The Tor Browser: security/sandbox/win/src/policy_engine_processor.h@6474c204b198 (annotated)

security/sandbox/win/src/policy_engine_processor.h@6474c204b198 (annotated)

security/sandbox/win/src/policy_engine_processor.h

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #ifndef SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__
 #define SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__
 #include "base/basictypes.h"
 #include "sandbox/win/src/policy_engine_params.h"
 #include "sandbox/win/src/policy_engine_opcodes.h"
 namespace sandbox {
 // This header contains the core policy evaluator. In its simplest form
 // it evaluates a stream of opcodes assuming that they are laid out in
 // memory as opcode groups.
 //
 // An opcode group has N comparison opcodes plus 1 action opcode. For
 // example here we have 3 opcode groups (A, B,C):
 //
 // [comparison 1]  <-- group A start
 // [comparison 2]
 // [comparison 3]
 // [action A    ]
 // [comparison 1]  <-- group B start
 // [action B    ]
 // [comparison 1]  <-- group C start
 // [comparison 2]
 // [action C    ]
 //
 // The opcode evaluator proceeds from the top, evaluating each opcode in
 // sequence. An opcode group is evaluated until the first comparison that
 // returns false. At that point the rest of the group is skipped and evaluation
 // resumes with the first comparison of the next group. When all the comparisons
 // in a group have evaluated to true and the action is reached. The group is
 // considered a matching group.
 //
 // In the 'ShortEval' mode evaluation stops when it reaches the end or the first
 // matching group. The action opcode from this group is the resulting policy
 // action.
 //
 // In the 'RankedEval' mode evaluation stops only when it reaches the end of the
 // the opcode stream. In the process all matching groups are saved and at the
 // end the 'best' group is selected (what makes the best is TBD) and the action
 // from this group is the resulting policy action.
 //
 // As explained above, the policy evaluation of a group is a logical AND of
 // the evaluation of each opcode. However an opcode can request kPolUseOREval
 // which makes the evaluation to use logical OR. Given that each opcode can
 // request its evaluation result to be negated with kPolNegateEval you can
 // achieve the negation of the total group evaluation. This means that if you
 // need to express:
 //             if (!(c1 && c2 && c3))
 // You can do it by:
 //             if ((!c1) || (!c2) || (!c3))
 //
 // Possible outcomes of policy evaluation.
 enum PolicyResult {
   NO_POLICY_MATCH,
   POLICY_MATCH,
   POLICY_ERROR
 };
 // Policy evaluation flags
 // TODO(cpu): implement the options 0 & 4.
 //
 // Stop evaluating as soon as an error is encountered.
 const uint32 kStopOnErrors = 0;
 // Ignore all non fatal opcode evaluation errors.
 const uint32 kIgnoreErrors = 1;
 // Short-circuit evaluation: Only evaluate until opcode group that
 // evaluated to true has been found.
 const uint32 kShortEval = 2;
 // Discussed briefly at the policy design meeting. It will evaluate
 // all rules and then return the 'best' rule that evaluated true.
 const uint32 kRankedEval = 4;
 // This class evaluates a policy-opcode stream given the memory where the
 // opcodes are and an input 'parameter set'.
 //
 // This class is designed to be callable from interception points
 // as low as the NtXXXX service level (it is not currently safe, but
 // it is designed to be made safe).
 //
 // Its usage in an interception is:
 //
 //   POLPARAMS_BEGIN(eval_params)
 //     POLPARAM(param1)
 //     POLPARAM(param2)
 //     POLPARAM(param3)
 //     POLPARAM(param4)
 //     POLPARAM(param5)
 //   POLPARAMS_END;
 //
 //   PolicyProcessor pol_evaluator(policy_memory);
 //   PolicyResult pr = pol_evaluator.Evaluate(ShortEval, eval_params,
 //                                            _countof(eval_params));
 //   if (NO_POLICY_MATCH == pr) {
 //     EvalResult policy_action =  pol_evaluator.GetAction();
 //     // apply policy here...
 //   }
 //
 // Where the POLPARAM() arguments are derived from the intercepted function
 // arguments, and represent all the 'interesting' policy inputs, and
 // policy_memory is a memory buffer containing the opcode stream that is the
 // relevant policy for this intercept.
 class PolicyProcessor {
  public:
   // policy_buffer contains opcodes made with OpcodeFactory. They are usually
   // created in the broker process and evaluated in the target process.
   // This constructor is just a variant of the previous constructor.
   explicit PolicyProcessor(PolicyBuffer* policy)
       : policy_(policy) {
     SetInternalState(0, EVAL_FALSE);
   }
   // Evaluates a policy-opcode stream. See the comments at the top of this
   // class for more info. Returns POLICY_MATCH if a rule set was found that
   // matches an active policy.
   PolicyResult Evaluate(uint32 options,
                         ParameterSet* parameters,
                         size_t parameter_count);
   // If the result of Evaluate() was POLICY_MATCH, calling this function returns
   // the recommended policy action.
   EvalResult GetAction() const;
  private:
   struct {
     size_t current_index_;
     EvalResult current_result_;
   } state_;
   // Sets the currently matching action result.
   void SetInternalState(size_t index, EvalResult result);
   PolicyBuffer* policy_;
   DISALLOW_COPY_AND_ASSIGN(PolicyProcessor);
 };
 }  // namespace sandbox
 #endif  // SANDBOX_SRC_POLICY_ENGINE_PROCESSOR_H__

The Tor Browser / annotate

security/sandbox/win/src/policy_engine_processor.h@6474c204b198 (annotated)

security/sandbox/win/src/policy_engine_processor.h