OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "sandbox/src/handle_dispatcher.h" |
| 6 |
| 7 #include "base/win/scoped_handle.h" |
| 8 #include "sandbox/src/handle_interception.h" |
| 9 #include "sandbox/src/handle_policy.h" |
| 10 #include "sandbox/src/ipc_tags.h" |
| 11 #include "sandbox/src/policy_broker.h" |
| 12 #include "sandbox/src/policy_params.h" |
| 13 #include "sandbox/src/sandbox.h" |
| 14 #include "sandbox/src/sandbox_nt_util.h" |
| 15 #include "sandbox/src/sandbox_types.h" |
| 16 #include "sandbox/src/sandbox_utils.h" |
| 17 |
| 18 namespace sandbox { |
| 19 |
| 20 HandleDispatcher::HandleDispatcher(PolicyBase* policy_base) |
| 21 : policy_base_(policy_base) { |
| 22 |
| 23 static const IPCCall duplicate_handle_proxy = { |
| 24 {IPC_DUPLICATEHANDLEPROXY_TAG, VOIDPTR_TYPE, ULONG_TYPE, ULONG_TYPE, |
| 25 ULONG_TYPE, ULONG_TYPE}, |
| 26 reinterpret_cast<CallbackGeneric>(&HandleDispatcher::DuplicateHandleProxy) |
| 27 }; |
| 28 |
| 29 ipc_calls_.push_back(duplicate_handle_proxy); |
| 30 } |
| 31 |
| 32 bool HandleDispatcher::SetupService(InterceptionManager* manager, |
| 33 int service) { |
| 34 // We perform no interceptions for handles right now. |
| 35 switch (service) { |
| 36 case IPC_DUPLICATEHANDLEPROXY_TAG: |
| 37 return true; |
| 38 } |
| 39 |
| 40 return false; |
| 41 } |
| 42 |
| 43 bool HandleDispatcher::DuplicateHandleProxy(IPCInfo* ipc, |
| 44 HANDLE source_handle, |
| 45 DWORD target_process_id, |
| 46 DWORD desired_access, |
| 47 BOOL inherit_handle, |
| 48 DWORD options) { |
| 49 NTSTATUS error; |
| 50 static NtQueryObject QueryObject = NULL; |
| 51 if (!QueryObject) |
| 52 ResolveNTFunctionPtr("NtQueryObject", &QueryObject); |
| 53 |
| 54 // Get a copy of the handle for use in the broker process. |
| 55 base::win::ScopedHandle handle; |
| 56 if (!::DuplicateHandle(ipc->client_info->process, source_handle, |
| 57 ::GetCurrentProcess(), handle.Receive(), |
| 58 0, FALSE, DUPLICATE_SAME_ACCESS)) { |
| 59 ipc->return_info.win32_result = ::GetLastError(); |
| 60 return false; |
| 61 } |
| 62 |
| 63 // Get the object type (32 characters is safe; current max is 14). |
| 64 BYTE buffer[sizeof(OBJECT_TYPE_INFORMATION) + 32 * sizeof(wchar_t)]; |
| 65 OBJECT_TYPE_INFORMATION* type_info = |
| 66 reinterpret_cast<OBJECT_TYPE_INFORMATION*>(buffer); |
| 67 ULONG size = sizeof(buffer) - sizeof(wchar_t); |
| 68 error = QueryObject(handle, ObjectTypeInformation, type_info, size, &size); |
| 69 if (!NT_SUCCESS(error)) { |
| 70 ipc->return_info.win32_result = error; |
| 71 return false; |
| 72 } |
| 73 type_info->Name.Buffer[type_info->Name.Length / sizeof(wchar_t)] = L'\0'; |
| 74 |
| 75 CountedParameterSet<NameBased> params; |
| 76 params[NameBased::NAME] = ParamPickerMake(type_info->Name.Buffer); |
| 77 |
| 78 EvalResult eval = policy_base_->EvalPolicy(IPC_DUPLICATEHANDLEPROXY_TAG, |
| 79 params.GetBase()); |
| 80 ipc->return_info.win32_result = |
| 81 HandlePolicy::DuplicateHandleProxyAction(eval, *ipc->client_info, |
| 82 source_handle, |
| 83 target_process_id, |
| 84 &ipc->return_info.handle, |
| 85 desired_access, |
| 86 inherit_handle, options); |
| 87 return true; |
| 88 } |
| 89 |
| 90 } // namespace sandbox |
| 91 |
OLD | NEW |