to // SetJobLevel(). Returns the standard windows of ::GetLastError(). DWORD MakeJobObject(HANDLE* job); @@ -134,6 +141,9 @@ class PolicyBase : public Dispatcher, public TargetPolicy { // Sets up interceptions for a new target. bool SetupAllInterceptions(TargetProcess* target); + // Sets up the handle closer for a new target. + bool SetupHandleCloser(TargetProcess* target); + // This lock synchronizes operations on the targets_ collection. CRITICAL_SECTION lock_; // Maintains the list of target process associated with this policy. @@ -163,6 +173,10 @@ class PolicyBase : public Dispatcher, public TargetPolicy { bool relaxed_interceptions_; // The list of dlls to unload in the target process. std::vector<std::wstring> blacklisted_dlls_; + // This is a map of handle-types to names that we need to close in the + // target process. A null set means we need to close all handles of the + // given type. + HandleCloser handle_closer_; static HDESK alternate_desktop_handle_; static HWINSTA alternate_winstation_handle_; |