| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> |
| 6 |
| 5 #include <string> | 7 #include <string> |
| 6 | 8 |
| 7 #include "sandbox/win/src/sync_policy.h" | 9 #include "sandbox/win/src/sync_policy.h" |
| 8 | 10 |
| 9 #include "base/logging.h" | 11 #include "base/logging.h" |
| 10 #include "base/strings/stringprintf.h" | 12 #include "base/strings/stringprintf.h" |
| 11 #include "sandbox/win/src/ipc_tags.h" | 13 #include "sandbox/win/src/ipc_tags.h" |
| 12 #include "sandbox/win/src/nt_internals.h" | 14 #include "sandbox/win/src/nt_internals.h" |
| 13 #include "sandbox/win/src/policy_engine_opcodes.h" | 15 #include "sandbox/win/src/policy_engine_opcodes.h" |
| 14 #include "sandbox/win/src/policy_params.h" | 16 #include "sandbox/win/src/policy_params.h" |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 138 // Add the open rule. | 140 // Add the open rule. |
| 139 EvalResult result = ASK_BROKER; | 141 EvalResult result = ASK_BROKER; |
| 140 PolicyRule open(result); | 142 PolicyRule open(result); |
| 141 | 143 |
| 142 if (!open.AddStringMatch(IF, OpenEventParams::NAME, name, CASE_INSENSITIVE)) | 144 if (!open.AddStringMatch(IF, OpenEventParams::NAME, name, CASE_INSENSITIVE)) |
| 143 return false; | 145 return false; |
| 144 | 146 |
| 145 if (TargetPolicy::EVENTS_ALLOW_READONLY == semantics) { | 147 if (TargetPolicy::EVENTS_ALLOW_READONLY == semantics) { |
| 146 // We consider all flags that are not known to be readonly as potentially | 148 // We consider all flags that are not known to be readonly as potentially |
| 147 // used for write. | 149 // used for write. |
| 148 uint32 allowed_flags = SYNCHRONIZE | GENERIC_READ | READ_CONTROL; | 150 uint32_t allowed_flags = SYNCHRONIZE | GENERIC_READ | READ_CONTROL; |
| 149 uint32 restricted_flags = ~allowed_flags; | 151 uint32_t restricted_flags = ~allowed_flags; |
| 150 open.AddNumberMatch(IF_NOT, OpenEventParams::ACCESS, restricted_flags, AND); | 152 open.AddNumberMatch(IF_NOT, OpenEventParams::ACCESS, restricted_flags, AND); |
| 151 } | 153 } |
| 152 | 154 |
| 153 if (!policy->AddRule(IPC_OPENEVENT_TAG, &open)) | 155 if (!policy->AddRule(IPC_OPENEVENT_TAG, &open)) |
| 154 return false; | 156 return false; |
| 155 | 157 |
| 156 // If it's not a read only, add the create rule. | 158 // If it's not a read only, add the create rule. |
| 157 if (TargetPolicy::EVENTS_ALLOW_READONLY != semantics) { | 159 if (TargetPolicy::EVENTS_ALLOW_READONLY != semantics) { |
| 158 PolicyRule create(result); | 160 PolicyRule create(result); |
| 159 if (!create.AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) | 161 if (!create.AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) |
| 160 return false; | 162 return false; |
| 161 | 163 |
| 162 if (!policy->AddRule(IPC_CREATEEVENT_TAG, &create)) | 164 if (!policy->AddRule(IPC_CREATEEVENT_TAG, &create)) |
| 163 return false; | 165 return false; |
| 164 } | 166 } |
| 165 | 167 |
| 166 return true; | 168 return true; |
| 167 } | 169 } |
| 168 | 170 |
| 169 NTSTATUS SyncPolicy::CreateEventAction(EvalResult eval_result, | 171 NTSTATUS SyncPolicy::CreateEventAction(EvalResult eval_result, |
| 170 const ClientInfo& client_info, | 172 const ClientInfo& client_info, |
| 171 const base::string16 &event_name, | 173 const base::string16& event_name, |
| 172 uint32 event_type, | 174 uint32_t event_type, |
| 173 uint32 initial_state, | 175 uint32_t initial_state, |
| 174 HANDLE *handle) { | 176 HANDLE* handle) { |
| 175 NtCreateEventFunction NtCreateEvent = NULL; | 177 NtCreateEventFunction NtCreateEvent = NULL; |
| 176 ResolveNTFunctionPtr("NtCreateEvent", &NtCreateEvent); | 178 ResolveNTFunctionPtr("NtCreateEvent", &NtCreateEvent); |
| 177 | 179 |
| 178 // The only action supported is ASK_BROKER which means create the requested | 180 // The only action supported is ASK_BROKER which means create the requested |
| 179 // file as specified. | 181 // file as specified. |
| 180 if (ASK_BROKER != eval_result) | 182 if (ASK_BROKER != eval_result) |
| 181 return false; | 183 return false; |
| 182 | 184 |
| 183 HANDLE object_directory = NULL; | 185 HANDLE object_directory = NULL; |
| 184 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); | 186 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 200 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 202 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 201 client_info.process, handle, 0, FALSE, | 203 client_info.process, handle, 0, FALSE, |
| 202 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 204 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 203 return STATUS_ACCESS_DENIED; | 205 return STATUS_ACCESS_DENIED; |
| 204 } | 206 } |
| 205 return status; | 207 return status; |
| 206 } | 208 } |
| 207 | 209 |
| 208 NTSTATUS SyncPolicy::OpenEventAction(EvalResult eval_result, | 210 NTSTATUS SyncPolicy::OpenEventAction(EvalResult eval_result, |
| 209 const ClientInfo& client_info, | 211 const ClientInfo& client_info, |
| 210 const base::string16 &event_name, | 212 const base::string16& event_name, |
| 211 uint32 desired_access, | 213 uint32_t desired_access, |
| 212 HANDLE *handle) { | 214 HANDLE* handle) { |
| 213 NtOpenEventFunction NtOpenEvent = NULL; | 215 NtOpenEventFunction NtOpenEvent = NULL; |
| 214 ResolveNTFunctionPtr("NtOpenEvent", &NtOpenEvent); | 216 ResolveNTFunctionPtr("NtOpenEvent", &NtOpenEvent); |
| 215 | 217 |
| 216 // The only action supported is ASK_BROKER which means create the requested | 218 // The only action supported is ASK_BROKER which means create the requested |
| 217 // event as specified. | 219 // event as specified. |
| 218 if (ASK_BROKER != eval_result) | 220 if (ASK_BROKER != eval_result) |
| 219 return false; | 221 return false; |
| 220 | 222 |
| 221 HANDLE object_directory = NULL; | 223 HANDLE object_directory = NULL; |
| 222 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); | 224 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 235 | 237 |
| 236 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 238 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 237 client_info.process, handle, 0, FALSE, | 239 client_info.process, handle, 0, FALSE, |
| 238 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 240 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 239 return STATUS_ACCESS_DENIED; | 241 return STATUS_ACCESS_DENIED; |
| 240 } | 242 } |
| 241 return status; | 243 return status; |
| 242 } | 244 } |
| 243 | 245 |
| 244 } // namespace sandbox | 246 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1538283002:
Switch to standard integer types in sandbox/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master