// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sandbox/src/restricted_token_utils.h" // launcher.exe is an application used to launch another application with a // restricted token. This is to be used for testing only. // The parameters are the level of security of the primary token, the // impersonation token and the job object along with the command line to // execute. // See the usage (launcher.exe without parameters) for the correct format. #define PARAM_IS(y) (argc > i) && (_wcsicmp(argv[i], y) == 0) void PrintUsage(const wchar_t *application_name) { wprintf(L"\n\nUsage: \n %ls --main level --init level --job level cmd_line ", application_name); wprintf(L"\n\n Levels : \n\tLOCKDOWN \n\tRESTRICTED " L"\n\tLIMITED_USER \n\tINTERACTIVE_USER \n\tNON_ADMIN \n\tUNPROTECTED"); wprintf(L"\n\n main: Security level of the main token"); wprintf(L"\n init: Security level of the impersonation token"); wprintf(L"\n job: Security level of the job object"); } bool GetTokenLevelFromString(const wchar_t *param, sandbox::TokenLevel* level) { if (_wcsicmp(param, L"LOCKDOWN") == 0) { *level = sandbox::USER_LOCKDOWN; } else if (_wcsicmp(param, L"RESTRICTED") == 0) { *level = sandbox::USER_RESTRICTED; } else if (_wcsicmp(param, L"LIMITED_USER") == 0) { *level = sandbox::USER_LIMITED; } else if (_wcsicmp(param, L"INTERACTIVE_USER") == 0) { *level = sandbox::USER_INTERACTIVE; } else if (_wcsicmp(param, L"NON_ADMIN") == 0) { *level = sandbox::USER_NON_ADMIN; } else if (_wcsicmp(param, L"USER_RESTRICTED_SAME_ACCESS") == 0) { *level = sandbox::USER_RESTRICTED_SAME_ACCESS; } else if (_wcsicmp(param, L"UNPROTECTED") == 0) { *level = sandbox::USER_UNPROTECTED; } else { return false; } return true; } bool GetJobLevelFromString(const wchar_t *param, sandbox::JobLevel* level) { if (_wcsicmp(param, L"LOCKDOWN") == 0) { *level = sandbox::JOB_LOCKDOWN; } else if (_wcsicmp(param, L"RESTRICTED") == 0) { *level = sandbox::JOB_RESTRICTED; } else if (_wcsicmp(param, L"LIMITED_USER") == 0) { *level = sandbox::JOB_LIMITED_USER; } else if (_wcsicmp(param, L"INTERACTIVE_USER") == 0) { *level = sandbox::JOB_INTERACTIVE; } else if (_wcsicmp(param, L"NON_ADMIN") == 0) { wprintf(L"\nNON_ADMIN is not a supported job type"); return false; } else if (_wcsicmp(param, L"UNPROTECTED") == 0) { *level = sandbox::JOB_UNPROTECTED; } else { return false; } return true; } int wmain(int argc, wchar_t *argv[]) { // Extract the filename from the path. wchar_t *app_name = wcsrchr(argv[0], L'\\'); if (!app_name) { app_name = argv[0]; } else { app_name++; } // no argument if (argc == 1) { PrintUsage(app_name); return -1; } sandbox::TokenLevel primary_level = sandbox::USER_LOCKDOWN; sandbox::TokenLevel impersonation_level = sandbox::USER_RESTRICTED_SAME_ACCESS; sandbox::JobLevel job_level = sandbox::JOB_LOCKDOWN; ATL::CString command_line; // parse command line. for (int i = 1; i < argc; ++i) { if (PARAM_IS(L"--main")) { i++; if (argc > i) { if (!GetTokenLevelFromString(argv[i], &primary_level)) { wprintf(L"\nAbord, Unrecognized main token level \"%ls\"", argv[i]); PrintUsage(app_name); return -1; } } } else if (PARAM_IS(L"--init")) { i++; if (argc > i) { if (!GetTokenLevelFromString(argv[i], &impersonation_level)) { wprintf(L"\nAbord, Unrecognized init token level \"%ls\"", argv[i]); PrintUsage(app_name); return -1; } } } else if (PARAM_IS(L"--job")) { i++; if (argc > i) { if (!GetJobLevelFromString(argv[i], &job_level)) { wprintf(L"\nAbord, Unrecognized job security level \"%ls\"", argv[i]); PrintUsage(app_name); return -1; } } } else { if (command_line.GetLength()) { command_line += L' '; } command_line += argv[i]; } } if (!command_line.GetLength()) { wprintf(L"\nAbord, No command line specified"); PrintUsage(app_name); return -1; } wprintf(L"\nLaunching command line: \"%ls\"\n", command_line.GetBuffer()); HANDLE job_handle; DWORD err_code = sandbox::StartRestrictedProcessInJob( command_line.GetBuffer(), primary_level, impersonation_level, job_level, &job_handle); if (ERROR_SUCCESS != err_code) { wprintf(L"\nAbord, Error %d while launching command line.", err_code); return -1; } wprintf(L"\nPress any key to continue."); while(!_kbhit()) { Sleep(100); } ::CloseHandle(job_handle); return 0; }