| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/tests/common/controller.h" | 5 #include "sandbox/tests/common/controller.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/sys_string_conversions.h" | 9 #include "base/sys_string_conversions.h" |
| 10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
| 11 #include "sandbox/src/sandbox_factory.h" | 11 #include "sandbox/src/sandbox_factory.h" |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 44 return full_path; | 44 return full_path; |
| 45 | 45 |
| 46 if (is_obj_man_path) | 46 if (is_obj_man_path) |
| 47 full_path.insert(0, L"\\??\\"); | 47 full_path.insert(0, L"\\??\\"); |
| 48 | 48 |
| 49 full_path += L"\\SysWOW64\\"; | 49 full_path += L"\\SysWOW64\\"; |
| 50 full_path += name; | 50 full_path += name; |
| 51 return full_path; | 51 return full_path; |
| 52 } | 52 } |
| 53 | 53 |
| 54 bool IsProcessRunning(HANDLE process) { | |
| 55 DWORD exit_code = 0; | |
| 56 if (::GetExitCodeProcess(process, &exit_code)) | |
| 57 return exit_code == STILL_ACTIVE; | |
| 58 return false; | |
| 59 } | |
| 60 | |
| 61 } // namespace | 54 } // namespace |
| 62 | 55 |
| 63 namespace sandbox { | 56 namespace sandbox { |
| 64 | 57 |
| 65 std::wstring MakePathToSys(const wchar_t* name, bool is_obj_man_path) { | 58 std::wstring MakePathToSys(const wchar_t* name, bool is_obj_man_path) { |
| 66 return (base::win::OSInfo::GetInstance()->wow64_status() == | 59 return (base::win::OSInfo::GetInstance()->wow64_status() == |
| 67 base::win::OSInfo::WOW64_ENABLED) ? | 60 base::win::OSInfo::WOW64_ENABLED) ? |
| 68 MakePathToSysWow64(name, is_obj_man_path) : | 61 MakePathToSysWow64(name, is_obj_man_path) : |
| 69 MakePathToSys32(name, is_obj_man_path); | 62 MakePathToSys32(name, is_obj_man_path); |
| 70 } | 63 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 81 if (SBOX_ALL_OK != broker->Init()) | 74 if (SBOX_ALL_OK != broker->Init()) |
| 82 return NULL; | 75 return NULL; |
| 83 | 76 |
| 84 is_initialized = true; | 77 is_initialized = true; |
| 85 } | 78 } |
| 86 | 79 |
| 87 return broker; | 80 return broker; |
| 88 } | 81 } |
| 89 | 82 |
| 90 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, | 83 TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token, |
| 91 TokenLevel main_token) | 84 TokenLevel main_token) : is_init_(false) { |
| 92 : is_init_(false), is_async_(false), target_process_id_(0) { | |
| 93 Init(job_level, startup_token, main_token); | 85 Init(job_level, startup_token, main_token); |
| 94 } | 86 } |
| 95 | 87 |
| 96 TestRunner::TestRunner() | 88 TestRunner::TestRunner() : is_init_(false) { |
| 97 : is_init_(false), is_async_(false), target_process_id_(0) { | |
| 98 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); | 89 Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN); |
| 99 } | 90 } |
| 100 | 91 |
| 101 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, | 92 void TestRunner::Init(JobLevel job_level, TokenLevel startup_token, |
| 102 TokenLevel main_token) { | 93 TokenLevel main_token) { |
| 103 broker_ = NULL; | 94 broker_ = NULL; |
| 104 policy_ = NULL; | 95 policy_ = NULL; |
| 105 timeout_ = kDefaultTimeout; | 96 timeout_ = kDefaultTimeout; |
| 106 state_ = AFTER_REVERT; | 97 state_ = AFTER_REVERT; |
| 107 is_async_= false; | |
| 108 target_process_id_ = 0; | |
| 109 | 98 |
| 110 broker_ = GetBroker(); | 99 broker_ = GetBroker(); |
| 111 if (!broker_) | 100 if (!broker_) |
| 112 return; | 101 return; |
| 113 | 102 |
| 114 policy_ = broker_->CreatePolicy(); | 103 policy_ = broker_->CreatePolicy(); |
| 115 if (!policy_) | 104 if (!policy_) |
| 116 return; | 105 return; |
| 117 | 106 |
| 118 policy_->SetJobLevel(job_level, 0); | 107 policy_->SetJobLevel(job_level, 0); |
| 119 policy_->SetTokenLevel(startup_token, main_token); | 108 policy_->SetTokenLevel(startup_token, main_token); |
| 120 | 109 |
| 121 is_init_ = true; | 110 is_init_ = true; |
| 122 } | 111 } |
| 123 | 112 |
| 124 TargetPolicy* TestRunner::GetPolicy() { | 113 TargetPolicy* TestRunner::GetPolicy() { |
| 125 return policy_; | 114 return policy_; |
| 126 } | 115 } |
| 127 | 116 |
| 128 TestRunner::~TestRunner() { | 117 TestRunner::~TestRunner() { |
| 129 if (target_process_) | |
| 130 ::TerminateProcess(target_process_, 0); | |
| 131 | |
| 132 if (policy_) | 118 if (policy_) |
| 133 policy_->Release(); | 119 policy_->Release(); |
| 134 } | 120 } |
| 135 | 121 |
| 136 bool TestRunner::AddRule(TargetPolicy::SubSystem subsystem, | 122 bool TestRunner::AddRule(TargetPolicy::SubSystem subsystem, |
| 137 TargetPolicy::Semantics semantics, | 123 TargetPolicy::Semantics semantics, |
| 138 const wchar_t* pattern) { | 124 const wchar_t* pattern) { |
| 139 if (!is_init_) | 125 if (!is_init_) |
| 140 return false; | 126 return false; |
| 141 | 127 |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 184 full_command += L" "; | 170 full_command += L" "; |
| 185 full_command += command; | 171 full_command += command; |
| 186 | 172 |
| 187 return InternalRunTest(full_command.c_str()); | 173 return InternalRunTest(full_command.c_str()); |
| 188 } | 174 } |
| 189 | 175 |
| 190 int TestRunner::InternalRunTest(const wchar_t* command) { | 176 int TestRunner::InternalRunTest(const wchar_t* command) { |
| 191 if (!is_init_) | 177 if (!is_init_) |
| 192 return SBOX_TEST_FAILED_TO_RUN_TEST; | 178 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 193 | 179 |
| 194 // For simplicity TestRunner supports only one process per instance. | |
| 195 if (target_process_) { | |
| 196 if (IsProcessRunning(target_process_)) | |
| 197 return SBOX_TEST_FAILED_TO_RUN_TEST; | |
| 198 target_process_.Close(); | |
| 199 target_process_id_ = 0; | |
| 200 } | |
| 201 | |
| 202 // Get the path to the sandboxed process. | 180 // Get the path to the sandboxed process. |
| 203 wchar_t prog_name[MAX_PATH]; | 181 wchar_t prog_name[MAX_PATH]; |
| 204 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 182 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 205 | 183 |
| 206 // Launch the sandboxed process. | 184 // Launch the sandboxed process. |
| 207 ResultCode result = SBOX_ALL_OK; | 185 ResultCode result = SBOX_ALL_OK; |
| 208 PROCESS_INFORMATION target = {0}; | 186 PROCESS_INFORMATION target = {0}; |
| 209 | 187 |
| 210 std::wstring arguments(L"\""); | 188 std::wstring arguments(L"\""); |
| 211 arguments += prog_name; | 189 arguments += prog_name; |
| 212 arguments += L"\" -child "; | 190 arguments += L"\" -child "; |
| 213 arguments += command; | 191 arguments += command; |
| 214 | 192 |
| 215 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, | 193 result = broker_->SpawnTarget(prog_name, arguments.c_str(), policy_, |
| 216 &target); | 194 &target); |
| 217 | 195 |
| 218 if (SBOX_ALL_OK != result) | 196 if (SBOX_ALL_OK != result) |
| 219 return SBOX_TEST_FAILED_TO_RUN_TEST; | 197 return SBOX_TEST_FAILED_TO_RUN_TEST; |
| 220 | 198 |
| 221 ::ResumeThread(target.hThread); | 199 ::ResumeThread(target.hThread); |
| 222 | 200 |
| 223 // For an asynchronous run we don't bother waiting. | |
| 224 if (is_async_) { | |
| 225 target_process_.Set(target.hProcess); | |
| 226 target_process_id_ = target.dwProcessId; | |
| 227 ::CloseHandle(target.hThread); | |
| 228 return SBOX_TEST_SUCCEEDED; | |
| 229 } | |
| 230 | |
| 231 if (::IsDebuggerPresent()) { | 201 if (::IsDebuggerPresent()) { |
| 232 // Don't kill the target process on a time-out while we are debugging. | 202 // Don't kill the target process on a time-out while we are debugging. |
| 233 timeout_ = INFINITE; | 203 timeout_ = INFINITE; |
| 234 } | 204 } |
| 235 | 205 |
| 236 if (WAIT_TIMEOUT == ::WaitForSingleObject(target.hProcess, timeout_)) { | 206 if (WAIT_TIMEOUT == ::WaitForSingleObject(target.hProcess, timeout_)) { |
| 237 ::TerminateProcess(target.hProcess, SBOX_TEST_TIMED_OUT); | 207 ::TerminateProcess(target.hProcess, SBOX_TEST_TIMED_OUT); |
| 238 ::CloseHandle(target.hProcess); | 208 ::CloseHandle(target.hProcess); |
| 239 ::CloseHandle(target.hThread); | 209 ::CloseHandle(target.hThread); |
| 240 return SBOX_TEST_TIMED_OUT; | 210 return SBOX_TEST_TIMED_OUT; |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 313 if (BEFORE_REVERT == state) | 283 if (BEFORE_REVERT == state) |
| 314 return command(argc - 4, argv + 4); | 284 return command(argc - 4, argv + 4); |
| 315 else if (EVERY_STATE == state) | 285 else if (EVERY_STATE == state) |
| 316 command(argc - 4, argv + 4); | 286 command(argc - 4, argv + 4); |
| 317 | 287 |
| 318 target->LowerToken(); | 288 target->LowerToken(); |
| 319 return command(argc - 4, argv + 4); | 289 return command(argc - 4, argv + 4); |
| 320 } | 290 } |
| 321 | 291 |
| 322 } // namespace sandbox | 292 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9924010:
Revert 129627 - Add a sandbox API for broker handle duplication (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/