Add a sandbox API for broker handle duplication

sandbox/src/sandbox.h

-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Sandbox is a sandbox library for windows processes. Use when you want a
 // 'privileged' process and a 'locked down process' to interact with.
 // The privileged process is called the broker and it is started by external
 // means (such as the user starting it). The 'sandboxed' process is called the
 // target and it is started by the broker. There can be many target processes
 // started by a single broker process. This library provides facilities
 // for both the broker and the target.
@@ skipping 65 matching lines @@
                                  const wchar_t* command_line,
                                  TargetPolicy* policy,
                                  PROCESS_INFORMATION* target) = 0;
 
   // This call blocks (waits) for all the targets to terminate.
   // Returns:
   //   ALL_OK if successful. All other return values imply failure.
   //   If the return is ERROR_GENERIC, you can call ::GetLastError() to get
   //   more information.
   virtual ResultCode WaitForAllTargets() = 0;
+
+  // Checks if the supplied process ID matches one of the broker's active
+  // target processes
+  // Returns:
+  //   true if there is an active target process for this ID, otherwise false.
+  virtual bool IsActiveTarget(DWORD process_id) = 0;

[rvargas (doing something else), 2012/03/27 00:35:33]

In general, this interface is intended for the user, not for internal code.

[jschuh, 2012/03/27 01:36:19]

I exposed it because it seemed generally useful. For example, I used it in the
test code.

 };
 
 // TargetServices models the current process from the perspective
 // of a target process. To obtain a pointer to it use
 // Sandbox::GetTargetServices(). Note that this call returns a non-null
 // pointer only if this process is in fact a target. A process is a target
 // only if the process was spawned by a call to BrokerServices::SpawnTarget().
 //
 // This API allows the target to gain access to resources with a high
 // privilege token and then when it is ready to perform dangerous activities
@@ skipping 22 matching lines @@
 
   // Discards the impersonation token and uses the lower token, call before
   // processing any untrusted data or running third-party code. If this call
   // fails the current process could be terminated immediately.
   virtual void LowerToken() = 0;
 
   // Returns the ProcessState object. Through that object it's possible to have
   // information about the current state of the process, such as whether
   // LowerToken has been called or not.
   virtual ProcessState* GetState() = 0;
+
+  // Requests the broker to duplicate the supplied handle into the target
+  // process. The target process must be an active sandbox child process
+  // and the source process must have a corresponding policy allowing
+  // handle duplication for this object type.
+  // Returns:
+  //   ALL_OK if successful. All other return values imply failure.
+  //   If the return is ERROR_GENERIC, you can call ::GetLastError() to get
+  //   more information.
+  virtual ResultCode DuplicateHandle(HANDLE source_handle,
+                                     DWORD target_process_id,
+                                     HANDLE* target_handle,
+                                     DWORD desired_access,
+                                     BOOL inherit_handle,
+                                     DWORD options) = 0;
 };
 
 }  // namespace sandbox
 
 
 #endif  // SANDBOX_SRC_SANDBOX_H__