| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | |
| 6 | |
| 7 #include <string> | 5 #include <string> |
| 8 | 6 |
| 9 #include "sandbox/win/src/sync_policy.h" | 7 #include "sandbox/win/src/sync_policy.h" |
| 10 | 8 |
| 11 #include "base/logging.h" | 9 #include "base/logging.h" |
| 12 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
| 13 #include "sandbox/win/src/ipc_tags.h" | 11 #include "sandbox/win/src/ipc_tags.h" |
| 14 #include "sandbox/win/src/nt_internals.h" | 12 #include "sandbox/win/src/nt_internals.h" |
| 15 #include "sandbox/win/src/policy_engine_opcodes.h" | 13 #include "sandbox/win/src/policy_engine_opcodes.h" |
| 16 #include "sandbox/win/src/policy_params.h" | 14 #include "sandbox/win/src/policy_params.h" |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 140 // Add the open rule. | 138 // Add the open rule. |
| 141 EvalResult result = ASK_BROKER; | 139 EvalResult result = ASK_BROKER; |
| 142 PolicyRule open(result); | 140 PolicyRule open(result); |
| 143 | 141 |
| 144 if (!open.AddStringMatch(IF, OpenEventParams::NAME, name, CASE_INSENSITIVE)) | 142 if (!open.AddStringMatch(IF, OpenEventParams::NAME, name, CASE_INSENSITIVE)) |
| 145 return false; | 143 return false; |
| 146 | 144 |
| 147 if (TargetPolicy::EVENTS_ALLOW_READONLY == semantics) { | 145 if (TargetPolicy::EVENTS_ALLOW_READONLY == semantics) { |
| 148 // We consider all flags that are not known to be readonly as potentially | 146 // We consider all flags that are not known to be readonly as potentially |
| 149 // used for write. | 147 // used for write. |
| 150 uint32_t allowed_flags = SYNCHRONIZE | GENERIC_READ | READ_CONTROL; | 148 uint32 allowed_flags = SYNCHRONIZE | GENERIC_READ | READ_CONTROL; |
| 151 uint32_t restricted_flags = ~allowed_flags; | 149 uint32 restricted_flags = ~allowed_flags; |
| 152 open.AddNumberMatch(IF_NOT, OpenEventParams::ACCESS, restricted_flags, AND); | 150 open.AddNumberMatch(IF_NOT, OpenEventParams::ACCESS, restricted_flags, AND); |
| 153 } | 151 } |
| 154 | 152 |
| 155 if (!policy->AddRule(IPC_OPENEVENT_TAG, &open)) | 153 if (!policy->AddRule(IPC_OPENEVENT_TAG, &open)) |
| 156 return false; | 154 return false; |
| 157 | 155 |
| 158 // If it's not a read only, add the create rule. | 156 // If it's not a read only, add the create rule. |
| 159 if (TargetPolicy::EVENTS_ALLOW_READONLY != semantics) { | 157 if (TargetPolicy::EVENTS_ALLOW_READONLY != semantics) { |
| 160 PolicyRule create(result); | 158 PolicyRule create(result); |
| 161 if (!create.AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) | 159 if (!create.AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) |
| 162 return false; | 160 return false; |
| 163 | 161 |
| 164 if (!policy->AddRule(IPC_CREATEEVENT_TAG, &create)) | 162 if (!policy->AddRule(IPC_CREATEEVENT_TAG, &create)) |
| 165 return false; | 163 return false; |
| 166 } | 164 } |
| 167 | 165 |
| 168 return true; | 166 return true; |
| 169 } | 167 } |
| 170 | 168 |
| 171 NTSTATUS SyncPolicy::CreateEventAction(EvalResult eval_result, | 169 NTSTATUS SyncPolicy::CreateEventAction(EvalResult eval_result, |
| 172 const ClientInfo& client_info, | 170 const ClientInfo& client_info, |
| 173 const base::string16& event_name, | 171 const base::string16 &event_name, |
| 174 uint32_t event_type, | 172 uint32 event_type, |
| 175 uint32_t initial_state, | 173 uint32 initial_state, |
| 176 HANDLE* handle) { | 174 HANDLE *handle) { |
| 177 NtCreateEventFunction NtCreateEvent = NULL; | 175 NtCreateEventFunction NtCreateEvent = NULL; |
| 178 ResolveNTFunctionPtr("NtCreateEvent", &NtCreateEvent); | 176 ResolveNTFunctionPtr("NtCreateEvent", &NtCreateEvent); |
| 179 | 177 |
| 180 // The only action supported is ASK_BROKER which means create the requested | 178 // The only action supported is ASK_BROKER which means create the requested |
| 181 // file as specified. | 179 // file as specified. |
| 182 if (ASK_BROKER != eval_result) | 180 if (ASK_BROKER != eval_result) |
| 183 return false; | 181 return false; |
| 184 | 182 |
| 185 HANDLE object_directory = NULL; | 183 HANDLE object_directory = NULL; |
| 186 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); | 184 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 202 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 200 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 203 client_info.process, handle, 0, FALSE, | 201 client_info.process, handle, 0, FALSE, |
| 204 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 202 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 205 return STATUS_ACCESS_DENIED; | 203 return STATUS_ACCESS_DENIED; |
| 206 } | 204 } |
| 207 return status; | 205 return status; |
| 208 } | 206 } |
| 209 | 207 |
| 210 NTSTATUS SyncPolicy::OpenEventAction(EvalResult eval_result, | 208 NTSTATUS SyncPolicy::OpenEventAction(EvalResult eval_result, |
| 211 const ClientInfo& client_info, | 209 const ClientInfo& client_info, |
| 212 const base::string16& event_name, | 210 const base::string16 &event_name, |
| 213 uint32_t desired_access, | 211 uint32 desired_access, |
| 214 HANDLE* handle) { | 212 HANDLE *handle) { |
| 215 NtOpenEventFunction NtOpenEvent = NULL; | 213 NtOpenEventFunction NtOpenEvent = NULL; |
| 216 ResolveNTFunctionPtr("NtOpenEvent", &NtOpenEvent); | 214 ResolveNTFunctionPtr("NtOpenEvent", &NtOpenEvent); |
| 217 | 215 |
| 218 // The only action supported is ASK_BROKER which means create the requested | 216 // The only action supported is ASK_BROKER which means create the requested |
| 219 // event as specified. | 217 // event as specified. |
| 220 if (ASK_BROKER != eval_result) | 218 if (ASK_BROKER != eval_result) |
| 221 return false; | 219 return false; |
| 222 | 220 |
| 223 HANDLE object_directory = NULL; | 221 HANDLE object_directory = NULL; |
| 224 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); | 222 NTSTATUS status = GetBaseNamedObjectsDirectory(&object_directory); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 237 | 235 |
| 238 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 236 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 239 client_info.process, handle, 0, FALSE, | 237 client_info.process, handle, 0, FALSE, |
| 240 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 238 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 241 return STATUS_ACCESS_DENIED; | 239 return STATUS_ACCESS_DENIED; |
| 242 } | 240 } |
| 243 return status; | 241 return status; |
| 244 } | 242 } |
| 245 | 243 |
| 246 } // namespace sandbox | 244 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1539423002:
Revert of Switch to standard integer types in sandbox/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master