| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 | 6 |
| 7 #include "sandbox/win/src/filesystem_policy.h" | 7 #include "sandbox/win/src/filesystem_policy.h" |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/win/scoped_handle.h" | 10 #include "base/win/scoped_handle.h" |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 54 return STATUS_SUCCESS; | 54 return STATUS_SUCCESS; |
| 55 } | 55 } |
| 56 | 56 |
| 57 } // namespace. | 57 } // namespace. |
| 58 | 58 |
| 59 namespace sandbox { | 59 namespace sandbox { |
| 60 | 60 |
| 61 bool FileSystemPolicy::GenerateRules(const wchar_t* name, | 61 bool FileSystemPolicy::GenerateRules(const wchar_t* name, |
| 62 TargetPolicy::Semantics semantics, | 62 TargetPolicy::Semantics semantics, |
| 63 LowLevelPolicy* policy) { | 63 LowLevelPolicy* policy) { |
| 64 std::wstring mod_name(name); | 64 base::string16 mod_name(name); |
| 65 if (mod_name.empty()) { | 65 if (mod_name.empty()) { |
| 66 return false; | 66 return false; |
| 67 } | 67 } |
| 68 | 68 |
| 69 // Don't do any pre-processing if the name starts like the the native | 69 // Don't do any pre-processing if the name starts like the the native |
| 70 // object manager style. | 70 // object manager style. |
| 71 if (0 != _wcsnicmp(mod_name.c_str(), kNTObjManPrefix, kNTObjManPrefixLen)) { | 71 if (0 != _wcsnicmp(mod_name.c_str(), kNTObjManPrefix, kNTObjManPrefixLen)) { |
| 72 // TODO(cpu) bug 32224: This prefix add is a hack because we don't have the | 72 // TODO(cpu) bug 32224: This prefix add is a hack because we don't have the |
| 73 // infrastructure to normalize names. In any case we need to escape the | 73 // infrastructure to normalize names. In any case we need to escape the |
| 74 // question marks. | 74 // question marks. |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 222 return false; | 222 return false; |
| 223 | 223 |
| 224 if (!policy->AddRule(IPC_NTSETINFO_RENAME_TAG, &short_name)) | 224 if (!policy->AddRule(IPC_NTSETINFO_RENAME_TAG, &short_name)) |
| 225 return false; | 225 return false; |
| 226 | 226 |
| 227 return true; | 227 return true; |
| 228 } | 228 } |
| 229 | 229 |
| 230 bool FileSystemPolicy::CreateFileAction(EvalResult eval_result, | 230 bool FileSystemPolicy::CreateFileAction(EvalResult eval_result, |
| 231 const ClientInfo& client_info, | 231 const ClientInfo& client_info, |
| 232 const std::wstring &file, | 232 const base::string16 &file, |
| 233 uint32 attributes, | 233 uint32 attributes, |
| 234 uint32 desired_access, | 234 uint32 desired_access, |
| 235 uint32 file_attributes, | 235 uint32 file_attributes, |
| 236 uint32 share_access, | 236 uint32 share_access, |
| 237 uint32 create_disposition, | 237 uint32 create_disposition, |
| 238 uint32 create_options, | 238 uint32 create_options, |
| 239 HANDLE *handle, | 239 HANDLE *handle, |
| 240 NTSTATUS* nt_status, | 240 NTSTATUS* nt_status, |
| 241 ULONG_PTR *io_information) { | 241 ULONG_PTR *io_information) { |
| 242 // The only action supported is ASK_BROKER which means create the requested | 242 // The only action supported is ASK_BROKER which means create the requested |
| (...skipping 10 matching lines...) Expand all Loading... |
| 253 &io_block, file_attributes, share_access, | 253 &io_block, file_attributes, share_access, |
| 254 create_disposition, create_options, NULL, | 254 create_disposition, create_options, NULL, |
| 255 0, client_info.process); | 255 0, client_info.process); |
| 256 | 256 |
| 257 *io_information = io_block.Information; | 257 *io_information = io_block.Information; |
| 258 return true; | 258 return true; |
| 259 } | 259 } |
| 260 | 260 |
| 261 bool FileSystemPolicy::OpenFileAction(EvalResult eval_result, | 261 bool FileSystemPolicy::OpenFileAction(EvalResult eval_result, |
| 262 const ClientInfo& client_info, | 262 const ClientInfo& client_info, |
| 263 const std::wstring &file, | 263 const base::string16 &file, |
| 264 uint32 attributes, | 264 uint32 attributes, |
| 265 uint32 desired_access, | 265 uint32 desired_access, |
| 266 uint32 share_access, | 266 uint32 share_access, |
| 267 uint32 open_options, | 267 uint32 open_options, |
| 268 HANDLE *handle, | 268 HANDLE *handle, |
| 269 NTSTATUS* nt_status, | 269 NTSTATUS* nt_status, |
| 270 ULONG_PTR *io_information) { | 270 ULONG_PTR *io_information) { |
| 271 // The only action supported is ASK_BROKER which means open the requested | 271 // The only action supported is ASK_BROKER which means open the requested |
| 272 // file as specified. | 272 // file as specified. |
| 273 if (ASK_BROKER != eval_result) { | 273 if (ASK_BROKER != eval_result) { |
| (...skipping 11 matching lines...) Expand all Loading... |
| 285 open_options, NULL, 0, | 285 open_options, NULL, 0, |
| 286 client_info.process); | 286 client_info.process); |
| 287 | 287 |
| 288 *io_information = io_block.Information; | 288 *io_information = io_block.Information; |
| 289 return true; | 289 return true; |
| 290 } | 290 } |
| 291 | 291 |
| 292 bool FileSystemPolicy::QueryAttributesFileAction( | 292 bool FileSystemPolicy::QueryAttributesFileAction( |
| 293 EvalResult eval_result, | 293 EvalResult eval_result, |
| 294 const ClientInfo& client_info, | 294 const ClientInfo& client_info, |
| 295 const std::wstring &file, | 295 const base::string16 &file, |
| 296 uint32 attributes, | 296 uint32 attributes, |
| 297 FILE_BASIC_INFORMATION* file_info, | 297 FILE_BASIC_INFORMATION* file_info, |
| 298 NTSTATUS* nt_status) { | 298 NTSTATUS* nt_status) { |
| 299 // The only action supported is ASK_BROKER which means query the requested | 299 // The only action supported is ASK_BROKER which means query the requested |
| 300 // file as specified. | 300 // file as specified. |
| 301 if (ASK_BROKER != eval_result) { | 301 if (ASK_BROKER != eval_result) { |
| 302 *nt_status = STATUS_ACCESS_DENIED; | 302 *nt_status = STATUS_ACCESS_DENIED; |
| 303 return true; | 303 return true; |
| 304 } | 304 } |
| 305 | 305 |
| 306 NtQueryAttributesFileFunction NtQueryAttributesFile = NULL; | 306 NtQueryAttributesFileFunction NtQueryAttributesFile = NULL; |
| 307 ResolveNTFunctionPtr("NtQueryAttributesFile", &NtQueryAttributesFile); | 307 ResolveNTFunctionPtr("NtQueryAttributesFile", &NtQueryAttributesFile); |
| 308 | 308 |
| 309 UNICODE_STRING uni_name = {0}; | 309 UNICODE_STRING uni_name = {0}; |
| 310 OBJECT_ATTRIBUTES obj_attributes = {0}; | 310 OBJECT_ATTRIBUTES obj_attributes = {0}; |
| 311 InitObjectAttribs(file, attributes, NULL, &obj_attributes, &uni_name); | 311 InitObjectAttribs(file, attributes, NULL, &obj_attributes, &uni_name); |
| 312 *nt_status = NtQueryAttributesFile(&obj_attributes, file_info); | 312 *nt_status = NtQueryAttributesFile(&obj_attributes, file_info); |
| 313 | 313 |
| 314 return true; | 314 return true; |
| 315 } | 315 } |
| 316 | 316 |
| 317 bool FileSystemPolicy::QueryFullAttributesFileAction( | 317 bool FileSystemPolicy::QueryFullAttributesFileAction( |
| 318 EvalResult eval_result, | 318 EvalResult eval_result, |
| 319 const ClientInfo& client_info, | 319 const ClientInfo& client_info, |
| 320 const std::wstring &file, | 320 const base::string16 &file, |
| 321 uint32 attributes, | 321 uint32 attributes, |
| 322 FILE_NETWORK_OPEN_INFORMATION* file_info, | 322 FILE_NETWORK_OPEN_INFORMATION* file_info, |
| 323 NTSTATUS* nt_status) { | 323 NTSTATUS* nt_status) { |
| 324 // The only action supported is ASK_BROKER which means query the requested | 324 // The only action supported is ASK_BROKER which means query the requested |
| 325 // file as specified. | 325 // file as specified. |
| 326 if (ASK_BROKER != eval_result) { | 326 if (ASK_BROKER != eval_result) { |
| 327 *nt_status = STATUS_ACCESS_DENIED; | 327 *nt_status = STATUS_ACCESS_DENIED; |
| 328 return true; | 328 return true; |
| 329 } | 329 } |
| 330 | 330 |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 365 base::win::ScopedHandle handle(local_handle); | 365 base::win::ScopedHandle handle(local_handle); |
| 366 | 366 |
| 367 FILE_INFORMATION_CLASS file_info_class = | 367 FILE_INFORMATION_CLASS file_info_class = |
| 368 static_cast<FILE_INFORMATION_CLASS>(info_class); | 368 static_cast<FILE_INFORMATION_CLASS>(info_class); |
| 369 *nt_status = NtSetInformationFile(local_handle, io_block, file_info, length, | 369 *nt_status = NtSetInformationFile(local_handle, io_block, file_info, length, |
| 370 file_info_class); | 370 file_info_class); |
| 371 | 371 |
| 372 return true; | 372 return true; |
| 373 } | 373 } |
| 374 | 374 |
| 375 bool PreProcessName(const std::wstring& path, std::wstring* new_path) { | 375 bool PreProcessName(const base::string16& path, base::string16* new_path) { |
| 376 ConvertToLongPath(path, new_path); | 376 ConvertToLongPath(path, new_path); |
| 377 | 377 |
| 378 bool reparsed = false; | 378 bool reparsed = false; |
| 379 if (ERROR_SUCCESS != IsReparsePoint(*new_path, &reparsed)) | 379 if (ERROR_SUCCESS != IsReparsePoint(*new_path, &reparsed)) |
| 380 return false; | 380 return false; |
| 381 | 381 |
| 382 // We can't process reparsed file. | 382 // We can't process reparsed file. |
| 383 return !reparsed; | 383 return !reparsed; |
| 384 } | 384 } |
| 385 | 385 |
| 386 } // namespace sandbox | 386 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 109843003:
Replace wstring with string16 in sandbox (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src