| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
| 11 #include "sandbox/win/src/app_container.h" | 11 #include "sandbox/win/src/app_container.h" |
| 12 #include "sandbox/win/src/filesystem_dispatcher.h" | 12 #include "sandbox/win/src/filesystem_dispatcher.h" |
| 13 #include "sandbox/win/src/filesystem_policy.h" | 13 #include "sandbox/win/src/filesystem_policy.h" |
| 14 #include "sandbox/win/src/handle_dispatcher.h" | 14 #include "sandbox/win/src/handle_dispatcher.h" |
| 15 #include "sandbox/win/src/handle_policy.h" | 15 #include "sandbox/win/src/handle_policy.h" |
| 16 #include "sandbox/win/src/job.h" | 16 #include "sandbox/win/src/job.h" |
| 17 #include "sandbox/win/src/interception.h" | 17 #include "sandbox/win/src/interception.h" |
| 18 #include "sandbox/win/src/process_mitigations.h" | |
| 19 #include "sandbox/win/src/named_pipe_dispatcher.h" | 18 #include "sandbox/win/src/named_pipe_dispatcher.h" |
| 20 #include "sandbox/win/src/named_pipe_policy.h" | 19 #include "sandbox/win/src/named_pipe_policy.h" |
| 21 #include "sandbox/win/src/policy_broker.h" | 20 #include "sandbox/win/src/policy_broker.h" |
| 22 #include "sandbox/win/src/policy_engine_processor.h" | 21 #include "sandbox/win/src/policy_engine_processor.h" |
| 23 #include "sandbox/win/src/policy_low_level.h" | 22 #include "sandbox/win/src/policy_low_level.h" |
| 24 #include "sandbox/win/src/process_thread_dispatcher.h" | 23 #include "sandbox/win/src/process_thread_dispatcher.h" |
| 25 #include "sandbox/win/src/process_thread_policy.h" | 24 #include "sandbox/win/src/process_thread_policy.h" |
| 26 #include "sandbox/win/src/registry_dispatcher.h" | 25 #include "sandbox/win/src/registry_dispatcher.h" |
| 27 #include "sandbox/win/src/registry_policy.h" | 26 #include "sandbox/win/src/registry_policy.h" |
| 28 #include "sandbox/win/src/restricted_token_utils.h" | 27 #include "sandbox/win/src/restricted_token_utils.h" |
| (...skipping 18 matching lines...) Expand all Loading... |
| 47 memset(mem, 0, kTotalPolicySz); | 46 memset(mem, 0, kTotalPolicySz); |
| 48 sandbox::PolicyGlobal* policy = reinterpret_cast<sandbox::PolicyGlobal*>(mem); | 47 sandbox::PolicyGlobal* policy = reinterpret_cast<sandbox::PolicyGlobal*>(mem); |
| 49 policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal); | 48 policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal); |
| 50 return policy; | 49 return policy; |
| 51 } | 50 } |
| 52 } | 51 } |
| 53 | 52 |
| 54 namespace sandbox { | 53 namespace sandbox { |
| 55 | 54 |
| 56 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; | 55 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; |
| 57 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; | |
| 58 | 56 |
| 59 // Initializes static members. | 57 // Initializes static members. |
| 60 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; | 58 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; |
| 61 HDESK PolicyBase::alternate_desktop_handle_ = NULL; | 59 HDESK PolicyBase::alternate_desktop_handle_ = NULL; |
| 62 | 60 |
| 63 PolicyBase::PolicyBase() | 61 PolicyBase::PolicyBase() |
| 64 : ref_count(1), | 62 : ref_count(1), |
| 65 lockdown_level_(USER_LOCKDOWN), | 63 lockdown_level_(USER_LOCKDOWN), |
| 66 initial_level_(USER_LOCKDOWN), | 64 initial_level_(USER_LOCKDOWN), |
| 67 job_level_(JOB_LOCKDOWN), | 65 job_level_(JOB_LOCKDOWN), |
| 68 ui_exceptions_(0), | 66 ui_exceptions_(0), |
| 69 use_alternate_desktop_(false), | 67 use_alternate_desktop_(false), |
| 70 use_alternate_winstation_(false), | 68 use_alternate_winstation_(false), |
| 71 file_system_init_(false), | 69 file_system_init_(false), |
| 72 relaxed_interceptions_(true), | 70 relaxed_interceptions_(true), |
| 73 integrity_level_(INTEGRITY_LEVEL_LAST), | 71 integrity_level_(INTEGRITY_LEVEL_LAST), |
| 74 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), | 72 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), |
| 75 mitigations_(0), | |
| 76 delayed_mitigations_(0), | |
| 77 policy_maker_(NULL), | 73 policy_maker_(NULL), |
| 78 policy_(NULL) { | 74 policy_(NULL) { |
| 79 ::InitializeCriticalSection(&lock_); | 75 ::InitializeCriticalSection(&lock_); |
| 80 // Initialize the IPC dispatcher array. | 76 // Initialize the IPC dispatcher array. |
| 81 memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); | 77 memset(&ipc_targets_, NULL, sizeof(ipc_targets_)); |
| 82 Dispatcher* dispatcher = NULL; | 78 Dispatcher* dispatcher = NULL; |
| 83 | 79 |
| 84 dispatcher = new FilesystemDispatcher(this); | 80 dispatcher = new FilesystemDispatcher(this); |
| 85 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; | 81 ipc_targets_[IPC_NTCREATEFILE_TAG] = dispatcher; |
| 86 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; | 82 ipc_targets_[IPC_NTOPENFILE_TAG] = dispatcher; |
| (...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 273 return rv; | 269 return rv; |
| 274 | 270 |
| 275 return SBOX_ALL_OK; | 271 return SBOX_ALL_OK; |
| 276 } | 272 } |
| 277 | 273 |
| 278 ResultCode PolicyBase::SetCapability(const wchar_t* sid) { | 274 ResultCode PolicyBase::SetCapability(const wchar_t* sid) { |
| 279 capabilities_.push_back(sid); | 275 capabilities_.push_back(sid); |
| 280 return SBOX_ALL_OK; | 276 return SBOX_ALL_OK; |
| 281 } | 277 } |
| 282 | 278 |
| 283 ResultCode PolicyBase::SetProcessMitigations( | |
| 284 MitigationFlags flags) { | |
| 285 if (!CanSetProcessMitigationsPreStartup(flags)) | |
| 286 return SBOX_ERROR_BAD_PARAMS; | |
| 287 mitigations_ = flags; | |
| 288 return SBOX_ALL_OK; | |
| 289 } | |
| 290 | |
| 291 MitigationFlags PolicyBase::GetProcessMitigations() { | |
| 292 return mitigations_; | |
| 293 } | |
| 294 | |
| 295 ResultCode PolicyBase::SetDelayedProcessMitigations( | |
| 296 MitigationFlags flags) { | |
| 297 if (!CanSetProcessMitigationsPostStartup(flags)) | |
| 298 return SBOX_ERROR_BAD_PARAMS; | |
| 299 delayed_mitigations_ = flags; | |
| 300 return SBOX_ALL_OK; | |
| 301 } | |
| 302 | |
| 303 MitigationFlags PolicyBase::GetDelayedProcessMitigations() { | |
| 304 return delayed_mitigations_; | |
| 305 } | |
| 306 | |
| 307 void PolicyBase::SetStrictInterceptions() { | 279 void PolicyBase::SetStrictInterceptions() { |
| 308 relaxed_interceptions_ = false; | 280 relaxed_interceptions_ = false; |
| 309 } | 281 } |
| 310 | 282 |
| 311 ResultCode PolicyBase::AddRule(SubSystem subsystem, Semantics semantics, | 283 ResultCode PolicyBase::AddRule(SubSystem subsystem, Semantics semantics, |
| 312 const wchar_t* pattern) { | 284 const wchar_t* pattern) { |
| 313 if (NULL == policy_) { | 285 if (NULL == policy_) { |
| 314 policy_ = MakeBrokerPolicyMemory(); | 286 policy_ = MakeBrokerPolicyMemory(); |
| 315 DCHECK(policy_); | 287 DCHECK(policy_); |
| 316 policy_maker_ = new LowLevelPolicy(policy_); | 288 policy_maker_ = new LowLevelPolicy(policy_); |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 471 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) | 443 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) |
| 472 return NULL; | 444 return NULL; |
| 473 | 445 |
| 474 return appcontainer_list_.get(); | 446 return appcontainer_list_.get(); |
| 475 } | 447 } |
| 476 | 448 |
| 477 bool PolicyBase::AddTarget(TargetProcess* target) { | 449 bool PolicyBase::AddTarget(TargetProcess* target) { |
| 478 if (NULL != policy_) | 450 if (NULL != policy_) |
| 479 policy_maker_->Done(); | 451 policy_maker_->Done(); |
| 480 | 452 |
| 481 if (!ApplyProcessMitigationsToSuspendedProcess(target->Process(), | |
| 482 mitigations_)) { | |
| 483 return false; | |
| 484 } | |
| 485 | |
| 486 if (!SetupAllInterceptions(target)) | 453 if (!SetupAllInterceptions(target)) |
| 487 return false; | 454 return false; |
| 488 | 455 |
| 489 if (!SetupHandleCloser(target)) | 456 if (!SetupHandleCloser(target)) |
| 490 return false; | 457 return false; |
| 491 | 458 |
| 492 // Initialize the sandbox infrastructure for the target. | 459 // Initialize the sandbox infrastructure for the target. |
| 493 if (ERROR_SUCCESS != target->Init(this, policy_, kIPCMemSize, kPolMemSize)) | 460 if (ERROR_SUCCESS != target->Init(this, policy_, kIPCMemSize, kPolMemSize)) |
| 494 return false; | 461 return false; |
| 495 | 462 |
| 496 g_shared_delayed_integrity_level = delayed_integrity_level_; | 463 g_shared_delayed_integrity_level = delayed_integrity_level_; |
| 497 ResultCode ret = target->TransferVariable( | 464 ResultCode ret = target->TransferVariable( |
| 498 "g_shared_delayed_integrity_level", | 465 "g_shared_delayed_integrity_level", |
| 499 &g_shared_delayed_integrity_level, | 466 &g_shared_delayed_integrity_level, |
| 500 sizeof(g_shared_delayed_integrity_level)); | 467 sizeof(g_shared_delayed_integrity_level)); |
| 501 g_shared_delayed_integrity_level = INTEGRITY_LEVEL_LAST; | 468 g_shared_delayed_integrity_level = INTEGRITY_LEVEL_LAST; |
| 502 if (SBOX_ALL_OK != ret) | 469 if (SBOX_ALL_OK != ret) |
| 503 return false; | 470 return false; |
| 504 | 471 |
| 505 // Add in delayed mitigations and pseudo-mitigations enforced at startup. | |
| 506 g_shared_delayed_mitigations = delayed_mitigations_ | | |
| 507 FilterPostStartupProcessMitigations(mitigations_); | |
| 508 if (!CanSetProcessMitigationsPostStartup(g_shared_delayed_mitigations)) | |
| 509 return false; | |
| 510 | |
| 511 ret = target->TransferVariable("g_shared_delayed_mitigations", | |
| 512 &g_shared_delayed_mitigations, | |
| 513 sizeof(g_shared_delayed_mitigations)); | |
| 514 g_shared_delayed_mitigations = 0; | |
| 515 if (SBOX_ALL_OK != ret) | |
| 516 return false; | |
| 517 | |
| 518 AutoLock lock(&lock_); | 472 AutoLock lock(&lock_); |
| 519 targets_.push_back(target); | 473 targets_.push_back(target); |
| 520 return true; | 474 return true; |
| 521 } | 475 } |
| 522 | 476 |
| 523 bool PolicyBase::OnJobEmpty(HANDLE job) { | 477 bool PolicyBase::OnJobEmpty(HANDLE job) { |
| 524 AutoLock lock(&lock_); | 478 AutoLock lock(&lock_); |
| 525 TargetSet::iterator it; | 479 TargetSet::iterator it; |
| 526 for (it = targets_.begin(); it != targets_.end(); ++it) { | 480 for (it = targets_.begin(); it != targets_.end(); ++it) { |
| 527 if ((*it)->Job() == job) | 481 if ((*it)->Job() == job) |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 624 | 578 |
| 625 // Finally, setup imports on the target so the interceptions can work. | 579 // Finally, setup imports on the target so the interceptions can work. |
| 626 return SetupNtdllImports(target); | 580 return SetupNtdllImports(target); |
| 627 } | 581 } |
| 628 | 582 |
| 629 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 583 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
| 630 return handle_closer_.InitializeTargetHandles(target); | 584 return handle_closer_.InitializeTargetHandles(target); |
| 631 } | 585 } |
| 632 | 586 |
| 633 } // namespace sandbox | 587 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10907217:
Revert 156550 - Add sandbox support for Windows process mitigations (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/