1 files changed, 93 insertions, 0 deletions
diff --git a/security/sandbox/chromium/sandbox/win/src/handle_policy.cc b/security/sandbox/chromium/sandbox/win/src/handle_policy.cc
new file mode 100644
index 0000000000..fa3295ae3f
--- /dev/null
+++ b/security/sandbox/chromium/sandbox/win/src/handle_policy.cc
@@ -0,0 +1,93 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/win/src/handle_policy.h"
+
+#include <string>
+
+#include "base/win/scoped_handle.h"
+#include "sandbox/win/src/broker_services.h"
+#include "sandbox/win/src/ipc_tags.h"
+#include "sandbox/win/src/policy_engine_opcodes.h"
+#include "sandbox/win/src/policy_params.h"
+#include "sandbox/win/src/sandbox_types.h"
+#include "sandbox/win/src/sandbox_utils.h"
+
+namespace sandbox {
+
+bool HandlePolicy::GenerateRules(const wchar_t* type_name,
+                                 TargetPolicy::Semantics semantics,
+                                 LowLevelPolicy* policy) {
+  PolicyRule duplicate_rule(ASK_BROKER);
+
+  switch (semantics) {
+    case TargetPolicy::HANDLES_DUP_ANY: {
+      if (!duplicate_rule.AddNumberMatch(IF_NOT, HandleTarget::TARGET,
+                                         ::GetCurrentProcessId(), EQUAL)) {
+        return false;
+      }
+      break;
+    }
+
+    case TargetPolicy::HANDLES_DUP_BROKER: {
+      if (!duplicate_rule.AddNumberMatch(IF, HandleTarget::TARGET,
+                                         ::GetCurrentProcessId(), EQUAL)) {
+        return false;
+      }
+      break;
+    }
+
+    default:
+     return false;
+  }
+  if (!duplicate_rule.AddStringMatch(IF, HandleTarget::NAME, type_name,
+                                     CASE_INSENSITIVE)) {
+    return false;
+  }
+  if (!policy->AddRule(IpcTag::DUPLICATEHANDLEPROXY, &duplicate_rule)) {
+    return false;
+  }
+  return true;
+}
+
+DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,
+                                               HANDLE source_handle,
+                                               DWORD target_process_id,
+                                               HANDLE* target_handle,
+                                               DWORD desired_access,
+                                               DWORD options) {
+  // The only action supported is ASK_BROKER which means duplicate the handle.
+  if (ASK_BROKER != eval_result) {
+    return ERROR_ACCESS_DENIED;
+  }
+
+  base::win::ScopedHandle remote_target_process;
+  if (target_process_id != ::GetCurrentProcessId()) {
+    // Sandboxed children are dynamic, so we check that manually.
+    if (!BrokerServicesBase::GetInstance()->IsSafeDuplicationTarget(
+            target_process_id)) {
+      return ERROR_ACCESS_DENIED;
+    }
+
+    remote_target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
+                                            target_process_id));
+    if (!remote_target_process.IsValid())
+      return ::GetLastError();
+  }
+
+  // If the policy didn't block us and we have no valid target, then the broker
+  // (this process) is the valid target.
+  HANDLE target_process = remote_target_process.IsValid() ?
+                          remote_target_process.Get() : ::GetCurrentProcess();
+  if (!::DuplicateHandle(::GetCurrentProcess(), source_handle, target_process,
+                         target_handle, desired_access, FALSE,
+                         options)) {
+    return ::GetLastError();
+  }
+
+  return ERROR_SUCCESS;
+}
+
+}  // namespace sandbox
+