The Tor Browser: security/sandbox/win/src/filesystem

security/sandbox/win/src/filesystem_policy.h@6474c204b198 (annotated)

security/sandbox/win/src/filesystem_policy.h

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #ifndef SANDBOX_SRC_FILESYSTEM_POLICY_H__
 #define SANDBOX_SRC_FILESYSTEM_POLICY_H__
 #include <string>
 #include "base/basictypes.h"
 #include "sandbox/win/src/crosscall_server.h"
 #include "sandbox/win/src/nt_internals.h"
 #include "sandbox/win/src/policy_low_level.h"
 #include "sandbox/win/src/sandbox_policy.h"
 namespace sandbox {
 enum EvalResult;
 // This class centralizes most of the knowledge related to file system policy
 class FileSystemPolicy {
  public:
   // Creates the required low-level policy rules to evaluate a high-level
   // policy rule for File IO, in particular open or create actions.
   // 'name' is the file or directory name.
   // 'semantics' is the desired semantics for the open or create.
   // 'policy' is the policy generator to which the rules are going to be added.
   static bool GenerateRules(const wchar_t* name,
                             TargetPolicy::Semantics semantics,
                             LowLevelPolicy* policy);
   // Add basic file system rules.
   static bool SetInitialRules(LowLevelPolicy* policy);
   // Performs the desired policy action on a create request with an
   // API that is compatible with the IPC-received parameters.
   // 'client_info' : the target process that is making the request.
   // 'eval_result' : The desired policy action to accomplish.
   // 'file' : The target file or directory.
   static bool CreateFileAction(EvalResult eval_result,
                                const ClientInfo& client_info,
                                const std::wstring &file,
                                uint32 attributes,
                                uint32 desired_access,
                                uint32 file_attributes,
                                uint32 share_access,
                                uint32 create_disposition,
                                uint32 create_options,
                                HANDLE* handle,
                                NTSTATUS* nt_status,
                                ULONG_PTR* io_information);
   // Performs the desired policy action on an open request with an
   // API that is compatible with the IPC-received parameters.
   // 'client_info' : the target process that is making the request.
   // 'eval_result' : The desired policy action to accomplish.
   // 'file' : The target file or directory.
   static bool OpenFileAction(EvalResult eval_result,
                              const ClientInfo& client_info,
                              const std::wstring &file,
                              uint32 attributes,
                              uint32 desired_access,
                              uint32 share_access,
                              uint32 open_options,
                              HANDLE* handle,
                              NTSTATUS* nt_status,
                              ULONG_PTR* io_information);
   // Performs the desired policy action on a query request with an
   // API that is compatible with the IPC-received parameters.
   static bool QueryAttributesFileAction(EvalResult eval_result,
                                         const ClientInfo& client_info,
                                         const std::wstring &file,
                                         uint32 attributes,
                                         FILE_BASIC_INFORMATION* file_info,
                                         NTSTATUS* nt_status);
   // Performs the desired policy action on a query request with an
   // API that is compatible with the IPC-received parameters.
   static bool QueryFullAttributesFileAction(
       EvalResult eval_result,
       const ClientInfo& client_info,
       const std::wstring &file,
       uint32 attributes,
       FILE_NETWORK_OPEN_INFORMATION* file_info,
       NTSTATUS* nt_status);
   // Performs the desired policy action on a set_info request with an
   // API that is compatible with the IPC-received parameters.
   static bool SetInformationFileAction(EvalResult eval_result,
                                        const ClientInfo& client_info,
                                        HANDLE target_file_handle,
                                        void* file_info,
                                        uint32 length,
                                        uint32 info_class,
                                        IO_STATUS_BLOCK* io_block,
                                        NTSTATUS* nt_status);
 };
 // Expands the path and check if it's a reparse point. Returns false if
 // we cannot determine or if there is an unexpected error. In that case
 // the path cannot be trusted.
 bool PreProcessName(const std::wstring& path, std::wstring* new_path);
 }  // namespace sandbox
 #endif  // SANDBOX_SRC_FILESYSTEM_POLICY_H__

The Tor Browser / annotate

security/sandbox/win/src/filesystem_policy.h@6474c204b198 (annotated)

security/sandbox/win/src/filesystem_policy.h