OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_SRC_POLICY_LOW_LEVEL_H__ | 5 #ifndef SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
6 #define SANDBOX_SRC_POLICY_LOW_LEVEL_H__ | 6 #define SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
7 | 7 |
| 8 #include <stddef.h> |
| 9 #include <stdint.h> |
| 10 |
8 #include <list> | 11 #include <list> |
9 | 12 |
10 #include "base/basictypes.h" | 13 #include "base/macros.h" |
11 #include "base/strings/string16.h" | 14 #include "base/strings/string16.h" |
12 #include "sandbox/win/src/ipc_tags.h" | 15 #include "sandbox/win/src/ipc_tags.h" |
| 16 #include "sandbox/win/src/policy_engine_opcodes.h" |
13 #include "sandbox/win/src/policy_engine_params.h" | 17 #include "sandbox/win/src/policy_engine_params.h" |
14 #include "sandbox/win/src/policy_engine_opcodes.h" | |
15 | 18 |
16 // Low level policy classes. | 19 // Low level policy classes. |
17 // Built on top of the PolicyOpcode and OpcodeFatory, the low level policy | 20 // Built on top of the PolicyOpcode and OpcodeFatory, the low level policy |
18 // provides a way to define rules on strings and numbers but it is unaware | 21 // provides a way to define rules on strings and numbers but it is unaware |
19 // of Windows specific details or how the Interceptions must be set up. | 22 // of Windows specific details or how the Interceptions must be set up. |
20 // To use these classes you construct one or more rules and add them to the | 23 // To use these classes you construct one or more rules and add them to the |
21 // LowLevelPolicy object like this: | 24 // LowLevelPolicy object like this: |
22 // | 25 // |
23 // PolicyRule rule1(ASK_BROKER); | 26 // PolicyRule rule1(ASK_BROKER); |
24 // rule1.AddStringMatch(IF, 0, L"\\\\/?/?\\c:\\*Microsoft*\\*.exe", true); | 27 // rule1.AddStringMatch(IF, 0, L"\\\\/?/?\\c:\\*Microsoft*\\*.exe", true); |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
129 explicit PolicyRule(EvalResult action); | 132 explicit PolicyRule(EvalResult action); |
130 PolicyRule(const PolicyRule& other); | 133 PolicyRule(const PolicyRule& other); |
131 ~PolicyRule(); | 134 ~PolicyRule(); |
132 | 135 |
133 // Adds a string comparison to the rule. | 136 // Adds a string comparison to the rule. |
134 // rule_type: possible values are IF and IF_NOT. | 137 // rule_type: possible values are IF and IF_NOT. |
135 // parameter: the expected index of the argument for this rule. For example | 138 // parameter: the expected index of the argument for this rule. For example |
136 // in a 'create file' service the file name argument can be at index 0. | 139 // in a 'create file' service the file name argument can be at index 0. |
137 // string: is the desired matching pattern. | 140 // string: is the desired matching pattern. |
138 // match_opts: if the pattern matching is case sensitive or not. | 141 // match_opts: if the pattern matching is case sensitive or not. |
139 bool AddStringMatch(RuleType rule_type, int16 parameter, | 142 bool AddStringMatch(RuleType rule_type, |
140 const wchar_t* string, StringMatchOptions match_opts); | 143 int16_t parameter, |
| 144 const wchar_t* string, |
| 145 StringMatchOptions match_opts); |
141 | 146 |
142 // Adds a number match comparison to the rule. | 147 // Adds a number match comparison to the rule. |
143 // rule_type: possible values are IF and IF_NOT. | 148 // rule_type: possible values are IF and IF_NOT. |
144 // parameter: the expected index of the argument for this rule. | 149 // parameter: the expected index of the argument for this rule. |
145 // number: the value to compare the input to. | 150 // number: the value to compare the input to. |
146 // comparison_op: the comparison kind (equal, logical and, etc). | 151 // comparison_op: the comparison kind (equal, logical and, etc). |
147 bool AddNumberMatch(RuleType rule_type, | 152 bool AddNumberMatch(RuleType rule_type, |
148 int16 parameter, | 153 int16_t parameter, |
149 uint32 number, | 154 uint32_t number, |
150 RuleOp comparison_op); | 155 RuleOp comparison_op); |
151 | 156 |
152 // Returns the number of opcodes generated so far. | 157 // Returns the number of opcodes generated so far. |
153 size_t GetOpcodeCount() const { | 158 size_t GetOpcodeCount() const { |
154 return buffer_->opcode_count; | 159 return buffer_->opcode_count; |
155 } | 160 } |
156 | 161 |
157 // Called when there is no more comparisons to add. Internally it generates | 162 // Called when there is no more comparisons to add. Internally it generates |
158 // the last opcode (the action opcode). Returns false if this operation fails. | 163 // the last opcode (the action opcode). Returns false if this operation fails. |
159 bool Done(); | 164 bool Done(); |
160 | 165 |
161 private: | 166 private: |
162 void operator=(const PolicyRule&); | 167 void operator=(const PolicyRule&); |
163 // Called in a loop from AddStringMatch to generate the required string | 168 // Called in a loop from AddStringMatch to generate the required string |
164 // match opcodes. rule_type, match_opts and parameter are the same as | 169 // match opcodes. rule_type, match_opts and parameter are the same as |
165 // in AddStringMatch. | 170 // in AddStringMatch. |
166 bool GenStringOpcode(RuleType rule_type, StringMatchOptions match_opts, | 171 bool GenStringOpcode(RuleType rule_type, |
167 uint16 parameter, int state, bool last_call, | 172 StringMatchOptions match_opts, |
168 int* skip_count, base::string16* fragment); | 173 uint16_t parameter, |
| 174 int state, |
| 175 bool last_call, |
| 176 int* skip_count, |
| 177 base::string16* fragment); |
169 | 178 |
170 // Loop over all generated opcodes and copy them to increasing memory | 179 // Loop over all generated opcodes and copy them to increasing memory |
171 // addresses from opcode_start and copy the extra data (strings usually) into | 180 // addresses from opcode_start and copy the extra data (strings usually) into |
172 // decreasing addresses from data_start. Extra data is only present in the | 181 // decreasing addresses from data_start. Extra data is only present in the |
173 // string evaluation opcodes. | 182 // string evaluation opcodes. |
174 bool RebindCopy(PolicyOpcode* opcode_start, size_t opcode_size, | 183 bool RebindCopy(PolicyOpcode* opcode_start, size_t opcode_size, |
175 char* data_start, size_t* data_size) const; | 184 char* data_start, size_t* data_size) const; |
176 PolicyBuffer* buffer_; | 185 PolicyBuffer* buffer_; |
177 OpcodeFactory* opcode_factory_; | 186 OpcodeFactory* opcode_factory_; |
178 EvalResult action_; | 187 EvalResult action_; |
179 bool done_; | 188 bool done_; |
180 }; | 189 }; |
181 | 190 |
182 } // namespace sandbox | 191 } // namespace sandbox |
183 | 192 |
184 #endif // SANDBOX_SRC_POLICY_LOW_LEVEL_H__ | 193 #endif // SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
OLD | NEW |