OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_SRC_FILESYSTEM_POLICY_H__ | 5 #ifndef SANDBOX_SRC_FILESYSTEM_POLICY_H__ |
6 #define SANDBOX_SRC_FILESYSTEM_POLICY_H__ | 6 #define SANDBOX_SRC_FILESYSTEM_POLICY_H__ |
7 | 7 |
| 8 #include <stdint.h> |
| 9 |
8 #include <string> | 10 #include <string> |
9 | 11 |
10 #include "base/basictypes.h" | |
11 #include "base/strings/string16.h" | 12 #include "base/strings/string16.h" |
12 #include "sandbox/win/src/crosscall_server.h" | 13 #include "sandbox/win/src/crosscall_server.h" |
13 #include "sandbox/win/src/nt_internals.h" | 14 #include "sandbox/win/src/nt_internals.h" |
14 #include "sandbox/win/src/policy_low_level.h" | 15 #include "sandbox/win/src/policy_low_level.h" |
15 #include "sandbox/win/src/sandbox_policy.h" | 16 #include "sandbox/win/src/sandbox_policy.h" |
16 | 17 |
17 namespace sandbox { | 18 namespace sandbox { |
18 | 19 |
19 enum EvalResult; | 20 enum EvalResult; |
20 | 21 |
(...skipping 12 matching lines...) Expand all Loading... |
33 // Add basic file system rules. | 34 // Add basic file system rules. |
34 static bool SetInitialRules(LowLevelPolicy* policy); | 35 static bool SetInitialRules(LowLevelPolicy* policy); |
35 | 36 |
36 // Performs the desired policy action on a create request with an | 37 // Performs the desired policy action on a create request with an |
37 // API that is compatible with the IPC-received parameters. | 38 // API that is compatible with the IPC-received parameters. |
38 // 'client_info' : the target process that is making the request. | 39 // 'client_info' : the target process that is making the request. |
39 // 'eval_result' : The desired policy action to accomplish. | 40 // 'eval_result' : The desired policy action to accomplish. |
40 // 'file' : The target file or directory. | 41 // 'file' : The target file or directory. |
41 static bool CreateFileAction(EvalResult eval_result, | 42 static bool CreateFileAction(EvalResult eval_result, |
42 const ClientInfo& client_info, | 43 const ClientInfo& client_info, |
43 const base::string16 &file, | 44 const base::string16& file, |
44 uint32 attributes, | 45 uint32_t attributes, |
45 uint32 desired_access, | 46 uint32_t desired_access, |
46 uint32 file_attributes, | 47 uint32_t file_attributes, |
47 uint32 share_access, | 48 uint32_t share_access, |
48 uint32 create_disposition, | 49 uint32_t create_disposition, |
49 uint32 create_options, | 50 uint32_t create_options, |
50 HANDLE* handle, | 51 HANDLE* handle, |
51 NTSTATUS* nt_status, | 52 NTSTATUS* nt_status, |
52 ULONG_PTR* io_information); | 53 ULONG_PTR* io_information); |
53 | 54 |
54 // Performs the desired policy action on an open request with an | 55 // Performs the desired policy action on an open request with an |
55 // API that is compatible with the IPC-received parameters. | 56 // API that is compatible with the IPC-received parameters. |
56 // 'client_info' : the target process that is making the request. | 57 // 'client_info' : the target process that is making the request. |
57 // 'eval_result' : The desired policy action to accomplish. | 58 // 'eval_result' : The desired policy action to accomplish. |
58 // 'file' : The target file or directory. | 59 // 'file' : The target file or directory. |
59 static bool OpenFileAction(EvalResult eval_result, | 60 static bool OpenFileAction(EvalResult eval_result, |
60 const ClientInfo& client_info, | 61 const ClientInfo& client_info, |
61 const base::string16 &file, | 62 const base::string16& file, |
62 uint32 attributes, | 63 uint32_t attributes, |
63 uint32 desired_access, | 64 uint32_t desired_access, |
64 uint32 share_access, | 65 uint32_t share_access, |
65 uint32 open_options, | 66 uint32_t open_options, |
66 HANDLE* handle, | 67 HANDLE* handle, |
67 NTSTATUS* nt_status, | 68 NTSTATUS* nt_status, |
68 ULONG_PTR* io_information); | 69 ULONG_PTR* io_information); |
69 | 70 |
70 // Performs the desired policy action on a query request with an | 71 // Performs the desired policy action on a query request with an |
71 // API that is compatible with the IPC-received parameters. | 72 // API that is compatible with the IPC-received parameters. |
72 static bool QueryAttributesFileAction(EvalResult eval_result, | 73 static bool QueryAttributesFileAction(EvalResult eval_result, |
73 const ClientInfo& client_info, | 74 const ClientInfo& client_info, |
74 const base::string16 &file, | 75 const base::string16& file, |
75 uint32 attributes, | 76 uint32_t attributes, |
76 FILE_BASIC_INFORMATION* file_info, | 77 FILE_BASIC_INFORMATION* file_info, |
77 NTSTATUS* nt_status); | 78 NTSTATUS* nt_status); |
78 | 79 |
79 // Performs the desired policy action on a query request with an | 80 // Performs the desired policy action on a query request with an |
80 // API that is compatible with the IPC-received parameters. | 81 // API that is compatible with the IPC-received parameters. |
81 static bool QueryFullAttributesFileAction( | 82 static bool QueryFullAttributesFileAction( |
82 EvalResult eval_result, | 83 EvalResult eval_result, |
83 const ClientInfo& client_info, | 84 const ClientInfo& client_info, |
84 const base::string16 &file, | 85 const base::string16& file, |
85 uint32 attributes, | 86 uint32_t attributes, |
86 FILE_NETWORK_OPEN_INFORMATION* file_info, | 87 FILE_NETWORK_OPEN_INFORMATION* file_info, |
87 NTSTATUS* nt_status); | 88 NTSTATUS* nt_status); |
88 | 89 |
89 // Performs the desired policy action on a set_info request with an | 90 // Performs the desired policy action on a set_info request with an |
90 // API that is compatible with the IPC-received parameters. | 91 // API that is compatible with the IPC-received parameters. |
91 static bool SetInformationFileAction(EvalResult eval_result, | 92 static bool SetInformationFileAction(EvalResult eval_result, |
92 const ClientInfo& client_info, | 93 const ClientInfo& client_info, |
93 HANDLE target_file_handle, | 94 HANDLE target_file_handle, |
94 void* file_info, | 95 void* file_info, |
95 uint32 length, | 96 uint32_t length, |
96 uint32 info_class, | 97 uint32_t info_class, |
97 IO_STATUS_BLOCK* io_block, | 98 IO_STATUS_BLOCK* io_block, |
98 NTSTATUS* nt_status); | 99 NTSTATUS* nt_status); |
99 }; | 100 }; |
100 | 101 |
101 // Expands the path and check if it's a reparse point. Returns false if the path | 102 // Expands the path and check if it's a reparse point. Returns false if the path |
102 // cannot be trusted. | 103 // cannot be trusted. |
103 bool PreProcessName(base::string16* path); | 104 bool PreProcessName(base::string16* path); |
104 | 105 |
105 // Corrects global paths to have a correctly escaped NT prefix at the | 106 // Corrects global paths to have a correctly escaped NT prefix at the |
106 // beginning. If the name has no NT prefix (either normal or escaped) | 107 // beginning. If the name has no NT prefix (either normal or escaped) |
107 // add the escaped form to the string | 108 // add the escaped form to the string |
108 base::string16 FixNTPrefixForMatch(const base::string16& name); | 109 base::string16 FixNTPrefixForMatch(const base::string16& name); |
109 | 110 |
110 } // namespace sandbox | 111 } // namespace sandbox |
111 | 112 |
112 #endif // SANDBOX_SRC_FILESYSTEM_POLICY_H__ | 113 #endif // SANDBOX_SRC_FILESYSTEM_POLICY_H__ |
OLD | NEW |