security/sandbox/win/src/policy_low_level.h@6474c204b198 (annotated)
security/sandbox/win/src/policy_low_level.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| michael@0 | 2 | // Use of this source code is governed by a BSD-style license that can be |
| michael@0 | 3 | // found in the LICENSE file. |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
| michael@0 | 6 | #define SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
| michael@0 | 7 | |
| michael@0 | 8 | #include <list> |
| michael@0 | 9 | |
| michael@0 | 10 | #include "base/basictypes.h" |
| michael@0 | 11 | #include "sandbox/win/src/ipc_tags.h" |
| michael@0 | 12 | #include "sandbox/win/src/policy_engine_params.h" |
| michael@0 | 13 | #include "sandbox/win/src/policy_engine_opcodes.h" |
| michael@0 | 14 | |
| michael@0 | 15 | // Low level policy classes. |
| michael@0 | 16 | // Built on top of the PolicyOpcode and OpcodeFatory, the low level policy |
| michael@0 | 17 | // provides a way to define rules on strings and numbers but it is unaware |
| michael@0 | 18 | // of Windows specific details or how the Interceptions must be set up. |
| michael@0 | 19 | // To use these classes you construct one or more rules and add them to the |
| michael@0 | 20 | // LowLevelPolicy object like this: |
| michael@0 | 21 | // |
| michael@0 | 22 | // PolicyRule rule1(ASK_BROKER); |
| michael@0 | 23 | // rule1.AddStringMatch(IF, 0, L"\\\\/?/?\\c:\\*Microsoft*\\*.exe", true); |
| michael@0 | 24 | // rule1.AddNumberMatch(IF_NOT, 1, CREATE_ALWAYS, EQUAL); |
| michael@0 | 25 | // rule1.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL); |
| michael@0 | 26 | // |
| michael@0 | 27 | // PolicyRule rule2(FAKE_SUCCESS); |
| michael@0 | 28 | // rule2.AddStringMatch(IF, 0, L"\\\\/?/?\\Pipe\\Chrome.*", false)); |
| michael@0 | 29 | // rule2.AddNumberMatch(IF, 1, OPEN_EXISTING, EQUAL)); |
| michael@0 | 30 | // |
| michael@0 | 31 | // LowLevelPolicy policyGen(*policy_memory); |
| michael@0 | 32 | // policyGen.AddRule(kNtCreateFileSvc, &rule1); |
| michael@0 | 33 | // policyGen.AddRule(kNtCreateFileSvc, &rule2); |
| michael@0 | 34 | // policyGen.Done(); |
| michael@0 | 35 | // |
| michael@0 | 36 | // At this point (error checking omitted) the policy_memory can be copied |
| michael@0 | 37 | // to the target process where it can be evaluated. |
| michael@0 | 38 | |
| michael@0 | 39 | namespace sandbox { |
| michael@0 | 40 | |
| michael@0 | 41 | // TODO(cpu): Move this constant to crosscall_client.h. |
| michael@0 | 42 | const size_t kMaxServiceCount = 32; |
| michael@0 | 43 | COMPILE_ASSERT(IPC_LAST_TAG <= kMaxServiceCount, kMaxServiceCount_is_too_low); |
| michael@0 | 44 | |
| michael@0 | 45 | // Defines the memory layout of the policy. This memory is filled by |
| michael@0 | 46 | // LowLevelPolicy object. |
| michael@0 | 47 | // For example: |
| michael@0 | 48 | // |
| michael@0 | 49 | // [Service 0] --points to---\ |
| michael@0 | 50 | // [Service 1] --------------|-----\ |
| michael@0 | 51 | // ...... | | |
| michael@0 | 52 | // [Service N] | | |
| michael@0 | 53 | // [data_size] | | |
| michael@0 | 54 | // [Policy Buffer 0] <-------/ | |
| michael@0 | 55 | // [opcodes of] | |
| michael@0 | 56 | // ....... | |
| michael@0 | 57 | // [Policy Buffer 1] <-------------/ |
| michael@0 | 58 | // [opcodes] |
| michael@0 | 59 | // ....... |
| michael@0 | 60 | // ....... |
| michael@0 | 61 | // [Policy Buffer N] |
| michael@0 | 62 | // [opcodes] |
| michael@0 | 63 | // ....... |
| michael@0 | 64 | // <possibly unused space here> |
| michael@0 | 65 | // ....... |
| michael@0 | 66 | // [opcode string ] |
| michael@0 | 67 | // [opcode string ] |
| michael@0 | 68 | // ....... |
| michael@0 | 69 | // [opcode string ] |
| michael@0 | 70 | struct PolicyGlobal { |
| michael@0 | 71 | PolicyBuffer* entry[kMaxServiceCount]; |
| michael@0 | 72 | size_t data_size; |
| michael@0 | 73 | PolicyBuffer data[1]; |
| michael@0 | 74 | }; |
| michael@0 | 75 | |
| michael@0 | 76 | class PolicyRule; |
| michael@0 | 77 | |
| michael@0 | 78 | // Provides the means to collect rules into a policy store (memory) |
| michael@0 | 79 | class LowLevelPolicy { |
| michael@0 | 80 | public: |
| michael@0 | 81 | // policy_store: must contain allocated memory and the internal |
| michael@0 | 82 | // size fields set to correct values. |
| michael@0 | 83 | explicit LowLevelPolicy(PolicyGlobal* policy_store) |
| michael@0 | 84 | : policy_store_(policy_store) { |
| michael@0 | 85 | } |
| michael@0 | 86 | |
| michael@0 | 87 | // Destroys all the policy rules. |
| michael@0 | 88 | ~LowLevelPolicy(); |
| michael@0 | 89 | |
| michael@0 | 90 | // Adds a rule to be generated when Done() is called. |
| michael@0 | 91 | // service: The id of the service that this rule is associated with, |
| michael@0 | 92 | // for example the 'Open Thread' service or the "Create File" service. |
| michael@0 | 93 | // returns false on error. |
| michael@0 | 94 | bool AddRule(int service, PolicyRule* rule); |
| michael@0 | 95 | |
| michael@0 | 96 | // Generates all the rules added with AddRule() into the memory area |
| michael@0 | 97 | // passed on the constructor. Returns false on error. |
| michael@0 | 98 | bool Done(); |
| michael@0 | 99 | |
| michael@0 | 100 | private: |
| michael@0 | 101 | struct RuleNode { |
| michael@0 | 102 | const PolicyRule* rule; |
| michael@0 | 103 | int service; |
| michael@0 | 104 | }; |
| michael@0 | 105 | std::list<RuleNode> rules_; |
| michael@0 | 106 | PolicyGlobal* policy_store_; |
| michael@0 | 107 | DISALLOW_IMPLICIT_CONSTRUCTORS(LowLevelPolicy); |
| michael@0 | 108 | }; |
| michael@0 | 109 | |
| michael@0 | 110 | // There are 'if' rules and 'if not' comparisons |
| michael@0 | 111 | enum RuleType { |
| michael@0 | 112 | IF = 0, |
| michael@0 | 113 | IF_NOT = 1, |
| michael@0 | 114 | }; |
| michael@0 | 115 | |
| michael@0 | 116 | // Possible comparisons for numbers |
| michael@0 | 117 | enum RuleOp { |
| michael@0 | 118 | EQUAL, |
| michael@0 | 119 | AND, |
| michael@0 | 120 | RANGE // TODO(cpu): Implement this option. |
| michael@0 | 121 | }; |
| michael@0 | 122 | |
| michael@0 | 123 | // Provides the means to collect a set of comparisons into a single |
| michael@0 | 124 | // rule and its associated action. |
| michael@0 | 125 | class PolicyRule { |
| michael@0 | 126 | friend class LowLevelPolicy; |
| michael@0 | 127 | |
| michael@0 | 128 | public: |
| michael@0 | 129 | explicit PolicyRule(EvalResult action); |
| michael@0 | 130 | PolicyRule(const PolicyRule& other); |
| michael@0 | 131 | ~PolicyRule(); |
| michael@0 | 132 | |
| michael@0 | 133 | // Adds a string comparison to the rule. |
| michael@0 | 134 | // rule_type: possible values are IF and IF_NOT. |
| michael@0 | 135 | // parameter: the expected index of the argument for this rule. For example |
| michael@0 | 136 | // in a 'create file' service the file name argument can be at index 0. |
| michael@0 | 137 | // string: is the desired matching pattern. |
| michael@0 | 138 | // match_opts: if the pattern matching is case sensitive or not. |
| michael@0 | 139 | bool AddStringMatch(RuleType rule_type, int16 parameter, |
| michael@0 | 140 | const wchar_t* string, StringMatchOptions match_opts); |
| michael@0 | 141 | |
| michael@0 | 142 | // Adds a number match comparison to the rule. |
| michael@0 | 143 | // rule_type: possible values are IF and IF_NOT. |
| michael@0 | 144 | // parameter: the expected index of the argument for this rule. |
| michael@0 | 145 | // number: the value to compare the input to. |
| michael@0 | 146 | // comparison_op: the comparison kind (equal, logical and, etc). |
| michael@0 | 147 | bool AddNumberMatch(RuleType rule_type, int16 parameter, |
| michael@0 | 148 | unsigned long number, RuleOp comparison_op); |
| michael@0 | 149 | |
| michael@0 | 150 | // Returns the number of opcodes generated so far. |
| michael@0 | 151 | size_t GetOpcodeCount() const { |
| michael@0 | 152 | return buffer_->opcode_count; |
| michael@0 | 153 | } |
| michael@0 | 154 | |
| michael@0 | 155 | // Called when there is no more comparisons to add. Internally it generates |
| michael@0 | 156 | // the last opcode (the action opcode). Returns false if this operation fails. |
| michael@0 | 157 | bool Done(); |
| michael@0 | 158 | |
| michael@0 | 159 | private: |
| michael@0 | 160 | void operator=(const PolicyRule&); |
| michael@0 | 161 | // Called in a loop from AddStringMatch to generate the required string |
| michael@0 | 162 | // match opcodes. rule_type, match_opts and parameter are the same as |
| michael@0 | 163 | // in AddStringMatch. |
| michael@0 | 164 | bool GenStringOpcode(RuleType rule_type, StringMatchOptions match_opts, |
| michael@0 | 165 | uint16 parameter, int state, bool last_call, |
| michael@0 | 166 | int* skip_count, std::wstring* fragment); |
| michael@0 | 167 | |
| michael@0 | 168 | // Loop over all generated opcodes and copy them to increasing memory |
| michael@0 | 169 | // addresses from opcode_start and copy the extra data (strings usually) into |
| michael@0 | 170 | // decreasing addresses from data_start. Extra data is only present in the |
| michael@0 | 171 | // string evaluation opcodes. |
| michael@0 | 172 | bool RebindCopy(PolicyOpcode* opcode_start, size_t opcode_size, |
| michael@0 | 173 | char* data_start, size_t* data_size) const; |
| michael@0 | 174 | PolicyBuffer* buffer_; |
| michael@0 | 175 | OpcodeFactory* opcode_factory_; |
| michael@0 | 176 | EvalResult action_; |
| michael@0 | 177 | bool done_; |
| michael@0 | 178 | }; |
| michael@0 | 179 | |
| michael@0 | 180 | } // namespace sandbox |
| michael@0 | 181 | |
| michael@0 | 182 | #endif // SANDBOX_SRC_POLICY_LOW_LEVEL_H__ |
