OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ | 5 #ifndef SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ |
6 #define SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ | 6 #define SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ |
7 | 7 |
| 8 #include "base/strings/string16.h" |
8 #include "sandbox/win/src/crosscall_server.h" | 9 #include "sandbox/win/src/crosscall_server.h" |
9 #include "sandbox/win/src/policy_low_level.h" | 10 #include "sandbox/win/src/policy_low_level.h" |
10 #include "sandbox/win/src/sandbox_policy.h" | 11 #include "sandbox/win/src/sandbox_policy.h" |
11 | 12 |
12 namespace sandbox { | 13 namespace sandbox { |
13 | 14 |
14 enum EvalResult; | 15 enum EvalResult; |
15 | 16 |
| 17 // A callback function type to get a function for testing. |
| 18 typedef void* (*OverrideForTestFunction)(const char* name); |
| 19 |
16 // This class centralizes most of the knowledge related to the process | 20 // This class centralizes most of the knowledge related to the process |
17 // mitigations Win32K lockdown policy. | 21 // mitigations Win32K lockdown policy. |
18 class ProcessMitigationsWin32KLockdownPolicy { | 22 class ProcessMitigationsWin32KLockdownPolicy { |
19 public: | 23 public: |
20 // Creates the required low-level policy rules to evaluate a high-level | 24 // Creates the required low-level policy rules to evaluate a high-level |
21 // policy rule for the Win32K process mitigation policy. | 25 // policy rule for the Win32K process mitigation policy. |
22 // name is the object name, semantics is the desired semantics for the | 26 // name is the object name, semantics is the desired semantics for the |
23 // open or create and policy is the policy generator to which the rules are | 27 // open or create and policy is the policy generator to which the rules are |
24 // going to be added. | 28 // going to be added. |
25 static bool GenerateRules(const wchar_t* name, | 29 static bool GenerateRules(const wchar_t* name, |
26 TargetPolicy::Semantics semantics, | 30 TargetPolicy::Semantics semantics, |
27 LowLevelPolicy* policy); | 31 LowLevelPolicy* policy); |
| 32 |
| 33 static uint32_t EnumDisplayMonitorsAction(const ClientInfo& client_info, |
| 34 HMONITOR* monitor_list, |
| 35 uint32_t monitor_list_size); |
| 36 static BOOL GetMonitorInfoAction(const ClientInfo& client_info, |
| 37 HMONITOR monitor, |
| 38 MONITORINFO* monitor_info); |
| 39 |
| 40 static NTSTATUS GetSuggestedOPMProtectedOutputArraySizeAction( |
| 41 const ClientInfo& client_info, |
| 42 const base::string16& device_name, |
| 43 uint32_t* suggested_array_size); |
| 44 |
| 45 static NTSTATUS CreateOPMProtectedOutputsAction( |
| 46 const ClientInfo& client_info, |
| 47 const base::string16& device_name, |
| 48 HANDLE* protected_outputs, |
| 49 uint32_t array_input_size, |
| 50 uint32_t* array_output_size); |
| 51 |
| 52 static NTSTATUS GetCertificateSizeAction(const ClientInfo& client_info, |
| 53 const base::string16& device_name, |
| 54 uint32_t* cert_size); |
| 55 static NTSTATUS GetCertificateAction(const ClientInfo& client_info, |
| 56 const base::string16& device_name, |
| 57 BYTE* cert_data, |
| 58 uint32_t cert_size); |
| 59 static NTSTATUS GetCertificateSizeByHandleAction( |
| 60 const ClientInfo& client_info, |
| 61 HANDLE protected_output, |
| 62 uint32_t* cert_size); |
| 63 static NTSTATUS GetCertificateByHandleAction(const ClientInfo& client_info, |
| 64 HANDLE protected_output, |
| 65 BYTE* cert_data, |
| 66 uint32_t cert_size); |
| 67 static NTSTATUS GetOPMRandomNumberAction(const ClientInfo& client_info, |
| 68 HANDLE protected_output, |
| 69 void* random_number); |
| 70 static NTSTATUS SetOPMSigningKeyAndSequenceNumbersAction( |
| 71 const ClientInfo& client_info, |
| 72 HANDLE protected_output, |
| 73 void* parameters); |
| 74 static NTSTATUS ConfigureOPMProtectedOutputAction( |
| 75 const ClientInfo& client_info, |
| 76 HANDLE protected_output, |
| 77 void* parameters_ptr); |
| 78 static NTSTATUS GetOPMInformationAction(const ClientInfo& client_info, |
| 79 HANDLE protected_output, |
| 80 void* parameters_ptr, |
| 81 void* requested_information_ptr); |
| 82 static NTSTATUS DestroyOPMProtectedOutputAction(HANDLE protected_output); |
| 83 static void SetOverrideForTestCallback(OverrideForTestFunction callback); |
| 84 static OverrideForTestFunction GetOverrideForTestCallback(); |
| 85 |
| 86 private: |
| 87 static OverrideForTestFunction override_callback_; |
28 }; | 88 }; |
29 | 89 |
30 } // namespace sandbox | 90 } // namespace sandbox |
31 | 91 |
32 #endif // SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ | 92 #endif // SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ |
33 | 93 |
34 | 94 |
OLD | NEW |