OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
114 L"smumhook.dll", // Spyware Doctor version 5. | 114 L"smumhook.dll", // Spyware Doctor version 5. |
115 L"ssldivx.dll", // DivX. | 115 L"ssldivx.dll", // DivX. |
116 L"syncor11.dll", // SynthCore Midi interface. | 116 L"syncor11.dll", // SynthCore Midi interface. |
117 L"systools.dll", // Panda Antivirus. | 117 L"systools.dll", // Panda Antivirus. |
118 L"tfwah.dll", // Threatfire (PC tools). | 118 L"tfwah.dll", // Threatfire (PC tools). |
119 L"wblind.dll", // Stardock Object desktop. | 119 L"wblind.dll", // Stardock Object desktop. |
120 L"wbhelp.dll", // Stardock Object desktop. | 120 L"wbhelp.dll", // Stardock Object desktop. |
121 L"winstylerthemehelper.dll" // Tuneup utilities 2006. | 121 L"winstylerthemehelper.dll" // Tuneup utilities 2006. |
122 }; | 122 }; |
123 | 123 |
124 #if !defined(NACL_WIN64) | |
124 // Adds the policy rules for the path and path\ with the semantic |access|. | 125 // Adds the policy rules for the path and path\ with the semantic |access|. |
125 // If |children| is set to true, we need to add the wildcard rules to also | 126 // If |children| is set to true, we need to add the wildcard rules to also |
126 // apply the rule to the subfiles and subfolders. | 127 // apply the rule to the subfiles and subfolders. |
127 bool AddDirectory(int path, const wchar_t* sub_dir, bool children, | 128 bool AddDirectory(int path, const wchar_t* sub_dir, bool children, |
128 sandbox::TargetPolicy::Semantics access, | 129 sandbox::TargetPolicy::Semantics access, |
129 sandbox::TargetPolicy* policy) { | 130 sandbox::TargetPolicy* policy) { |
130 base::FilePath directory; | 131 base::FilePath directory; |
131 if (!PathService::Get(path, &directory)) | 132 if (!PathService::Get(path, &directory)) |
132 return false; | 133 return false; |
133 | 134 |
(...skipping 11 matching lines...) Expand all Loading... | |
145 directory_str += L"*"; | 146 directory_str += L"*"; |
146 // Otherwise, add the version of the path that ends with a separator. | 147 // Otherwise, add the version of the path that ends with a separator. |
147 | 148 |
148 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access, | 149 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, access, |
149 directory_str.c_str()); | 150 directory_str.c_str()); |
150 if (result != sandbox::SBOX_ALL_OK) | 151 if (result != sandbox::SBOX_ALL_OK) |
151 return false; | 152 return false; |
152 | 153 |
153 return true; | 154 return true; |
154 } | 155 } |
155 | 156 #endif // !defined(NACL_WIN64) |
156 // Adds the policy rules for the path and path\* with the semantic |access|. | |
157 // We need to add the wildcard rules to also apply the rule to the subkeys. | |
158 bool AddKeyAndSubkeys(std::wstring key, | |
159 sandbox::TargetPolicy::Semantics access, | |
160 sandbox::TargetPolicy* policy) { | |
161 sandbox::ResultCode result; | |
162 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access, | |
163 key.c_str()); | |
164 if (result != sandbox::SBOX_ALL_OK) | |
165 return false; | |
166 | |
167 key += L"\\*"; | |
168 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY, access, | |
169 key.c_str()); | |
170 if (result != sandbox::SBOX_ALL_OK) | |
171 return false; | |
172 | |
173 return true; | |
cpu_(ooo_6.6-7.5)
2015/07/28 19:37:21
this is the only one I am sad to see go, because i
Nico
2015/07/28 19:38:58
It's not gone, it's just out of sight.
| |
174 } | |
175 | 157 |
176 // Compares the loaded |module| file name matches |module_name|. | 158 // Compares the loaded |module| file name matches |module_name|. |
177 bool IsExpandedModuleName(HMODULE module, const wchar_t* module_name) { | 159 bool IsExpandedModuleName(HMODULE module, const wchar_t* module_name) { |
178 wchar_t path[MAX_PATH]; | 160 wchar_t path[MAX_PATH]; |
179 DWORD sz = ::GetModuleFileNameW(module, path, arraysize(path)); | 161 DWORD sz = ::GetModuleFileNameW(module, path, arraysize(path)); |
180 if ((sz == arraysize(path)) || (sz == 0)) { | 162 if ((sz == arraysize(path)) || (sz == 0)) { |
181 // XP does not set the last error properly, so we bail out anyway. | 163 // XP does not set the last error properly, so we bail out anyway. |
182 return false; | 164 return false; |
183 } | 165 } |
184 if (!::GetLongPathName(path, path, arraysize(path))) | 166 if (!::GetLongPathName(path, path, arraysize(path))) |
(...skipping 660 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
845 } | 827 } |
846 | 828 |
847 return false; | 829 return false; |
848 } | 830 } |
849 | 831 |
850 bool BrokerAddTargetPeer(HANDLE peer_process) { | 832 bool BrokerAddTargetPeer(HANDLE peer_process) { |
851 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 833 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
852 } | 834 } |
853 | 835 |
854 } // namespace content | 836 } // namespace content |
OLD | NEW |