OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/policy_engine_opcodes.h" | 5 #include "sandbox/win/src/policy_engine_opcodes.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include <stddef.h> |
| 8 #include <stdint.h> |
| 9 |
8 #include "sandbox/win/src/sandbox_nt_types.h" | 10 #include "sandbox/win/src/sandbox_nt_types.h" |
9 #include "sandbox/win/src/sandbox_types.h" | 11 #include "sandbox/win/src/sandbox_types.h" |
10 | 12 |
11 namespace { | 13 namespace { |
12 const unsigned short kMaxUniStrSize = 0xfffc / sizeof(wchar_t); | 14 const unsigned short kMaxUniStrSize = 0xfffc / sizeof(wchar_t); |
13 | 15 |
14 bool InitStringUnicode(const wchar_t* source, size_t length, | 16 bool InitStringUnicode(const wchar_t* source, size_t length, |
15 UNICODE_STRING* ustring) { | 17 UNICODE_STRING* ustring) { |
16 if (length > kMaxUniStrSize) { | 18 if (length > kMaxUniStrSize) { |
17 return false; | 19 return false; |
(...skipping 23 matching lines...) Expand all Loading... |
41 // order and meaning. | 43 // order and meaning. |
42 | 44 |
43 template <int> | 45 template <int> |
44 EvalResult OpcodeEval(PolicyOpcode* opcode, const ParameterSet* pp, | 46 EvalResult OpcodeEval(PolicyOpcode* opcode, const ParameterSet* pp, |
45 MatchContext* match); | 47 MatchContext* match); |
46 | 48 |
47 ////////////////////////////////////////////////////////////////////////////// | 49 ////////////////////////////////////////////////////////////////////////////// |
48 // Opcode OpAlwaysFalse: | 50 // Opcode OpAlwaysFalse: |
49 // Does not require input parameter. | 51 // Does not require input parameter. |
50 | 52 |
51 PolicyOpcode* OpcodeFactory::MakeOpAlwaysFalse(uint32 options) { | 53 PolicyOpcode* OpcodeFactory::MakeOpAlwaysFalse(uint32_t options) { |
52 return MakeBase(OP_ALWAYS_FALSE, options, -1); | 54 return MakeBase(OP_ALWAYS_FALSE, options, -1); |
53 } | 55 } |
54 | 56 |
55 template <> | 57 template <> |
56 EvalResult OpcodeEval<OP_ALWAYS_FALSE>(PolicyOpcode* opcode, | 58 EvalResult OpcodeEval<OP_ALWAYS_FALSE>(PolicyOpcode* opcode, |
57 const ParameterSet* param, | 59 const ParameterSet* param, |
58 MatchContext* context) { | 60 MatchContext* context) { |
59 return EVAL_FALSE; | 61 return EVAL_FALSE; |
60 } | 62 } |
61 | 63 |
62 ////////////////////////////////////////////////////////////////////////////// | 64 ////////////////////////////////////////////////////////////////////////////// |
63 // Opcode OpAlwaysTrue: | 65 // Opcode OpAlwaysTrue: |
64 // Does not require input parameter. | 66 // Does not require input parameter. |
65 | 67 |
66 PolicyOpcode* OpcodeFactory::MakeOpAlwaysTrue(uint32 options) { | 68 PolicyOpcode* OpcodeFactory::MakeOpAlwaysTrue(uint32_t options) { |
67 return MakeBase(OP_ALWAYS_TRUE, options, -1); | 69 return MakeBase(OP_ALWAYS_TRUE, options, -1); |
68 } | 70 } |
69 | 71 |
70 template <> | 72 template <> |
71 EvalResult OpcodeEval<OP_ALWAYS_TRUE>(PolicyOpcode* opcode, | 73 EvalResult OpcodeEval<OP_ALWAYS_TRUE>(PolicyOpcode* opcode, |
72 const ParameterSet* param, | 74 const ParameterSet* param, |
73 MatchContext* context) { | 75 MatchContext* context) { |
74 return EVAL_TRUE; | 76 return EVAL_TRUE; |
75 } | 77 } |
76 | 78 |
77 ////////////////////////////////////////////////////////////////////////////// | 79 ////////////////////////////////////////////////////////////////////////////// |
78 // Opcode OpAction: | 80 // Opcode OpAction: |
79 // Does not require input parameter. | 81 // Does not require input parameter. |
80 // Argument 0 contains the actual action to return. | 82 // Argument 0 contains the actual action to return. |
81 | 83 |
82 PolicyOpcode* OpcodeFactory::MakeOpAction(EvalResult action, | 84 PolicyOpcode* OpcodeFactory::MakeOpAction(EvalResult action, uint32_t options) { |
83 uint32 options) { | |
84 PolicyOpcode* opcode = MakeBase(OP_ACTION, options, 0); | 85 PolicyOpcode* opcode = MakeBase(OP_ACTION, options, 0); |
85 if (NULL == opcode) return NULL; | 86 if (NULL == opcode) return NULL; |
86 opcode->SetArgument(0, action); | 87 opcode->SetArgument(0, action); |
87 return opcode; | 88 return opcode; |
88 } | 89 } |
89 | 90 |
90 template <> | 91 template <> |
91 EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, | 92 EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, |
92 const ParameterSet* param, | 93 const ParameterSet* param, |
93 MatchContext* context) { | 94 MatchContext* context) { |
94 int action = 0; | 95 int action = 0; |
95 opcode->GetArgument(0, &action); | 96 opcode->GetArgument(0, &action); |
96 return static_cast<EvalResult>(action); | 97 return static_cast<EvalResult>(action); |
97 } | 98 } |
98 | 99 |
99 ////////////////////////////////////////////////////////////////////////////// | 100 ////////////////////////////////////////////////////////////////////////////// |
100 // Opcode OpNumberMatch: | 101 // Opcode OpNumberMatch: |
101 // Requires a uint32 or void* in selected_param | 102 // Requires a uint32_t or void* in selected_param |
102 // Argument 0 is the stored number to match. | 103 // Argument 0 is the stored number to match. |
103 // Argument 1 is the C++ type of the 0th argument. | 104 // Argument 1 is the C++ type of the 0th argument. |
104 | 105 |
105 PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16 selected_param, | 106 PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16_t selected_param, |
106 uint32 match, | 107 uint32_t match, |
107 uint32 options) { | 108 uint32_t options) { |
108 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); | 109 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); |
109 if (NULL == opcode) return NULL; | 110 if (NULL == opcode) return NULL; |
110 opcode->SetArgument(0, match); | 111 opcode->SetArgument(0, match); |
111 opcode->SetArgument(1, UINT32_TYPE); | 112 opcode->SetArgument(1, UINT32_TYPE); |
112 return opcode; | 113 return opcode; |
113 } | 114 } |
114 | 115 |
115 PolicyOpcode* OpcodeFactory::MakeOpVoidPtrMatch(int16 selected_param, | 116 PolicyOpcode* OpcodeFactory::MakeOpVoidPtrMatch(int16_t selected_param, |
116 const void* match, | 117 const void* match, |
117 uint32 options) { | 118 uint32_t options) { |
118 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); | 119 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); |
119 if (NULL == opcode) return NULL; | 120 if (NULL == opcode) return NULL; |
120 opcode->SetArgument(0, match); | 121 opcode->SetArgument(0, match); |
121 opcode->SetArgument(1, VOIDPTR_TYPE); | 122 opcode->SetArgument(1, VOIDPTR_TYPE); |
122 return opcode; | 123 return opcode; |
123 } | 124 } |
124 | 125 |
125 template <> | 126 template <> |
126 EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, | 127 EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, |
127 const ParameterSet* param, | 128 const ParameterSet* param, |
128 MatchContext* context) { | 129 MatchContext* context) { |
129 uint32 value_uint32 = 0; | 130 uint32_t value_uint32 = 0; |
130 if (param->Get(&value_uint32)) { | 131 if (param->Get(&value_uint32)) { |
131 uint32 match_uint32 = 0; | 132 uint32_t match_uint32 = 0; |
132 opcode->GetArgument(0, &match_uint32); | 133 opcode->GetArgument(0, &match_uint32); |
133 return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; | 134 return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; |
134 } else { | 135 } else { |
135 const void* value_ptr = NULL; | 136 const void* value_ptr = NULL; |
136 if (param->Get(&value_ptr)) { | 137 if (param->Get(&value_ptr)) { |
137 const void* match_ptr = NULL; | 138 const void* match_ptr = NULL; |
138 opcode->GetArgument(0, &match_ptr); | 139 opcode->GetArgument(0, &match_ptr); |
139 return (match_ptr != value_ptr)? EVAL_FALSE : EVAL_TRUE; | 140 return (match_ptr != value_ptr)? EVAL_FALSE : EVAL_TRUE; |
140 } | 141 } |
141 } | 142 } |
142 return EVAL_ERROR; | 143 return EVAL_ERROR; |
143 } | 144 } |
144 | 145 |
145 ////////////////////////////////////////////////////////////////////////////// | 146 ////////////////////////////////////////////////////////////////////////////// |
146 // Opcode OpNumberMatchRange | 147 // Opcode OpNumberMatchRange |
147 // Requires a uint32 in selected_param. | 148 // Requires a uint32_t in selected_param. |
148 // Argument 0 is the stored lower bound to match. | 149 // Argument 0 is the stored lower bound to match. |
149 // Argument 1 is the stored upper bound to match. | 150 // Argument 1 is the stored upper bound to match. |
150 | 151 |
151 PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16 selected_param, | 152 PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16_t selected_param, |
152 uint32 lower_bound, | 153 uint32_t lower_bound, |
153 uint32 upper_bound, | 154 uint32_t upper_bound, |
154 uint32 options) { | 155 uint32_t options) { |
155 if (lower_bound > upper_bound) { | 156 if (lower_bound > upper_bound) { |
156 return NULL; | 157 return NULL; |
157 } | 158 } |
158 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, | 159 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, |
159 selected_param); | 160 selected_param); |
160 if (NULL == opcode) return NULL; | 161 if (NULL == opcode) return NULL; |
161 opcode->SetArgument(0, lower_bound); | 162 opcode->SetArgument(0, lower_bound); |
162 opcode->SetArgument(1, upper_bound); | 163 opcode->SetArgument(1, upper_bound); |
163 return opcode; | 164 return opcode; |
164 } | 165 } |
165 | 166 |
166 template <> | 167 template <> |
167 EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, | 168 EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, |
168 const ParameterSet* param, | 169 const ParameterSet* param, |
169 MatchContext* context) { | 170 MatchContext* context) { |
170 uint32 value = 0; | 171 uint32_t value = 0; |
171 if (!param->Get(&value)) return EVAL_ERROR; | 172 if (!param->Get(&value)) return EVAL_ERROR; |
172 | 173 |
173 uint32 lower_bound = 0; | 174 uint32_t lower_bound = 0; |
174 uint32 upper_bound = 0; | 175 uint32_t upper_bound = 0; |
175 opcode->GetArgument(0, &lower_bound); | 176 opcode->GetArgument(0, &lower_bound); |
176 opcode->GetArgument(1, &upper_bound); | 177 opcode->GetArgument(1, &upper_bound); |
177 return((lower_bound <= value) && (upper_bound >= value))? | 178 return((lower_bound <= value) && (upper_bound >= value))? |
178 EVAL_TRUE : EVAL_FALSE; | 179 EVAL_TRUE : EVAL_FALSE; |
179 } | 180 } |
180 | 181 |
181 ////////////////////////////////////////////////////////////////////////////// | 182 ////////////////////////////////////////////////////////////////////////////// |
182 // Opcode OpNumberAndMatch: | 183 // Opcode OpNumberAndMatch: |
183 // Requires a uint32 in selected_param. | 184 // Requires a uint32_t in selected_param. |
184 // Argument 0 is the stored number to match. | 185 // Argument 0 is the stored number to match. |
185 | 186 |
186 PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16 selected_param, | 187 PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16_t selected_param, |
187 uint32 match, | 188 uint32_t match, |
188 uint32 options) { | 189 uint32_t options) { |
189 PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); | 190 PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); |
190 if (NULL == opcode) return NULL; | 191 if (NULL == opcode) return NULL; |
191 opcode->SetArgument(0, match); | 192 opcode->SetArgument(0, match); |
192 return opcode; | 193 return opcode; |
193 } | 194 } |
194 | 195 |
195 template <> | 196 template <> |
196 EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, | 197 EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, |
197 const ParameterSet* param, | 198 const ParameterSet* param, |
198 MatchContext* context) { | 199 MatchContext* context) { |
199 uint32 value = 0; | 200 uint32_t value = 0; |
200 if (!param->Get(&value)) return EVAL_ERROR; | 201 if (!param->Get(&value)) return EVAL_ERROR; |
201 | 202 |
202 uint32 number = 0; | 203 uint32_t number = 0; |
203 opcode->GetArgument(0, &number); | 204 opcode->GetArgument(0, &number); |
204 return (number & value)? EVAL_TRUE : EVAL_FALSE; | 205 return (number & value)? EVAL_TRUE : EVAL_FALSE; |
205 } | 206 } |
206 | 207 |
207 ////////////////////////////////////////////////////////////////////////////// | 208 ////////////////////////////////////////////////////////////////////////////// |
208 // Opcode OpWStringMatch: | 209 // Opcode OpWStringMatch: |
209 // Requires a wchar_t* in selected_param. | 210 // Requires a wchar_t* in selected_param. |
210 // Argument 0 is the byte displacement of the stored string. | 211 // Argument 0 is the byte displacement of the stored string. |
211 // Argument 1 is the lenght in chars of the stored string. | 212 // Argument 1 is the lenght in chars of the stored string. |
212 // Argument 2 is the offset to apply on the input string. It has special values. | 213 // Argument 2 is the offset to apply on the input string. It has special values. |
213 // as noted in the header file. | 214 // as noted in the header file. |
214 // Argument 3 is the string matching options. | 215 // Argument 3 is the string matching options. |
215 | 216 |
216 PolicyOpcode* OpcodeFactory::MakeOpWStringMatch(int16 selected_param, | 217 PolicyOpcode* OpcodeFactory::MakeOpWStringMatch(int16_t selected_param, |
217 const wchar_t* match_str, | 218 const wchar_t* match_str, |
218 int start_position, | 219 int start_position, |
219 StringMatchOptions match_opts, | 220 StringMatchOptions match_opts, |
220 uint32 options) { | 221 uint32_t options) { |
221 if (NULL == match_str) { | 222 if (NULL == match_str) { |
222 return NULL; | 223 return NULL; |
223 } | 224 } |
224 if ('\0' == match_str[0]) { | 225 if ('\0' == match_str[0]) { |
225 return NULL; | 226 return NULL; |
226 } | 227 } |
227 | 228 |
228 int lenght = lstrlenW(match_str); | 229 int lenght = lstrlenW(match_str); |
229 | 230 |
230 PolicyOpcode* opcode = MakeBase(OP_WSTRING_MATCH, options, selected_param); | 231 PolicyOpcode* opcode = MakeBase(OP_WSTRING_MATCH, options, selected_param); |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
334 --source_len; | 335 --source_len; |
335 } while (source_len >= match_len); | 336 } while (source_len >= match_len); |
336 } | 337 } |
337 return EVAL_FALSE; | 338 return EVAL_FALSE; |
338 } | 339 } |
339 | 340 |
340 ////////////////////////////////////////////////////////////////////////////// | 341 ////////////////////////////////////////////////////////////////////////////// |
341 // OpcodeMaker (other member functions). | 342 // OpcodeMaker (other member functions). |
342 | 343 |
343 PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, | 344 PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, |
344 uint32 options, | 345 uint32_t options, |
345 int16 selected_param) { | 346 int16_t selected_param) { |
346 if (memory_size() < sizeof(PolicyOpcode)) { | 347 if (memory_size() < sizeof(PolicyOpcode)) { |
347 return NULL; | 348 return NULL; |
348 } | 349 } |
349 | 350 |
350 // Create opcode using placement-new on the buffer memory. | 351 // Create opcode using placement-new on the buffer memory. |
351 PolicyOpcode* opcode = new(memory_top_) PolicyOpcode(); | 352 PolicyOpcode* opcode = new(memory_top_) PolicyOpcode(); |
352 | 353 |
353 // Fill in the standard fields, that every opcode has. | 354 // Fill in the standard fields, that every opcode has. |
354 memory_top_ += sizeof(PolicyOpcode); | 355 memory_top_ += sizeof(PolicyOpcode); |
355 opcode->opcode_id_ = opcode_id; | 356 opcode->opcode_id_ = opcode_id; |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
436 OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); | 437 OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); |
437 OPCODE_EVAL(OP_ACTION, this, parameters, match); | 438 OPCODE_EVAL(OP_ACTION, this, parameters, match); |
438 default: | 439 default: |
439 return EVAL_ERROR; | 440 return EVAL_ERROR; |
440 } | 441 } |
441 } | 442 } |
442 | 443 |
443 #undef OPCODE_EVAL | 444 #undef OPCODE_EVAL |
444 | 445 |
445 } // namespace sandbox | 446 } // namespace sandbox |
OLD | NEW |