OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "sandbox/win/src/policy_low_level.h" | |
6 | |
7 #include <stddef.h> | |
8 #include <stdint.h> | |
9 | |
10 #include <map> | |
11 #include <string> | |
12 | |
13 namespace { | |
14 | |
15 // A single rule can use at most this amount of memory. | |
16 const size_t kRuleBufferSize = 1024*4; | |
17 | |
18 // The possible states of the string matching opcode generator. | |
19 enum { | |
20 PENDING_NONE, | |
21 PENDING_ASTERISK, // Have seen an '*' but have not generated an opcode. | |
22 PENDING_QMARK, // Have seen an '?' but have not generated an opcode. | |
23 }; | |
24 | |
25 // The category of the last character seen by the string matching opcode | |
26 // generator. | |
27 const uint32_t kLastCharIsNone = 0; | |
28 const uint32_t kLastCharIsAlpha = 1; | |
29 const uint32_t kLastCharIsWild = 2; | |
30 const uint32_t kLastCharIsAsterisk = kLastCharIsWild + 4; | |
31 const uint32_t kLastCharIsQuestionM = kLastCharIsWild + 8; | |
32 } | |
33 | |
34 namespace sandbox { | |
35 | |
36 LowLevelPolicy::LowLevelPolicy(PolicyGlobal* policy_store) | |
37 : policy_store_(policy_store) { | |
38 } | |
39 | |
40 // Adding a rule is nothing more than pushing it into an stl container. Done() | |
41 // is called for the rule in case the code that made the rule in the first | |
42 // place has not done it. | |
43 bool LowLevelPolicy::AddRule(int service, PolicyRule* rule) { | |
44 if (!rule->Done()) { | |
45 return false; | |
46 } | |
47 | |
48 PolicyRule* local_rule = new PolicyRule(*rule); | |
49 RuleNode node = {local_rule, service}; | |
50 rules_.push_back(node); | |
51 return true; | |
52 } | |
53 | |
54 LowLevelPolicy::~LowLevelPolicy() { | |
55 // Delete all the rules. | |
56 typedef std::list<RuleNode> RuleNodes; | |
57 for (RuleNodes::iterator it = rules_.begin(); it != rules_.end(); ++it) { | |
58 delete it->rule; | |
59 } | |
60 } | |
61 | |
62 // Here is where the heavy byte shuffling is done. We take all the rules and | |
63 // 'compile' them into a single memory region. Now, the rules are in random | |
64 // order so the first step is to reorganize them into a stl map that is keyed | |
65 // by the service id and as a value contains a list with all the rules that | |
66 // belong to that service. Then we enter the big for-loop where we carve a | |
67 // memory zone for the opcodes and the data and call RebindCopy on each rule | |
68 // so they all end up nicely packed in the policy_store_. | |
69 bool LowLevelPolicy::Done() { | |
70 typedef std::list<RuleNode> RuleNodes; | |
71 typedef std::list<const PolicyRule*> RuleList; | |
72 typedef std::map<uint32_t, RuleList> Mmap; | |
73 Mmap mmap; | |
74 | |
75 for (RuleNodes::iterator it = rules_.begin(); it != rules_.end(); ++it) { | |
76 mmap[it->service].push_back(it->rule); | |
77 } | |
78 | |
79 PolicyBuffer* current_buffer = &policy_store_->data[0]; | |
80 char* buffer_end = reinterpret_cast<char*>(current_buffer) + | |
81 policy_store_->data_size; | |
82 size_t avail_size = policy_store_->data_size; | |
83 | |
84 for (Mmap::iterator it = mmap.begin(); it != mmap.end(); ++it) { | |
85 uint32_t service = (*it).first; | |
86 if (service >= kMaxServiceCount) { | |
87 return false; | |
88 } | |
89 policy_store_->entry[service] = current_buffer; | |
90 | |
91 RuleList::iterator rules_it = (*it).second.begin(); | |
92 RuleList::iterator rules_it_end = (*it).second.end(); | |
93 | |
94 size_t svc_opcode_count = 0; | |
95 | |
96 for (; rules_it != rules_it_end; ++rules_it) { | |
97 const PolicyRule* rule = (*rules_it); | |
98 size_t op_count = rule->GetOpcodeCount(); | |
99 | |
100 size_t opcodes_size = op_count * sizeof(PolicyOpcode); | |
101 if (avail_size < opcodes_size) { | |
102 return false; | |
103 } | |
104 size_t data_size = avail_size - opcodes_size; | |
105 PolicyOpcode* opcodes_start = ¤t_buffer->opcodes[svc_opcode_count]; | |
106 if (!rule->RebindCopy(opcodes_start, opcodes_size, | |
107 buffer_end, &data_size)) { | |
108 return false; | |
109 } | |
110 size_t used = avail_size - data_size; | |
111 buffer_end -= used; | |
112 avail_size -= used; | |
113 svc_opcode_count += op_count; | |
114 } | |
115 | |
116 current_buffer->opcode_count += svc_opcode_count; | |
117 size_t policy_byte_count = (svc_opcode_count * sizeof(PolicyOpcode)) | |
118 / sizeof(current_buffer[0]); | |
119 current_buffer = ¤t_buffer[policy_byte_count + 1]; | |
120 } | |
121 | |
122 return true; | |
123 } | |
124 | |
125 PolicyRule::PolicyRule(EvalResult action) | |
126 : action_(action), done_(false) { | |
127 char* memory = new char[sizeof(PolicyBuffer) + kRuleBufferSize]; | |
128 buffer_ = reinterpret_cast<PolicyBuffer*>(memory); | |
129 buffer_->opcode_count = 0; | |
130 opcode_factory_ = new OpcodeFactory(buffer_, | |
131 kRuleBufferSize + sizeof(PolicyOpcode)); | |
132 } | |
133 | |
134 PolicyRule::PolicyRule(const PolicyRule& other) { | |
135 if (this == &other) | |
136 return; | |
137 action_ = other.action_; | |
138 done_ = other.done_; | |
139 size_t buffer_size = sizeof(PolicyBuffer) + kRuleBufferSize; | |
140 char* memory = new char[buffer_size]; | |
141 buffer_ = reinterpret_cast<PolicyBuffer*>(memory); | |
142 memcpy(buffer_, other.buffer_, buffer_size); | |
143 | |
144 char* opcode_buffer = reinterpret_cast<char*>(&buffer_->opcodes[0]); | |
145 char* next_opcode = &opcode_buffer[GetOpcodeCount() * sizeof(PolicyOpcode)]; | |
146 opcode_factory_ = | |
147 new OpcodeFactory(next_opcode, other.opcode_factory_->memory_size()); | |
148 } | |
149 | |
150 // This function get called from a simple state machine implemented in | |
151 // AddStringMatch() which passes the current state (in state) and it passes | |
152 // true in last_call if AddStringMatch() has finished processing the input | |
153 // pattern string and this would be the last call to generate any pending | |
154 // opcode. The skip_count is the currently accumulated number of '?' seen so | |
155 // far and once the associated opcode is generated this function sets it back | |
156 // to zero. | |
157 bool PolicyRule::GenStringOpcode(RuleType rule_type, | |
158 StringMatchOptions match_opts, | |
159 uint16_t parameter, | |
160 int state, | |
161 bool last_call, | |
162 int* skip_count, | |
163 base::string16* fragment) { | |
164 // The last opcode must: | |
165 // 1) Always clear the context. | |
166 // 2) Preserve the negation. | |
167 // 3) Remove the 'OR' mode flag. | |
168 uint32_t options = kPolNone; | |
169 if (last_call) { | |
170 if (IF_NOT == rule_type) { | |
171 options = kPolClearContext | kPolNegateEval; | |
172 } else { | |
173 options = kPolClearContext; | |
174 } | |
175 } else if (IF_NOT == rule_type) { | |
176 options = kPolUseOREval | kPolNegateEval; | |
177 } | |
178 | |
179 PolicyOpcode* op = NULL; | |
180 | |
181 // The fragment string contains the accumulated characters to match with, it | |
182 // never contains wildcards (unless they have been escaped) and while there | |
183 // is no fragment there is no new string match opcode to generate. | |
184 if (fragment->empty()) { | |
185 // There is no new opcode to generate but in the last call we have to fix | |
186 // the previous opcode because it was really the last but we did not know | |
187 // it at that time. | |
188 if (last_call && (buffer_->opcode_count > 0)) { | |
189 op = &buffer_->opcodes[buffer_->opcode_count - 1]; | |
190 op->SetOptions(options); | |
191 } | |
192 return true; | |
193 } | |
194 | |
195 if (PENDING_ASTERISK == state) { | |
196 if (last_call) { | |
197 op = opcode_factory_->MakeOpWStringMatch(parameter, fragment->c_str(), | |
198 kSeekToEnd, match_opts, | |
199 options); | |
200 } else { | |
201 op = opcode_factory_->MakeOpWStringMatch(parameter, fragment->c_str(), | |
202 kSeekForward, match_opts, | |
203 options); | |
204 } | |
205 | |
206 } else if (PENDING_QMARK == state) { | |
207 op = opcode_factory_->MakeOpWStringMatch(parameter, fragment->c_str(), | |
208 *skip_count, match_opts, options); | |
209 *skip_count = 0; | |
210 } else { | |
211 if (last_call) { | |
212 match_opts = static_cast<StringMatchOptions>(EXACT_LENGHT | match_opts); | |
213 } | |
214 op = opcode_factory_->MakeOpWStringMatch(parameter, fragment->c_str(), 0, | |
215 match_opts, options); | |
216 } | |
217 if (NULL == op) { | |
218 return false; | |
219 } | |
220 ++buffer_->opcode_count; | |
221 fragment->clear(); | |
222 return true; | |
223 } | |
224 | |
225 bool PolicyRule::AddStringMatch(RuleType rule_type, | |
226 int16_t parameter, | |
227 const wchar_t* string, | |
228 StringMatchOptions match_opts) { | |
229 if (done_) { | |
230 // Do not allow to add more rules after generating the action opcode. | |
231 return false; | |
232 } | |
233 | |
234 const wchar_t* current_char = string; | |
235 uint32_t last_char = kLastCharIsNone; | |
236 int state = PENDING_NONE; | |
237 int skip_count = 0; // counts how many '?' we have seen in a row. | |
238 base::string16 fragment; // accumulates the non-wildcard part. | |
239 | |
240 while (L'\0' != *current_char) { | |
241 switch (*current_char) { | |
242 case L'*': | |
243 if (kLastCharIsWild & last_char) { | |
244 // '**' and '&*' is an error. | |
245 return false; | |
246 } | |
247 if (!GenStringOpcode(rule_type, match_opts, parameter, | |
248 state, false, &skip_count, &fragment)) { | |
249 return false; | |
250 } | |
251 last_char = kLastCharIsAsterisk; | |
252 state = PENDING_ASTERISK; | |
253 break; | |
254 case L'?': | |
255 if (kLastCharIsAsterisk == last_char) { | |
256 // '*?' is an error. | |
257 return false; | |
258 } | |
259 if (!GenStringOpcode(rule_type, match_opts, parameter, | |
260 state, false, &skip_count, &fragment)) { | |
261 return false; | |
262 } | |
263 ++skip_count; | |
264 last_char = kLastCharIsQuestionM; | |
265 state = PENDING_QMARK; | |
266 break; | |
267 case L'/': | |
268 // Note: "/?" is an escaped '?'. Eat the slash and fall through. | |
269 if (L'?' == current_char[1]) { | |
270 ++current_char; | |
271 } | |
272 default: | |
273 fragment += *current_char; | |
274 last_char = kLastCharIsAlpha; | |
275 } | |
276 ++current_char; | |
277 } | |
278 | |
279 if (!GenStringOpcode(rule_type, match_opts, parameter, | |
280 state, true, &skip_count, &fragment)) { | |
281 return false; | |
282 } | |
283 return true; | |
284 } | |
285 | |
286 bool PolicyRule::AddNumberMatch(RuleType rule_type, | |
287 int16_t parameter, | |
288 uint32_t number, | |
289 RuleOp comparison_op) { | |
290 if (done_) { | |
291 // Do not allow to add more rules after generating the action opcode. | |
292 return false; | |
293 } | |
294 uint32_t opts = (rule_type == IF_NOT) ? kPolNegateEval : kPolNone; | |
295 | |
296 if (EQUAL == comparison_op) { | |
297 if (NULL == opcode_factory_->MakeOpNumberMatch(parameter, number, opts)) { | |
298 return false; | |
299 } | |
300 } else if (AND == comparison_op) { | |
301 if (NULL == opcode_factory_->MakeOpNumberAndMatch(parameter, number, | |
302 opts)) { | |
303 return false; | |
304 } | |
305 } | |
306 ++buffer_->opcode_count; | |
307 return true; | |
308 } | |
309 | |
310 bool PolicyRule::Done() { | |
311 if (done_) { | |
312 return true; | |
313 } | |
314 if (NULL == opcode_factory_->MakeOpAction(action_, kPolNone)) { | |
315 return false; | |
316 } | |
317 ++buffer_->opcode_count; | |
318 done_ = true; | |
319 return true; | |
320 } | |
321 | |
322 bool PolicyRule::RebindCopy(PolicyOpcode* opcode_start, size_t opcode_size, | |
323 char* data_start, size_t* data_size) const { | |
324 size_t count = buffer_->opcode_count; | |
325 for (size_t ix = 0; ix != count; ++ix) { | |
326 if (opcode_size < sizeof(PolicyOpcode)) { | |
327 return false; | |
328 } | |
329 PolicyOpcode& opcode = buffer_->opcodes[ix]; | |
330 *opcode_start = opcode; | |
331 if (OP_WSTRING_MATCH == opcode.GetID()) { | |
332 // For this opcode argument 0 is a delta to the string and argument 1 | |
333 // is the length (in chars) of the string. | |
334 const wchar_t* str = opcode.GetRelativeString(0); | |
335 size_t str_len; | |
336 opcode.GetArgument(1, &str_len); | |
337 str_len = str_len * sizeof(wchar_t); | |
338 if ((*data_size) < str_len) { | |
339 return false; | |
340 } | |
341 *data_size -= str_len; | |
342 data_start -= str_len; | |
343 memcpy(data_start, str, str_len); | |
344 // Recompute the string displacement | |
345 ptrdiff_t delta = data_start - reinterpret_cast<char*>(opcode_start); | |
346 opcode_start->SetArgument(0, delta); | |
347 } | |
348 ++opcode_start; | |
349 opcode_size -= sizeof(PolicyOpcode); | |
350 } | |
351 | |
352 return true; | |
353 } | |
354 | |
355 PolicyRule::~PolicyRule() { | |
356 delete [] reinterpret_cast<char*>(buffer_); | |
357 delete opcode_factory_; | |
358 } | |
359 | |
360 } // namespace sandbox | |
OLD | NEW |