| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/policy_engine_opcodes.h" | 5 #include "sandbox/win/src/policy_engine_opcodes.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include "base/basictypes.h" |
| 8 #include <stdint.h> | |
| 9 | |
| 10 #include "sandbox/win/src/sandbox_nt_types.h" | 8 #include "sandbox/win/src/sandbox_nt_types.h" |
| 11 #include "sandbox/win/src/sandbox_types.h" | 9 #include "sandbox/win/src/sandbox_types.h" |
| 12 | 10 |
| 13 namespace { | 11 namespace { |
| 14 const unsigned short kMaxUniStrSize = 0xfffc / sizeof(wchar_t); | 12 const unsigned short kMaxUniStrSize = 0xfffc / sizeof(wchar_t); |
| 15 | 13 |
| 16 bool InitStringUnicode(const wchar_t* source, size_t length, | 14 bool InitStringUnicode(const wchar_t* source, size_t length, |
| 17 UNICODE_STRING* ustring) { | 15 UNICODE_STRING* ustring) { |
| 18 if (length > kMaxUniStrSize) { | 16 if (length > kMaxUniStrSize) { |
| 19 return false; | 17 return false; |
| (...skipping 23 matching lines...) Expand all Loading... |
| 43 // order and meaning. | 41 // order and meaning. |
| 44 | 42 |
| 45 template <int> | 43 template <int> |
| 46 EvalResult OpcodeEval(PolicyOpcode* opcode, const ParameterSet* pp, | 44 EvalResult OpcodeEval(PolicyOpcode* opcode, const ParameterSet* pp, |
| 47 MatchContext* match); | 45 MatchContext* match); |
| 48 | 46 |
| 49 ////////////////////////////////////////////////////////////////////////////// | 47 ////////////////////////////////////////////////////////////////////////////// |
| 50 // Opcode OpAlwaysFalse: | 48 // Opcode OpAlwaysFalse: |
| 51 // Does not require input parameter. | 49 // Does not require input parameter. |
| 52 | 50 |
| 53 PolicyOpcode* OpcodeFactory::MakeOpAlwaysFalse(uint32_t options) { | 51 PolicyOpcode* OpcodeFactory::MakeOpAlwaysFalse(uint32 options) { |
| 54 return MakeBase(OP_ALWAYS_FALSE, options, -1); | 52 return MakeBase(OP_ALWAYS_FALSE, options, -1); |
| 55 } | 53 } |
| 56 | 54 |
| 57 template <> | 55 template <> |
| 58 EvalResult OpcodeEval<OP_ALWAYS_FALSE>(PolicyOpcode* opcode, | 56 EvalResult OpcodeEval<OP_ALWAYS_FALSE>(PolicyOpcode* opcode, |
| 59 const ParameterSet* param, | 57 const ParameterSet* param, |
| 60 MatchContext* context) { | 58 MatchContext* context) { |
| 61 return EVAL_FALSE; | 59 return EVAL_FALSE; |
| 62 } | 60 } |
| 63 | 61 |
| 64 ////////////////////////////////////////////////////////////////////////////// | 62 ////////////////////////////////////////////////////////////////////////////// |
| 65 // Opcode OpAlwaysTrue: | 63 // Opcode OpAlwaysTrue: |
| 66 // Does not require input parameter. | 64 // Does not require input parameter. |
| 67 | 65 |
| 68 PolicyOpcode* OpcodeFactory::MakeOpAlwaysTrue(uint32_t options) { | 66 PolicyOpcode* OpcodeFactory::MakeOpAlwaysTrue(uint32 options) { |
| 69 return MakeBase(OP_ALWAYS_TRUE, options, -1); | 67 return MakeBase(OP_ALWAYS_TRUE, options, -1); |
| 70 } | 68 } |
| 71 | 69 |
| 72 template <> | 70 template <> |
| 73 EvalResult OpcodeEval<OP_ALWAYS_TRUE>(PolicyOpcode* opcode, | 71 EvalResult OpcodeEval<OP_ALWAYS_TRUE>(PolicyOpcode* opcode, |
| 74 const ParameterSet* param, | 72 const ParameterSet* param, |
| 75 MatchContext* context) { | 73 MatchContext* context) { |
| 76 return EVAL_TRUE; | 74 return EVAL_TRUE; |
| 77 } | 75 } |
| 78 | 76 |
| 79 ////////////////////////////////////////////////////////////////////////////// | 77 ////////////////////////////////////////////////////////////////////////////// |
| 80 // Opcode OpAction: | 78 // Opcode OpAction: |
| 81 // Does not require input parameter. | 79 // Does not require input parameter. |
| 82 // Argument 0 contains the actual action to return. | 80 // Argument 0 contains the actual action to return. |
| 83 | 81 |
| 84 PolicyOpcode* OpcodeFactory::MakeOpAction(EvalResult action, uint32_t options) { | 82 PolicyOpcode* OpcodeFactory::MakeOpAction(EvalResult action, |
| 83 uint32 options) { |
| 85 PolicyOpcode* opcode = MakeBase(OP_ACTION, options, 0); | 84 PolicyOpcode* opcode = MakeBase(OP_ACTION, options, 0); |
| 86 if (NULL == opcode) return NULL; | 85 if (NULL == opcode) return NULL; |
| 87 opcode->SetArgument(0, action); | 86 opcode->SetArgument(0, action); |
| 88 return opcode; | 87 return opcode; |
| 89 } | 88 } |
| 90 | 89 |
| 91 template <> | 90 template <> |
| 92 EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, | 91 EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, |
| 93 const ParameterSet* param, | 92 const ParameterSet* param, |
| 94 MatchContext* context) { | 93 MatchContext* context) { |
| 95 int action = 0; | 94 int action = 0; |
| 96 opcode->GetArgument(0, &action); | 95 opcode->GetArgument(0, &action); |
| 97 return static_cast<EvalResult>(action); | 96 return static_cast<EvalResult>(action); |
| 98 } | 97 } |
| 99 | 98 |
| 100 ////////////////////////////////////////////////////////////////////////////// | 99 ////////////////////////////////////////////////////////////////////////////// |
| 101 // Opcode OpNumberMatch: | 100 // Opcode OpNumberMatch: |
| 102 // Requires a uint32_t or void* in selected_param | 101 // Requires a uint32 or void* in selected_param |
| 103 // Argument 0 is the stored number to match. | 102 // Argument 0 is the stored number to match. |
| 104 // Argument 1 is the C++ type of the 0th argument. | 103 // Argument 1 is the C++ type of the 0th argument. |
| 105 | 104 |
| 106 PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16_t selected_param, | 105 PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16 selected_param, |
| 107 uint32_t match, | 106 uint32 match, |
| 108 uint32_t options) { | 107 uint32 options) { |
| 109 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); | 108 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); |
| 110 if (NULL == opcode) return NULL; | 109 if (NULL == opcode) return NULL; |
| 111 opcode->SetArgument(0, match); | 110 opcode->SetArgument(0, match); |
| 112 opcode->SetArgument(1, UINT32_TYPE); | 111 opcode->SetArgument(1, UINT32_TYPE); |
| 113 return opcode; | 112 return opcode; |
| 114 } | 113 } |
| 115 | 114 |
| 116 PolicyOpcode* OpcodeFactory::MakeOpVoidPtrMatch(int16_t selected_param, | 115 PolicyOpcode* OpcodeFactory::MakeOpVoidPtrMatch(int16 selected_param, |
| 117 const void* match, | 116 const void* match, |
| 118 uint32_t options) { | 117 uint32 options) { |
| 119 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); | 118 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); |
| 120 if (NULL == opcode) return NULL; | 119 if (NULL == opcode) return NULL; |
| 121 opcode->SetArgument(0, match); | 120 opcode->SetArgument(0, match); |
| 122 opcode->SetArgument(1, VOIDPTR_TYPE); | 121 opcode->SetArgument(1, VOIDPTR_TYPE); |
| 123 return opcode; | 122 return opcode; |
| 124 } | 123 } |
| 125 | 124 |
| 126 template <> | 125 template <> |
| 127 EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, | 126 EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, |
| 128 const ParameterSet* param, | 127 const ParameterSet* param, |
| 129 MatchContext* context) { | 128 MatchContext* context) { |
| 130 uint32_t value_uint32 = 0; | 129 uint32 value_uint32 = 0; |
| 131 if (param->Get(&value_uint32)) { | 130 if (param->Get(&value_uint32)) { |
| 132 uint32_t match_uint32 = 0; | 131 uint32 match_uint32 = 0; |
| 133 opcode->GetArgument(0, &match_uint32); | 132 opcode->GetArgument(0, &match_uint32); |
| 134 return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; | 133 return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; |
| 135 } else { | 134 } else { |
| 136 const void* value_ptr = NULL; | 135 const void* value_ptr = NULL; |
| 137 if (param->Get(&value_ptr)) { | 136 if (param->Get(&value_ptr)) { |
| 138 const void* match_ptr = NULL; | 137 const void* match_ptr = NULL; |
| 139 opcode->GetArgument(0, &match_ptr); | 138 opcode->GetArgument(0, &match_ptr); |
| 140 return (match_ptr != value_ptr)? EVAL_FALSE : EVAL_TRUE; | 139 return (match_ptr != value_ptr)? EVAL_FALSE : EVAL_TRUE; |
| 141 } | 140 } |
| 142 } | 141 } |
| 143 return EVAL_ERROR; | 142 return EVAL_ERROR; |
| 144 } | 143 } |
| 145 | 144 |
| 146 ////////////////////////////////////////////////////////////////////////////// | 145 ////////////////////////////////////////////////////////////////////////////// |
| 147 // Opcode OpNumberMatchRange | 146 // Opcode OpNumberMatchRange |
| 148 // Requires a uint32_t in selected_param. | 147 // Requires a uint32 in selected_param. |
| 149 // Argument 0 is the stored lower bound to match. | 148 // Argument 0 is the stored lower bound to match. |
| 150 // Argument 1 is the stored upper bound to match. | 149 // Argument 1 is the stored upper bound to match. |
| 151 | 150 |
| 152 PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16_t selected_param, | 151 PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16 selected_param, |
| 153 uint32_t lower_bound, | 152 uint32 lower_bound, |
| 154 uint32_t upper_bound, | 153 uint32 upper_bound, |
| 155 uint32_t options) { | 154 uint32 options) { |
| 156 if (lower_bound > upper_bound) { | 155 if (lower_bound > upper_bound) { |
| 157 return NULL; | 156 return NULL; |
| 158 } | 157 } |
| 159 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, | 158 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, |
| 160 selected_param); | 159 selected_param); |
| 161 if (NULL == opcode) return NULL; | 160 if (NULL == opcode) return NULL; |
| 162 opcode->SetArgument(0, lower_bound); | 161 opcode->SetArgument(0, lower_bound); |
| 163 opcode->SetArgument(1, upper_bound); | 162 opcode->SetArgument(1, upper_bound); |
| 164 return opcode; | 163 return opcode; |
| 165 } | 164 } |
| 166 | 165 |
| 167 template <> | 166 template <> |
| 168 EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, | 167 EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, |
| 169 const ParameterSet* param, | 168 const ParameterSet* param, |
| 170 MatchContext* context) { | 169 MatchContext* context) { |
| 171 uint32_t value = 0; | 170 uint32 value = 0; |
| 172 if (!param->Get(&value)) return EVAL_ERROR; | 171 if (!param->Get(&value)) return EVAL_ERROR; |
| 173 | 172 |
| 174 uint32_t lower_bound = 0; | 173 uint32 lower_bound = 0; |
| 175 uint32_t upper_bound = 0; | 174 uint32 upper_bound = 0; |
| 176 opcode->GetArgument(0, &lower_bound); | 175 opcode->GetArgument(0, &lower_bound); |
| 177 opcode->GetArgument(1, &upper_bound); | 176 opcode->GetArgument(1, &upper_bound); |
| 178 return((lower_bound <= value) && (upper_bound >= value))? | 177 return((lower_bound <= value) && (upper_bound >= value))? |
| 179 EVAL_TRUE : EVAL_FALSE; | 178 EVAL_TRUE : EVAL_FALSE; |
| 180 } | 179 } |
| 181 | 180 |
| 182 ////////////////////////////////////////////////////////////////////////////// | 181 ////////////////////////////////////////////////////////////////////////////// |
| 183 // Opcode OpNumberAndMatch: | 182 // Opcode OpNumberAndMatch: |
| 184 // Requires a uint32_t in selected_param. | 183 // Requires a uint32 in selected_param. |
| 185 // Argument 0 is the stored number to match. | 184 // Argument 0 is the stored number to match. |
| 186 | 185 |
| 187 PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16_t selected_param, | 186 PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16 selected_param, |
| 188 uint32_t match, | 187 uint32 match, |
| 189 uint32_t options) { | 188 uint32 options) { |
| 190 PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); | 189 PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); |
| 191 if (NULL == opcode) return NULL; | 190 if (NULL == opcode) return NULL; |
| 192 opcode->SetArgument(0, match); | 191 opcode->SetArgument(0, match); |
| 193 return opcode; | 192 return opcode; |
| 194 } | 193 } |
| 195 | 194 |
| 196 template <> | 195 template <> |
| 197 EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, | 196 EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, |
| 198 const ParameterSet* param, | 197 const ParameterSet* param, |
| 199 MatchContext* context) { | 198 MatchContext* context) { |
| 200 uint32_t value = 0; | 199 uint32 value = 0; |
| 201 if (!param->Get(&value)) return EVAL_ERROR; | 200 if (!param->Get(&value)) return EVAL_ERROR; |
| 202 | 201 |
| 203 uint32_t number = 0; | 202 uint32 number = 0; |
| 204 opcode->GetArgument(0, &number); | 203 opcode->GetArgument(0, &number); |
| 205 return (number & value)? EVAL_TRUE : EVAL_FALSE; | 204 return (number & value)? EVAL_TRUE : EVAL_FALSE; |
| 206 } | 205 } |
| 207 | 206 |
| 208 ////////////////////////////////////////////////////////////////////////////// | 207 ////////////////////////////////////////////////////////////////////////////// |
| 209 // Opcode OpWStringMatch: | 208 // Opcode OpWStringMatch: |
| 210 // Requires a wchar_t* in selected_param. | 209 // Requires a wchar_t* in selected_param. |
| 211 // Argument 0 is the byte displacement of the stored string. | 210 // Argument 0 is the byte displacement of the stored string. |
| 212 // Argument 1 is the lenght in chars of the stored string. | 211 // Argument 1 is the lenght in chars of the stored string. |
| 213 // Argument 2 is the offset to apply on the input string. It has special values. | 212 // Argument 2 is the offset to apply on the input string. It has special values. |
| 214 // as noted in the header file. | 213 // as noted in the header file. |
| 215 // Argument 3 is the string matching options. | 214 // Argument 3 is the string matching options. |
| 216 | 215 |
| 217 PolicyOpcode* OpcodeFactory::MakeOpWStringMatch(int16_t selected_param, | 216 PolicyOpcode* OpcodeFactory::MakeOpWStringMatch(int16 selected_param, |
| 218 const wchar_t* match_str, | 217 const wchar_t* match_str, |
| 219 int start_position, | 218 int start_position, |
| 220 StringMatchOptions match_opts, | 219 StringMatchOptions match_opts, |
| 221 uint32_t options) { | 220 uint32 options) { |
| 222 if (NULL == match_str) { | 221 if (NULL == match_str) { |
| 223 return NULL; | 222 return NULL; |
| 224 } | 223 } |
| 225 if ('\0' == match_str[0]) { | 224 if ('\0' == match_str[0]) { |
| 226 return NULL; | 225 return NULL; |
| 227 } | 226 } |
| 228 | 227 |
| 229 int lenght = lstrlenW(match_str); | 228 int lenght = lstrlenW(match_str); |
| 230 | 229 |
| 231 PolicyOpcode* opcode = MakeBase(OP_WSTRING_MATCH, options, selected_param); | 230 PolicyOpcode* opcode = MakeBase(OP_WSTRING_MATCH, options, selected_param); |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 335 --source_len; | 334 --source_len; |
| 336 } while (source_len >= match_len); | 335 } while (source_len >= match_len); |
| 337 } | 336 } |
| 338 return EVAL_FALSE; | 337 return EVAL_FALSE; |
| 339 } | 338 } |
| 340 | 339 |
| 341 ////////////////////////////////////////////////////////////////////////////// | 340 ////////////////////////////////////////////////////////////////////////////// |
| 342 // OpcodeMaker (other member functions). | 341 // OpcodeMaker (other member functions). |
| 343 | 342 |
| 344 PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, | 343 PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, |
| 345 uint32_t options, | 344 uint32 options, |
| 346 int16_t selected_param) { | 345 int16 selected_param) { |
| 347 if (memory_size() < sizeof(PolicyOpcode)) { | 346 if (memory_size() < sizeof(PolicyOpcode)) { |
| 348 return NULL; | 347 return NULL; |
| 349 } | 348 } |
| 350 | 349 |
| 351 // Create opcode using placement-new on the buffer memory. | 350 // Create opcode using placement-new on the buffer memory. |
| 352 PolicyOpcode* opcode = new(memory_top_) PolicyOpcode(); | 351 PolicyOpcode* opcode = new(memory_top_) PolicyOpcode(); |
| 353 | 352 |
| 354 // Fill in the standard fields, that every opcode has. | 353 // Fill in the standard fields, that every opcode has. |
| 355 memory_top_ += sizeof(PolicyOpcode); | 354 memory_top_ += sizeof(PolicyOpcode); |
| 356 opcode->opcode_id_ = opcode_id; | 355 opcode->opcode_id_ = opcode_id; |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 437 OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); | 436 OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); |
| 438 OPCODE_EVAL(OP_ACTION, this, parameters, match); | 437 OPCODE_EVAL(OP_ACTION, this, parameters, match); |
| 439 default: | 438 default: |
| 440 return EVAL_ERROR; | 439 return EVAL_ERROR; |
| 441 } | 440 } |
| 442 } | 441 } |
| 443 | 442 |
| 444 #undef OPCODE_EVAL | 443 #undef OPCODE_EVAL |
| 445 | 444 |
| 446 } // namespace sandbox | 445 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1539423002:
Revert of Switch to standard integer types in sandbox/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master