| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/tests/common/controller.h" | 5 #include "sandbox/tests/common/controller.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/sys_string_conversions.h" | 9 #include "base/sys_string_conversions.h" |
| 10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
| 11 #include "sandbox/src/sandbox_factory.h" | 11 #include "sandbox/src/sandbox_factory.h" |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 44 return full_path; | 44 return full_path; |
| 45 | 45 |
| 46 if (is_obj_man_path) | 46 if (is_obj_man_path) |
| 47 full_path.insert(0, L"\\??\\"); | 47 full_path.insert(0, L"\\??\\"); |
| 48 | 48 |
| 49 full_path += L"\\SysWOW64\\"; | 49 full_path += L"\\SysWOW64\\"; |
| 50 full_path += name; | 50 full_path += name; |
| 51 return full_path; | 51 return full_path; |
| 52 } | 52 } |
| 53 | 53 |
| 54 bool IsProcessRunning(HANDLE process) { |
| 55 DWORD exit_code = 0; |
| 56 if (::GetExitCodeProcess(process, &exit_code)) |
| 57 return exit_code == STILL_ACTIVE; |
| 58 return false; |
| 59 } |
| 60 |
| 54 } // namespace | 61 } // namespace |
| 55 | 62 |
| 56 namespace sandbox { | 63 namespace sandbox { |
| 57 | 64 |
| 58 std::wstring MakePathToSys(const wchar_t* name, bool is_obj_man_path) { | 65 std::wstring MakePathToSys(const wchar_t* name, bool is_obj_man_path) { |
| 59 return (base::win::OSInfo::GetInstance()->wow64_status() == | 66 return (base::win::OSInfo::GetInstance()->wow64_status() == |
| 60 base::win::OSInfo::WOW64_ENABLED) ? | 67 base::win::OSInfo::WOW64_ENABLED) ? |
| 61 MakePathToSysWow64(name, is_obj_man_path) : | 68 MakePathToSysWow64(name, is_obj_man_path) : |
| 62 MakePathToSys32(name, is_obj_man_path); | 69 MakePathToSys32(name, is_obj_man_path); |
| 63 } | 70 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 74 if (SBOX_ALL_OK != broker->Init()) | 81 if (SBOX_ALL_OK != broker->Init()) |
| 75 return NULL; | 82 return NULL; |
| 76 | 83 |
| 77 is_initialized = true; | 84 is_initialized = true; |
| 78 } | 85 } |
| 79 | 86 |
| 80 return broker; | 87 return broker; |
| 81 } | 88 } |
| 82 | 89 |
| 83 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, | 90 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, |
| 84 TokenLevel main_token) : is_init_(false) { | 91 TokenLevel main_token) |
| 92 : is_init_(false), is_async_(false), target_process_id_(0) { |
| 85 Init(job_level, startup_token, main_token); | 93 Init(job_level, startup_token, main_token); |
| 86 } | 94 } |
| 87 | 95 |
| 88 TestRunner::TestRunner() : is_init_(false) { | 96 TestRunner::TestRunner() |
| 97 : is_init_(false), is_async_(false), target_process_id_(0) { |
| 89 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); | 98 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
| 90 } | 99 } |
| 91 | 100 |
| 92 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, | 101 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, |
| 93 TokenLevel main_token) { | 102 TokenLevel main_token) { |
| 94 broker_ = NULL; | 103 broker_ = NULL; |
| 95 policy_ = NULL; | 104 policy_ = NULL; |
| 96 timeout_ = kDefaultTimeout; | 105 timeout_ = kDefaultTimeout; |
| 97 state_ = AFTER_REVERT; | 106 state_ = AFTER_REVERT; |
| 107 is_async_= false; |
| 108 target_process_id_ = 0; |
| 98 | 109 |
| 99 broker_ = GetBroker(); | 110 broker_ = GetBroker(); |
| 100 if (!broker_) | 111 if (!broker_) |
| 101 return; | 112 return; |
| 102 | 113 |
| 103 policy_ = broker_->CreatePolicy(); | 114 policy_ = broker_->CreatePolicy(); |
| 104 if (!policy_) | 115 if (!policy_) |
| 105 return; | 116 return; |
| 106 | 117 |
| 107 policy_->SetJobLevel(job_level, 0); | 118 policy_->SetJobLevel(job_level, 0); |
| 108 policy_->SetTokenLevel(startup_token, main_token); | 119 policy_->SetTokenLevel(startup_token, main_token); |
| 109 | 120 |
| 110 is_init_ = true; | 121 is_init_ = true; |
| 111 } | 122 } |
| 112 | 123 |
| 113 TargetPolicy* TestRunner::GetPolicy() { | 124 TargetPolicy* TestRunner::GetPolicy() { |
| 114 return policy_; | 125 return policy_; |
| 115 } | 126 } |
| 116 | 127 |
| 117 TestRunner::~TestRunner() { | 128 TestRunner::~TestRunner() { |
| 129 if (target_process_) |
| 130 ::TerminateProcess(target_process_, 0); |
| 131 |
| 118 if (policy_) | 132 if (policy_) |
| 119 policy_->Release(); | 133 policy_->Release(); |
| 120 } | 134 } |
| 121 | 135 |
| 122 bool TestRunner::AddRule(TargetPolicy::SubSystem subsystem, | 136 bool TestRunner::AddRule(TargetPolicy::SubSystem subsystem, |
| 123 TargetPolicy::Semantics semantics, | 137 TargetPolicy::Semantics semantics, |
| 124 const wchar_t* pattern) { | 138 const wchar_t* pattern) { |
| 125 if (!is_init_) | 139 if (!is_init_) |
| 126 return false; | 140 return false; |
| 127 | 141 |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 170 full_command += L" "; | 184 full_command += L" "; |
| 171 full_command += command; | 185 full_command += command; |
| 172 | 186 |
| 173 return InternalRunTest(full_command.c_str()); | 187 return InternalRunTest(full_command.c_str()); |
| 174 } | 188 } |
| 175 | 189 |
| 176 int TestRunner::InternalRunTest(const wchar_t* command) { | 190 int TestRunner::InternalRunTest(const wchar_t* command) { |
| 177 if (!is_init_) | 191 if (!is_init_) |
| 178 return SBOX_TEST_FAILED_TO_RUN_TEST; | 192 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 179 | 193 |
| 194 // For simplicity TestRunner supports only one process per instance. |
| 195 if (target_process_) { |
| 196 if (IsProcessRunning(target_process_)) |
| 197 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 198 target_process_.Close(); |
| 199 target_process_id_ = 0; |
| 200 } |
| 201 |
| 180 // Get the path to the sandboxed process. | 202 // Get the path to the sandboxed process. |
| 181 wchar_t prog_name[MAX_PATH]; | 203 wchar_t prog_name[MAX_PATH]; |
| 182 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 204 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 183 | 205 |
| 184 // Launch the sandboxed process. | 206 // Launch the sandboxed process. |
| 185 ResultCode result = SBOX_ALL_OK; | 207 ResultCode result = SBOX_ALL_OK; |
| 186 PROCESS_INFORMATION target = {0}; | 208 PROCESS_INFORMATION target = {0}; |
| 187 | 209 |
| 188 std::wstring arguments(L"\""); | 210 std::wstring arguments(L"\""); |
| 189 arguments += prog_name; | 211 arguments += prog_name; |
| 190 arguments += L"\" -child "; | 212 arguments += L"\" -child "; |
| 191 arguments += command; | 213 arguments += command; |
| 192 | 214 |
| 193 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, | 215 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, |
| 194 &target); | 216 &target); |
| 195 | 217 |
| 196 if (SBOX_ALL_OK != result) | 218 if (SBOX_ALL_OK != result) |
| 197 return SBOX_TEST_FAILED_TO_RUN_TEST; | 219 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 198 | 220 |
| 199 ::ResumeThread(target.hThread); | 221 ::ResumeThread(target.hThread); |
| 200 | 222 |
| 223 // For an asynchronous run we don't bother waiting. |
| 224 if (is_async_) { |
| 225 target_process_.Set(target.hProcess); |
| 226 target_process_id_ = target.dwProcessId; |
| 227 ::CloseHandle(target.hThread); |
| 228 return SBOX_TEST_SUCCEEDED; |
| 229 } |
| 230 |
| 201 if (::IsDebuggerPresent()) { | 231 if (::IsDebuggerPresent()) { |
| 202 // Don't kill the target process on a time-out while we are debugging. | 232 // Don't kill the target process on a time-out while we are debugging. |
| 203 timeout_ = INFINITE; | 233 timeout_ = INFINITE; |
| 204 } | 234 } |
| 205 | 235 |
| 206 if (WAIT_TIMEOUT == ::WaitForSingleObject(target.hProcess, timeout_)) { | 236 if (WAIT_TIMEOUT == ::WaitForSingleObject(target.hProcess, timeout_)) { |
| 207 ::TerminateProcess(target.hProcess, SBOX_TEST_TIMED_OUT); | 237 ::TerminateProcess(target.hProcess, SBOX_TEST_TIMED_OUT); |
| 208 ::CloseHandle(target.hProcess); | 238 ::CloseHandle(target.hProcess); |
| 209 ::CloseHandle(target.hThread); | 239 ::CloseHandle(target.hThread); |
| 210 return SBOX_TEST_TIMED_OUT; | 240 return SBOX_TEST_TIMED_OUT; |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 283 if (BEFORE_REVERT == state) | 313 if (BEFORE_REVERT == state) |
| 284 return command(argc - 4, argv + 4); | 314 return command(argc - 4, argv + 4); |
| 285 else if (EVERY_STATE == state) | 315 else if (EVERY_STATE == state) |
| 286 command(argc - 4, argv + 4); | 316 command(argc - 4, argv + 4); |
| 287 | 317 |
| 288 target->LowerToken(); | 318 target->LowerToken(); |
| 289 return command(argc - 4, argv + 4); | 319 return command(argc - 4, argv + 4); |
| 290 } | 320 } |
| 291 | 321 |
| 292 } // namespace sandbox | 322 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9838083:
Add a sandbox API for broker handle duplication (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/