diff options
Diffstat (limited to 'sandbox/src/sandbox_policy_base.h')
| -rw-r--r-- | sandbox/src/sandbox_policy_base.h | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/sandbox/src/sandbox_policy_base.h b/sandbox/src/sandbox_policy_base.h new file mode 100644 index 0000000..c0424a3a --- /dev/null +++ b/sandbox/src/sandbox_policy_base.h @@ -0,0 +1,176 @@ +// Copyright 2008, Google Inc. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#ifndef SANDBOX_SRC_SANDBOX_POLICY_BASE_H__ +#define SANDBOX_SRC_SANDBOX_POLICY_BASE_H__ + +#include <Windows.h> +#include <list> + +#include "base/basictypes.h" +#include "base/logging.h" +#include "sandbox/src/ipc_tags.h" +#include "sandbox/src/sandbox_policy.h" +#include "sandbox/src/win_utils.h" +#include "sandbox/src/crosscall_server.h" + +#include "sandbox/src/policy_engine_params.h" +#include "sandbox/src/policy_engine_opcodes.h" + +namespace sandbox { + +class TargetProcess; +class PolicyRule; +class LowLevelPolicy; +struct PolicyGlobal; + +// We act as a policy dispatcher, implementing the handler for the "ping" IPC, +// so we have to provide the appropriate handler on the OnMessageReady method. +// There is a static_cast for the handler, and the compiler only performs the +// cast if the first base class is Dispatcher. +class PolicyBase : public Dispatcher, public TargetPolicy { + public: + PolicyBase(); + ~PolicyBase(); + + virtual void AddRef() { + ::InterlockedIncrement(&ref_count); + } + + virtual void Release() { + if (0 == ::InterlockedDecrement(&ref_count)) + delete this; + } + + virtual ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) { + if (initial < lockdown) { + return SBOX_ERROR_BAD_PARAMS; + } + initial_level_ = initial; + lockdown_level_ = lockdown; + return SBOX_ALL_OK; + } + + virtual ResultCode SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { + job_level_ = job_level; + ui_exceptions_ = ui_exceptions; + return SBOX_ALL_OK; + } + + virtual ResultCode SetDesktop(const wchar_t* desktop) { + desktop_ = desktop; + return SBOX_ALL_OK; + } + + virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) { + integrity_level_ = integrity_level; + return SBOX_ALL_OK; + } + + virtual ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) { + delayed_integrity_level_ = integrity_level; + return SBOX_ALL_OK; + } + + virtual void SetStrictInterceptions() { + relaxed_interceptions_ = false; + } + + virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, + const wchar_t* pattern); + + std::wstring GetDesktop() const { + return desktop_; + } + + // Creates a Job object with the level specified in a previous call to + // SetJobLevel(). Returns the standard windows of ::GetLastError(). + DWORD MakeJobObject(HANDLE* job); + // Creates the two tokens with the levels specified in a previous call to + // SetTokenLevel(). Returns the standard windows of ::GetLastError(). + DWORD MakeTokens(HANDLE* initial, HANDLE* lockdown); + // Adds a target process to the internal list of targets. Internally a + // call to TargetProcess::Init() is issued. + bool AddTarget(TargetProcess* target); + // Called when there are no more active processes in a Job. + // Removes a Job object associated with this policy and the target associated + // with the job. + bool OnJobEmpty(HANDLE job); + + // Overrides Dispatcher::OnMessageReady. + virtual Dispatcher* OnMessageReady(IPCParams* ipc, CallbackGeneric* callback); + + // Dispatcher interface. + virtual bool SetupService(InterceptionManager* manager, int service); + + virtual EvalResult EvalPolicy(int service, CountedParameterSetBase* params); + + private: + // Test IPC providers. + bool Ping(IPCInfo* ipc, void* cookie); + + // Returns a dispatcher from ipc_targets_. + Dispatcher* GetDispatcher(int ipc_tag); + + // Sets up interceptions for a new target. + bool SetupAllInterceptions(TargetProcess* target); + + // This lock synchronizes operations on the targets_ collection. + CRITICAL_SECTION lock_; + // Maintains the list of target process associated with this policy. + // The policy takes ownership of them. + typedef std::list<TargetProcess*> TargetSet; + TargetSet targets_; + // Standard object-lifetime reference counter. + volatile LONG ref_count; + // The user-defined global policy settings. + TokenLevel lockdown_level_; + TokenLevel initial_level_; + JobLevel job_level_; + uint32 ui_exceptions_; + std::wstring desktop_; + IntegrityLevel integrity_level_; + IntegrityLevel delayed_integrity_level_; + // The array of objects that will answer IPC calls. + Dispatcher* ipc_targets_[IPC_LAST_TAG]; + // Object in charge of generating the low level policy. + LowLevelPolicy* policy_maker_; + // Memory structure that stores the low level policy. + PolicyGlobal* policy_; + // Helps the file system policy initialization. + bool file_system_init_; + // Operation mode for the interceptions. + bool relaxed_interceptions_; + + DISALLOW_EVIL_CONSTRUCTORS(PolicyBase); +}; + +} // namespace sandbox + +#endif // SANDBOX_SRC_SANDBOX_POLICY_BASE_H__ |