OLD | NEW |
1 // Copyright (c) 2006-2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/src/sandbox_policy_base.h" | 5 #include "sandbox/src/sandbox_policy_base.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "sandbox/src/filesystem_dispatcher.h" | 10 #include "sandbox/src/filesystem_dispatcher.h" |
11 #include "sandbox/src/filesystem_policy.h" | 11 #include "sandbox/src/filesystem_policy.h" |
| 12 #include "sandbox/src/handle_dispatcher.h" |
| 13 #include "sandbox/src/handle_policy.h" |
12 #include "sandbox/src/job.h" | 14 #include "sandbox/src/job.h" |
13 #include "sandbox/src/interception.h" | 15 #include "sandbox/src/interception.h" |
14 #include "sandbox/src/named_pipe_dispatcher.h" | 16 #include "sandbox/src/named_pipe_dispatcher.h" |
15 #include "sandbox/src/named_pipe_policy.h" | 17 #include "sandbox/src/named_pipe_policy.h" |
16 #include "sandbox/src/policy_broker.h" | 18 #include "sandbox/src/policy_broker.h" |
17 #include "sandbox/src/policy_engine_processor.h" | 19 #include "sandbox/src/policy_engine_processor.h" |
18 #include "sandbox/src/policy_low_level.h" | 20 #include "sandbox/src/policy_low_level.h" |
19 #include "sandbox/src/process_thread_dispatcher.h" | 21 #include "sandbox/src/process_thread_dispatcher.h" |
20 #include "sandbox/src/process_thread_policy.h" | 22 #include "sandbox/src/process_thread_policy.h" |
21 #include "sandbox/src/registry_dispatcher.h" | 23 #include "sandbox/src/registry_dispatcher.h" |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
89 ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; | 91 ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; |
90 ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; | 92 ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; |
91 | 93 |
92 dispatcher = new SyncDispatcher(this); | 94 dispatcher = new SyncDispatcher(this); |
93 ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; | 95 ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; |
94 ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; | 96 ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; |
95 | 97 |
96 dispatcher = new RegistryDispatcher(this); | 98 dispatcher = new RegistryDispatcher(this); |
97 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; | 99 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; |
98 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; | 100 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; |
| 101 |
| 102 dispatcher = new HandleDispatcher(this); |
| 103 ipc_targets_[IPC_DUPLICATEHANDLEPROXY_TAG] = dispatcher; |
99 } | 104 } |
100 | 105 |
101 PolicyBase::~PolicyBase() { | 106 PolicyBase::~PolicyBase() { |
102 TargetSet::iterator it; | 107 TargetSet::iterator it; |
103 for (it = targets_.begin(); it != targets_.end(); ++it) { | 108 for (it = targets_.begin(); it != targets_.end(); ++it) { |
104 TargetProcess* target = (*it); | 109 TargetProcess* target = (*it); |
105 delete target; | 110 delete target; |
106 } | 111 } |
107 delete ipc_targets_[IPC_NTCREATEFILE_TAG]; | 112 delete ipc_targets_[IPC_NTCREATEFILE_TAG]; |
108 delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG]; | 113 delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG]; |
109 delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; | 114 delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; |
110 delete ipc_targets_[IPC_CREATEEVENT_TAG]; | 115 delete ipc_targets_[IPC_CREATEEVENT_TAG]; |
111 delete ipc_targets_[IPC_NTCREATEKEY_TAG]; | 116 delete ipc_targets_[IPC_NTCREATEKEY_TAG]; |
| 117 delete ipc_targets_[IPC_DUPLICATEHANDLEPROXY_TAG]; |
112 delete policy_maker_; | 118 delete policy_maker_; |
113 delete policy_; | 119 delete policy_; |
114 ::DeleteCriticalSection(&lock_); | 120 ::DeleteCriticalSection(&lock_); |
115 } | 121 } |
116 | 122 |
117 DWORD PolicyBase::MakeJobObject(HANDLE* job) { | 123 DWORD PolicyBase::MakeJobObject(HANDLE* job) { |
118 // Create the windows job object. | 124 // Create the windows job object. |
119 Job job_obj; | 125 Job job_obj; |
120 DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_); | 126 DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_); |
121 if (ERROR_SUCCESS != result) { | 127 if (ERROR_SUCCESS != result) { |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
313 } | 319 } |
314 break; | 320 break; |
315 } | 321 } |
316 case SUBSYS_REGISTRY: { | 322 case SUBSYS_REGISTRY: { |
317 if (!RegistryPolicy::GenerateRules(pattern, semantics, policy_maker_)) { | 323 if (!RegistryPolicy::GenerateRules(pattern, semantics, policy_maker_)) { |
318 NOTREACHED(); | 324 NOTREACHED(); |
319 return SBOX_ERROR_BAD_PARAMS; | 325 return SBOX_ERROR_BAD_PARAMS; |
320 } | 326 } |
321 break; | 327 break; |
322 } | 328 } |
| 329 case SUBSYS_HANDLES: { |
| 330 if (!HandlePolicy::GenerateRules(pattern, semantics, policy_maker_)) { |
| 331 NOTREACHED(); |
| 332 return SBOX_ERROR_BAD_PARAMS; |
| 333 } |
| 334 break; |
| 335 } |
323 default: { | 336 default: { |
324 return SBOX_ERROR_UNSUPPORTED; | 337 return SBOX_ERROR_UNSUPPORTED; |
325 } | 338 } |
326 } | 339 } |
327 | 340 |
328 return SBOX_ALL_OK; | 341 return SBOX_ALL_OK; |
329 } | 342 } |
330 | 343 |
331 EvalResult PolicyBase::EvalPolicy(int service, | 344 EvalResult PolicyBase::EvalPolicy(int service, |
332 CountedParameterSetBase* params) { | 345 CountedParameterSetBase* params) { |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
452 | 465 |
453 // Finally, setup imports on the target so the interceptions can work. | 466 // Finally, setup imports on the target so the interceptions can work. |
454 return SetupNtdllImports(target); | 467 return SetupNtdllImports(target); |
455 } | 468 } |
456 | 469 |
457 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 470 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
458 return handle_closer_.InitializeTargetHandles(target); | 471 return handle_closer_.InitializeTargetHandles(target); |
459 } | 472 } |
460 | 473 |
461 } // namespace sandbox | 474 } // namespace sandbox |
OLD | NEW |