15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef SANDBOX_SRC_PROCESS_THREAD_POLICY_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SANDBOX_SRC_PROCESS_THREAD_POLICY_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/policy_low_level.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/basictypes.h" 135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/strings/string16.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/crosscall_server.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/sandbox_policy.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sandbox { 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)enum EvalResult; 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This class centralizes most of the knowledge related to process execution. 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class ProcessPolicy { 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Creates the required low-level policy rules to evaluate a high-level. 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // policy rule for process creation 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 'name' is the executable to be spawn. 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 'semantics' is the desired semantics. 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 'policy' is the policy generator to which the rules are going to be added. 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static bool GenerateRules(const wchar_t* name, 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TargetPolicy::Semantics semantics, 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LowLevelPolicy* policy); 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Opens a thread from the child process and returns the handle. 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // client_info contains the information about the child process, 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // desired_access is the access requested by the child and thread_id 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // is the thread_id to be opened. 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The function returns the return value of NtOpenThread. 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static NTSTATUS OpenThreadAction(const ClientInfo& client_info, 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32 desired_access, 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32 thread_id, 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE* handle); 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Opens the process id passed in and returns the duplicated handle to 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the child. We only allow the child processes to open themselves. Any other 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // pid open is denied. 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static NTSTATUS OpenProcessAction(const ClientInfo& client_info, 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32 desired_access, 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32 process_id, 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE* handle); 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Opens the token associated with the process and returns the duplicated 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // handle to the child. We only allow the child processes to open his own 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // token (using ::GetCurrentProcess()). 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static NTSTATUS OpenProcessTokenAction(const ClientInfo& client_info, 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE process, 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32 desired_access, 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE* handle); 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Opens the token associated with the process and returns the duplicated 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // handle to the child. We only allow the child processes to open his own 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // token (using ::GetCurrentProcess()). 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static NTSTATUS OpenProcessTokenExAction(const ClientInfo& client_info, 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE process, 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32 desired_access, 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uint32 attributes, 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE* handle); 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Processes a 'CreateProcessW()' request from the target. 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 'client_info' : the target process that is making the request. 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 'eval_result' : The desired policy action to accomplish. 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 'app_name' : The full path of the process to be created. 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 'command_line' : The command line passed to the created process. 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static DWORD CreateProcessWAction(EvalResult eval_result, 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ClientInfo& client_info, 755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const base::string16 &app_name, 765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const base::string16 &command_line, 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PROCESS_INFORMATION* process_info); 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace sandbox 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // SANDBOX_SRC_PROCESS_THREAD_POLICY_H_ 84