Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(915)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/filesystem_policy.cc

Issue 909373004: Sandbox: Add support for file system policies that use implied device paths. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Remove stale header Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/file_policy_test.cc ('k') | sandbox/win/src/win_utils.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <string> 5 #include <string>
6 6
7 #include "sandbox/win/src/filesystem_policy.h" 7 #include "sandbox/win/src/filesystem_policy.h"
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/win/scoped_handle.h" 10 #include "base/win/scoped_handle.h"
11 #include "base/win/windows_version.h"
11 #include "sandbox/win/src/ipc_tags.h" 12 #include "sandbox/win/src/ipc_tags.h"
12 #include "sandbox/win/src/policy_engine_opcodes.h" 13 #include "sandbox/win/src/policy_engine_opcodes.h"
13 #include "sandbox/win/src/policy_params.h" 14 #include "sandbox/win/src/policy_params.h"
14 #include "sandbox/win/src/sandbox_utils.h" 15 #include "sandbox/win/src/sandbox_utils.h"
15 #include "sandbox/win/src/sandbox_types.h" 16 #include "sandbox/win/src/sandbox_types.h"
16 #include "sandbox/win/src/win_utils.h" 17 #include "sandbox/win/src/win_utils.h"
17 18
18 namespace { 19 namespace {
19 20
20 NTSTATUS NtCreateFileInTarget(HANDLE* target_file_handle, 21 NTSTATUS NtCreateFileInTarget(HANDLE* target_file_handle,
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
71 namespace sandbox { 72 namespace sandbox {
72 73
73 bool FileSystemPolicy::GenerateRules(const wchar_t* name, 74 bool FileSystemPolicy::GenerateRules(const wchar_t* name,
74 TargetPolicy::Semantics semantics, 75 TargetPolicy::Semantics semantics,
75 LowLevelPolicy* policy) { 76 LowLevelPolicy* policy) {
76 base::string16 mod_name(name); 77 base::string16 mod_name(name);
77 if (mod_name.empty()) { 78 if (mod_name.empty()) {
78 return false; 79 return false;
79 } 80 }
80 81
81 // Don't do any pre-processing if the name starts like the the native 82 if (!PreProcessName(mod_name, &mod_name)) {
82 // object manager style. 83 // The path to be added might contain a reparse point.
83 if (0 != _wcsnicmp(mod_name.c_str(), kNTObjManPrefix, kNTObjManPrefixLen)) { 84 NOTREACHED();
84 // TODO(cpu) bug 32224: This prefix add is a hack because we don't have the 85 return false;
85 // infrastructure to normalize names. In any case we need to escape the 86 }
86 // question marks.
87 if (!PreProcessName(mod_name, &mod_name)) {
88 // The path to be added might contain a reparse point.
89 NOTREACHED();
90 return false;
91 }
92 87
88 // TODO(cpu) bug 32224: This prefix add is a hack because we don't have the
89 // infrastructure to normalize names. In any case we need to escape the
90 // question marks.
91 if (_wcsnicmp(mod_name.c_str(), kNTDevicePrefix, kNTDevicePrefixLen)) {
93 mod_name = FixNTPrefixForMatch(mod_name); 92 mod_name = FixNTPrefixForMatch(mod_name);
94 name = mod_name.c_str(); 93 name = mod_name.c_str();
95 } 94 }
96 95
97 EvalResult result = ASK_BROKER; 96 EvalResult result = ASK_BROKER;
98 97
99 // List of supported calls for the filesystem. 98 // List of supported calls for the filesystem.
100 const unsigned kCallNtCreateFile = 0x1; 99 const unsigned kCallNtCreateFile = 0x1;
101 const unsigned kCallNtOpenFile = 0x2; 100 const unsigned kCallNtOpenFile = 0x2;
102 const unsigned kCallNtQueryAttributesFile = 0x4; 101 const unsigned kCallNtQueryAttributesFile = 0x4;
(...skipping 319 matching lines...) Expand 10 before | Expand all | Expand 10 after
422 } else { 421 } else {
423 // Start of name matches NT prefix, replace with escaped format 422 // Start of name matches NT prefix, replace with escaped format
424 // Fixes bug: 334882 423 // Fixes bug: 334882
425 mod_name.replace(0, kNTPrefixLen, kNTPrefixEscaped); 424 mod_name.replace(0, kNTPrefixLen, kNTPrefixEscaped);
426 } 425 }
427 426
428 return mod_name; 427 return mod_name;
429 } 428 }
430 429
431 } // namespace sandbox 430 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/file_policy_test.cc ('k') | sandbox/win/src/win_utils.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698