1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
7 
8 #include <windows.h>
9 #include <stddef.h>
10 #include <stdint.h>
11 
12 #include <list>
13 #include <vector>
14 
15 #include "base/compiler_specific.h"
16 #include "base/macros.h"
17 #include "base/memory/scoped_ptr.h"
18 #include "base/strings/string16.h"
19 #include "base/win/scoped_handle.h"
20 #include "sandbox/win/src/crosscall_server.h"
21 #include "sandbox/win/src/handle_closer.h"
22 #include "sandbox/win/src/ipc_tags.h"
23 #include "sandbox/win/src/policy_engine_opcodes.h"
24 #include "sandbox/win/src/policy_engine_params.h"
25 #include "sandbox/win/src/sandbox_policy.h"
26 #include "sandbox/win/src/win_utils.h"
27 
28 namespace sandbox {
29 
30 class AppContainerAttributes;
31 class LowLevelPolicy;
32 class TargetProcess;
33 struct PolicyGlobal;
34 
35 typedef std::vector<base::win::ScopedHandle*> HandleList;
36 
37 class PolicyBase final : public TargetPolicy {
38  public:
39   PolicyBase();
40 
41   // TargetPolicy:
42   void AddRef() override;
43   void Release() override;
44   ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) override;
45   TokenLevel GetInitialTokenLevel() const override;
46   TokenLevel GetLockdownTokenLevel() const override;
47   ResultCode SetJobLevel(JobLevel job_level, uint32_t ui_exceptions) override;
48   ResultCode SetJobMemoryLimit(size_t memory_limit) override;
49   ResultCode SetAlternateDesktop(bool alternate_winstation) override;
50   base::string16 GetAlternateDesktop() const override;
51   ResultCode CreateAlternateDesktop(bool alternate_winstation) override;
52   void DestroyAlternateDesktop() override;
53   ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override;
54   IntegrityLevel GetIntegrityLevel() const override;
55   ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) override;
56   ResultCode SetAppContainer(const wchar_t* sid) override;
57   ResultCode SetCapability(const wchar_t* sid) override;
58   ResultCode SetLowBox(const wchar_t* sid) override;
59   ResultCode SetProcessMitigations(MitigationFlags flags) override;
60   MitigationFlags GetProcessMitigations() override;
61   ResultCode SetDelayedProcessMitigations(MitigationFlags flags) override;
62   MitigationFlags GetDelayedProcessMitigations() const override;
63   void SetStrictInterceptions() override;
64   ResultCode SetStdoutHandle(HANDLE handle) override;
65   ResultCode SetStderrHandle(HANDLE handle) override;
66   ResultCode AddRule(SubSystem subsystem,
67                      Semantics semantics,
68                      const wchar_t* pattern) override;
69   ResultCode AddDllToUnload(const wchar_t* dll_name) override;
70   ResultCode AddKernelObjectToClose(const base::char16* handle_type,
71                                     const base::char16* handle_name) override;
72   void* AddHandleToShare(HANDLE handle) override;
73 
74   // Creates a Job object with the level specified in a previous call to
75   // SetJobLevel().
76   ResultCode MakeJobObject(base::win::ScopedHandle* job);
77 
78   // Creates the two tokens with the levels specified in a previous call to
79   // SetTokenLevel(). Also creates a lowbox token if specified based on the
80   // lowbox SID.
81   ResultCode MakeTokens(base::win::ScopedHandle* initial,
82                         base::win::ScopedHandle* lockdown,
83                         base::win::ScopedHandle* lowbox);
84 
85   const AppContainerAttributes* GetAppContainer() const;
86 
87   PSID GetLowBoxSid() const;
88 
89   // Adds a target process to the internal list of targets. Internally a
90   // call to TargetProcess::Init() is issued.
91   bool AddTarget(TargetProcess* target);
92 
93   // Called when there are no more active processes in a Job.
94   // Removes a Job object associated with this policy and the target associated
95   // with the job.
96   bool OnJobEmpty(HANDLE job);
97 
98   EvalResult EvalPolicy(int service, CountedParameterSetBase* params);
99 
100   HANDLE GetStdoutHandle();
101   HANDLE GetStderrHandle();
102 
103   // Returns the list of handles being shared with the target process.
104   const HandleList& GetHandlesBeingShared();
105 
106   // Closes the handles being shared with the target and clears out the list.
107   void ClearSharedHandles();
108 
109  private:
110   ~PolicyBase();
111 
112   // Sets up interceptions for a new target.
113   bool SetupAllInterceptions(TargetProcess* target);
114 
115   // Sets up the handle closer for a new target.
116   bool SetupHandleCloser(TargetProcess* target);
117 
118   ResultCode AddRuleInternal(SubSystem subsystem,
119                              Semantics semantics,
120                              const wchar_t* pattern);
121 
122   // This lock synchronizes operations on the targets_ collection.
123   CRITICAL_SECTION lock_;
124   // Maintains the list of target process associated with this policy.
125   // The policy takes ownership of them.
126   typedef std::list<TargetProcess*> TargetSet;
127   TargetSet targets_;
128   // Standard object-lifetime reference counter.
129   volatile LONG ref_count;
130   // The user-defined global policy settings.
131   TokenLevel lockdown_level_;
132   TokenLevel initial_level_;
133   JobLevel job_level_;
134   uint32_t ui_exceptions_;
135   size_t memory_limit_;
136   bool use_alternate_desktop_;
137   bool use_alternate_winstation_;
138   // Helps the file system policy initialization.
139   bool file_system_init_;
140   bool relaxed_interceptions_;
141   HANDLE stdout_handle_;
142   HANDLE stderr_handle_;
143   IntegrityLevel integrity_level_;
144   IntegrityLevel delayed_integrity_level_;
145   MitigationFlags mitigations_;
146   MitigationFlags delayed_mitigations_;
147   // Object in charge of generating the low level policy.
148   LowLevelPolicy* policy_maker_;
149   // Memory structure that stores the low level policy.
150   PolicyGlobal* policy_;
151   // The list of dlls to unload in the target process.
152   std::vector<base::string16> blacklisted_dlls_;
153   // This is a map of handle-types to names that we need to close in the
154   // target process. A null set means we need to close all handles of the
155   // given type.
156   HandleCloser handle_closer_;
157   std::vector<base::string16> capabilities_;
158   scoped_ptr<AppContainerAttributes> appcontainer_list_;
159   PSID lowbox_sid_;
160   base::win::ScopedHandle lowbox_directory_;
161   scoped_ptr<Dispatcher> dispatcher_;
162 
163   static HDESK alternate_desktop_handle_;
164   static HWINSTA alternate_winstation_handle_;
165   static IntegrityLevel alternate_desktop_integrity_level_label_;
166 
167   // Contains the list of handles being shared with the target process.
168   // This list contains handles other than the stderr/stdout handles which are
169   // shared with the target at times.
170   HandleList handles_to_share_;
171 
172   DISALLOW_COPY_AND_ASSIGN(PolicyBase);
173 };
174 
175 }  // namespace sandbox
176 
177 #endif  // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
178