OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/policy_engine_opcodes.h" | 5 #include "sandbox/win/src/policy_engine_opcodes.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include "base/basictypes.h" |
8 #include <stdint.h> | |
9 | |
10 #include "sandbox/win/src/sandbox_nt_types.h" | 8 #include "sandbox/win/src/sandbox_nt_types.h" |
11 #include "sandbox/win/src/sandbox_types.h" | 9 #include "sandbox/win/src/sandbox_types.h" |
12 | 10 |
13 namespace { | 11 namespace { |
14 const unsigned short kMaxUniStrSize = 0xfffc / sizeof(wchar_t); | 12 const unsigned short kMaxUniStrSize = 0xfffc / sizeof(wchar_t); |
15 | 13 |
16 bool InitStringUnicode(const wchar_t* source, size_t length, | 14 bool InitStringUnicode(const wchar_t* source, size_t length, |
17 UNICODE_STRING* ustring) { | 15 UNICODE_STRING* ustring) { |
18 if (length > kMaxUniStrSize) { | 16 if (length > kMaxUniStrSize) { |
19 return false; | 17 return false; |
(...skipping 23 matching lines...) Expand all Loading... |
43 // order and meaning. | 41 // order and meaning. |
44 | 42 |
45 template <int> | 43 template <int> |
46 EvalResult OpcodeEval(PolicyOpcode* opcode, const ParameterSet* pp, | 44 EvalResult OpcodeEval(PolicyOpcode* opcode, const ParameterSet* pp, |
47 MatchContext* match); | 45 MatchContext* match); |
48 | 46 |
49 ////////////////////////////////////////////////////////////////////////////// | 47 ////////////////////////////////////////////////////////////////////////////// |
50 // Opcode OpAlwaysFalse: | 48 // Opcode OpAlwaysFalse: |
51 // Does not require input parameter. | 49 // Does not require input parameter. |
52 | 50 |
53 PolicyOpcode* OpcodeFactory::MakeOpAlwaysFalse(uint32_t options) { | 51 PolicyOpcode* OpcodeFactory::MakeOpAlwaysFalse(uint32 options) { |
54 return MakeBase(OP_ALWAYS_FALSE, options, -1); | 52 return MakeBase(OP_ALWAYS_FALSE, options, -1); |
55 } | 53 } |
56 | 54 |
57 template <> | 55 template <> |
58 EvalResult OpcodeEval<OP_ALWAYS_FALSE>(PolicyOpcode* opcode, | 56 EvalResult OpcodeEval<OP_ALWAYS_FALSE>(PolicyOpcode* opcode, |
59 const ParameterSet* param, | 57 const ParameterSet* param, |
60 MatchContext* context) { | 58 MatchContext* context) { |
61 return EVAL_FALSE; | 59 return EVAL_FALSE; |
62 } | 60 } |
63 | 61 |
64 ////////////////////////////////////////////////////////////////////////////// | 62 ////////////////////////////////////////////////////////////////////////////// |
65 // Opcode OpAlwaysTrue: | 63 // Opcode OpAlwaysTrue: |
66 // Does not require input parameter. | 64 // Does not require input parameter. |
67 | 65 |
68 PolicyOpcode* OpcodeFactory::MakeOpAlwaysTrue(uint32_t options) { | 66 PolicyOpcode* OpcodeFactory::MakeOpAlwaysTrue(uint32 options) { |
69 return MakeBase(OP_ALWAYS_TRUE, options, -1); | 67 return MakeBase(OP_ALWAYS_TRUE, options, -1); |
70 } | 68 } |
71 | 69 |
72 template <> | 70 template <> |
73 EvalResult OpcodeEval<OP_ALWAYS_TRUE>(PolicyOpcode* opcode, | 71 EvalResult OpcodeEval<OP_ALWAYS_TRUE>(PolicyOpcode* opcode, |
74 const ParameterSet* param, | 72 const ParameterSet* param, |
75 MatchContext* context) { | 73 MatchContext* context) { |
76 return EVAL_TRUE; | 74 return EVAL_TRUE; |
77 } | 75 } |
78 | 76 |
79 ////////////////////////////////////////////////////////////////////////////// | 77 ////////////////////////////////////////////////////////////////////////////// |
80 // Opcode OpAction: | 78 // Opcode OpAction: |
81 // Does not require input parameter. | 79 // Does not require input parameter. |
82 // Argument 0 contains the actual action to return. | 80 // Argument 0 contains the actual action to return. |
83 | 81 |
84 PolicyOpcode* OpcodeFactory::MakeOpAction(EvalResult action, uint32_t options) { | 82 PolicyOpcode* OpcodeFactory::MakeOpAction(EvalResult action, |
| 83 uint32 options) { |
85 PolicyOpcode* opcode = MakeBase(OP_ACTION, options, 0); | 84 PolicyOpcode* opcode = MakeBase(OP_ACTION, options, 0); |
86 if (NULL == opcode) return NULL; | 85 if (NULL == opcode) return NULL; |
87 opcode->SetArgument(0, action); | 86 opcode->SetArgument(0, action); |
88 return opcode; | 87 return opcode; |
89 } | 88 } |
90 | 89 |
91 template <> | 90 template <> |
92 EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, | 91 EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, |
93 const ParameterSet* param, | 92 const ParameterSet* param, |
94 MatchContext* context) { | 93 MatchContext* context) { |
95 int action = 0; | 94 int action = 0; |
96 opcode->GetArgument(0, &action); | 95 opcode->GetArgument(0, &action); |
97 return static_cast<EvalResult>(action); | 96 return static_cast<EvalResult>(action); |
98 } | 97 } |
99 | 98 |
100 ////////////////////////////////////////////////////////////////////////////// | 99 ////////////////////////////////////////////////////////////////////////////// |
101 // Opcode OpNumberMatch: | 100 // Opcode OpNumberMatch: |
102 // Requires a uint32_t or void* in selected_param | 101 // Requires a uint32 or void* in selected_param |
103 // Argument 0 is the stored number to match. | 102 // Argument 0 is the stored number to match. |
104 // Argument 1 is the C++ type of the 0th argument. | 103 // Argument 1 is the C++ type of the 0th argument. |
105 | 104 |
106 PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16_t selected_param, | 105 PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16 selected_param, |
107 uint32_t match, | 106 uint32 match, |
108 uint32_t options) { | 107 uint32 options) { |
109 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); | 108 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); |
110 if (NULL == opcode) return NULL; | 109 if (NULL == opcode) return NULL; |
111 opcode->SetArgument(0, match); | 110 opcode->SetArgument(0, match); |
112 opcode->SetArgument(1, UINT32_TYPE); | 111 opcode->SetArgument(1, UINT32_TYPE); |
113 return opcode; | 112 return opcode; |
114 } | 113 } |
115 | 114 |
116 PolicyOpcode* OpcodeFactory::MakeOpVoidPtrMatch(int16_t selected_param, | 115 PolicyOpcode* OpcodeFactory::MakeOpVoidPtrMatch(int16 selected_param, |
117 const void* match, | 116 const void* match, |
118 uint32_t options) { | 117 uint32 options) { |
119 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); | 118 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); |
120 if (NULL == opcode) return NULL; | 119 if (NULL == opcode) return NULL; |
121 opcode->SetArgument(0, match); | 120 opcode->SetArgument(0, match); |
122 opcode->SetArgument(1, VOIDPTR_TYPE); | 121 opcode->SetArgument(1, VOIDPTR_TYPE); |
123 return opcode; | 122 return opcode; |
124 } | 123 } |
125 | 124 |
126 template <> | 125 template <> |
127 EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, | 126 EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, |
128 const ParameterSet* param, | 127 const ParameterSet* param, |
129 MatchContext* context) { | 128 MatchContext* context) { |
130 uint32_t value_uint32 = 0; | 129 uint32 value_uint32 = 0; |
131 if (param->Get(&value_uint32)) { | 130 if (param->Get(&value_uint32)) { |
132 uint32_t match_uint32 = 0; | 131 uint32 match_uint32 = 0; |
133 opcode->GetArgument(0, &match_uint32); | 132 opcode->GetArgument(0, &match_uint32); |
134 return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; | 133 return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; |
135 } else { | 134 } else { |
136 const void* value_ptr = NULL; | 135 const void* value_ptr = NULL; |
137 if (param->Get(&value_ptr)) { | 136 if (param->Get(&value_ptr)) { |
138 const void* match_ptr = NULL; | 137 const void* match_ptr = NULL; |
139 opcode->GetArgument(0, &match_ptr); | 138 opcode->GetArgument(0, &match_ptr); |
140 return (match_ptr != value_ptr)? EVAL_FALSE : EVAL_TRUE; | 139 return (match_ptr != value_ptr)? EVAL_FALSE : EVAL_TRUE; |
141 } | 140 } |
142 } | 141 } |
143 return EVAL_ERROR; | 142 return EVAL_ERROR; |
144 } | 143 } |
145 | 144 |
146 ////////////////////////////////////////////////////////////////////////////// | 145 ////////////////////////////////////////////////////////////////////////////// |
147 // Opcode OpNumberMatchRange | 146 // Opcode OpNumberMatchRange |
148 // Requires a uint32_t in selected_param. | 147 // Requires a uint32 in selected_param. |
149 // Argument 0 is the stored lower bound to match. | 148 // Argument 0 is the stored lower bound to match. |
150 // Argument 1 is the stored upper bound to match. | 149 // Argument 1 is the stored upper bound to match. |
151 | 150 |
152 PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16_t selected_param, | 151 PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16 selected_param, |
153 uint32_t lower_bound, | 152 uint32 lower_bound, |
154 uint32_t upper_bound, | 153 uint32 upper_bound, |
155 uint32_t options) { | 154 uint32 options) { |
156 if (lower_bound > upper_bound) { | 155 if (lower_bound > upper_bound) { |
157 return NULL; | 156 return NULL; |
158 } | 157 } |
159 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, | 158 PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, |
160 selected_param); | 159 selected_param); |
161 if (NULL == opcode) return NULL; | 160 if (NULL == opcode) return NULL; |
162 opcode->SetArgument(0, lower_bound); | 161 opcode->SetArgument(0, lower_bound); |
163 opcode->SetArgument(1, upper_bound); | 162 opcode->SetArgument(1, upper_bound); |
164 return opcode; | 163 return opcode; |
165 } | 164 } |
166 | 165 |
167 template <> | 166 template <> |
168 EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, | 167 EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, |
169 const ParameterSet* param, | 168 const ParameterSet* param, |
170 MatchContext* context) { | 169 MatchContext* context) { |
171 uint32_t value = 0; | 170 uint32 value = 0; |
172 if (!param->Get(&value)) return EVAL_ERROR; | 171 if (!param->Get(&value)) return EVAL_ERROR; |
173 | 172 |
174 uint32_t lower_bound = 0; | 173 uint32 lower_bound = 0; |
175 uint32_t upper_bound = 0; | 174 uint32 upper_bound = 0; |
176 opcode->GetArgument(0, &lower_bound); | 175 opcode->GetArgument(0, &lower_bound); |
177 opcode->GetArgument(1, &upper_bound); | 176 opcode->GetArgument(1, &upper_bound); |
178 return((lower_bound <= value) && (upper_bound >= value))? | 177 return((lower_bound <= value) && (upper_bound >= value))? |
179 EVAL_TRUE : EVAL_FALSE; | 178 EVAL_TRUE : EVAL_FALSE; |
180 } | 179 } |
181 | 180 |
182 ////////////////////////////////////////////////////////////////////////////// | 181 ////////////////////////////////////////////////////////////////////////////// |
183 // Opcode OpNumberAndMatch: | 182 // Opcode OpNumberAndMatch: |
184 // Requires a uint32_t in selected_param. | 183 // Requires a uint32 in selected_param. |
185 // Argument 0 is the stored number to match. | 184 // Argument 0 is the stored number to match. |
186 | 185 |
187 PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16_t selected_param, | 186 PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16 selected_param, |
188 uint32_t match, | 187 uint32 match, |
189 uint32_t options) { | 188 uint32 options) { |
190 PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); | 189 PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); |
191 if (NULL == opcode) return NULL; | 190 if (NULL == opcode) return NULL; |
192 opcode->SetArgument(0, match); | 191 opcode->SetArgument(0, match); |
193 return opcode; | 192 return opcode; |
194 } | 193 } |
195 | 194 |
196 template <> | 195 template <> |
197 EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, | 196 EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, |
198 const ParameterSet* param, | 197 const ParameterSet* param, |
199 MatchContext* context) { | 198 MatchContext* context) { |
200 uint32_t value = 0; | 199 uint32 value = 0; |
201 if (!param->Get(&value)) return EVAL_ERROR; | 200 if (!param->Get(&value)) return EVAL_ERROR; |
202 | 201 |
203 uint32_t number = 0; | 202 uint32 number = 0; |
204 opcode->GetArgument(0, &number); | 203 opcode->GetArgument(0, &number); |
205 return (number & value)? EVAL_TRUE : EVAL_FALSE; | 204 return (number & value)? EVAL_TRUE : EVAL_FALSE; |
206 } | 205 } |
207 | 206 |
208 ////////////////////////////////////////////////////////////////////////////// | 207 ////////////////////////////////////////////////////////////////////////////// |
209 // Opcode OpWStringMatch: | 208 // Opcode OpWStringMatch: |
210 // Requires a wchar_t* in selected_param. | 209 // Requires a wchar_t* in selected_param. |
211 // Argument 0 is the byte displacement of the stored string. | 210 // Argument 0 is the byte displacement of the stored string. |
212 // Argument 1 is the lenght in chars of the stored string. | 211 // Argument 1 is the lenght in chars of the stored string. |
213 // Argument 2 is the offset to apply on the input string. It has special values. | 212 // Argument 2 is the offset to apply on the input string. It has special values. |
214 // as noted in the header file. | 213 // as noted in the header file. |
215 // Argument 3 is the string matching options. | 214 // Argument 3 is the string matching options. |
216 | 215 |
217 PolicyOpcode* OpcodeFactory::MakeOpWStringMatch(int16_t selected_param, | 216 PolicyOpcode* OpcodeFactory::MakeOpWStringMatch(int16 selected_param, |
218 const wchar_t* match_str, | 217 const wchar_t* match_str, |
219 int start_position, | 218 int start_position, |
220 StringMatchOptions match_opts, | 219 StringMatchOptions match_opts, |
221 uint32_t options) { | 220 uint32 options) { |
222 if (NULL == match_str) { | 221 if (NULL == match_str) { |
223 return NULL; | 222 return NULL; |
224 } | 223 } |
225 if ('\0' == match_str[0]) { | 224 if ('\0' == match_str[0]) { |
226 return NULL; | 225 return NULL; |
227 } | 226 } |
228 | 227 |
229 int lenght = lstrlenW(match_str); | 228 int lenght = lstrlenW(match_str); |
230 | 229 |
231 PolicyOpcode* opcode = MakeBase(OP_WSTRING_MATCH, options, selected_param); | 230 PolicyOpcode* opcode = MakeBase(OP_WSTRING_MATCH, options, selected_param); |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
335 --source_len; | 334 --source_len; |
336 } while (source_len >= match_len); | 335 } while (source_len >= match_len); |
337 } | 336 } |
338 return EVAL_FALSE; | 337 return EVAL_FALSE; |
339 } | 338 } |
340 | 339 |
341 ////////////////////////////////////////////////////////////////////////////// | 340 ////////////////////////////////////////////////////////////////////////////// |
342 // OpcodeMaker (other member functions). | 341 // OpcodeMaker (other member functions). |
343 | 342 |
344 PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, | 343 PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, |
345 uint32_t options, | 344 uint32 options, |
346 int16_t selected_param) { | 345 int16 selected_param) { |
347 if (memory_size() < sizeof(PolicyOpcode)) { | 346 if (memory_size() < sizeof(PolicyOpcode)) { |
348 return NULL; | 347 return NULL; |
349 } | 348 } |
350 | 349 |
351 // Create opcode using placement-new on the buffer memory. | 350 // Create opcode using placement-new on the buffer memory. |
352 PolicyOpcode* opcode = new(memory_top_) PolicyOpcode(); | 351 PolicyOpcode* opcode = new(memory_top_) PolicyOpcode(); |
353 | 352 |
354 // Fill in the standard fields, that every opcode has. | 353 // Fill in the standard fields, that every opcode has. |
355 memory_top_ += sizeof(PolicyOpcode); | 354 memory_top_ += sizeof(PolicyOpcode); |
356 opcode->opcode_id_ = opcode_id; | 355 opcode->opcode_id_ = opcode_id; |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
437 OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); | 436 OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); |
438 OPCODE_EVAL(OP_ACTION, this, parameters, match); | 437 OPCODE_EVAL(OP_ACTION, this, parameters, match); |
439 default: | 438 default: |
440 return EVAL_ERROR; | 439 return EVAL_ERROR; |
441 } | 440 } |
442 } | 441 } |
443 | 442 |
444 #undef OPCODE_EVAL | 443 #undef OPCODE_EVAL |
445 | 444 |
446 } // namespace sandbox | 445 } // namespace sandbox |
OLD | NEW |