15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef SANDBOX_WIN_SRC_TARGET_PROCESS_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SANDBOX_WIN_SRC_TARGET_PROCESS_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <windows.h> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/basictypes.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/win/scoped_handle.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/win/scoped_process_information.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/crosscall_server.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/sandbox_types.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace base { 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace win { 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class StartupInformation; 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; // namespace win 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; // namespace base 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sandbox { 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class AttributeList; 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class SharedMemIPCServer; 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class ThreadProvider; 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// TargetProcess models a target instance (child process). Objects of this 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// class are owned by the Policy used to create them. 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class TargetProcess { 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The constructor takes ownership of |initial_token| and |lockdown_token|. 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TargetProcess(HANDLE initial_token, HANDLE lockdown_token, HANDLE job, 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ThreadProvider* thread_pool); 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ~TargetProcess(); 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // TODO(cpu): Currently there does not seem to be a reason to implement 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // reference counting for this class since is internal, but kept the 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the same interface so the interception framework does not need to be 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // touched at this point. 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void AddRef() {} 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void Release() {} 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Creates the new target process. The process is created suspended. 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD Create(const wchar_t* exe_path, 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const wchar_t* command_line, 502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool inherit_handles, 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::win::StartupInformation& startup_info, 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::win::ScopedProcessInformation* target_info); 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Destroys the target process. 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void Terminate(); 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Creates the IPC objects such as the BrokerDispatcher and the 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // IPC server. The IPC server uses the services of the thread_pool. 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD Init(Dispatcher* ipc_dispatcher, void* policy, 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32 shared_IPC_size, uint32 shared_policy_size); 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns the handle to the target process. 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE Process() const { 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sandbox_process_info_.process_handle(); 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns the handle to the job object that the target process belongs to. 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE Job() const { 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return job_; 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns the address of the target main exe. This is used by the 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // interceptions framework. 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HMODULE MainModule() const { 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return reinterpret_cast<HMODULE>(base_address_); 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns the name of the executable. 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const wchar_t* Name() const { 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return exe_name_.get(); 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns the process id. 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD ProcessId() const { 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sandbox_process_info_.process_id(); 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns the handle to the main thread. 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE MainThread() const { 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sandbox_process_info_.thread_handle(); 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Transfers a 32-bit variable between the broker and the target. 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ResultCode TransferVariable(const char* name, void* address, size_t size); 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Details of the target process. 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::win::ScopedProcessInformation sandbox_process_info_; 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The token associated with the process. It provides the core of the 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // sbox security. 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::win::ScopedHandle lockdown_token_; 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The token given to the initial thread so that the target process can 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // start. It has more powers than the lockdown_token. 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::win::ScopedHandle initial_token_; 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Kernel handle to the shared memory used by the IPC server. 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::win::ScopedHandle shared_section_; 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Job object containing the target process. 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE job_; 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Reference to the IPC subsystem. 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SharedMemIPCServer> ipc_server_; 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Provides the threads used by the IPC. This class does not own this pointer. 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ThreadProvider* thread_pool_; 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Base address of the main executable 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void* base_address_; 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Full name of the target executable. 116a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) scoped_ptr<wchar_t, base::FreeDeleter> exe_name_; 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Function used for testing. 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) friend TargetProcess* MakeTestTargetProcess(HANDLE process, 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HMODULE base_address); 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DISALLOW_IMPLICIT_CONSTRUCTORS(TargetProcess); 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Creates a mock TargetProcess used for testing interceptions. 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// TODO(cpu): It seems that this method is not going to be used anymore. 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address); 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace sandbox 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // SANDBOX_WIN_SRC_TARGET_PROCESS_H_ 133