Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(244)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/policy_engine_processor.h

Issue 789543004: Renumbering sandbox policy actions to fix bug found by VC++'s /analyze. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__ 5 #ifndef SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__
6 #define SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__ 6 #define SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__
7 7
8 #include "base/basictypes.h" 8 #include "base/basictypes.h"
9 #include "sandbox/win/src/policy_engine_params.h" 9 #include "sandbox/win/src/policy_engine_params.h"
10 #include "sandbox/win/src/policy_engine_opcodes.h" 10 #include "sandbox/win/src/policy_engine_opcodes.h"
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
56 // 56 //
57 57
58 // Possible outcomes of policy evaluation. 58 // Possible outcomes of policy evaluation.
59 enum PolicyResult { 59 enum PolicyResult {
60 NO_POLICY_MATCH, 60 NO_POLICY_MATCH,
61 POLICY_MATCH, 61 POLICY_MATCH,
62 POLICY_ERROR 62 POLICY_ERROR
63 }; 63 };
64 64
65 // Policy evaluation flags 65 // Policy evaluation flags
66 // TODO(cpu): implement the options 0 & 4. 66 // TODO(cpu): implement the options kStopOnErrors & kRankedEval.
67 // 67 //
68 // Stop evaluating as soon as an error is encountered. 68 // Stop evaluating as soon as an error is encountered.
69 const uint32 kStopOnErrors = 0; 69 const uint32 kStopOnErrors = 1;
70 // Ignore all non fatal opcode evaluation errors. 70 // Ignore all non fatal opcode evaluation errors.
71 const uint32 kIgnoreErrors = 1; 71 const uint32 kIgnoreErrors = 2;
72 // Short-circuit evaluation: Only evaluate until opcode group that 72 // Short-circuit evaluation: Only evaluate until opcode group that
73 // evaluated to true has been found. 73 // evaluated to true has been found.
74 const uint32 kShortEval = 2; 74 const uint32 kShortEval = 4;
75 // Discussed briefly at the policy design meeting. It will evaluate 75 // Discussed briefly at the policy design meeting. It will evaluate
76 // all rules and then return the 'best' rule that evaluated true. 76 // all rules and then return the 'best' rule that evaluated true.
77 const uint32 kRankedEval = 4; 77 const uint32 kRankedEval = 8;
78 78
79 // This class evaluates a policy-opcode stream given the memory where the 79 // This class evaluates a policy-opcode stream given the memory where the
80 // opcodes are and an input 'parameter set'. 80 // opcodes are and an input 'parameter set'.
81 // 81 //
82 // This class is designed to be callable from interception points 82 // This class is designed to be callable from interception points
83 // as low as the NtXXXX service level (it is not currently safe, but 83 // as low as the NtXXXX service level (it is not currently safe, but
84 // it is designed to be made safe). 84 // it is designed to be made safe).
85 // 85 //
86 // Its usage in an interception is: 86 // Its usage in an interception is:
87 // 87 //
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
136 // Sets the currently matching action result. 136 // Sets the currently matching action result.
137 void SetInternalState(size_t index, EvalResult result); 137 void SetInternalState(size_t index, EvalResult result);
138 138
139 PolicyBuffer* policy_; 139 PolicyBuffer* policy_;
140 DISALLOW_COPY_AND_ASSIGN(PolicyProcessor); 140 DISALLOW_COPY_AND_ASSIGN(PolicyProcessor);
141 }; 141 };
142 142
143 } // namespace sandbox 143 } // namespace sandbox
144 144
145 #endif // SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__ 145 #endif // SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698