| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | |
| 6 | |
| 7 #include <string> | 5 #include <string> |
| 8 | 6 |
| 9 #include "sandbox/win/src/registry_policy.h" | 7 #include "sandbox/win/src/registry_policy.h" |
| 10 | 8 |
| 11 #include "base/logging.h" | 9 #include "base/logging.h" |
| 12 #include "sandbox/win/src/ipc_tags.h" | 10 #include "sandbox/win/src/ipc_tags.h" |
| 13 #include "sandbox/win/src/policy_engine_opcodes.h" | 11 #include "sandbox/win/src/policy_engine_opcodes.h" |
| 14 #include "sandbox/win/src/policy_params.h" | 12 #include "sandbox/win/src/policy_params.h" |
| 13 #include "sandbox/win/src/sandbox_utils.h" |
| 15 #include "sandbox/win/src/sandbox_types.h" | 14 #include "sandbox/win/src/sandbox_types.h" |
| 16 #include "sandbox/win/src/sandbox_utils.h" | |
| 17 #include "sandbox/win/src/win_utils.h" | 15 #include "sandbox/win/src/win_utils.h" |
| 18 | 16 |
| 19 namespace { | 17 namespace { |
| 20 | 18 |
| 21 static const uint32_t kAllowedRegFlags = | 19 static const uint32 kAllowedRegFlags = |
| 22 KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY | KEY_READ | | 20 KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY | KEY_READ | |
| 23 GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL; | 21 GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL; |
| 24 | 22 |
| 25 // Opens the key referenced by |obj_attributes| with |access| and | 23 // Opens the key referenced by |obj_attributes| with |access| and |
| 26 // checks what permission was given. Remove the WRITE flags and update | 24 // checks what permission was given. Remove the WRITE flags and update |
| 27 // |access| with the new value. | 25 // |access| with the new value. |
| 28 NTSTATUS TranslateMaximumAllowed(OBJECT_ATTRIBUTES* obj_attributes, | 26 NTSTATUS TranslateMaximumAllowed(OBJECT_ATTRIBUTES* obj_attributes, |
| 29 DWORD* access) { | 27 DWORD* access) { |
| 30 NtOpenKeyFunction NtOpenKey = NULL; | 28 NtOpenKeyFunction NtOpenKey = NULL; |
| 31 ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey); | 29 ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey); |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 EvalResult result = ASK_BROKER; | 130 EvalResult result = ASK_BROKER; |
| 133 | 131 |
| 134 PolicyRule open(result); | 132 PolicyRule open(result); |
| 135 PolicyRule create(result); | 133 PolicyRule create(result); |
| 136 | 134 |
| 137 switch (semantics) { | 135 switch (semantics) { |
| 138 case TargetPolicy::REG_ALLOW_READONLY: { | 136 case TargetPolicy::REG_ALLOW_READONLY: { |
| 139 // We consider all flags that are not known to be readonly as potentially | 137 // We consider all flags that are not known to be readonly as potentially |
| 140 // used for write. Here we also support MAXIMUM_ALLOWED, but we are going | 138 // used for write. Here we also support MAXIMUM_ALLOWED, but we are going |
| 141 // to expand it to read-only before the call. | 139 // to expand it to read-only before the call. |
| 142 uint32_t restricted_flags = ~(kAllowedRegFlags | MAXIMUM_ALLOWED); | 140 uint32 restricted_flags = ~(kAllowedRegFlags | MAXIMUM_ALLOWED); |
| 143 open.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND); | 141 open.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND); |
| 144 create.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND); | 142 create.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND); |
| 145 break; | 143 break; |
| 146 } | 144 } |
| 147 case TargetPolicy::REG_ALLOW_ANY: { | 145 case TargetPolicy::REG_ALLOW_ANY: { |
| 148 break; | 146 break; |
| 149 } | 147 } |
| 150 default: { | 148 default: { |
| 151 NOTREACHED(); | 149 NOTREACHED(); |
| 152 return false; | 150 return false; |
| 153 } | 151 } |
| 154 } | 152 } |
| 155 | 153 |
| 156 if (!create.AddStringMatch(IF, OpenKey::NAME, name, CASE_INSENSITIVE) || | 154 if (!create.AddStringMatch(IF, OpenKey::NAME, name, CASE_INSENSITIVE) || |
| 157 !policy->AddRule(IPC_NTCREATEKEY_TAG, &create)) { | 155 !policy->AddRule(IPC_NTCREATEKEY_TAG, &create)) { |
| 158 return false; | 156 return false; |
| 159 } | 157 } |
| 160 | 158 |
| 161 if (!open.AddStringMatch(IF, OpenKey::NAME, name, CASE_INSENSITIVE) || | 159 if (!open.AddStringMatch(IF, OpenKey::NAME, name, CASE_INSENSITIVE) || |
| 162 !policy->AddRule(IPC_NTOPENKEY_TAG, &open)) { | 160 !policy->AddRule(IPC_NTOPENKEY_TAG, &open)) { |
| 163 return false; | 161 return false; |
| 164 } | 162 } |
| 165 | 163 |
| 166 return true; | 164 return true; |
| 167 } | 165 } |
| 168 | 166 |
| 169 bool RegistryPolicy::CreateKeyAction(EvalResult eval_result, | 167 bool RegistryPolicy::CreateKeyAction(EvalResult eval_result, |
| 170 const ClientInfo& client_info, | 168 const ClientInfo& client_info, |
| 171 const base::string16& key, | 169 const base::string16 &key, |
| 172 uint32_t attributes, | 170 uint32 attributes, |
| 173 HANDLE root_directory, | 171 HANDLE root_directory, |
| 174 uint32_t desired_access, | 172 uint32 desired_access, |
| 175 uint32_t title_index, | 173 uint32 title_index, |
| 176 uint32_t create_options, | 174 uint32 create_options, |
| 177 HANDLE* handle, | 175 HANDLE* handle, |
| 178 NTSTATUS* nt_status, | 176 NTSTATUS* nt_status, |
| 179 ULONG* disposition) { | 177 ULONG* disposition) { |
| 180 // The only action supported is ASK_BROKER which means create the requested | 178 // The only action supported is ASK_BROKER which means create the requested |
| 181 // file as specified. | 179 // file as specified. |
| 182 if (ASK_BROKER != eval_result) { | 180 if (ASK_BROKER != eval_result) { |
| 183 *nt_status = STATUS_ACCESS_DENIED; | 181 *nt_status = STATUS_ACCESS_DENIED; |
| 184 return false; | 182 return false; |
| 185 } | 183 } |
| 186 | 184 |
| 187 // We don't support creating link keys, volatile keys or backup/restore. | 185 // We don't support creating link keys, volatile keys or backup/restore. |
| 188 if (create_options) { | 186 if (create_options) { |
| 189 *nt_status = STATUS_ACCESS_DENIED; | 187 *nt_status = STATUS_ACCESS_DENIED; |
| 190 return false; | 188 return false; |
| 191 } | 189 } |
| 192 | 190 |
| 193 UNICODE_STRING uni_name = {0}; | 191 UNICODE_STRING uni_name = {0}; |
| 194 OBJECT_ATTRIBUTES obj_attributes = {0}; | 192 OBJECT_ATTRIBUTES obj_attributes = {0}; |
| 195 InitObjectAttribs(key, attributes, root_directory, &obj_attributes, | 193 InitObjectAttribs(key, attributes, root_directory, &obj_attributes, |
| 196 &uni_name, NULL); | 194 &uni_name, NULL); |
| 197 *nt_status = NtCreateKeyInTarget(handle, desired_access, &obj_attributes, | 195 *nt_status = NtCreateKeyInTarget(handle, desired_access, &obj_attributes, |
| 198 title_index, NULL, create_options, | 196 title_index, NULL, create_options, |
| 199 disposition, client_info.process); | 197 disposition, client_info.process); |
| 200 return true; | 198 return true; |
| 201 } | 199 } |
| 202 | 200 |
| 203 bool RegistryPolicy::OpenKeyAction(EvalResult eval_result, | 201 bool RegistryPolicy::OpenKeyAction(EvalResult eval_result, |
| 204 const ClientInfo& client_info, | 202 const ClientInfo& client_info, |
| 205 const base::string16& key, | 203 const base::string16 &key, |
| 206 uint32_t attributes, | 204 uint32 attributes, |
| 207 HANDLE root_directory, | 205 HANDLE root_directory, |
| 208 uint32_t desired_access, | 206 uint32 desired_access, |
| 209 HANDLE* handle, | 207 HANDLE* handle, |
| 210 NTSTATUS* nt_status) { | 208 NTSTATUS* nt_status) { |
| 211 // The only action supported is ASK_BROKER which means open the requested | 209 // The only action supported is ASK_BROKER which means open the requested |
| 212 // file as specified. | 210 // file as specified. |
| 213 if (ASK_BROKER != eval_result) { | 211 if (ASK_BROKER != eval_result) { |
| 214 *nt_status = STATUS_ACCESS_DENIED; | 212 *nt_status = STATUS_ACCESS_DENIED; |
| 215 return true; | 213 return true; |
| 216 } | 214 } |
| 217 | 215 |
| 218 UNICODE_STRING uni_name = {0}; | 216 UNICODE_STRING uni_name = {0}; |
| 219 OBJECT_ATTRIBUTES obj_attributes = {0}; | 217 OBJECT_ATTRIBUTES obj_attributes = {0}; |
| 220 InitObjectAttribs(key, attributes, root_directory, &obj_attributes, | 218 InitObjectAttribs(key, attributes, root_directory, &obj_attributes, |
| 221 &uni_name, NULL); | 219 &uni_name, NULL); |
| 222 *nt_status = NtOpenKeyInTarget(handle, desired_access, &obj_attributes, | 220 *nt_status = NtOpenKeyInTarget(handle, desired_access, &obj_attributes, |
| 223 client_info.process); | 221 client_info.process); |
| 224 return true; | 222 return true; |
| 225 } | 223 } |
| 226 | 224 |
| 227 } // namespace sandbox | 225 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1539423002:
Revert of Switch to standard integer types in sandbox/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master