| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_SRC_FILESYSTEM_POLICY_H__ | 5 #ifndef SANDBOX_SRC_FILESYSTEM_POLICY_H__ |
| 6 #define SANDBOX_SRC_FILESYSTEM_POLICY_H__ | 6 #define SANDBOX_SRC_FILESYSTEM_POLICY_H__ |
| 7 | 7 |
| 8 #include <stdint.h> |
| 9 |
| 8 #include <string> | 10 #include <string> |
| 9 | 11 |
| 10 #include "base/basictypes.h" | |
| 11 #include "base/strings/string16.h" | 12 #include "base/strings/string16.h" |
| 12 #include "sandbox/win/src/crosscall_server.h" | 13 #include "sandbox/win/src/crosscall_server.h" |
| 13 #include "sandbox/win/src/nt_internals.h" | 14 #include "sandbox/win/src/nt_internals.h" |
| 14 #include "sandbox/win/src/policy_low_level.h" | 15 #include "sandbox/win/src/policy_low_level.h" |
| 15 #include "sandbox/win/src/sandbox_policy.h" | 16 #include "sandbox/win/src/sandbox_policy.h" |
| 16 | 17 |
| 17 namespace sandbox { | 18 namespace sandbox { |
| 18 | 19 |
| 19 enum EvalResult; | 20 enum EvalResult; |
| 20 | 21 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 33 // Add basic file system rules. | 34 // Add basic file system rules. |
| 34 static bool SetInitialRules(LowLevelPolicy* policy); | 35 static bool SetInitialRules(LowLevelPolicy* policy); |
| 35 | 36 |
| 36 // Performs the desired policy action on a create request with an | 37 // Performs the desired policy action on a create request with an |
| 37 // API that is compatible with the IPC-received parameters. | 38 // API that is compatible with the IPC-received parameters. |
| 38 // 'client_info' : the target process that is making the request. | 39 // 'client_info' : the target process that is making the request. |
| 39 // 'eval_result' : The desired policy action to accomplish. | 40 // 'eval_result' : The desired policy action to accomplish. |
| 40 // 'file' : The target file or directory. | 41 // 'file' : The target file or directory. |
| 41 static bool CreateFileAction(EvalResult eval_result, | 42 static bool CreateFileAction(EvalResult eval_result, |
| 42 const ClientInfo& client_info, | 43 const ClientInfo& client_info, |
| 43 const base::string16 &file, | 44 const base::string16& file, |
| 44 uint32 attributes, | 45 uint32_t attributes, |
| 45 uint32 desired_access, | 46 uint32_t desired_access, |
| 46 uint32 file_attributes, | 47 uint32_t file_attributes, |
| 47 uint32 share_access, | 48 uint32_t share_access, |
| 48 uint32 create_disposition, | 49 uint32_t create_disposition, |
| 49 uint32 create_options, | 50 uint32_t create_options, |
| 50 HANDLE* handle, | 51 HANDLE* handle, |
| 51 NTSTATUS* nt_status, | 52 NTSTATUS* nt_status, |
| 52 ULONG_PTR* io_information); | 53 ULONG_PTR* io_information); |
| 53 | 54 |
| 54 // Performs the desired policy action on an open request with an | 55 // Performs the desired policy action on an open request with an |
| 55 // API that is compatible with the IPC-received parameters. | 56 // API that is compatible with the IPC-received parameters. |
| 56 // 'client_info' : the target process that is making the request. | 57 // 'client_info' : the target process that is making the request. |
| 57 // 'eval_result' : The desired policy action to accomplish. | 58 // 'eval_result' : The desired policy action to accomplish. |
| 58 // 'file' : The target file or directory. | 59 // 'file' : The target file or directory. |
| 59 static bool OpenFileAction(EvalResult eval_result, | 60 static bool OpenFileAction(EvalResult eval_result, |
| 60 const ClientInfo& client_info, | 61 const ClientInfo& client_info, |
| 61 const base::string16 &file, | 62 const base::string16& file, |
| 62 uint32 attributes, | 63 uint32_t attributes, |
| 63 uint32 desired_access, | 64 uint32_t desired_access, |
| 64 uint32 share_access, | 65 uint32_t share_access, |
| 65 uint32 open_options, | 66 uint32_t open_options, |
| 66 HANDLE* handle, | 67 HANDLE* handle, |
| 67 NTSTATUS* nt_status, | 68 NTSTATUS* nt_status, |
| 68 ULONG_PTR* io_information); | 69 ULONG_PTR* io_information); |
| 69 | 70 |
| 70 // Performs the desired policy action on a query request with an | 71 // Performs the desired policy action on a query request with an |
| 71 // API that is compatible with the IPC-received parameters. | 72 // API that is compatible with the IPC-received parameters. |
| 72 static bool QueryAttributesFileAction(EvalResult eval_result, | 73 static bool QueryAttributesFileAction(EvalResult eval_result, |
| 73 const ClientInfo& client_info, | 74 const ClientInfo& client_info, |
| 74 const base::string16 &file, | 75 const base::string16& file, |
| 75 uint32 attributes, | 76 uint32_t attributes, |
| 76 FILE_BASIC_INFORMATION* file_info, | 77 FILE_BASIC_INFORMATION* file_info, |
| 77 NTSTATUS* nt_status); | 78 NTSTATUS* nt_status); |
| 78 | 79 |
| 79 // Performs the desired policy action on a query request with an | 80 // Performs the desired policy action on a query request with an |
| 80 // API that is compatible with the IPC-received parameters. | 81 // API that is compatible with the IPC-received parameters. |
| 81 static bool QueryFullAttributesFileAction( | 82 static bool QueryFullAttributesFileAction( |
| 82 EvalResult eval_result, | 83 EvalResult eval_result, |
| 83 const ClientInfo& client_info, | 84 const ClientInfo& client_info, |
| 84 const base::string16 &file, | 85 const base::string16& file, |
| 85 uint32 attributes, | 86 uint32_t attributes, |
| 86 FILE_NETWORK_OPEN_INFORMATION* file_info, | 87 FILE_NETWORK_OPEN_INFORMATION* file_info, |
| 87 NTSTATUS* nt_status); | 88 NTSTATUS* nt_status); |
| 88 | 89 |
| 89 // Performs the desired policy action on a set_info request with an | 90 // Performs the desired policy action on a set_info request with an |
| 90 // API that is compatible with the IPC-received parameters. | 91 // API that is compatible with the IPC-received parameters. |
| 91 static bool SetInformationFileAction(EvalResult eval_result, | 92 static bool SetInformationFileAction(EvalResult eval_result, |
| 92 const ClientInfo& client_info, | 93 const ClientInfo& client_info, |
| 93 HANDLE target_file_handle, | 94 HANDLE target_file_handle, |
| 94 void* file_info, | 95 void* file_info, |
| 95 uint32 length, | 96 uint32_t length, |
| 96 uint32 info_class, | 97 uint32_t info_class, |
| 97 IO_STATUS_BLOCK* io_block, | 98 IO_STATUS_BLOCK* io_block, |
| 98 NTSTATUS* nt_status); | 99 NTSTATUS* nt_status); |
| 99 }; | 100 }; |
| 100 | 101 |
| 101 // Expands the path and check if it's a reparse point. Returns false if the path | 102 // Expands the path and check if it's a reparse point. Returns false if the path |
| 102 // cannot be trusted. | 103 // cannot be trusted. |
| 103 bool PreProcessName(base::string16* path); | 104 bool PreProcessName(base::string16* path); |
| 104 | 105 |
| 105 // Corrects global paths to have a correctly escaped NT prefix at the | 106 // Corrects global paths to have a correctly escaped NT prefix at the |
| 106 // beginning. If the name has no NT prefix (either normal or escaped) | 107 // beginning. If the name has no NT prefix (either normal or escaped) |
| 107 // add the escaped form to the string | 108 // add the escaped form to the string |
| 108 base::string16 FixNTPrefixForMatch(const base::string16& name); | 109 base::string16 FixNTPrefixForMatch(const base::string16& name); |
| 109 | 110 |
| 110 } // namespace sandbox | 111 } // namespace sandbox |
| 111 | 112 |
| 112 #endif // SANDBOX_SRC_FILESYSTEM_POLICY_H__ | 113 #endif // SANDBOX_SRC_FILESYSTEM_POLICY_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1538283002:
Switch to standard integer types in sandbox/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master