1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef SANDBOX_WIN_SRC_TARGET_PROCESS_H_
6#define SANDBOX_WIN_SRC_TARGET_PROCESS_H_
7
8#include <windows.h>
9
10#include "base/basictypes.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/win/scoped_handle.h"
13#include "base/win/scoped_process_information.h"
14#include "sandbox/win/src/crosscall_server.h"
15#include "sandbox/win/src/sandbox_types.h"
16
17namespace base {
18namespace win {
19
20class StartupInformation;
21
22};  // namespace win
23};  // namespace base
24
25namespace sandbox {
26
27class AttributeList;
28class SharedMemIPCServer;
29class ThreadProvider;
30
31// TargetProcess models a target instance (child process). Objects of this
32// class are owned by the Policy used to create them.
33class TargetProcess {
34 public:
35  // The constructor takes ownership of |initial_token| and |lockdown_token|.
36  TargetProcess(HANDLE initial_token, HANDLE lockdown_token, HANDLE job,
37                ThreadProvider* thread_pool);
38  ~TargetProcess();
39
40  // TODO(cpu): Currently there does not seem to be a reason to implement
41  // reference counting for this class since is internal, but kept the
42  // the same interface so the interception framework does not need to be
43  // touched at this point.
44  void AddRef() {}
45  void Release() {}
46
47  // Creates the new target process. The process is created suspended.
48  DWORD Create(const wchar_t* exe_path,
49               const wchar_t* command_line,
50               bool inherit_handles,
51               const base::win::StartupInformation& startup_info,
52               base::win::ScopedProcessInformation* target_info);
53
54  // Destroys the target process.
55  void Terminate();
56
57  // Creates the IPC objects such as the BrokerDispatcher and the
58  // IPC server. The IPC server uses the services of the thread_pool.
59  DWORD Init(Dispatcher* ipc_dispatcher, void* policy,
60             uint32 shared_IPC_size, uint32 shared_policy_size);
61
62  // Returns the handle to the target process.
63  HANDLE Process() const {
64    return sandbox_process_info_.process_handle();
65  }
66
67  // Returns the handle to the job object that the target process belongs to.
68  HANDLE Job() const {
69    return job_;
70  }
71
72  // Returns the address of the target main exe. This is used by the
73  // interceptions framework.
74  HMODULE MainModule() const {
75    return reinterpret_cast<HMODULE>(base_address_);
76  }
77
78  // Returns the name of the executable.
79  const wchar_t* Name() const {
80    return exe_name_.get();
81  }
82
83  // Returns the process id.
84  DWORD ProcessId() const {
85    return sandbox_process_info_.process_id();
86  }
87
88  // Returns the handle to the main thread.
89  HANDLE MainThread() const {
90    return sandbox_process_info_.thread_handle();
91  }
92
93  // Transfers a 32-bit variable between the broker and the target.
94  ResultCode TransferVariable(const char* name, void* address, size_t size);
95
96 private:
97  // Details of the target process.
98  base::win::ScopedProcessInformation sandbox_process_info_;
99  // The token associated with the process. It provides the core of the
100  // sbox security.
101  base::win::ScopedHandle lockdown_token_;
102  // The token given to the initial thread so that the target process can
103  // start. It has more powers than the lockdown_token.
104  base::win::ScopedHandle initial_token_;
105  // Kernel handle to the shared memory used by the IPC server.
106  base::win::ScopedHandle shared_section_;
107  // Job object containing the target process.
108  HANDLE job_;
109  // Reference to the IPC subsystem.
110  scoped_ptr<SharedMemIPCServer> ipc_server_;
111  // Provides the threads used by the IPC. This class does not own this pointer.
112  ThreadProvider* thread_pool_;
113  // Base address of the main executable
114  void* base_address_;
115  // Full name of the target executable.
116  scoped_ptr<wchar_t, base::FreeDeleter> exe_name_;
117
118  // Function used for testing.
119  friend TargetProcess* MakeTestTargetProcess(HANDLE process,
120                                              HMODULE base_address);
121
122  DISALLOW_IMPLICIT_CONSTRUCTORS(TargetProcess);
123};
124
125// Creates a mock TargetProcess used for testing interceptions.
126// TODO(cpu): It seems that this method is not going to be used anymore.
127TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address);
128
129
130}  // namespace sandbox
131
132#endif  // SANDBOX_WIN_SRC_TARGET_PROCESS_H_
133