src/sandbox/win/src/handle_policy.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/win/src/handle_policy.h"
   6
   7 #include <string>
   8
   9 #include "base/win/scoped_handle.h"
  10 #include "sandbox/win/src/broker_services.h"
  11 #include "sandbox/win/src/ipc_tags.h"
  12 #include "sandbox/win/src/policy_engine_opcodes.h"
  13 #include "sandbox/win/src/policy_params.h"
  14 #include "sandbox/win/src/sandbox_types.h"
  15 #include "sandbox/win/src/sandbox_utils.h"
  16
  17 namespace sandbox {
  18
  19 bool HandlePolicy::GenerateRules(const wchar_t* type_name,
  20                                  TargetPolicy::Semantics semantics,
  21                                  LowLevelPolicy* policy) {
  22   PolicyRule duplicate_rule(ASK_BROKER);
  23
  24   switch (semantics) {
  25     case TargetPolicy::HANDLES_DUP_ANY: {
  26       if (!duplicate_rule.AddNumberMatch(IF_NOT, HandleTarget::TARGET,
  27                                          ::GetCurrentProcessId(), EQUAL)) {
  28         return false;
  29       }
  30       break;
  31     }
  32
  33     case TargetPolicy::HANDLES_DUP_BROKER: {
  34       if (!duplicate_rule.AddNumberMatch(IF, HandleTarget::TARGET,
  35                                          ::GetCurrentProcessId(), EQUAL)) {
  36         return false;
  37       }
  38       break;
  39     }
  40
  41     default:
  42      return false;
  43   }
  44   if (!duplicate_rule.AddStringMatch(IF, HandleTarget::NAME, type_name,
  45                                      CASE_INSENSITIVE)) {
  46     return false;
  47   }
  48   if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &duplicate_rule)) {
  49     return false;
  50   }
  51   return true;
  52 }
  53
  54 DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,
  55                                                const ClientInfo& client_info,
  56                                                HANDLE source_handle,
  57                                                DWORD target_process_id,
  58                                                HANDLE* target_handle,
  59                                                DWORD desired_access,
  60                                                DWORD options) {
  61   // The only action supported is ASK_BROKER which means duplicate the handle.
  62   if (ASK_BROKER != eval_result) {
  63     return ERROR_ACCESS_DENIED;
  64   }
  65
  66   base::win::ScopedHandle remote_target_process;
  67   if (target_process_id != ::GetCurrentProcessId()) {
  68     // Sandboxed children are dynamic, so we check that manually.
  69     if (!BrokerServicesBase::GetInstance()->IsActiveTarget(target_process_id)) {
  70       return ERROR_ACCESS_DENIED;
  71     }
  72
  73     remote_target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
  74                                             target_process_id));
  75     if (!remote_target_process.IsValid())
  76       return ::GetLastError();
  77   }
  78
  79   // If the policy didn't block us and we have no valid target, then the broker
  80   // (this process) is the valid target.
  81   HANDLE target_process = remote_target_process.IsValid() ?
  82                           remote_target_process.Get() : ::GetCurrentProcess();
  83   DWORD result = ERROR_SUCCESS;
  84   if (!::DuplicateHandle(client_info.process, source_handle, target_process,
  85                          target_handle, desired_access, FALSE,
  86                          options)) {
  87     return ::GetLastError();
  88   }
  89
  90   return ERROR_SUCCESS;
  91 }
  92
  93 }  // namespace sandbox
  94