| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "sandbox/src/restricted_token_utils.h" | |
| 6 #include "sandbox/tools/finder/finder.h" | |
| 7 | |
| 8 #define PARAM_IS(y) (argc > i) && (_wcsicmp(argv[i], y) == 0) | |
| 9 | |
| 10 void PrintUsage(wchar_t *application_name) { | |
| 11 wprintf(L"\n\nUsage: \n %ls --token type --object ob1 [ob2 ob3] " | |
| 12 L"--access ac1 [ac2 ac3] [--log filename]", application_name); | |
| 13 wprintf(L"\n\n Token Types : \n\tLOCKDOWN \n\tRESTRICTED " | |
| 14 L"\n\tLIMITED_USER \n\tINTERACTIVE_USER \n\tNON_ADMIN \n\tUNPROTECTED"); | |
| 15 wprintf(L"\n Object Types: \n\tREG \n\tFILE \n\tKERNEL"); | |
| 16 wprintf(L"\n Access Types: \n\tR \n\tW \n\tALL"); | |
| 17 wprintf(L"\n\nSample: \n %ls --token LOCKDOWN --object REG FILE KERNEL " | |
| 18 L"--access R W ALL", application_name); | |
| 19 } | |
| 20 | |
| 21 int wmain(int argc, wchar_t* argv[]) { | |
| 22 // Extract the filename from the path. | |
| 23 wchar_t *app_name = wcsrchr(argv[0], L'\\'); | |
| 24 if (!app_name) { | |
| 25 app_name = argv[0]; | |
| 26 } else { | |
| 27 app_name++; | |
| 28 } | |
| 29 | |
| 30 // parameters to read | |
| 31 ATL::CString log_file; | |
| 32 sandbox::TokenLevel token_type = sandbox::USER_LOCKDOWN; | |
| 33 DWORD object_type = 0; | |
| 34 DWORD access_type = 0; | |
| 35 | |
| 36 // no arguments | |
| 37 if (argc == 1) { | |
| 38 PrintUsage(app_name); | |
| 39 return -1; | |
| 40 } | |
| 41 | |
| 42 // parse command line. | |
| 43 for (int i = 1; i < argc; ++i) { | |
| 44 if (PARAM_IS(L"--token")) { | |
| 45 i++; | |
| 46 if (argc > i) { | |
| 47 if (PARAM_IS(L"LOCKDOWN")) { | |
| 48 token_type = sandbox::USER_LOCKDOWN; | |
| 49 } else if (PARAM_IS(L"RESTRICTED")) { | |
| 50 token_type = sandbox::USER_RESTRICTED; | |
| 51 } else if (PARAM_IS(L"LIMITED_USER")) { | |
| 52 token_type = sandbox::USER_LIMITED; | |
| 53 } else if (PARAM_IS(L"INTERACTIVE_USER")) { | |
| 54 token_type = sandbox::USER_INTERACTIVE; | |
| 55 } else if (PARAM_IS(L"NON_ADMIN")) { | |
| 56 token_type = sandbox::USER_NON_ADMIN; | |
| 57 } else if (PARAM_IS(L"USER_RESTRICTED_SAME_ACCESS")) { | |
| 58 token_type = sandbox::USER_RESTRICTED_SAME_ACCESS; | |
| 59 } else if (PARAM_IS(L"UNPROTECTED")) { | |
| 60 token_type = sandbox::USER_UNPROTECTED; | |
| 61 } else { | |
| 62 wprintf(L"\nAbord. Invalid token type \"%ls\"", argv[i]); | |
| 63 PrintUsage(app_name); | |
| 64 return -1; | |
| 65 } | |
| 66 } | |
| 67 } else if (PARAM_IS(L"--object")) { | |
| 68 bool is_object = true; | |
| 69 do { | |
| 70 i++; | |
| 71 if (PARAM_IS(L"REG")) { | |
| 72 object_type |= kScanRegistry; | |
| 73 } else if (PARAM_IS(L"FILE")) { | |
| 74 object_type |= kScanFileSystem; | |
| 75 } else if (PARAM_IS(L"KERNEL")) { | |
| 76 object_type |= kScanKernelObjects; | |
| 77 } else { | |
| 78 is_object = false; | |
| 79 } | |
| 80 } while(is_object); | |
| 81 i--; | |
| 82 } else if (PARAM_IS(L"--access")) { | |
| 83 bool is_access = true; | |
| 84 do { | |
| 85 i++; | |
| 86 if (PARAM_IS(L"R")) { | |
| 87 access_type |= kTestForRead; | |
| 88 } else if (PARAM_IS(L"W")) { | |
| 89 access_type |= kTestForWrite; | |
| 90 } else if (PARAM_IS(L"ALL")) { | |
| 91 access_type |= kTestForAll; | |
| 92 } else { | |
| 93 is_access = false; | |
| 94 } | |
| 95 } while(is_access); | |
| 96 i--; | |
| 97 } else if (PARAM_IS(L"--log")) { | |
| 98 i++; | |
| 99 if (argc > i) { | |
| 100 log_file = argv[i]; | |
| 101 } | |
| 102 else { | |
| 103 wprintf(L"\nAbord. No log file specified"); | |
| 104 PrintUsage(app_name); | |
| 105 return -1; | |
| 106 } | |
| 107 } else { | |
| 108 wprintf(L"\nAbord. Unrecognized parameter \"%ls\"", argv[i]); | |
| 109 PrintUsage(app_name); | |
| 110 return -1; | |
| 111 } | |
| 112 } | |
| 113 | |
| 114 // validate parameters | |
| 115 if (0 == access_type) { | |
| 116 wprintf(L"\nAbord, Access type not specified"); | |
| 117 PrintUsage(app_name); | |
| 118 return -1; | |
| 119 } | |
| 120 | |
| 121 if (0 == object_type) { | |
| 122 wprintf(L"\nAbord, Object type not specified"); | |
| 123 PrintUsage(app_name); | |
| 124 return -1; | |
| 125 } | |
| 126 | |
| 127 | |
| 128 // Open log file | |
| 129 FILE * file_output; | |
| 130 if (log_file.GetLength()) { | |
| 131 errno_t err = _wfopen_s(&file_output, log_file, L"w"); | |
| 132 if (err) { | |
| 133 wprintf(L"\nAbord, Cannot open file \"%ls\"", log_file.GetBuffer()); | |
| 134 return -1; | |
| 135 } | |
| 136 } else { | |
| 137 file_output = stdout; | |
| 138 } | |
| 139 | |
| 140 Finder finder_obj; | |
| 141 finder_obj.Init(token_type, object_type, access_type, file_output); | |
| 142 finder_obj.Scan(); | |
| 143 | |
| 144 fclose(file_output); | |
| 145 | |
| 146 return 0; | |
| 147 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10689170:
Move the Windows sandbox to sandbox/win (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src