sandbox/win/src/sandbox_types.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SANDBOX_WIN_SRC_SANDBOX_TYPES_H_
#define SANDBOX_WIN_SRC_SANDBOX_TYPES_H_

#include "base/process/kill.h"
#include "base/process/launch.h"

namespace sandbox {

// Operation result codes returned by the sandbox API.
//
// Note: These codes are listed in a histogram and any new codes should be added
// at the end.
//
enum ResultCode : int {
  SBOX_ALL_OK = 0,
  // Error is originating on the win32 layer. Call GetlastError() for more
  // information.
  SBOX_ERROR_GENERIC = 1,
  // An invalid combination of parameters was given to the API.
  SBOX_ERROR_BAD_PARAMS = 2,
  // The desired operation is not supported at this time.
  SBOX_ERROR_UNSUPPORTED = 3,
  // The request requires more memory that allocated or available.
  SBOX_ERROR_NO_SPACE = 4,
  // The ipc service requested does not exist.
  SBOX_ERROR_INVALID_IPC = 5,
  // The ipc service did not complete.
  SBOX_ERROR_FAILED_IPC = 6,
  // The requested handle was not found.
  SBOX_ERROR_NO_HANDLE = 7,
  // This function was not expected to be called at this time.
  SBOX_ERROR_UNEXPECTED_CALL = 8,
  // WaitForAllTargets is already called.
  SBOX_ERROR_WAIT_ALREADY_CALLED = 9,
  // A channel error prevented DoCall from executing.
  SBOX_ERROR_CHANNEL_ERROR = 10,
  // Failed to create the alternate desktop.
  SBOX_ERROR_CANNOT_CREATE_DESKTOP = 11,
  // Failed to create the alternate window station.
  SBOX_ERROR_CANNOT_CREATE_WINSTATION = 12,
  // Failed to switch back to the interactive window station.
  SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION = 13,
  // The supplied AppContainer is not valid.
  SBOX_ERROR_INVALID_APP_CONTAINER = 14,
  // The supplied capability is not valid.
  SBOX_ERROR_INVALID_CAPABILITY = 15,
  // There is a failure initializing the AppContainer.
  SBOX_ERROR_CANNOT_INIT_APPCONTAINER = 16,
  // Initializing or updating ProcThreadAttributes failed.
  SBOX_ERROR_PROC_THREAD_ATTRIBUTES = 17,
  // Error in creating process.
  SBOX_ERROR_CREATE_PROCESS = 18,
  // Failure calling delegate PreSpawnTarget.
  SBOX_ERROR_DELEGATE_PRE_SPAWN = 19,
  // Could not assign process to job object.
  SBOX_ERROR_ASSIGN_PROCESS_TO_JOB_OBJECT = 20,
  // Could not assign process to job object.
  SBOX_ERROR_SET_THREAD_TOKEN = 21,
  // Could not get thread context of new process.
  SBOX_ERROR_GET_THREAD_CONTEXT = 22,
  // Could not duplicate target info of new process.
  SBOX_ERROR_DUPLICATE_TARGET_INFO = 23,
  // Could not set low box token.
  SBOX_ERROR_SET_LOW_BOX_TOKEN = 24,
  // Could not create file mapping for IPC dispatcher.
  SBOX_ERROR_CREATE_FILE_MAPPING = 25,
  // Could not duplicate shared section into target process for IPC dispatcher.
  SBOX_ERROR_DUPLICATE_SHARED_SECTION = 26,
  // Could not map view of shared memory in broker.
  SBOX_ERROR_MAP_VIEW_OF_SHARED_SECTION = 27,
  // Could not apply ASLR mitigations to target process.
  SBOX_ERROR_APPLY_ASLR_MITIGATIONS = 28,
  // Could not setup one of the required interception services.
  SBOX_ERROR_SETUP_BASIC_INTERCEPTIONS = 29,
  // Could not setup basic interceptions.
  SBOX_ERROR_SETUP_INTERCEPTION_SERVICE = 30,
  // Could not initialize interceptions. This usually means 3rd party software
  // is stomping on our hooks, or can sometimes mean the syscall format has
  // changed.
  SBOX_ERROR_INITIALIZE_INTERCEPTIONS = 31,
  // Could not setup the imports for ntdll in target process.
  SBOX_ERROR_SETUP_NTDLL_IMPORTS = 32,
  // Could not setup the handle closer in target process.
  SBOX_ERROR_SETUP_HANDLE_CLOSER = 33,
  // Cannot get the current Window Station.
  SBOX_ERROR_CANNOT_GET_WINSTATION = 34,
  // Cannot query the security attributes of the current Window Station.
  SBOX_ERROR_CANNOT_QUERY_WINSTATION_SECURITY = 35,
  // Cannot get the current Desktop.
  SBOX_ERROR_CANNOT_GET_DESKTOP = 36,
  // Cannot query the security attributes of the current Desktop.
  SBOX_ERROR_CANNOT_QUERY_DESKTOP_SECURITY = 37,
  // Cannot setup the interception manager config buffer.
  SBOX_ERROR_CANNOT_SETUP_INTERCEPTION_CONFIG_BUFFER = 38,
  // Cannot copy data to the child process.
  SBOX_ERROR_CANNOT_COPY_DATA_TO_CHILD = 39,
  // Cannot setup the interception thunk.
  SBOX_ERROR_CANNOT_SETUP_INTERCEPTION_THUNK = 40,
  // Cannot resolve the interception thunk.
  SBOX_ERROR_CANNOT_RESOLVE_INTERCEPTION_THUNK = 41,
  // Cannot write interception thunk to child process.
  SBOX_ERROR_CANNOT_WRITE_INTERCEPTION_THUNK = 42,
  // Cannot find the base address of the new process.
  SBOX_ERROR_CANNOT_FIND_BASE_ADDRESS = 43,
  // Placeholder for last item of the enum.
  SBOX_ERROR_LAST
};

// If the sandbox cannot create a secure environment for the target, the
// target will be forcibly terminated. These are the process exit codes.
enum TerminationCodes {
  SBOX_FATAL_INTEGRITY = 7006,        // Could not set the integrity level.
  SBOX_FATAL_DROPTOKEN = 7007,        // Could not lower the token.
  SBOX_FATAL_FLUSHANDLES = 7008,      // Failed to flush registry handles.
  SBOX_FATAL_CACHEDISABLE = 7009,     // Failed to forbid HCKU caching.
  SBOX_FATAL_CLOSEHANDLES = 7010,     // Failed to close pending handles.
  SBOX_FATAL_MITIGATION = 7011,       // Could not set the mitigation policy.
  SBOX_FATAL_MEMORY_EXCEEDED = 7012,  // Exceeded the job memory limit.
  SBOX_FATAL_WARMUP = 7013,           // Failed to warmup.
  SBOX_FATAL_LAST
};

static_assert(SBOX_FATAL_MEMORY_EXCEEDED ==
                  base::win::kSandboxFatalMemoryExceeded,
              "Value for SBOX_FATAL_MEMORY_EXCEEDED must match base.");

class BrokerServices;
class TargetServices;

// Contains the pointer to a target or broker service.
struct SandboxInterfaceInfo {
  BrokerServices* broker_services;
  TargetServices* target_services;
};

#if SANDBOX_EXPORTS
#define SANDBOX_INTERCEPT extern "C" __declspec(dllexport)
#else
#define SANDBOX_INTERCEPT extern "C"
#endif

enum InterceptionType {
  INTERCEPTION_INVALID = 0,
  INTERCEPTION_SERVICE_CALL,    // Trampoline of an NT native call
  INTERCEPTION_EAT,
  INTERCEPTION_SIDESTEP,        // Preamble patch
  INTERCEPTION_SMART_SIDESTEP,  // Preamble patch but bypass internal calls
  INTERCEPTION_UNLOAD_MODULE,   // Unload the module (don't patch)
  INTERCEPTION_LAST             // Placeholder for last item in the enumeration
};

}  // namespace sandbox

#endif  // SANDBOX_WIN_SRC_SANDBOX_TYPES_H_