OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/src/sandbox_policy_base.h" | 5 #include "sandbox/src/sandbox_policy_base.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "sandbox/src/filesystem_dispatcher.h" | 10 #include "sandbox/src/filesystem_dispatcher.h" |
11 #include "sandbox/src/filesystem_policy.h" | 11 #include "sandbox/src/filesystem_policy.h" |
12 #include "sandbox/src/handle_dispatcher.h" | |
13 #include "sandbox/src/handle_policy.h" | |
14 #include "sandbox/src/job.h" | 12 #include "sandbox/src/job.h" |
15 #include "sandbox/src/interception.h" | 13 #include "sandbox/src/interception.h" |
16 #include "sandbox/src/named_pipe_dispatcher.h" | 14 #include "sandbox/src/named_pipe_dispatcher.h" |
17 #include "sandbox/src/named_pipe_policy.h" | 15 #include "sandbox/src/named_pipe_policy.h" |
18 #include "sandbox/src/policy_broker.h" | 16 #include "sandbox/src/policy_broker.h" |
19 #include "sandbox/src/policy_engine_processor.h" | 17 #include "sandbox/src/policy_engine_processor.h" |
20 #include "sandbox/src/policy_low_level.h" | 18 #include "sandbox/src/policy_low_level.h" |
21 #include "sandbox/src/process_thread_dispatcher.h" | 19 #include "sandbox/src/process_thread_dispatcher.h" |
22 #include "sandbox/src/process_thread_policy.h" | 20 #include "sandbox/src/process_thread_policy.h" |
23 #include "sandbox/src/registry_dispatcher.h" | 21 #include "sandbox/src/registry_dispatcher.h" |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
91 ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; | 89 ipc_targets_[IPC_NTOPENPROCESSTOKEN_TAG] = dispatcher; |
92 ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; | 90 ipc_targets_[IPC_NTOPENPROCESSTOKENEX_TAG] = dispatcher; |
93 | 91 |
94 dispatcher = new SyncDispatcher(this); | 92 dispatcher = new SyncDispatcher(this); |
95 ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; | 93 ipc_targets_[IPC_CREATEEVENT_TAG] = dispatcher; |
96 ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; | 94 ipc_targets_[IPC_OPENEVENT_TAG] = dispatcher; |
97 | 95 |
98 dispatcher = new RegistryDispatcher(this); | 96 dispatcher = new RegistryDispatcher(this); |
99 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; | 97 ipc_targets_[IPC_NTCREATEKEY_TAG] = dispatcher; |
100 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; | 98 ipc_targets_[IPC_NTOPENKEY_TAG] = dispatcher; |
101 | |
102 dispatcher = new HandleDispatcher(this); | |
103 ipc_targets_[IPC_DUPLICATEHANDLEPROXY_TAG] = dispatcher; | |
104 } | 99 } |
105 | 100 |
106 PolicyBase::~PolicyBase() { | 101 PolicyBase::~PolicyBase() { |
107 TargetSet::iterator it; | 102 TargetSet::iterator it; |
108 for (it = targets_.begin(); it != targets_.end(); ++it) { | 103 for (it = targets_.begin(); it != targets_.end(); ++it) { |
109 TargetProcess* target = (*it); | 104 TargetProcess* target = (*it); |
110 delete target; | 105 delete target; |
111 } | 106 } |
112 delete ipc_targets_[IPC_NTCREATEFILE_TAG]; | 107 delete ipc_targets_[IPC_NTCREATEFILE_TAG]; |
113 delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG]; | 108 delete ipc_targets_[IPC_CREATENAMEDPIPEW_TAG]; |
114 delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; | 109 delete ipc_targets_[IPC_NTOPENTHREAD_TAG]; |
115 delete ipc_targets_[IPC_CREATEEVENT_TAG]; | 110 delete ipc_targets_[IPC_CREATEEVENT_TAG]; |
116 delete ipc_targets_[IPC_NTCREATEKEY_TAG]; | 111 delete ipc_targets_[IPC_NTCREATEKEY_TAG]; |
117 delete ipc_targets_[IPC_DUPLICATEHANDLEPROXY_TAG]; | |
118 delete policy_maker_; | 112 delete policy_maker_; |
119 delete policy_; | 113 delete policy_; |
120 ::DeleteCriticalSection(&lock_); | 114 ::DeleteCriticalSection(&lock_); |
121 } | 115 } |
122 | 116 |
123 DWORD PolicyBase::MakeJobObject(HANDLE* job) { | 117 DWORD PolicyBase::MakeJobObject(HANDLE* job) { |
124 // Create the windows job object. | 118 // Create the windows job object. |
125 Job job_obj; | 119 Job job_obj; |
126 DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_); | 120 DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_); |
127 if (ERROR_SUCCESS != result) { | 121 if (ERROR_SUCCESS != result) { |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
319 } | 313 } |
320 break; | 314 break; |
321 } | 315 } |
322 case SUBSYS_REGISTRY: { | 316 case SUBSYS_REGISTRY: { |
323 if (!RegistryPolicy::GenerateRules(pattern, semantics, policy_maker_)) { | 317 if (!RegistryPolicy::GenerateRules(pattern, semantics, policy_maker_)) { |
324 NOTREACHED(); | 318 NOTREACHED(); |
325 return SBOX_ERROR_BAD_PARAMS; | 319 return SBOX_ERROR_BAD_PARAMS; |
326 } | 320 } |
327 break; | 321 break; |
328 } | 322 } |
329 case SUBSYS_HANDLES: { | |
330 if (!HandlePolicy::GenerateRules(pattern, semantics, policy_maker_)) { | |
331 NOTREACHED(); | |
332 return SBOX_ERROR_BAD_PARAMS; | |
333 } | |
334 break; | |
335 } | |
336 default: { | 323 default: { |
337 return SBOX_ERROR_UNSUPPORTED; | 324 return SBOX_ERROR_UNSUPPORTED; |
338 } | 325 } |
339 } | 326 } |
340 | 327 |
341 return SBOX_ALL_OK; | 328 return SBOX_ALL_OK; |
342 } | 329 } |
343 | 330 |
344 EvalResult PolicyBase::EvalPolicy(int service, | 331 EvalResult PolicyBase::EvalPolicy(int service, |
345 CountedParameterSetBase* params) { | 332 CountedParameterSetBase* params) { |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
465 | 452 |
466 // Finally, setup imports on the target so the interceptions can work. | 453 // Finally, setup imports on the target so the interceptions can work. |
467 return SetupNtdllImports(target); | 454 return SetupNtdllImports(target); |
468 } | 455 } |
469 | 456 |
470 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 457 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
471 return handle_closer_.InitializeTargetHandles(target); | 458 return handle_closer_.InitializeTargetHandles(target); |
472 } | 459 } |
473 | 460 |
474 } // namespace sandbox | 461 } // namespace sandbox |
OLD | NEW |