OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
| 5 #include <stdint.h> |
| 6 |
5 #include <string> | 7 #include <string> |
6 | 8 |
7 #include "sandbox/win/src/sync_policy.h" | 9 #include "sandbox/win/src/sync_policy.h" |
8 | 10 |
9 #include "base/logging.h" | 11 #include "base/logging.h" |
10 #include "base/strings/stringprintf.h" | 12 #include "base/strings/stringprintf.h" |
11 #include "sandbox/win/src/ipc_tags.h" | 13 #include "sandbox/win/src/ipc_tags.h" |
12 #include "sandbox/win/src/nt_internals.h" | 14 #include "sandbox/win/src/nt_internals.h" |
13 #include "sandbox/win/src/policy_engine_opcodes.h" | 15 #include "sandbox/win/src/policy_engine_opcodes.h" |
14 #include "sandbox/win/src/policy_params.h" | 16 #include "sandbox/win/src/policy_params.h" |
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
138 // Add the open rule. | 140 // Add the open rule. |
139 EvalResult result = ASK_BROKER; | 141 EvalResult result = ASK_BROKER; |
140 PolicyRule open(result); | 142 PolicyRule open(result); |
141 | 143 |
142 if (!open.AddStringMatch(IF, OpenEventParams::NAME, name, CASE_INSENSITIVE)) | 144 if (!open.AddStringMatch(IF, OpenEventParams::NAME, name, CASE_INSENSITIVE)) |
143 return false; | 145 return false; |
144 | 146 |
145 if (TargetPolicy::EVENTS_ALLOW_READONLY == semantics) { | 147 if (TargetPolicy::EVENTS_ALLOW_READONLY == semantics) { |
146 // We consider all flags that are not known to be readonly as potentially | 148 // We consider all flags that are not known to be readonly as potentially |
147 // used for write. | 149 // used for write. |
148 uint32 allowed_flags = SYNCHRONIZE | GENERIC_READ | READ_CONTROL; | 150 uint32_t allowed_flags = SYNCHRONIZE | GENERIC_READ | READ_CONTROL; |
149 uint32 restricted_flags = ~allowed_flags; | 151 uint32_t restricted_flags = ~allowed_flags; |
150 open.AddNumberMatch(IF_NOT, OpenEventParams::ACCESS, restricted_flags, AND); | 152 open.AddNumberMatch(IF_NOT, OpenEventParams::ACCESS, restricted_flags, AND); |
151 } | 153 } |
152 | 154 |
153 if (!policy->AddRule(IPC_OPENEVENT_TAG, &open)) | 155 if (!policy->AddRule(IPC_OPENEVENT_TAG, &open)) |
154 return false; | 156 return false; |
155 | 157 |
156 // If it's not a read only, add the create rule. | 158 // If it's not a read only, add the create rule. |
157 if (TargetPolicy::EVENTS_ALLOW_READONLY != semantics) { | 159 if (TargetPolicy::EVENTS_ALLOW_READONLY != semantics) { |
158 PolicyRule create(result); | 160 PolicyRule create(result); |
159 if (!create.AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) | 161 if (!create.AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) |
160 return false; | 162 return false; |
161 | 163 |
162 if (!policy->AddRule(IPC_CREATEEVENT_TAG, &create)) | 164 if (!policy->AddRule(IPC_CREATEEVENT_TAG, &create)) |
163 return false; | 165 return false; |
164 } | 166 } |
165 | 167 |
166 return true; | 168 return true; |
167 } | 169 } |
168 | 170 |
169 NTSTATUS SyncPolicy::CreateEventAction(EvalResult eval_result, | 171 NTSTATUS SyncPolicy::CreateEventAction(EvalResult eval_result, |
170 const ClientInfo& client_info, | 172 const ClientInfo& client_info, |
171 const base::string16 &event_name, | 173 const base::string16& event_name, |
172 uint32 event_type, | 174 uint32_t event_type, |
173 uint32 initial_state, | 175 uint32_t initial_state, |
174 HANDLE *handle) { | 176 HANDLE* handle) { |
175 NtCreateEventFunction NtCreateEvent = NULL; | 177 NtCreateEventFunction NtCreateEvent = NULL; |
176 ResolveNTFunctionPtr("NtCreateEvent", &NtCreateEvent); | 178 ResolveNTFunctionPtr("NtCreateEvent", &NtCreateEvent); |
177 | 179 |
178 // The only action supported is ASK_BROKER which means create the requested | 180 // The only action supported is ASK_BROKER which means create the requested |
179 // file as specified. | 181 // file as specified. |
180 if (ASK_BROKER != eval_result) | 182 if (ASK_BROKER != eval_result) |
181 return false; | 183 return false; |
182 | 184 |
183 HANDLE object_directory = NULL; | 185 HANDLE object_directory = NULL; |
184 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); | 186 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); |
(...skipping 15 matching lines...) Expand all Loading... |
200 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 202 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
201 client_info.process, handle, 0, FALSE, | 203 client_info.process, handle, 0, FALSE, |
202 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 204 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
203 return STATUS_ACCESS_DENIED; | 205 return STATUS_ACCESS_DENIED; |
204 } | 206 } |
205 return status; | 207 return status; |
206 } | 208 } |
207 | 209 |
208 NTSTATUS SyncPolicy::OpenEventAction(EvalResult eval_result, | 210 NTSTATUS SyncPolicy::OpenEventAction(EvalResult eval_result, |
209 const ClientInfo& client_info, | 211 const ClientInfo& client_info, |
210 const base::string16 &event_name, | 212 const base::string16& event_name, |
211 uint32 desired_access, | 213 uint32_t desired_access, |
212 HANDLE *handle) { | 214 HANDLE* handle) { |
213 NtOpenEventFunction NtOpenEvent = NULL; | 215 NtOpenEventFunction NtOpenEvent = NULL; |
214 ResolveNTFunctionPtr("NtOpenEvent", &NtOpenEvent); | 216 ResolveNTFunctionPtr("NtOpenEvent", &NtOpenEvent); |
215 | 217 |
216 // The only action supported is ASK_BROKER which means create the requested | 218 // The only action supported is ASK_BROKER which means create the requested |
217 // event as specified. | 219 // event as specified. |
218 if (ASK_BROKER != eval_result) | 220 if (ASK_BROKER != eval_result) |
219 return false; | 221 return false; |
220 | 222 |
221 HANDLE object_directory = NULL; | 223 HANDLE object_directory = NULL; |
222 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); | 224 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); |
(...skipping 12 matching lines...) Expand all Loading... |
235 | 237 |
236 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 238 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
237 client_info.process, handle, 0, FALSE, | 239 client_info.process, handle, 0, FALSE, |
238 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 240 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
239 return STATUS_ACCESS_DENIED; | 241 return STATUS_ACCESS_DENIED; |
240 } | 242 } |
241 return status; | 243 return status; |
242 } | 244 } |
243 | 245 |
244 } // namespace sandbox | 246 } // namespace sandbox |
OLD | NEW |