Chromium Code Reviews Chromium Code Reviews
Issue 9838083:
Add a sandbox API for broker handle duplication (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| Index: sandbox/src/handle_dispatcher.cc |
| =================================================================== |
| --- sandbox/src/handle_dispatcher.cc (revision 0) |
| +++ sandbox/src/handle_dispatcher.cc (revision 0) |
| @@ -0,0 +1,91 @@ |
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "sandbox/src/handle_dispatcher.h" |
| + |
| +#include "base/win/scoped_handle.h" |
| +#include "sandbox/src/handle_interception.h" |
| +#include "sandbox/src/handle_policy.h" |
| +#include "sandbox/src/ipc_tags.h" |
| +#include "sandbox/src/policy_broker.h" |
| +#include "sandbox/src/policy_params.h" |
| +#include "sandbox/src/sandbox.h" |
| +#include "sandbox/src/sandbox_nt_util.h" |
| +#include "sandbox/src/sandbox_types.h" |
| +#include "sandbox/src/sandbox_utils.h" |
| + |
| +namespace sandbox { |
| + |
| +HandleDispatcher::HandleDispatcher(PolicyBase* policy_base) |
| + : policy_base_(policy_base) { |
| + |
|
rvargas (doing something else)
2012/03/27 00:35:33
nit: remove line
jschuh
2012/03/27 01:36:19
Done.
|
| + static const IPCCall duplicate_handle_proxy = { |
| + {IPC_DUPLICATEHANDLEPROXY_TAG, VOIDPTR_TYPE, ULONG_TYPE, ULONG_TYPE, |
| + ULONG_TYPE, ULONG_TYPE}, |
| + reinterpret_cast<CallbackGeneric>(&HandleDispatcher::DuplicateHandleProxy) |
| + }; |
| + |
| + ipc_calls_.push_back(duplicate_handle_proxy); |
| +} |
| + |
| +bool HandleDispatcher::SetupService(InterceptionManager* manager, |
| + int service) { |
| + // We perform no interceptions for handles right now. |
| + switch (service) { |
| + case IPC_DUPLICATEHANDLEPROXY_TAG: |
| + return true; |
| + } |
| + |
| + return false; |
| +} |
| + |
| +bool HandleDispatcher::DuplicateHandleProxy(IPCInfo* ipc, |
| + HANDLE source_handle, |
| + DWORD target_process_id, |
| + DWORD desired_access, |
| + BOOL inherit_handle, |
| + DWORD options) { |
| + NTSTATUS error; |
| + static NtQueryObject QueryObject = NULL; |
| + if (!QueryObject) |
| + ResolveNTFunctionPtr("NtQueryObject", &QueryObject); |
| + |
| + // Get a copy of the handle for use in the broker process. |
| + base::win::ScopedHandle handle; |
| + if (!::DuplicateHandle(ipc->client_info->process, source_handle, |
| + ::GetCurrentProcess(), handle.Receive(), |
| + 0, FALSE, DUPLICATE_SAME_ACCESS)) { |
| + ipc->return_info.win32_result = ::GetLastError(); |
| + return false; |
| + } |
| + |
| + // Get the object type (32 characters is safe; current max is 14). |
| + BYTE buffer[sizeof(OBJECT_TYPE_INFORMATION) + 32 * sizeof(wchar_t)]; |
| + OBJECT_TYPE_INFORMATION* type_info = |
| + reinterpret_cast<OBJECT_TYPE_INFORMATION*>(buffer); |
| + ULONG size = sizeof(buffer) - sizeof(wchar_t); |
| + error = QueryObject(handle, ObjectTypeInformation, type_info, size, &size); |
| + if (!NT_SUCCESS(error)) { |
| + ipc->return_info.win32_result = error; |
| + return false; |
| + } |
| + type_info->Name.Buffer[type_info->Name.Length / sizeof(wchar_t)] = L'\0'; |
| + |
| + CountedParameterSet<NameBased> params; |
| + params[NameBased::NAME] = ParamPickerMake(type_info->Name.Buffer); |
| + |
| + EvalResult eval = policy_base_->EvalPolicy(IPC_DUPLICATEHANDLEPROXY_TAG, |
| + params.GetBase()); |
| + ipc->return_info.win32_result = |
| + HandlePolicy::DuplicateHandleProxyAction(eval, *ipc->client_info, |
| + source_handle, |
| + target_process_id, |
| + &ipc->return_info.handle, |
| + desired_access, |
| + inherit_handle, options); |
| + return true; |
| +} |
| + |
| +} // namespace sandbox |
| + |
| Property changes on: sandbox\src\handle_dispatcher.cc |
| ___________________________________________________________________ |
| Added: svn:eol-style |
| + LF |
