1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ 7 8 #include <windows.h> 9 #include <stddef.h> 10 #include <stdint.h> 11 12 #include <list> 13 #include <vector> 14 15 #include "base/compiler_specific.h" 16 #include "base/macros.h" 17 #include "base/memory/scoped_ptr.h" 18 #include "base/strings/string16.h" 19 #include "base/win/scoped_handle.h" 20 #include "sandbox/win/src/crosscall_server.h" 21 #include "sandbox/win/src/handle_closer.h" 22 #include "sandbox/win/src/ipc_tags.h" 23 #include "sandbox/win/src/policy_engine_opcodes.h" 24 #include "sandbox/win/src/policy_engine_params.h" 25 #include "sandbox/win/src/sandbox_policy.h" 26 #include "sandbox/win/src/win_utils.h" 27 28 namespace sandbox { 29 30 class AppContainerAttributes; 31 class LowLevelPolicy; 32 class TargetProcess; 33 struct PolicyGlobal; 34 35 typedef std::vector<base::win::ScopedHandle*> HandleList; 36 37 class PolicyBase final : public TargetPolicy { 38 public: 39 PolicyBase(); 40 41 // TargetPolicy: 42 void AddRef() override; 43 void Release() override; 44 ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) override; 45 TokenLevel GetInitialTokenLevel() const override; 46 TokenLevel GetLockdownTokenLevel() const override; 47 ResultCode SetJobLevel(JobLevel job_level, uint32_t ui_exceptions) override; 48 ResultCode SetJobMemoryLimit(size_t memory_limit) override; 49 ResultCode SetAlternateDesktop(bool alternate_winstation) override; 50 base::string16 GetAlternateDesktop() const override; 51 ResultCode CreateAlternateDesktop(bool alternate_winstation) override; 52 void DestroyAlternateDesktop() override; 53 ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override; 54 IntegrityLevel GetIntegrityLevel() const override; 55 ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) override; 56 ResultCode SetAppContainer(const wchar_t* sid) override; 57 ResultCode SetCapability(const wchar_t* sid) override; 58 ResultCode SetLowBox(const wchar_t* sid) override; 59 ResultCode SetProcessMitigations(MitigationFlags flags) override; 60 MitigationFlags GetProcessMitigations() override; 61 ResultCode SetDelayedProcessMitigations(MitigationFlags flags) override; 62 MitigationFlags GetDelayedProcessMitigations() const override; 63 void SetStrictInterceptions() override; 64 ResultCode SetStdoutHandle(HANDLE handle) override; 65 ResultCode SetStderrHandle(HANDLE handle) override; 66 ResultCode AddRule(SubSystem subsystem, 67 Semantics semantics, 68 const wchar_t* pattern) override; 69 ResultCode AddDllToUnload(const wchar_t* dll_name) override; 70 ResultCode AddKernelObjectToClose(const base::char16* handle_type, 71 const base::char16* handle_name) override; 72 void* AddHandleToShare(HANDLE handle) override; 73 74 // Creates a Job object with the level specified in a previous call to 75 // SetJobLevel(). 76 ResultCode MakeJobObject(base::win::ScopedHandle* job); 77 78 // Creates the two tokens with the levels specified in a previous call to 79 // SetTokenLevel(). Also creates a lowbox token if specified based on the 80 // lowbox SID. 81 ResultCode MakeTokens(base::win::ScopedHandle* initial, 82 base::win::ScopedHandle* lockdown, 83 base::win::ScopedHandle* lowbox); 84 85 const AppContainerAttributes* GetAppContainer() const; 86 87 PSID GetLowBoxSid() const; 88 89 // Adds a target process to the internal list of targets. Internally a 90 // call to TargetProcess::Init() is issued. 91 bool AddTarget(TargetProcess* target); 92 93 // Called when there are no more active processes in a Job. 94 // Removes a Job object associated with this policy and the target associated 95 // with the job. 96 bool OnJobEmpty(HANDLE job); 97 98 EvalResult EvalPolicy(int service, CountedParameterSetBase* params); 99 100 HANDLE GetStdoutHandle(); 101 HANDLE GetStderrHandle(); 102 103 // Returns the list of handles being shared with the target process. 104 const HandleList& GetHandlesBeingShared(); 105 106 // Closes the handles being shared with the target and clears out the list. 107 void ClearSharedHandles(); 108 109 private: 110 ~PolicyBase(); 111 112 // Sets up interceptions for a new target. 113 bool SetupAllInterceptions(TargetProcess* target); 114 115 // Sets up the handle closer for a new target. 116 bool SetupHandleCloser(TargetProcess* target); 117 118 ResultCode AddRuleInternal(SubSystem subsystem, 119 Semantics semantics, 120 const wchar_t* pattern); 121 122 // This lock synchronizes operations on the targets_ collection. 123 CRITICAL_SECTION lock_; 124 // Maintains the list of target process associated with this policy. 125 // The policy takes ownership of them. 126 typedef std::list<TargetProcess*> TargetSet; 127 TargetSet targets_; 128 // Standard object-lifetime reference counter. 129 volatile LONG ref_count; 130 // The user-defined global policy settings. 131 TokenLevel lockdown_level_; 132 TokenLevel initial_level_; 133 JobLevel job_level_; 134 uint32_t ui_exceptions_; 135 size_t memory_limit_; 136 bool use_alternate_desktop_; 137 bool use_alternate_winstation_; 138 // Helps the file system policy initialization. 139 bool file_system_init_; 140 bool relaxed_interceptions_; 141 HANDLE stdout_handle_; 142 HANDLE stderr_handle_; 143 IntegrityLevel integrity_level_; 144 IntegrityLevel delayed_integrity_level_; 145 MitigationFlags mitigations_; 146 MitigationFlags delayed_mitigations_; 147 // Object in charge of generating the low level policy. 148 LowLevelPolicy* policy_maker_; 149 // Memory structure that stores the low level policy. 150 PolicyGlobal* policy_; 151 // The list of dlls to unload in the target process. 152 std::vector<base::string16> blacklisted_dlls_; 153 // This is a map of handle-types to names that we need to close in the 154 // target process. A null set means we need to close all handles of the 155 // given type. 156 HandleCloser handle_closer_; 157 std::vector<base::string16> capabilities_; 158 scoped_ptr<AppContainerAttributes> appcontainer_list_; 159 PSID lowbox_sid_; 160 base::win::ScopedHandle lowbox_directory_; 161 scoped_ptr<Dispatcher> dispatcher_; 162 163 static HDESK alternate_desktop_handle_; 164 static HWINSTA alternate_winstation_handle_; 165 static IntegrityLevel alternate_desktop_integrity_level_label_; 166 167 // Contains the list of handles being shared with the target process. 168 // This list contains handles other than the stderr/stdout handles which are 169 // shared with the target at times. 170 HandleList handles_to_share_; 171 172 DISALLOW_COPY_AND_ASSIGN(PolicyBase); 173 }; 174 175 } // namespace sandbox 176 177 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ 178