1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef SANDBOX_WIN_SRC_BROKER_SERVICES_H_ 6#define SANDBOX_WIN_SRC_BROKER_SERVICES_H_ 7 8#include <list> 9#include <map> 10#include <set> 11#include <utility> 12#include "base/basictypes.h" 13#include "base/compiler_specific.h" 14#include "base/win/scoped_handle.h" 15#include "sandbox/win/src/crosscall_server.h" 16#include "sandbox/win/src/job.h" 17#include "sandbox/win/src/sandbox.h" 18#include "sandbox/win/src/sharedmem_ipc_server.h" 19#include "sandbox/win/src/win2k_threadpool.h" 20#include "sandbox/win/src/win_utils.h" 21 22namespace { 23 24struct JobTracker; 25struct PeerTracker; 26 27} // namespace 28 29namespace sandbox { 30 31class PolicyBase; 32 33// BrokerServicesBase --------------------------------------------------------- 34// Broker implementation version 0 35// 36// This is an implementation of the interface BrokerServices and 37// of the associated TargetProcess interface. In this implementation 38// TargetProcess is a friend of BrokerServices where the later manages a 39// collection of the former. 40class BrokerServicesBase FINAL : public BrokerServices, 41 public SingletonBase<BrokerServicesBase> { 42 public: 43 BrokerServicesBase(); 44 45 ~BrokerServicesBase(); 46 47 // BrokerServices interface. 48 virtual ResultCode Init() OVERRIDE; 49 virtual TargetPolicy* CreatePolicy() OVERRIDE; 50 virtual ResultCode SpawnTarget(const wchar_t* exe_path, 51 const wchar_t* command_line, 52 TargetPolicy* policy, 53 PROCESS_INFORMATION* target) OVERRIDE; 54 virtual ResultCode WaitForAllTargets() OVERRIDE; 55 virtual ResultCode AddTargetPeer(HANDLE peer_process) OVERRIDE; 56 virtual ResultCode InstallAppContainer(const wchar_t* sid, 57 const wchar_t* name) OVERRIDE; 58 virtual ResultCode UninstallAppContainer(const wchar_t* sid) OVERRIDE; 59 60 // Checks if the supplied process ID matches one of the broker's active 61 // target processes 62 // Returns: 63 // true if there is an active target process for this ID, otherwise false. 64 bool IsActiveTarget(DWORD process_id); 65 66 private: 67 // Releases the Job and notifies the associated Policy object to its 68 // resources as well. 69 static void FreeResources(JobTracker* tracker); 70 71 // The routine that the worker thread executes. It is in charge of 72 // notifications and cleanup-related tasks. 73 static DWORD WINAPI TargetEventsThread(PVOID param); 74 75 // Removes a target peer from the process list if it expires. 76 static VOID CALLBACK RemovePeer(PVOID parameter, BOOLEAN timeout); 77 78 // The completion port used by the job objects to communicate events to 79 // the worker thread. 80 HANDLE job_port_; 81 82 // Handle to a manual-reset event that is signaled when the total target 83 // process count reaches zero. 84 HANDLE no_targets_; 85 86 // Handle to the worker thread that reacts to job notifications. 87 HANDLE job_thread_; 88 89 // Lock used to protect the list of targets from being modified by 2 90 // threads at the same time. 91 CRITICAL_SECTION lock_; 92 93 // provides a pool of threads that are used to wait on the IPC calls. 94 ThreadProvider* thread_pool_; 95 96 // List of the trackers for closing and cleanup purposes. 97 typedef std::list<JobTracker*> JobTrackerList; 98 JobTrackerList tracker_list_; 99 100 // Maps peer process IDs to the saved handle and wait event. 101 // Prevents peer callbacks from accessing the broker after destruction. 102 typedef std::map<DWORD, PeerTracker*> PeerTrackerMap; 103 PeerTrackerMap peer_map_; 104 105 // Provides a fast lookup to identify sandboxed processes that belong to a 106 // job. Consult |jobless_process_handles_| for handles of pocess without job. 107 std::set<DWORD> child_process_ids_; 108 109 typedef std::map<uint32_t, std::pair<HANDLE, HANDLE>> TokenCacheMap; 110 TokenCacheMap token_cache_; 111 112 DISALLOW_COPY_AND_ASSIGN(BrokerServicesBase); 113}; 114 115} // namespace sandbox 116 117 118#endif // SANDBOX_WIN_SRC_BROKER_SERVICES_H_ 119