Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(507)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/registry_policy.cc

Issue 1851213002: Remove sandbox on Windows. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix nacl compile issues Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/registry_policy.h ('k') | sandbox/win/src/registry_policy_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <stdint.h>
6
7 #include <string>
8
9 #include "sandbox/win/src/registry_policy.h"
10
11 #include "base/logging.h"
12 #include "sandbox/win/src/ipc_tags.h"
13 #include "sandbox/win/src/policy_engine_opcodes.h"
14 #include "sandbox/win/src/policy_params.h"
15 #include "sandbox/win/src/sandbox_types.h"
16 #include "sandbox/win/src/sandbox_utils.h"
17 #include "sandbox/win/src/win_utils.h"
18
19 namespace {
20
21 static const uint32_t kAllowedRegFlags =
22 KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY | KEY_READ |
23 GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL;
24
25 // Opens the key referenced by |obj_attributes| with |access| and
26 // checks what permission was given. Remove the WRITE flags and update
27 // |access| with the new value.
28 NTSTATUS TranslateMaximumAllowed(OBJECT_ATTRIBUTES* obj_attributes,
29 DWORD* access) {
30 NtOpenKeyFunction NtOpenKey = NULL;
31 ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey);
32
33 NtCloseFunction NtClose = NULL;
34 ResolveNTFunctionPtr("NtClose", &NtClose);
35
36 NtQueryObjectFunction NtQueryObject = NULL;
37 ResolveNTFunctionPtr("NtQueryObject", &NtQueryObject);
38
39 // Open the key.
40 HANDLE handle;
41 NTSTATUS status = NtOpenKey(&handle, *access, obj_attributes);
42 if (!NT_SUCCESS(status))
43 return status;
44
45 OBJECT_BASIC_INFORMATION info = {0};
46 status = NtQueryObject(handle, ObjectBasicInformation, &info, sizeof(info),
47 NULL);
48 CHECK(NT_SUCCESS(NtClose(handle)));
49 if (!NT_SUCCESS(status))
50 return status;
51
52 *access = info.GrantedAccess & kAllowedRegFlags;
53 return STATUS_SUCCESS;
54 }
55
56 NTSTATUS NtCreateKeyInTarget(HANDLE* target_key_handle,
57 ACCESS_MASK desired_access,
58 OBJECT_ATTRIBUTES* obj_attributes,
59 ULONG title_index,
60 UNICODE_STRING* class_name,
61 ULONG create_options,
62 ULONG* disposition,
63 HANDLE target_process) {
64 NtCreateKeyFunction NtCreateKey = NULL;
65 ResolveNTFunctionPtr("NtCreateKey", &NtCreateKey);
66
67 if (MAXIMUM_ALLOWED & desired_access) {
68 NTSTATUS status = TranslateMaximumAllowed(obj_attributes, &desired_access);
69 if (!NT_SUCCESS(status))
70 return STATUS_ACCESS_DENIED;
71 }
72
73 HANDLE local_handle = INVALID_HANDLE_VALUE;
74 NTSTATUS status = NtCreateKey(&local_handle, desired_access, obj_attributes,
75 title_index, class_name, create_options,
76 disposition);
77 if (!NT_SUCCESS(status))
78 return status;
79
80 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
81 target_process, target_key_handle, 0, FALSE,
82 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
83 return STATUS_ACCESS_DENIED;
84 }
85 return STATUS_SUCCESS;
86 }
87
88 NTSTATUS NtOpenKeyInTarget(HANDLE* target_key_handle,
89 ACCESS_MASK desired_access,
90 OBJECT_ATTRIBUTES* obj_attributes,
91 HANDLE target_process) {
92 NtOpenKeyFunction NtOpenKey = NULL;
93 ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey);
94
95 if (MAXIMUM_ALLOWED & desired_access) {
96 NTSTATUS status = TranslateMaximumAllowed(obj_attributes, &desired_access);
97 if (!NT_SUCCESS(status))
98 return STATUS_ACCESS_DENIED;
99 }
100
101 HANDLE local_handle = INVALID_HANDLE_VALUE;
102 NTSTATUS status = NtOpenKey(&local_handle, desired_access, obj_attributes);
103
104 if (!NT_SUCCESS(status))
105 return status;
106
107 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
108 target_process, target_key_handle, 0, FALSE,
109 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
110 return STATUS_ACCESS_DENIED;
111 }
112 return STATUS_SUCCESS;
113 }
114
115 }
116
117 namespace sandbox {
118
119 bool RegistryPolicy::GenerateRules(const wchar_t* name,
120 TargetPolicy::Semantics semantics,
121 LowLevelPolicy* policy) {
122 base::string16 resovled_name(name);
123 if (resovled_name.empty()) {
124 return false;
125 }
126
127 if (!ResolveRegistryName(resovled_name, &resovled_name))
128 return false;
129
130 name = resovled_name.c_str();
131
132 EvalResult result = ASK_BROKER;
133
134 PolicyRule open(result);
135 PolicyRule create(result);
136
137 switch (semantics) {
138 case TargetPolicy::REG_ALLOW_READONLY: {
139 // We consider all flags that are not known to be readonly as potentially
140 // used for write. Here we also support MAXIMUM_ALLOWED, but we are going
141 // to expand it to read-only before the call.
142 uint32_t restricted_flags = ~(kAllowedRegFlags | MAXIMUM_ALLOWED);
143 open.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND);
144 create.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND);
145 break;
146 }
147 case TargetPolicy::REG_ALLOW_ANY: {
148 break;
149 }
150 default: {
151 NOTREACHED();
152 return false;
153 }
154 }
155
156 if (!create.AddStringMatch(IF, OpenKey::NAME, name, CASE_INSENSITIVE) ||
157 !policy->AddRule(IPC_NTCREATEKEY_TAG, &create)) {
158 return false;
159 }
160
161 if (!open.AddStringMatch(IF, OpenKey::NAME, name, CASE_INSENSITIVE) ||
162 !policy->AddRule(IPC_NTOPENKEY_TAG, &open)) {
163 return false;
164 }
165
166 return true;
167 }
168
169 bool RegistryPolicy::CreateKeyAction(EvalResult eval_result,
170 const ClientInfo& client_info,
171 const base::string16& key,
172 uint32_t attributes,
173 HANDLE root_directory,
174 uint32_t desired_access,
175 uint32_t title_index,
176 uint32_t create_options,
177 HANDLE* handle,
178 NTSTATUS* nt_status,
179 ULONG* disposition) {
180 // The only action supported is ASK_BROKER which means create the requested
181 // file as specified.
182 if (ASK_BROKER != eval_result) {
183 *nt_status = STATUS_ACCESS_DENIED;
184 return false;
185 }
186
187 // We don't support creating link keys, volatile keys or backup/restore.
188 if (create_options) {
189 *nt_status = STATUS_ACCESS_DENIED;
190 return false;
191 }
192
193 UNICODE_STRING uni_name = {0};
194 OBJECT_ATTRIBUTES obj_attributes = {0};
195 InitObjectAttribs(key, attributes, root_directory, &obj_attributes,
196 &uni_name, NULL);
197 *nt_status = NtCreateKeyInTarget(handle, desired_access, &obj_attributes,
198 title_index, NULL, create_options,
199 disposition, client_info.process);
200 return true;
201 }
202
203 bool RegistryPolicy::OpenKeyAction(EvalResult eval_result,
204 const ClientInfo& client_info,
205 const base::string16& key,
206 uint32_t attributes,
207 HANDLE root_directory,
208 uint32_t desired_access,
209 HANDLE* handle,
210 NTSTATUS* nt_status) {
211 // The only action supported is ASK_BROKER which means open the requested
212 // file as specified.
213 if (ASK_BROKER != eval_result) {
214 *nt_status = STATUS_ACCESS_DENIED;
215 return true;
216 }
217
218 UNICODE_STRING uni_name = {0};
219 OBJECT_ATTRIBUTES obj_attributes = {0};
220 InitObjectAttribs(key, attributes, root_directory, &obj_attributes,
221 &uni_name, NULL);
222 *nt_status = NtOpenKeyInTarget(handle, desired_access, &obj_attributes,
223 client_info.process);
224 return true;
225 }
226
227 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/registry_policy.h ('k') | sandbox/win/src/registry_policy_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698