| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef SANDBOX_SRC_TARGET_PROCESS_H__ | |
| 6 #define SANDBOX_SRC_TARGET_PROCESS_H__ | |
| 7 | |
| 8 #include <windows.h> | |
| 9 | |
| 10 #include "base/basictypes.h" | |
| 11 #include "base/memory/scoped_ptr.h" | |
| 12 #include "base/win/scoped_handle.h" | |
| 13 #include "base/win/scoped_process_information.h" | |
| 14 #include "sandbox/src/crosscall_server.h" | |
| 15 #include "sandbox/src/sandbox_types.h" | |
| 16 | |
| 17 namespace sandbox { | |
| 18 | |
| 19 class SharedMemIPCServer; | |
| 20 class ThreadProvider; | |
| 21 | |
| 22 // TargetProcess models a target instance (child process). Objects of this | |
| 23 // class are owned by the Policy used to create them. | |
| 24 class TargetProcess { | |
| 25 public: | |
| 26 // The constructor takes ownership of |initial_token| and |lockdown_token|. | |
| 27 TargetProcess(HANDLE initial_token, HANDLE lockdown_token, HANDLE job, | |
| 28 ThreadProvider* thread_pool); | |
| 29 ~TargetProcess(); | |
| 30 | |
| 31 // TODO(cpu): Currently there does not seem to be a reason to implement | |
| 32 // reference counting for this class since is internal, but kept the | |
| 33 // the same interface so the interception framework does not need to be | |
| 34 // touched at this point. | |
| 35 void AddRef() {} | |
| 36 void Release() {} | |
| 37 | |
| 38 // Creates the new target process. The process is created suspended. | |
| 39 DWORD Create(const wchar_t* exe_path, | |
| 40 const wchar_t* command_line, | |
| 41 const wchar_t* desktop, | |
| 42 base::win::ScopedProcessInformation* target_info); | |
| 43 | |
| 44 // Destroys the target process. | |
| 45 void Terminate(); | |
| 46 | |
| 47 // Creates the IPC objects such as the BrokerDispatcher and the | |
| 48 // IPC server. The IPC server uses the services of the thread_pool. | |
| 49 DWORD Init(Dispatcher* ipc_dispatcher, void* policy, | |
| 50 uint32 shared_IPC_size, uint32 shared_policy_size); | |
| 51 | |
| 52 // Returns the handle to the target process. | |
| 53 HANDLE Process() const { | |
| 54 return sandbox_process_info_.process_handle(); | |
| 55 } | |
| 56 | |
| 57 // Returns the handle to the job object that the target process belongs to. | |
| 58 HANDLE Job() const { | |
| 59 return job_; | |
| 60 } | |
| 61 | |
| 62 // Returns the address of the target main exe. This is used by the | |
| 63 // interceptions framework. | |
| 64 HMODULE MainModule() const { | |
| 65 return reinterpret_cast<HMODULE>(base_address_); | |
| 66 } | |
| 67 | |
| 68 // Returns the name of the executable. | |
| 69 const wchar_t* Name() const { | |
| 70 return exe_name_.get(); | |
| 71 } | |
| 72 | |
| 73 // Returns the process id. | |
| 74 DWORD ProcessId() const { | |
| 75 return sandbox_process_info_.process_id(); | |
| 76 } | |
| 77 | |
| 78 // Returns the handle to the main thread. | |
| 79 HANDLE MainThread() const { | |
| 80 return sandbox_process_info_.thread_handle(); | |
| 81 } | |
| 82 | |
| 83 // Transfers a 32-bit variable between the broker and the target. | |
| 84 ResultCode TransferVariable(const char* name, void* address, size_t size); | |
| 85 | |
| 86 private: | |
| 87 // Details of the target process. | |
| 88 base::win::ScopedProcessInformation sandbox_process_info_; | |
| 89 // The token associated with the process. It provides the core of the | |
| 90 // sbox security. | |
| 91 base::win::ScopedHandle lockdown_token_; | |
| 92 // The token given to the initial thread so that the target process can | |
| 93 // start. It has more powers than the lockdown_token. | |
| 94 base::win::ScopedHandle initial_token_; | |
| 95 // Kernel handle to the shared memory used by the IPC server. | |
| 96 base::win::ScopedHandle shared_section_; | |
| 97 // Job object containing the target process. | |
| 98 HANDLE job_; | |
| 99 // Reference to the IPC subsystem. | |
| 100 scoped_ptr<SharedMemIPCServer> ipc_server_; | |
| 101 // Provides the threads used by the IPC. This class does not own this pointer. | |
| 102 ThreadProvider* thread_pool_; | |
| 103 // Base address of the main executable | |
| 104 void* base_address_; | |
| 105 // Full name of the target executable. | |
| 106 scoped_ptr_malloc<wchar_t> exe_name_; | |
| 107 | |
| 108 // Function used for testing. | |
| 109 friend TargetProcess* MakeTestTargetProcess(HANDLE process, | |
| 110 HMODULE base_address); | |
| 111 | |
| 112 DISALLOW_IMPLICIT_CONSTRUCTORS(TargetProcess); | |
| 113 }; | |
| 114 | |
| 115 // Creates a mock TargetProcess used for testing interceptions. | |
| 116 // TODO(cpu): It seems that this method is not going to be used anymore. | |
| 117 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address); | |
| 118 | |
| 119 | |
| 120 } // namespace sandbox | |
| 121 | |
| 122 #endif // SANDBOX_SRC_TARGET_PROCESS_H__ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10783004:
Move Windows Sandbox, trybots version (don't commit me!) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src