| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/policy_engine_opcodes.h" | 5 #include "sandbox/win/src/policy_engine_opcodes.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include <stddef.h> |
| 8 #include <stdint.h> |
| 9 |
| 8 #include "sandbox/win/src/sandbox_nt_types.h" | 10 #include "sandbox/win/src/sandbox_nt_types.h" |
| 9 #include "sandbox/win/src/sandbox_types.h" | 11 #include "sandbox/win/src/sandbox_types.h" |
| 10 | 12 |
| 11 namespace { | 13 namespace { |
| 12 const unsigned short kMaxUniStrSize = 0xfffc / sizeof(wchar_t); | 14 const unsigned short kMaxUniStrSize = 0xfffc / sizeof(wchar_t); |
| 13 | 15 |
| 14 bool InitStringUnicode(const wchar_t* source, size_t length, | 16 bool InitStringUnicode(const wchar_t* source, size_t length, |
| 15 UNICODE_STRING* ustring) { | 17 UNICODE_STRING* ustring) { |
| 16 if (length > kMaxUniStrSize) { | 18 if (length > kMaxUniStrSize) { |
| 17 return false; | 19 return false; |
| (...skipping 23 matching lines...) Expand all Loading... |
| 41 // order and meaning. | 43 // order and meaning. |
| 42 | 44 |
| 43 template <int> | 45 template <int> |
| 44 EvalResult OpcodeEval(PolicyOpcode* opcode, const ParameterSet* pp, | 46 EvalResult OpcodeEval(PolicyOpcode* opcode, const ParameterSet* pp, |
| 45 MatchContext* match); | 47 MatchContext* match); |
| 46 | 48 |
| 47 ////////////////////////////////////////////////////////////////////////////// | 49 ////////////////////////////////////////////////////////////////////////////// |
| 48 // Opcode OpAlwaysFalse: | 50 // Opcode OpAlwaysFalse: |
| 49 // Does not require input parameter. | 51 // Does not require input parameter. |
| 50 | 52 |
| 51 PolicyOpcode* OpcodeFactory::MakeOpAlwaysFalse(uint32 options) { | 53 PolicyOpcode* OpcodeFactory::MakeOpAlwaysFalse(uint32_t options) { |
| 52 return MakeBase(OP_ALWAYS_FALSE, options, -1); | 54 return MakeBase(OP_ALWAYS_FALSE, options, -1); |
| 53 } | 55 } |
| 54 | 56 |
| 55 template <> | 57 template <> |
| 56 EvalResult OpcodeEval<OP_ALWAYS_FALSE>(PolicyOpcode* opcode, | 58 EvalResult OpcodeEval<OP_ALWAYS_FALSE>(PolicyOpcode* opcode, |
| 57 const ParameterSet* param, | 59 const ParameterSet* param, |
| 58 MatchContext* context) { | 60 MatchContext* context) { |
| 59 return EVAL_FALSE; | 61 return EVAL_FALSE; |
| 60 } | 62 } |
| 61 | 63 |
| 62 ////////////////////////////////////////////////////////////////////////////// | 64 ////////////////////////////////////////////////////////////////////////////// |
| 63 // Opcode OpAlwaysTrue: | 65 // Opcode OpAlwaysTrue: |
| 64 // Does not require input parameter. | 66 // Does not require input parameter. |
| 65 | 67 |
| 66 PolicyOpcode* OpcodeFactory::MakeOpAlwaysTrue(uint32 options) { | 68 PolicyOpcode* OpcodeFactory::MakeOpAlwaysTrue(uint32_t options) { |
| 67 return MakeBase(OP_ALWAYS_TRUE, options, -1); | 69 return MakeBase(OP_ALWAYS_TRUE, options, -1); |
| 68 } | 70 } |
| 69 | 71 |
| 70 template <> | 72 template <> |
| 71 EvalResult OpcodeEval<OP_ALWAYS_TRUE>(PolicyOpcode* opcode, | 73 EvalResult OpcodeEval<OP_ALWAYS_TRUE>(PolicyOpcode* opcode, |
| 72 const ParameterSet* param, | 74 const ParameterSet* param, |
| 73 MatchContext* context) { | 75 MatchContext* context) { |
| 74 return EVAL_TRUE; | 76 return EVAL_TRUE; |
| 75 } | 77 } |
| 76 | 78 |
| 77 ////////////////////////////////////////////////////////////////////////////// | 79 ////////////////////////////////////////////////////////////////////////////// |
| 78 // Opcode OpAction: | 80 // Opcode OpAction: |
| 79 // Does not require input parameter. | 81 // Does not require input parameter. |
| 80 // Argument 0 contains the actual action to return. | 82 // Argument 0 contains the actual action to return. |
| 81 | 83 |
| 82 PolicyOpcode* OpcodeFactory::MakeOpAction(EvalResult action, | 84 PolicyOpcode* OpcodeFactory::MakeOpAction(EvalResult action, uint32_t options) { |
| 83 uint32 options) { | |
| 84 PolicyOpcode* opcode = MakeBase(OP_ACTION, options, 0); | 85 PolicyOpcode* opcode = MakeBase(OP_ACTION, options, 0); |
| 85 if (NULL == opcode) return NULL; | 86 if (NULL == opcode) return NULL; |
| 86 opcode->SetArgument(0, action); | 87 opcode->SetArgument(0, action); |
| 87 return opcode; | 88 return opcode; |
| 88 } | 89 } |
| 89 | 90 |
| 90 template <> | 91 template <> |
| 91 EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, | 92 EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, |
| 92 const ParameterSet* param, | 93 const ParameterSet* param, |
| 93 MatchContext* context) { | 94 MatchContext* context) { |
| 94 int action = 0; | 95 int action = 0; |
| 95 opcode->GetArgument(0, &action); | 96 opcode->GetArgument(0, &action); |
| 96 return static_cast<EvalResult>(action); | 97 return static_cast<EvalResult>(action); |
| 97 } | 98 } |
| 98 | 99 |
| 99 ////////////////////////////////////////////////////////////////////////////// | 100 ////////////////////////////////////////////////////////////////////////////// |
| 100 // Opcode OpNumberMatch: | 101 // Opcode OpNumberMatch: |
| 101 // Requires a uint32 or void* in selected_param | 102 // Requires a uint32_t or void* in selected_param |
| 102 // Argument 0 is the stored number to match. | 103 // Argument 0 is the stored number to match. |
| 103 // Argument 1 is the C++ type of the 0th argument. | 104 // Argument 1 is the C++ type of the 0th argument. |
| 104 | 105 |
| 105 PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16 selected_param, | 106 PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16_t selected_param, |
| 106 uint32 match, | 107 uint32_t match, |
| 107 uint32 options) { | 108 uint32_t options) { |
| 108 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); | 109 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); |
| 109 if (NULL == opcode) return NULL; | 110 if (NULL == opcode) return NULL; |
| 110 opcode->SetArgument(0, match); | 111 opcode->SetArgument(0, match); |
| 111 opcode->SetArgument(1, UINT32_TYPE); | 112 opcode->SetArgument(1, UINT32_TYPE); |
| 112 return opcode; | 113 return opcode; |
| 113 } | 114 } |
| 114 | 115 |
| 115 PolicyOpcode* OpcodeFactory::MakeOpVoidPtrMatch(int16 selected_param, | 116 PolicyOpcode* OpcodeFactory::MakeOpVoidPtrMatch(int16_t selected_param, |
| 116 const void* match, | 117 const void* match, |
| 117 uint32 options) { | 118 uint32_t options) { |
| 118 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); | 119 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); |
| 119 if (NULL == opcode) return NULL; | 120 if (NULL == opcode) return NULL; |
| 120 opcode->SetArgument(0, match); | 121 opcode->SetArgument(0, match); |
| 121 opcode->SetArgument(1, VOIDPTR_TYPE); | 122 opcode->SetArgument(1, VOIDPTR_TYPE); |
| 122 return opcode; | 123 return opcode; |
| 123 } | 124 } |
| 124 | 125 |
| 125 template <> | 126 template <> |
| 126 EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, | 127 EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, |
| 127 const ParameterSet* param, | 128 const ParameterSet* param, |
| 128 MatchContext* context) { | 129 MatchContext* context) { |
| 129 uint32 value_uint32 = 0; | 130 uint32_t value_uint32 = 0; |
| 130 if (param->Get(&value_uint32)) { | 131 if (param->Get(&value_uint32)) { |
| 131 uint32 match_uint32 = 0; | 132 uint32_t match_uint32 = 0; |
| 132 opcode->GetArgument(0, &match_uint32); | 133 opcode->GetArgument(0, &match_uint32); |
| 133 return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; | 134 return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; |
| 134 } else { | 135 } else { |
| 135 const void* value_ptr = NULL; | 136 const void* value_ptr = NULL; |
| 136 if (param->Get(&value_ptr)) { | 137 if (param->Get(&value_ptr)) { |
| 137 const void* match_ptr = NULL; | 138 const void* match_ptr = NULL; |
| 138 opcode->GetArgument(0, &match_ptr); | 139 opcode->GetArgument(0, &match_ptr); |
| 139 return (match_ptr != value_ptr)? EVAL_FALSE : EVAL_TRUE; | 140 return (match_ptr != value_ptr)? EVAL_FALSE : EVAL_TRUE; |
| 140 } | 141 } |
| 141 } | 142 } |
| 142 return EVAL_ERROR; | 143 return EVAL_ERROR; |
| 143 } | 144 } |
| 144 | 145 |
| 145 ////////////////////////////////////////////////////////////////////////////// | 146 ////////////////////////////////////////////////////////////////////////////// |
| 146 // Opcode OpNumberMatchRange | 147 // Opcode OpNumberMatchRange |
| 147 // Requires a uint32 in selected_param. | 148 // Requires a uint32_t in selected_param. |
| 148 // Argument 0 is the stored lower bound to match. | 149 // Argument 0 is the stored lower bound to match. |
| 149 // Argument 1 is the stored upper bound to match. | 150 // Argument 1 is the stored upper bound to match. |
| 150 | 151 |
| 151 PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16 selected_param, | 152 PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16_t selected_param, |
| 152 uint32 lower_bound, | 153 uint32_t lower_bound, |
| 153 uint32 upper_bound, | 154 uint32_t upper_bound, |
| 154 uint32 options) { | 155 uint32_t options) { |
| 155 if (lower_bound > upper_bound) { | 156 if (lower_bound > upper_bound) { |
| 156 return NULL; | 157 return NULL; |
| 157 } | 158 } |
| 158 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, | 159 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, |
| 159 selected_param); | 160 selected_param); |
| 160 if (NULL == opcode) return NULL; | 161 if (NULL == opcode) return NULL; |
| 161 opcode->SetArgument(0, lower_bound); | 162 opcode->SetArgument(0, lower_bound); |
| 162 opcode->SetArgument(1, upper_bound); | 163 opcode->SetArgument(1, upper_bound); |
| 163 return opcode; | 164 return opcode; |
| 164 } | 165 } |
| 165 | 166 |
| 166 template <> | 167 template <> |
| 167 EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, | 168 EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, |
| 168 const ParameterSet* param, | 169 const ParameterSet* param, |
| 169 MatchContext* context) { | 170 MatchContext* context) { |
| 170 uint32 value = 0; | 171 uint32_t value = 0; |
| 171 if (!param->Get(&value)) return EVAL_ERROR; | 172 if (!param->Get(&value)) return EVAL_ERROR; |
| 172 | 173 |
| 173 uint32 lower_bound = 0; | 174 uint32_t lower_bound = 0; |
| 174 uint32 upper_bound = 0; | 175 uint32_t upper_bound = 0; |
| 175 opcode->GetArgument(0, &lower_bound); | 176 opcode->GetArgument(0, &lower_bound); |
| 176 opcode->GetArgument(1, &upper_bound); | 177 opcode->GetArgument(1, &upper_bound); |
| 177 return((lower_bound <= value) && (upper_bound >= value))? | 178 return((lower_bound <= value) && (upper_bound >= value))? |
| 178 EVAL_TRUE : EVAL_FALSE; | 179 EVAL_TRUE : EVAL_FALSE; |
| 179 } | 180 } |
| 180 | 181 |
| 181 ////////////////////////////////////////////////////////////////////////////// | 182 ////////////////////////////////////////////////////////////////////////////// |
| 182 // Opcode OpNumberAndMatch: | 183 // Opcode OpNumberAndMatch: |
| 183 // Requires a uint32 in selected_param. | 184 // Requires a uint32_t in selected_param. |
| 184 // Argument 0 is the stored number to match. | 185 // Argument 0 is the stored number to match. |
| 185 | 186 |
| 186 PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16 selected_param, | 187 PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16_t selected_param, |
| 187 uint32 match, | 188 uint32_t match, |
| 188 uint32 options) { | 189 uint32_t options) { |
| 189 PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); | 190 PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); |
| 190 if (NULL == opcode) return NULL; | 191 if (NULL == opcode) return NULL; |
| 191 opcode->SetArgument(0, match); | 192 opcode->SetArgument(0, match); |
| 192 return opcode; | 193 return opcode; |
| 193 } | 194 } |
| 194 | 195 |
| 195 template <> | 196 template <> |
| 196 EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, | 197 EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, |
| 197 const ParameterSet* param, | 198 const ParameterSet* param, |
| 198 MatchContext* context) { | 199 MatchContext* context) { |
| 199 uint32 value = 0; | 200 uint32_t value = 0; |
| 200 if (!param->Get(&value)) return EVAL_ERROR; | 201 if (!param->Get(&value)) return EVAL_ERROR; |
| 201 | 202 |
| 202 uint32 number = 0; | 203 uint32_t number = 0; |
| 203 opcode->GetArgument(0, &number); | 204 opcode->GetArgument(0, &number); |
| 204 return (number & value)? EVAL_TRUE : EVAL_FALSE; | 205 return (number & value)? EVAL_TRUE : EVAL_FALSE; |
| 205 } | 206 } |
| 206 | 207 |
| 207 ////////////////////////////////////////////////////////////////////////////// | 208 ////////////////////////////////////////////////////////////////////////////// |
| 208 // Opcode OpWStringMatch: | 209 // Opcode OpWStringMatch: |
| 209 // Requires a wchar_t* in selected_param. | 210 // Requires a wchar_t* in selected_param. |
| 210 // Argument 0 is the byte displacement of the stored string. | 211 // Argument 0 is the byte displacement of the stored string. |
| 211 // Argument 1 is the lenght in chars of the stored string. | 212 // Argument 1 is the lenght in chars of the stored string. |
| 212 // Argument 2 is the offset to apply on the input string. It has special values. | 213 // Argument 2 is the offset to apply on the input string. It has special values. |
| 213 // as noted in the header file. | 214 // as noted in the header file. |
| 214 // Argument 3 is the string matching options. | 215 // Argument 3 is the string matching options. |
| 215 | 216 |
| 216 PolicyOpcode* OpcodeFactory::MakeOpWStringMatch(int16 selected_param, | 217 PolicyOpcode* OpcodeFactory::MakeOpWStringMatch(int16_t selected_param, |
| 217 const wchar_t* match_str, | 218 const wchar_t* match_str, |
| 218 int start_position, | 219 int start_position, |
| 219 StringMatchOptions match_opts, | 220 StringMatchOptions match_opts, |
| 220 uint32 options) { | 221 uint32_t options) { |
| 221 if (NULL == match_str) { | 222 if (NULL == match_str) { |
| 222 return NULL; | 223 return NULL; |
| 223 } | 224 } |
| 224 if ('\0' == match_str[0]) { | 225 if ('\0' == match_str[0]) { |
| 225 return NULL; | 226 return NULL; |
| 226 } | 227 } |
| 227 | 228 |
| 228 int lenght = lstrlenW(match_str); | 229 int lenght = lstrlenW(match_str); |
| 229 | 230 |
| 230 PolicyOpcode* opcode = MakeBase(OP_WSTRING_MATCH, options, selected_param); | 231 PolicyOpcode* opcode = MakeBase(OP_WSTRING_MATCH, options, selected_param); |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 334 --source_len; | 335 --source_len; |
| 335 } while (source_len >= match_len); | 336 } while (source_len >= match_len); |
| 336 } | 337 } |
| 337 return EVAL_FALSE; | 338 return EVAL_FALSE; |
| 338 } | 339 } |
| 339 | 340 |
| 340 ////////////////////////////////////////////////////////////////////////////// | 341 ////////////////////////////////////////////////////////////////////////////// |
| 341 // OpcodeMaker (other member functions). | 342 // OpcodeMaker (other member functions). |
| 342 | 343 |
| 343 PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, | 344 PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, |
| 344 uint32 options, | 345 uint32_t options, |
| 345 int16 selected_param) { | 346 int16_t selected_param) { |
| 346 if (memory_size() < sizeof(PolicyOpcode)) { | 347 if (memory_size() < sizeof(PolicyOpcode)) { |
| 347 return NULL; | 348 return NULL; |
| 348 } | 349 } |
| 349 | 350 |
| 350 // Create opcode using placement-new on the buffer memory. | 351 // Create opcode using placement-new on the buffer memory. |
| 351 PolicyOpcode* opcode = new(memory_top_) PolicyOpcode(); | 352 PolicyOpcode* opcode = new(memory_top_) PolicyOpcode(); |
| 352 | 353 |
| 353 // Fill in the standard fields, that every opcode has. | 354 // Fill in the standard fields, that every opcode has. |
| 354 memory_top_ += sizeof(PolicyOpcode); | 355 memory_top_ += sizeof(PolicyOpcode); |
| 355 opcode->opcode_id_ = opcode_id; | 356 opcode->opcode_id_ = opcode_id; |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 436 OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); | 437 OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); |
| 437 OPCODE_EVAL(OP_ACTION, this, parameters, match); | 438 OPCODE_EVAL(OP_ACTION, this, parameters, match); |
| 438 default: | 439 default: |
| 439 return EVAL_ERROR; | 440 return EVAL_ERROR; |
| 440 } | 441 } |
| 441 } | 442 } |
| 442 | 443 |
| 443 #undef OPCODE_EVAL | 444 #undef OPCODE_EVAL |
| 444 | 445 |
| 445 } // namespace sandbox | 446 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1538283002:
Switch to standard integer types in sandbox/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master