| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ | 5 #ifndef SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ |
| 6 #define SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ | 6 #define SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ |
| 7 | 7 |
| 8 #include "base/strings/string16.h" |
| 8 #include "sandbox/win/src/crosscall_server.h" | 9 #include "sandbox/win/src/crosscall_server.h" |
| 9 #include "sandbox/win/src/policy_low_level.h" | 10 #include "sandbox/win/src/policy_low_level.h" |
| 10 #include "sandbox/win/src/sandbox_policy.h" | 11 #include "sandbox/win/src/sandbox_policy.h" |
| 11 | 12 |
| 12 namespace sandbox { | 13 namespace sandbox { |
| 13 | 14 |
| 14 enum EvalResult; | 15 enum EvalResult; |
| 15 | 16 |
| 17 // A callback function type to get a function for testing. |
| 18 typedef void* (*OverrideForTestFunction)(const char* name); |
| 19 |
| 16 // This class centralizes most of the knowledge related to the process | 20 // This class centralizes most of the knowledge related to the process |
| 17 // mitigations Win32K lockdown policy. | 21 // mitigations Win32K lockdown policy. |
| 18 class ProcessMitigationsWin32KLockdownPolicy { | 22 class ProcessMitigationsWin32KLockdownPolicy { |
| 19 public: | 23 public: |
| 20 // Creates the required low-level policy rules to evaluate a high-level | 24 // Creates the required low-level policy rules to evaluate a high-level |
| 21 // policy rule for the Win32K process mitigation policy. | 25 // policy rule for the Win32K process mitigation policy. |
| 22 // name is the object name, semantics is the desired semantics for the | 26 // name is the object name, semantics is the desired semantics for the |
| 23 // open or create and policy is the policy generator to which the rules are | 27 // open or create and policy is the policy generator to which the rules are |
| 24 // going to be added. | 28 // going to be added. |
| 25 static bool GenerateRules(const wchar_t* name, | 29 static bool GenerateRules(const wchar_t* name, |
| 26 TargetPolicy::Semantics semantics, | 30 TargetPolicy::Semantics semantics, |
| 27 LowLevelPolicy* policy); | 31 LowLevelPolicy* policy); |
| 32 |
| 33 static uint32_t EnumDisplayMonitorsAction(const ClientInfo& client_info, |
| 34 HMONITOR* monitor_list, |
| 35 uint32_t monitor_list_size); |
| 36 static BOOL GetMonitorInfoAction(const ClientInfo& client_info, |
| 37 HMONITOR monitor, |
| 38 MONITORINFO* monitor_info); |
| 39 |
| 40 static NTSTATUS GetSuggestedOPMProtectedOutputArraySizeAction( |
| 41 const ClientInfo& client_info, |
| 42 const base::string16& device_name, |
| 43 uint32_t* suggested_array_size); |
| 44 |
| 45 static NTSTATUS CreateOPMProtectedOutputsAction( |
| 46 const ClientInfo& client_info, |
| 47 const base::string16& device_name, |
| 48 HANDLE* protected_outputs, |
| 49 uint32_t array_input_size, |
| 50 uint32_t* array_output_size); |
| 51 |
| 52 static NTSTATUS GetCertificateSizeAction(const ClientInfo& client_info, |
| 53 const base::string16& device_name, |
| 54 uint32_t* cert_size); |
| 55 static NTSTATUS GetCertificateAction(const ClientInfo& client_info, |
| 56 const base::string16& device_name, |
| 57 BYTE* cert_data, |
| 58 uint32_t cert_size); |
| 59 static NTSTATUS GetCertificateSizeByHandleAction( |
| 60 const ClientInfo& client_info, |
| 61 HANDLE protected_output, |
| 62 uint32_t* cert_size); |
| 63 static NTSTATUS GetCertificateByHandleAction(const ClientInfo& client_info, |
| 64 HANDLE protected_output, |
| 65 BYTE* cert_data, |
| 66 uint32_t cert_size); |
| 67 static NTSTATUS GetOPMRandomNumberAction(const ClientInfo& client_info, |
| 68 HANDLE protected_output, |
| 69 void* random_number); |
| 70 static NTSTATUS SetOPMSigningKeyAndSequenceNumbersAction( |
| 71 const ClientInfo& client_info, |
| 72 HANDLE protected_output, |
| 73 void* parameters); |
| 74 static NTSTATUS ConfigureOPMProtectedOutputAction( |
| 75 const ClientInfo& client_info, |
| 76 HANDLE protected_output, |
| 77 void* parameters_ptr); |
| 78 static NTSTATUS GetOPMInformationAction(const ClientInfo& client_info, |
| 79 HANDLE protected_output, |
| 80 void* parameters_ptr, |
| 81 void* requested_information_ptr); |
| 82 static NTSTATUS DestroyOPMProtectedOutputAction(HANDLE protected_output); |
| 83 static void SetOverrideForTestCallback(OverrideForTestFunction callback); |
| 84 static OverrideForTestFunction GetOverrideForTestCallback(); |
| 85 |
| 86 private: |
| 87 static OverrideForTestFunction override_callback_; |
| 28 }; | 88 }; |
| 29 | 89 |
| 30 } // namespace sandbox | 90 } // namespace sandbox |
| 31 | 91 |
| 32 #endif // SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ | 92 #endif // SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_ |
| 33 | 93 |
| 34 | 94 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1856993003:
Implement sandbox hooks to forward OPM related GDI system calls. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master