OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_SRC_POLICY_LOW_LEVEL_H__ | 5 #ifndef SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
6 #define SANDBOX_SRC_POLICY_LOW_LEVEL_H__ | 6 #define SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
7 | 7 |
8 #include <stddef.h> | |
9 #include <stdint.h> | |
10 | |
11 #include <list> | 8 #include <list> |
12 | 9 |
13 #include "base/macros.h" | 10 #include "base/basictypes.h" |
14 #include "base/strings/string16.h" | 11 #include "base/strings/string16.h" |
15 #include "sandbox/win/src/ipc_tags.h" | 12 #include "sandbox/win/src/ipc_tags.h" |
| 13 #include "sandbox/win/src/policy_engine_params.h" |
16 #include "sandbox/win/src/policy_engine_opcodes.h" | 14 #include "sandbox/win/src/policy_engine_opcodes.h" |
17 #include "sandbox/win/src/policy_engine_params.h" | |
18 | 15 |
19 // Low level policy classes. | 16 // Low level policy classes. |
20 // Built on top of the PolicyOpcode and OpcodeFatory, the low level policy | 17 // Built on top of the PolicyOpcode and OpcodeFatory, the low level policy |
21 // provides a way to define rules on strings and numbers but it is unaware | 18 // provides a way to define rules on strings and numbers but it is unaware |
22 // of Windows specific details or how the Interceptions must be set up. | 19 // of Windows specific details or how the Interceptions must be set up. |
23 // To use these classes you construct one or more rules and add them to the | 20 // To use these classes you construct one or more rules and add them to the |
24 // LowLevelPolicy object like this: | 21 // LowLevelPolicy object like this: |
25 // | 22 // |
26 // PolicyRule rule1(ASK_BROKER); | 23 // PolicyRule rule1(ASK_BROKER); |
27 // rule1.AddStringMatch(IF, 0, L"\\\\/?/?\\c:\\*Microsoft*\\*.exe", true); | 24 // rule1.AddStringMatch(IF, 0, L"\\\\/?/?\\c:\\*Microsoft*\\*.exe", true); |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
132 explicit PolicyRule(EvalResult action); | 129 explicit PolicyRule(EvalResult action); |
133 PolicyRule(const PolicyRule& other); | 130 PolicyRule(const PolicyRule& other); |
134 ~PolicyRule(); | 131 ~PolicyRule(); |
135 | 132 |
136 // Adds a string comparison to the rule. | 133 // Adds a string comparison to the rule. |
137 // rule_type: possible values are IF and IF_NOT. | 134 // rule_type: possible values are IF and IF_NOT. |
138 // parameter: the expected index of the argument for this rule. For example | 135 // parameter: the expected index of the argument for this rule. For example |
139 // in a 'create file' service the file name argument can be at index 0. | 136 // in a 'create file' service the file name argument can be at index 0. |
140 // string: is the desired matching pattern. | 137 // string: is the desired matching pattern. |
141 // match_opts: if the pattern matching is case sensitive or not. | 138 // match_opts: if the pattern matching is case sensitive or not. |
142 bool AddStringMatch(RuleType rule_type, | 139 bool AddStringMatch(RuleType rule_type, int16 parameter, |
143 int16_t parameter, | 140 const wchar_t* string, StringMatchOptions match_opts); |
144 const wchar_t* string, | |
145 StringMatchOptions match_opts); | |
146 | 141 |
147 // Adds a number match comparison to the rule. | 142 // Adds a number match comparison to the rule. |
148 // rule_type: possible values are IF and IF_NOT. | 143 // rule_type: possible values are IF and IF_NOT. |
149 // parameter: the expected index of the argument for this rule. | 144 // parameter: the expected index of the argument for this rule. |
150 // number: the value to compare the input to. | 145 // number: the value to compare the input to. |
151 // comparison_op: the comparison kind (equal, logical and, etc). | 146 // comparison_op: the comparison kind (equal, logical and, etc). |
152 bool AddNumberMatch(RuleType rule_type, | 147 bool AddNumberMatch(RuleType rule_type, |
153 int16_t parameter, | 148 int16 parameter, |
154 uint32_t number, | 149 uint32 number, |
155 RuleOp comparison_op); | 150 RuleOp comparison_op); |
156 | 151 |
157 // Returns the number of opcodes generated so far. | 152 // Returns the number of opcodes generated so far. |
158 size_t GetOpcodeCount() const { | 153 size_t GetOpcodeCount() const { |
159 return buffer_->opcode_count; | 154 return buffer_->opcode_count; |
160 } | 155 } |
161 | 156 |
162 // Called when there is no more comparisons to add. Internally it generates | 157 // Called when there is no more comparisons to add. Internally it generates |
163 // the last opcode (the action opcode). Returns false if this operation fails. | 158 // the last opcode (the action opcode). Returns false if this operation fails. |
164 bool Done(); | 159 bool Done(); |
165 | 160 |
166 private: | 161 private: |
167 void operator=(const PolicyRule&); | 162 void operator=(const PolicyRule&); |
168 // Called in a loop from AddStringMatch to generate the required string | 163 // Called in a loop from AddStringMatch to generate the required string |
169 // match opcodes. rule_type, match_opts and parameter are the same as | 164 // match opcodes. rule_type, match_opts and parameter are the same as |
170 // in AddStringMatch. | 165 // in AddStringMatch. |
171 bool GenStringOpcode(RuleType rule_type, | 166 bool GenStringOpcode(RuleType rule_type, StringMatchOptions match_opts, |
172 StringMatchOptions match_opts, | 167 uint16 parameter, int state, bool last_call, |
173 uint16_t parameter, | 168 int* skip_count, base::string16* fragment); |
174 int state, | |
175 bool last_call, | |
176 int* skip_count, | |
177 base::string16* fragment); | |
178 | 169 |
179 // Loop over all generated opcodes and copy them to increasing memory | 170 // Loop over all generated opcodes and copy them to increasing memory |
180 // addresses from opcode_start and copy the extra data (strings usually) into | 171 // addresses from opcode_start and copy the extra data (strings usually) into |
181 // decreasing addresses from data_start. Extra data is only present in the | 172 // decreasing addresses from data_start. Extra data is only present in the |
182 // string evaluation opcodes. | 173 // string evaluation opcodes. |
183 bool RebindCopy(PolicyOpcode* opcode_start, size_t opcode_size, | 174 bool RebindCopy(PolicyOpcode* opcode_start, size_t opcode_size, |
184 char* data_start, size_t* data_size) const; | 175 char* data_start, size_t* data_size) const; |
185 PolicyBuffer* buffer_; | 176 PolicyBuffer* buffer_; |
186 OpcodeFactory* opcode_factory_; | 177 OpcodeFactory* opcode_factory_; |
187 EvalResult action_; | 178 EvalResult action_; |
188 bool done_; | 179 bool done_; |
189 }; | 180 }; |
190 | 181 |
191 } // namespace sandbox | 182 } // namespace sandbox |
192 | 183 |
193 #endif // SANDBOX_SRC_POLICY_LOW_LEVEL_H__ | 184 #endif // SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
OLD | NEW |