Remove sandbox on Windows.

sandbox/win/tools/finder/finder.h

-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_TOOLS_FINDER_FINDER_H_
-#define SANDBOX_TOOLS_FINDER_FINDER_H_
-
-#include "base/win/scoped_handle.h"
-#include "sandbox/win/src/restricted_token_utils.h"
-#include "sandbox/win/tools/finder/ntundoc.h"
-
-// Type of stats that we calculate during the Scan operation
-enum Stats {
-  READ = 0,     // Number of objects with read access
-  WRITE,        // Number of objects with write access
-  ALL,          // Number of objects with r/w access
-  PARSE,        // Number of objects parsed
-  BROKEN,       // Number of errors while parsing the objects
-  SIZE_STATS    // size of the enum
-};
-
-const int kScanRegistry       = 0x01;
-const int kScanFileSystem     = 0x02;
-const int kScanKernelObjects  = 0x04;
-
-const int kTestForRead        = 0x01;
-const int kTestForWrite       = 0x02;
-const int kTestForAll         = 0x04;
-
-#define FS_ERR L"FILE-ERROR"
-#define OBJ_ERR L"OBJ-ERROR"
-#define REG_ERR L"REG_ERROR"
-#define OBJ L"OBJ"
-#define FS L"FILE"
-#define REG L"REG"
-
-// The impersonater class will impersonate a token when the object is created
-// and revert when the object is going out of scope.
-class Impersonater {
- public:
-  Impersonater(HANDLE token_handle) {
-    if (token_handle)
-      ::ImpersonateLoggedOnUser(token_handle);
-  };
-  ~Impersonater() {
-    ::RevertToSelf();
-  };
-};
-
-// The finder class handles the search of objects (file system, registry, kernel
-// objects) on the system that can be opened by a restricted token. It can
-// support multiple levels of restriction for the restricted token and can check
-// for read, write or r/w access. It outputs the results to a file or stdout.
-class Finder {
- public:
-  Finder();
-  ~Finder();
-  DWORD Init(sandbox::TokenLevel token_type, DWORD object_type,
-             DWORD access_type, FILE *file_output);
-  DWORD Scan();
-
- private:
-  // Parses a file system path and perform an access check on all files and
-  // folder found.
-  // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
-  // win32 error code associated with the error.
-  DWORD ParseFileSystem(ATL::CString path);
-
-  // Parses a registry hive referenced by "key" and performs an access check on
-  // all subkeys found.
-  // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
-  // win32 error code associated with the error.
-  DWORD ParseRegistry(HKEY key, ATL::CString print_name);
-
-  // Parses the kernel namespace beginning at "path" and performs an access
-  // check on all objects found.  However, only some object types are supported,
-  // all non supported objects are ignored.
-  // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
-  // win32 error code associated with the error.
-  DWORD ParseKernelObjects(ATL::CString path);
-
-  // Checks if "path" can be accessed with the restricted token.
-  // Returns the access granted.
-  DWORD TestFileAccess(ATL::CString path);
-
-  // Checks if the registry key with the path key\name can be accessed with the
-  // restricted token.
-  // print_name is only use for logging purpose.
-  // Returns the access granted.
-  DWORD TestRegAccess(HKEY key, ATL::CString name, ATL::CString print_name);
-
-  // Checks if the kernel object "path" of type "type" can be accessed with
-  // the restricted token.
-  // Returns the access granted.
-  DWORD TestKernelObjectAccess(ATL::CString path, ATL::CString type);
-
-  // Outputs information to the logfile
-  void Output(ATL::CString type, ATL::CString access, ATL::CString info) {
-    fprintf(file_output_, "\n%S;%S;%S", type.GetBuffer(), access.GetBuffer(),
-            info.GetBuffer());
-  };
-
-  // Output information to the log file.
-  void Output(ATL::CString type, DWORD error, ATL::CString info) {
-    fprintf(file_output_, "\n%S;0x%X;%S", type.GetBuffer(), error,
-            info.GetBuffer());
-  };
-
-  // Set func_to_call to the function pointer of the function used to handle
-  // requests for the kernel objects of type "type". If the type is not
-  // supported at the moment the function returns false and the func_to_call
-  // parameter is not modified.
-  bool GetFunctionForType(ATL::CString type, NTGENERICOPEN * func_to_call);
-
-  // Initializes the NT function pointers to be able to use all the needed
-  // functions in NTDDL.
-  // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
-  // win32 error code associated with the error.
-  DWORD InitNT();
-
-  // Calls func_to_call with the parameters desired_access, object_attributes
-  // and handle.  func_to_call is a pointer to a function to open a kernel
-  // object.
-  NTSTATUS NtGenericOpen(ACCESS_MASK desired_access,
-                         OBJECT_ATTRIBUTES *object_attributes,
-                         NTGENERICOPEN func_to_call,
-                         HANDLE *handle);
-
-  // Type of object to check for.
-  DWORD object_type_;
-  // Access to try.
-  DWORD access_type_;
-  // Output file for the results.
-  FILE * file_output_;
-  // Handle to the restricted token.
-  base::win::ScopedHandle token_handle_;
-  // Stats containing the number of operations performed on the different
-  // objects.
-  int filesystem_stats_[SIZE_STATS];
-  int registry_stats_[SIZE_STATS];
-  int kernel_object_stats_[SIZE_STATS];
-};
-
-#endif  // SANDBOX_TOOLS_FINDER_FINDER_H_