Add a sandbox API for broker handle duplication

sandbox/src/handle_policy.cc

Index: sandbox/src/handle_policy.cc
===================================================================
--- sandbox/src/handle_policy.cc	(revision 0)
+++ sandbox/src/handle_policy.cc	(revision 0)
@@ -0,0 +1,73 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/src/handle_policy.h"
+
+#include <string>
+
+#include "base/win/scoped_handle.h"
+#include "sandbox/src/ipc_tags.h"
+#include "sandbox/src/policy_engine_opcodes.h"
+#include "sandbox/src/policy_params.h"
+#include "sandbox/src/sandbox.h"
+#include "sandbox/src/sandbox_factory.h"
+#include "sandbox/src/sandbox_types.h"
+#include "sandbox/src/sandbox_utils.h"
+#include "sandbox/src/win_utils.h"
+
+namespace sandbox {
+
+bool HandlePolicy::GenerateRules(const wchar_t* name,
+                                   TargetPolicy::Semantics semantics,

[rvargas (doing something else), 2012/03/27 00:35:33]

nit: indentation

[jschuh, 2012/03/27 01:36:19]

Done.

+                                   LowLevelPolicy* policy) {
+  // We don't support any other semantics for handles yet.
+  if (TargetPolicy::HANDLES_DUP_ANY != semantics) {
+    return false;
+  }
+  PolicyRule handle(ASK_BROKER);

[rvargas (doing something else), 2012/03/27 00:35:33]

nit: handle_rule? (or rule)

[jschuh, 2012/03/27 01:36:19]

How about duplicate_rule?

[rvargas (doing something else), 2012/03/27 02:30:59]

That works

+  if (!handle.AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) {
+    return false;
+  }
+  if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &handle)) {
+    return false;
+  }
+  return true;
+}
+
+DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,
+                                               const ClientInfo& client_info,
+                                               HANDLE source_handle,
+                                               DWORD target_process_id,
+                                               HANDLE* target_handle,
+                                               DWORD desired_access,
+                                               BOOL inherit_handle,
+                                               DWORD options) {
+  // The only action supported is ASK_BROKER which means duplicate the handle.
+  if (ASK_BROKER != eval_result) {
+    return ERROR_ACCESS_DENIED;
+  }
+
+  // Make sure the target is one of our sandboxed children.
+  if (!SandboxFactory::GetBrokerServices()->IsActiveTarget(target_process_id)) {

[rvargas (doing something else), 2012/03/27 00:35:33]

Calling GetBrokerServices feels weird.

[jschuh, 2012/03/27 01:36:19]

Can't think of a better way. It's the only thing that should know all the valid
children.

[rvargas (doing something else), 2012/03/27 02:30:59]

What I don't like is going through the external interface, and exposing a new
method without an actual need for it.

+    return ERROR_ACCESS_DENIED;
+  }
+
+  base::win::ScopedHandle target_process(::OpenProcess(PROCESS_DUP_HANDLE,
+                                                       FALSE,
+                                                       target_process_id));
+  if (NULL == target_process)
+    return ::GetLastError();
+
+  DWORD result = ERROR_SUCCESS;
+  if (!::DuplicateHandle(client_info.process, source_handle, target_process,
+                         target_handle, desired_access, inherit_handle,
+                         options)) {
+    return ::GetLastError();
+  }
+
+  return ERROR_SUCCESS;
+}
+
+}  // namespace sandbox
+
Property changes on: sandbox\src\handle_policy.cc
___________________________________________________________________
Added: svn:eol-style
   + LF