• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1  // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2  // Use of this source code is governed by a BSD-style license that can be
3  // found in the LICENSE file.
4  
5  #ifndef SANDBOX_WIN_SRC_SANDBOX_TYPES_H_
6  #define SANDBOX_WIN_SRC_SANDBOX_TYPES_H_
7  
8  #include "base/process/launch.h"
9  
10  namespace sandbox {
11  
12  // Operation result codes returned by the sandbox API.
13  //
14  // Note: These codes are listed in a histogram and any new codes should be added
15  // at the end.
16  //
17  enum ResultCode : int {
18    SBOX_ALL_OK = 0,
19    // Error is originating on the win32 layer. Call GetlastError() for more
20    // information.
21    SBOX_ERROR_GENERIC = 1,
22    // An invalid combination of parameters was given to the API.
23    SBOX_ERROR_BAD_PARAMS = 2,
24    // The desired operation is not supported at this time.
25    SBOX_ERROR_UNSUPPORTED = 3,
26    // The request requires more memory that allocated or available.
27    SBOX_ERROR_NO_SPACE = 4,
28    // The ipc service requested does not exist.
29    SBOX_ERROR_INVALID_IPC = 5,
30    // The ipc service did not complete.
31    SBOX_ERROR_FAILED_IPC = 6,
32    // The requested handle was not found.
33    SBOX_ERROR_NO_HANDLE = 7,
34    // This function was not expected to be called at this time.
35    SBOX_ERROR_UNEXPECTED_CALL = 8,
36    // WaitForAllTargets is already called.
37    SBOX_ERROR_WAIT_ALREADY_CALLED = 9,
38    // A channel error prevented DoCall from executing.
39    SBOX_ERROR_CHANNEL_ERROR = 10,
40    // Failed to create the alternate desktop.
41    SBOX_ERROR_CANNOT_CREATE_DESKTOP = 11,
42    // Failed to create the alternate window station.
43    SBOX_ERROR_CANNOT_CREATE_WINSTATION = 12,
44    // Failed to switch back to the interactive window station.
45    SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION = 13,
46    // The supplied AppContainer is not valid.
47    SBOX_ERROR_INVALID_APP_CONTAINER = 14,
48    // The supplied capability is not valid.
49    SBOX_ERROR_INVALID_CAPABILITY = 15,
50    // There is a failure initializing the AppContainer.
51    SBOX_ERROR_CANNOT_INIT_APPCONTAINER = 16,
52    // Initializing or updating ProcThreadAttributes failed.
53    SBOX_ERROR_PROC_THREAD_ATTRIBUTES = 17,
54    // Error in creating process.
55    SBOX_ERROR_CREATE_PROCESS = 18,
56    // Failure calling delegate PreSpawnTarget.
57    SBOX_ERROR_DELEGATE_PRE_SPAWN = 19,
58    // Could not assign process to job object.
59    SBOX_ERROR_ASSIGN_PROCESS_TO_JOB_OBJECT = 20,
60    // Could not assign process to job object.
61    SBOX_ERROR_SET_THREAD_TOKEN = 21,
62    // Could not get thread context of new process.
63    SBOX_ERROR_GET_THREAD_CONTEXT = 22,
64    // Could not duplicate target info of new process.
65    SBOX_ERROR_DUPLICATE_TARGET_INFO = 23,
66    // Could not set low box token.
67    SBOX_ERROR_SET_LOW_BOX_TOKEN = 24,
68    // Could not create file mapping for IPC dispatcher.
69    SBOX_ERROR_CREATE_FILE_MAPPING = 25,
70    // Could not duplicate shared section into target process for IPC dispatcher.
71    SBOX_ERROR_DUPLICATE_SHARED_SECTION = 26,
72    // Could not map view of shared memory in broker.
73    SBOX_ERROR_MAP_VIEW_OF_SHARED_SECTION = 27,
74    // Could not apply ASLR mitigations to target process.
75    SBOX_ERROR_APPLY_ASLR_MITIGATIONS = 28,
76    // Could not setup one of the required interception services.
77    SBOX_ERROR_SETUP_BASIC_INTERCEPTIONS = 29,
78    // Could not setup basic interceptions.
79    SBOX_ERROR_SETUP_INTERCEPTION_SERVICE = 30,
80    // Could not initialize interceptions. This usually means 3rd party software
81    // is stomping on our hooks, or can sometimes mean the syscall format has
82    // changed.
83    SBOX_ERROR_INITIALIZE_INTERCEPTIONS = 31,
84    // Could not setup the imports for ntdll in target process.
85    SBOX_ERROR_SETUP_NTDLL_IMPORTS = 32,
86    // Could not setup the handle closer in target process.
87    SBOX_ERROR_SETUP_HANDLE_CLOSER = 33,
88    // Cannot get the current Window Station.
89    SBOX_ERROR_CANNOT_GET_WINSTATION = 34,
90    // Cannot query the security attributes of the current Window Station.
91    SBOX_ERROR_CANNOT_QUERY_WINSTATION_SECURITY = 35,
92    // Cannot get the current Desktop.
93    SBOX_ERROR_CANNOT_GET_DESKTOP = 36,
94    // Cannot query the security attributes of the current Desktop.
95    SBOX_ERROR_CANNOT_QUERY_DESKTOP_SECURITY = 37,
96    // Cannot setup the interception manager config buffer.
97    SBOX_ERROR_CANNOT_SETUP_INTERCEPTION_CONFIG_BUFFER = 38,
98    // Cannot copy data to the child process.
99    SBOX_ERROR_CANNOT_COPY_DATA_TO_CHILD = 39,
100    // Cannot setup the interception thunk.
101    SBOX_ERROR_CANNOT_SETUP_INTERCEPTION_THUNK = 40,
102    // Cannot resolve the interception thunk.
103    SBOX_ERROR_CANNOT_RESOLVE_INTERCEPTION_THUNK = 41,
104    // Cannot write interception thunk to child process.
105    SBOX_ERROR_CANNOT_WRITE_INTERCEPTION_THUNK = 42,
106    // Placeholder for last item of the enum.
107    SBOX_ERROR_LAST
108  };
109  
110  // If the sandbox cannot create a secure environment for the target, the
111  // target will be forcibly terminated. These are the process exit codes.
112  enum TerminationCodes {
113    SBOX_FATAL_INTEGRITY = 7006,        // Could not set the integrity level.
114    SBOX_FATAL_DROPTOKEN = 7007,        // Could not lower the token.
115    SBOX_FATAL_FLUSHANDLES = 7008,      // Failed to flush registry handles.
116    SBOX_FATAL_CACHEDISABLE = 7009,     // Failed to forbid HCKU caching.
117    SBOX_FATAL_CLOSEHANDLES = 7010,     // Failed to close pending handles.
118    SBOX_FATAL_MITIGATION = 7011,       // Could not set the mitigation policy.
119    SBOX_FATAL_MEMORY_EXCEEDED = 7012,  // Exceeded the job memory limit.
120    SBOX_FATAL_WARMUP = 7013,           // Failed to warmup.
121    SBOX_FATAL_LAST
122  };
123  
124  class BrokerServices;
125  class TargetServices;
126  
127  // Contains the pointer to a target or broker service.
128  struct SandboxInterfaceInfo {
129    BrokerServices* broker_services;
130    TargetServices* target_services;
131  };
132  
133  #if SANDBOX_EXPORTS
134  #define SANDBOX_INTERCEPT extern "C" __declspec(dllexport)
135  #else
136  #define SANDBOX_INTERCEPT extern "C"
137  #endif
138  
139  enum InterceptionType {
140    INTERCEPTION_INVALID = 0,
141    INTERCEPTION_SERVICE_CALL,    // Trampoline of an NT native call
142    INTERCEPTION_EAT,
143    INTERCEPTION_SIDESTEP,        // Preamble patch
144    INTERCEPTION_SMART_SIDESTEP,  // Preamble patch but bypass internal calls
145    INTERCEPTION_UNLOAD_MODULE,   // Unload the module (don't patch)
146    INTERCEPTION_LAST             // Placeholder for last item in the enumeration
147  };
148  
149  }  // namespace sandbox
150  
151  #endif  // SANDBOX_WIN_SRC_SANDBOX_TYPES_H_
152