1*bb4ee6a4SAndroid Build Coastguard Worker // Copyright 2022 The ChromiumOS Authors 2*bb4ee6a4SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*bb4ee6a4SAndroid Build Coastguard Worker // found in the LICENSE file. 4*bb4ee6a4SAndroid Build Coastguard Worker 5*bb4ee6a4SAndroid Build Coastguard Worker use crate::IntegrityLevel; 6*bb4ee6a4SAndroid Build Coastguard Worker use crate::JobLevel; 7*bb4ee6a4SAndroid Build Coastguard Worker use crate::Semantics; 8*bb4ee6a4SAndroid Build Coastguard Worker use crate::SubSystem; 9*bb4ee6a4SAndroid Build Coastguard Worker use crate::TokenLevel; 10*bb4ee6a4SAndroid Build Coastguard Worker use crate::JOB_OBJECT_UILIMIT_DESKTOP; 11*bb4ee6a4SAndroid Build Coastguard Worker use crate::JOB_OBJECT_UILIMIT_DISPLAYSETTINGS; 12*bb4ee6a4SAndroid Build Coastguard Worker use crate::JOB_OBJECT_UILIMIT_EXITWINDOWS; 13*bb4ee6a4SAndroid Build Coastguard Worker use crate::JOB_OBJECT_UILIMIT_READCLIPBOARD; 14*bb4ee6a4SAndroid Build Coastguard Worker use crate::JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS; 15*bb4ee6a4SAndroid Build Coastguard Worker use crate::JOB_OBJECT_UILIMIT_WRITECLIPBOARD; 16*bb4ee6a4SAndroid Build Coastguard Worker 17*bb4ee6a4SAndroid Build Coastguard Worker /// Policy struct for describing how a sandbox `TargetPolicy` should be 18*bb4ee6a4SAndroid Build Coastguard Worker /// constructed for a particular process. 19*bb4ee6a4SAndroid Build Coastguard Worker pub struct Policy { 20*bb4ee6a4SAndroid Build Coastguard Worker pub initial_token_level: TokenLevel, 21*bb4ee6a4SAndroid Build Coastguard Worker pub lockdown_token_level: TokenLevel, 22*bb4ee6a4SAndroid Build Coastguard Worker pub integrity_level: IntegrityLevel, 23*bb4ee6a4SAndroid Build Coastguard Worker pub delayed_integrity_level: IntegrityLevel, 24*bb4ee6a4SAndroid Build Coastguard Worker pub job_level: JobLevel, 25*bb4ee6a4SAndroid Build Coastguard Worker pub ui_exceptions: u32, 26*bb4ee6a4SAndroid Build Coastguard Worker pub alternate_desktop: bool, 27*bb4ee6a4SAndroid Build Coastguard Worker pub alternate_winstation: bool, 28*bb4ee6a4SAndroid Build Coastguard Worker pub exceptions: Vec<Rule>, 29*bb4ee6a4SAndroid Build Coastguard Worker pub dll_blocklist: Vec<String>, 30*bb4ee6a4SAndroid Build Coastguard Worker } 31*bb4ee6a4SAndroid Build Coastguard Worker 32*bb4ee6a4SAndroid Build Coastguard Worker /// Rule struct describing a sandbox rule that should be added to the 33*bb4ee6a4SAndroid Build Coastguard Worker /// `TargetPolicy`. 34*bb4ee6a4SAndroid Build Coastguard Worker pub struct Rule { 35*bb4ee6a4SAndroid Build Coastguard Worker pub subsystem: SubSystem, 36*bb4ee6a4SAndroid Build Coastguard Worker pub semantics: Semantics, 37*bb4ee6a4SAndroid Build Coastguard Worker pub pattern: String, 38*bb4ee6a4SAndroid Build Coastguard Worker } 39*bb4ee6a4SAndroid Build Coastguard Worker 40*bb4ee6a4SAndroid Build Coastguard Worker /// Policy for the main emulator process. 41*bb4ee6a4SAndroid Build Coastguard Worker pub const MAIN: Policy = Policy { 42*bb4ee6a4SAndroid Build Coastguard Worker // Token levels and integrity levels needed for access to hypervisor APIs. 43*bb4ee6a4SAndroid Build Coastguard Worker initial_token_level: TokenLevel::USER_RESTRICTED_SAME_ACCESS, 44*bb4ee6a4SAndroid Build Coastguard Worker lockdown_token_level: TokenLevel::USER_RESTRICTED_NON_ADMIN, 45*bb4ee6a4SAndroid Build Coastguard Worker integrity_level: IntegrityLevel::INTEGRITY_LEVEL_MEDIUM, 46*bb4ee6a4SAndroid Build Coastguard Worker // Needed for access to audio APIs. 47*bb4ee6a4SAndroid Build Coastguard Worker delayed_integrity_level: IntegrityLevel::INTEGRITY_LEVEL_LOW, 48*bb4ee6a4SAndroid Build Coastguard Worker // Needed for access to UI APIs. 49*bb4ee6a4SAndroid Build Coastguard Worker job_level: JobLevel::JOB_LIMITED_USER, 50*bb4ee6a4SAndroid Build Coastguard Worker ui_exceptions: JOB_OBJECT_UILIMIT_READCLIPBOARD | JOB_OBJECT_UILIMIT_WRITECLIPBOARD, 51*bb4ee6a4SAndroid Build Coastguard Worker // Needed to display window on main desktop. 52*bb4ee6a4SAndroid Build Coastguard Worker alternate_desktop: false, 53*bb4ee6a4SAndroid Build Coastguard Worker alternate_winstation: false, 54*bb4ee6a4SAndroid Build Coastguard Worker exceptions: vec![], 55*bb4ee6a4SAndroid Build Coastguard Worker dll_blocklist: vec![], 56*bb4ee6a4SAndroid Build Coastguard Worker }; 57*bb4ee6a4SAndroid Build Coastguard Worker 58*bb4ee6a4SAndroid Build Coastguard Worker /// Policy for the metrics process. 59*bb4ee6a4SAndroid Build Coastguard Worker pub const METRICS: Policy = Policy { 60*bb4ee6a4SAndroid Build Coastguard Worker // Needed for access to WinINet. 61*bb4ee6a4SAndroid Build Coastguard Worker initial_token_level: TokenLevel::USER_NON_ADMIN, 62*bb4ee6a4SAndroid Build Coastguard Worker lockdown_token_level: TokenLevel::USER_NON_ADMIN, 63*bb4ee6a4SAndroid Build Coastguard Worker integrity_level: IntegrityLevel::INTEGRITY_LEVEL_LOW, 64*bb4ee6a4SAndroid Build Coastguard Worker delayed_integrity_level: IntegrityLevel::INTEGRITY_LEVEL_LOW, 65*bb4ee6a4SAndroid Build Coastguard Worker job_level: JobLevel::JOB_LOCKDOWN, 66*bb4ee6a4SAndroid Build Coastguard Worker ui_exceptions: 0, 67*bb4ee6a4SAndroid Build Coastguard Worker alternate_desktop: true, 68*bb4ee6a4SAndroid Build Coastguard Worker alternate_winstation: true, 69*bb4ee6a4SAndroid Build Coastguard Worker exceptions: vec![], 70*bb4ee6a4SAndroid Build Coastguard Worker dll_blocklist: vec![], 71*bb4ee6a4SAndroid Build Coastguard Worker }; 72*bb4ee6a4SAndroid Build Coastguard Worker 73*bb4ee6a4SAndroid Build Coastguard Worker /// Policy for a block device process. 74*bb4ee6a4SAndroid Build Coastguard Worker pub const BLOCK: Policy = Policy { 75*bb4ee6a4SAndroid Build Coastguard Worker initial_token_level: TokenLevel::USER_RESTRICTED_NON_ADMIN, 76*bb4ee6a4SAndroid Build Coastguard Worker lockdown_token_level: TokenLevel::USER_LOCKDOWN, 77*bb4ee6a4SAndroid Build Coastguard Worker // INTEGRITY_LEVEL_MEDIUM needed to open disk file. 78*bb4ee6a4SAndroid Build Coastguard Worker integrity_level: IntegrityLevel::INTEGRITY_LEVEL_MEDIUM, 79*bb4ee6a4SAndroid Build Coastguard Worker delayed_integrity_level: IntegrityLevel::INTEGRITY_LEVEL_UNTRUSTED, 80*bb4ee6a4SAndroid Build Coastguard Worker job_level: JobLevel::JOB_LOCKDOWN, 81*bb4ee6a4SAndroid Build Coastguard Worker ui_exceptions: 0, 82*bb4ee6a4SAndroid Build Coastguard Worker alternate_desktop: true, 83*bb4ee6a4SAndroid Build Coastguard Worker alternate_winstation: true, 84*bb4ee6a4SAndroid Build Coastguard Worker exceptions: vec![], 85*bb4ee6a4SAndroid Build Coastguard Worker dll_blocklist: vec![], 86*bb4ee6a4SAndroid Build Coastguard Worker }; 87*bb4ee6a4SAndroid Build Coastguard Worker 88*bb4ee6a4SAndroid Build Coastguard Worker /// Policy for the network process. 89*bb4ee6a4SAndroid Build Coastguard Worker pub const NET: Policy = Policy { 90*bb4ee6a4SAndroid Build Coastguard Worker // Needed to connect to crash handler. 91*bb4ee6a4SAndroid Build Coastguard Worker initial_token_level: TokenLevel::USER_INTERACTIVE, 92*bb4ee6a4SAndroid Build Coastguard Worker lockdown_token_level: TokenLevel::USER_LOCKDOWN, 93*bb4ee6a4SAndroid Build Coastguard Worker // Process won't start below this level as loading ntdll will fail. 94*bb4ee6a4SAndroid Build Coastguard Worker integrity_level: IntegrityLevel::INTEGRITY_LEVEL_LOW, 95*bb4ee6a4SAndroid Build Coastguard Worker delayed_integrity_level: IntegrityLevel::INTEGRITY_LEVEL_UNTRUSTED, 96*bb4ee6a4SAndroid Build Coastguard Worker job_level: JobLevel::JOB_LOCKDOWN, 97*bb4ee6a4SAndroid Build Coastguard Worker ui_exceptions: 0, 98*bb4ee6a4SAndroid Build Coastguard Worker alternate_desktop: true, 99*bb4ee6a4SAndroid Build Coastguard Worker alternate_winstation: true, 100*bb4ee6a4SAndroid Build Coastguard Worker exceptions: vec![], 101*bb4ee6a4SAndroid Build Coastguard Worker dll_blocklist: vec![], 102*bb4ee6a4SAndroid Build Coastguard Worker }; 103*bb4ee6a4SAndroid Build Coastguard Worker 104*bb4ee6a4SAndroid Build Coastguard Worker /// Policy for the slirp process. 105*bb4ee6a4SAndroid Build Coastguard Worker pub const SLIRP: Policy = Policy { 106*bb4ee6a4SAndroid Build Coastguard Worker // Needed to connect to crash handler. 107*bb4ee6a4SAndroid Build Coastguard Worker initial_token_level: TokenLevel::USER_INTERACTIVE, 108*bb4ee6a4SAndroid Build Coastguard Worker // Needed for access to winsock. 109*bb4ee6a4SAndroid Build Coastguard Worker lockdown_token_level: TokenLevel::USER_LIMITED, 110*bb4ee6a4SAndroid Build Coastguard Worker // Needed for access to winsock. 111*bb4ee6a4SAndroid Build Coastguard Worker integrity_level: IntegrityLevel::INTEGRITY_LEVEL_LOW, 112*bb4ee6a4SAndroid Build Coastguard Worker delayed_integrity_level: IntegrityLevel::INTEGRITY_LEVEL_UNTRUSTED, 113*bb4ee6a4SAndroid Build Coastguard Worker job_level: JobLevel::JOB_LOCKDOWN, 114*bb4ee6a4SAndroid Build Coastguard Worker ui_exceptions: 0, 115*bb4ee6a4SAndroid Build Coastguard Worker alternate_desktop: true, 116*bb4ee6a4SAndroid Build Coastguard Worker alternate_winstation: true, 117*bb4ee6a4SAndroid Build Coastguard Worker exceptions: vec![], 118*bb4ee6a4SAndroid Build Coastguard Worker dll_blocklist: vec![], 119*bb4ee6a4SAndroid Build Coastguard Worker }; 120*bb4ee6a4SAndroid Build Coastguard Worker 121*bb4ee6a4SAndroid Build Coastguard Worker /// Policy for the GPU process. 122*bb4ee6a4SAndroid Build Coastguard Worker pub const GPU: Policy = Policy { 123*bb4ee6a4SAndroid Build Coastguard Worker initial_token_level: TokenLevel::USER_RESTRICTED_SAME_ACCESS, 124*bb4ee6a4SAndroid Build Coastguard Worker lockdown_token_level: TokenLevel::USER_RESTRICTED_NON_ADMIN, 125*bb4ee6a4SAndroid Build Coastguard Worker integrity_level: IntegrityLevel::INTEGRITY_LEVEL_MEDIUM, 126*bb4ee6a4SAndroid Build Coastguard Worker delayed_integrity_level: IntegrityLevel::INTEGRITY_LEVEL_LOW, 127*bb4ee6a4SAndroid Build Coastguard Worker // Needed for access to UI APIs. 128*bb4ee6a4SAndroid Build Coastguard Worker job_level: JobLevel::JOB_LIMITED_USER, 129*bb4ee6a4SAndroid Build Coastguard Worker // needed for copy and paste. READ_CLIPBOARD/WRITE_CLIPBOARD are already implicit in 130*bb4ee6a4SAndroid Build Coastguard Worker // JOB_LIMITED_USER. It's not clear why these are needed for copy&paste, but verified that 131*bb4ee6a4SAndroid Build Coastguard Worker // removing any one of these UILIMITS break paste into the emulator. 132*bb4ee6a4SAndroid Build Coastguard Worker ui_exceptions: JOB_OBJECT_UILIMIT_DESKTOP 133*bb4ee6a4SAndroid Build Coastguard Worker | JOB_OBJECT_UILIMIT_DISPLAYSETTINGS 134*bb4ee6a4SAndroid Build Coastguard Worker | JOB_OBJECT_UILIMIT_EXITWINDOWS 135*bb4ee6a4SAndroid Build Coastguard Worker | JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS, 136*bb4ee6a4SAndroid Build Coastguard Worker // Needed to display window on main desktop. 137*bb4ee6a4SAndroid Build Coastguard Worker alternate_desktop: false, 138*bb4ee6a4SAndroid Build Coastguard Worker alternate_winstation: false, 139*bb4ee6a4SAndroid Build Coastguard Worker exceptions: vec![], 140*bb4ee6a4SAndroid Build Coastguard Worker dll_blocklist: vec![], 141*bb4ee6a4SAndroid Build Coastguard Worker }; 142*bb4ee6a4SAndroid Build Coastguard Worker 143*bb4ee6a4SAndroid Build Coastguard Worker /// Policy for the sound process. 144*bb4ee6a4SAndroid Build Coastguard Worker pub const SND: Policy = Policy { 145*bb4ee6a4SAndroid Build Coastguard Worker // Needed for CoInitializeEx. 146*bb4ee6a4SAndroid Build Coastguard Worker initial_token_level: TokenLevel::USER_RESTRICTED_SAME_ACCESS, 147*bb4ee6a4SAndroid Build Coastguard Worker // Needed for subsequent CoCreateInstance requests. 148*bb4ee6a4SAndroid Build Coastguard Worker lockdown_token_level: TokenLevel::USER_RESTRICTED_NON_ADMIN, 149*bb4ee6a4SAndroid Build Coastguard Worker // Needed for access to audio APIs. 150*bb4ee6a4SAndroid Build Coastguard Worker integrity_level: IntegrityLevel::INTEGRITY_LEVEL_LOW, 151*bb4ee6a4SAndroid Build Coastguard Worker delayed_integrity_level: IntegrityLevel::INTEGRITY_LEVEL_LOW, 152*bb4ee6a4SAndroid Build Coastguard Worker job_level: JobLevel::JOB_LOCKDOWN, 153*bb4ee6a4SAndroid Build Coastguard Worker ui_exceptions: 0, 154*bb4ee6a4SAndroid Build Coastguard Worker alternate_desktop: true, 155*bb4ee6a4SAndroid Build Coastguard Worker alternate_winstation: true, 156*bb4ee6a4SAndroid Build Coastguard Worker exceptions: vec![], 157*bb4ee6a4SAndroid Build Coastguard Worker dll_blocklist: vec![], 158*bb4ee6a4SAndroid Build Coastguard Worker }; 159