1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/policy_engine_params.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,202 @@
1.4 +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#ifndef SANDBOX_SRC_POLICY_ENGINE_PARAMS_H__
1.9 +#define SANDBOX_SRC_POLICY_ENGINE_PARAMS_H__
1.10 +
1.11 +#include "base/basictypes.h"
1.12 +#include "sandbox/win/src/internal_types.h"
1.13 +#include "sandbox/win/src/nt_internals.h"
1.14 +#include "sandbox/win/src/sandbox_nt_util.h"
1.15 +
1.16 +// This header defines the classes that allow the low level policy to select
1.17 +// the input parameters. In order to better make sense of this header is
1.18 +// recommended that you check policy_engine_opcodes.h first.
1.19 +
1.20 +namespace sandbox {
1.21 +
1.22 +// Models the set of interesting parameters of an intercepted system call
1.23 +// normally you don't create objects of this class directly, instead you
1.24 +// use the POLPARAMS_XXX macros.
1.25 +// For example, if an intercepted function has the following signature:
1.26 +//
1.27 +// NTSTATUS NtOpenFileFunction (PHANDLE FileHandle,
1.28 +// ACCESS_MASK DesiredAccess,
1.29 +// POBJECT_ATTRIBUTES ObjectAttributes,
1.30 +// PIO_STATUS_BLOCK IoStatusBlock,
1.31 +// ULONG ShareAccess,
1.32 +// ULONG OpenOptions);
1.33 +//
1.34 +// You could say that the following parameters are of interest to policy:
1.35 +//
1.36 +// POLPARAMS_BEGIN(open_params)
1.37 +// POLPARAM(DESIRED_ACCESS)
1.38 +// POLPARAM(OBJECT_NAME)
1.39 +// POLPARAM(SECURITY_DESCRIPTOR)
1.40 +// POLPARAM(IO_STATUS)
1.41 +// POLPARAM(OPEN_OPTIONS)
1.42 +// POLPARAMS_END;
1.43 +//
1.44 +// and the actual code will use this for defining the parameters:
1.45 +//
1.46 +// CountedParameterSet<open_params> p;
1.47 +// p[open_params::DESIRED_ACCESS] = ParamPickerMake(DesiredAccess);
1.48 +// p[open_params::OBJECT_NAME] =
1.49 +// ParamPickerMake(ObjectAttributes->ObjectName);
1.50 +// p[open_params::SECURITY_DESCRIPTOR] =
1.51 +// ParamPickerMake(ObjectAttributes->SecurityDescriptor);
1.52 +// p[open_params::IO_STATUS] = ParamPickerMake(IoStatusBlock);
1.53 +// p[open_params::OPEN_OPTIONS] = ParamPickerMake(OpenOptions);
1.54 +//
1.55 +// These will create an stack-allocated array of ParameterSet objects which
1.56 +// have each 1) the address of the parameter 2) a numeric id that encodes the
1.57 +// original C++ type. This allows the policy to treat any set of supported
1.58 +// argument types uniformily and with some type safety.
1.59 +//
1.60 +// TODO(cpu): support not fully implemented yet for unicode string and will
1.61 +// probably add other types as well.
1.62 +class ParameterSet {
1.63 + public:
1.64 + ParameterSet() : real_type_(INVALID_TYPE), address_(NULL) {}
1.65 +
1.66 + // Retrieve the stored parameter. If the type does not match ulong fail.
1.67 + bool Get(unsigned long* destination) const {
1.68 + if (ULONG_TYPE != real_type_) {
1.69 + return false;
1.70 + }
1.71 + *destination = Void2TypePointerCopy<unsigned long>();
1.72 + return true;
1.73 + }
1.74 +
1.75 + // Retrieve the stored parameter. If the type does not match void* fail.
1.76 + bool Get(const void** destination) const {
1.77 + if (VOIDPTR_TYPE != real_type_) {
1.78 + return false;
1.79 + }
1.80 + *destination = Void2TypePointerCopy<void*>();
1.81 + return true;
1.82 + }
1.83 +
1.84 + // Retrieve the stored parameter. If the type does not match wchar_t* fail.
1.85 + bool Get(const wchar_t** destination) const {
1.86 + if (WCHAR_TYPE != real_type_) {
1.87 + return false;
1.88 + }
1.89 + *destination = Void2TypePointerCopy<const wchar_t*>();
1.90 + return true;
1.91 + }
1.92 +
1.93 + // False if the parameter is not properly initialized.
1.94 + bool IsValid() const {
1.95 + return INVALID_TYPE != real_type_;
1.96 + }
1.97 +
1.98 + protected:
1.99 + // The constructor can only be called by derived types, which should
1.100 + // safely provide the real_type and the address of the argument.
1.101 + ParameterSet(ArgType real_type, const void* address)
1.102 + : real_type_(real_type), address_(address) {
1.103 + }
1.104 +
1.105 + private:
1.106 + // This template provides the same functionality as bits_cast but
1.107 + // it works with pointer while the former works only with references.
1.108 + template <typename T>
1.109 + T Void2TypePointerCopy() const {
1.110 + return *(reinterpret_cast<const T*>(address_));
1.111 + }
1.112 +
1.113 + ArgType real_type_;
1.114 + const void* address_;
1.115 +};
1.116 +
1.117 +// To safely infer the type, we use a set of template specializations
1.118 +// in ParameterSetEx with a template function ParamPickerMake to do the
1.119 +// parameter type deduction.
1.120 +
1.121 +// Base template class. Not implemented so using unsupported types should
1.122 +// fail to compile.
1.123 +template <typename T>
1.124 +class ParameterSetEx : public ParameterSet {
1.125 + public:
1.126 + ParameterSetEx(const void* address);
1.127 +};
1.128 +
1.129 +template<>
1.130 +class ParameterSetEx<void const*> : public ParameterSet {
1.131 + public:
1.132 + ParameterSetEx(const void* address)
1.133 + : ParameterSet(VOIDPTR_TYPE, address) {}
1.134 +};
1.135 +
1.136 +template<>
1.137 +class ParameterSetEx<void*> : public ParameterSet {
1.138 + public:
1.139 + ParameterSetEx(const void* address)
1.140 + : ParameterSet(VOIDPTR_TYPE, address) {}
1.141 +};
1.142 +
1.143 +
1.144 +template<>
1.145 +class ParameterSetEx<wchar_t*> : public ParameterSet {
1.146 + public:
1.147 + ParameterSetEx(const void* address)
1.148 + : ParameterSet(WCHAR_TYPE, address) {}
1.149 +};
1.150 +
1.151 +template<>
1.152 +class ParameterSetEx<wchar_t const*> : public ParameterSet {
1.153 + public:
1.154 + ParameterSetEx(const void* address)
1.155 + : ParameterSet(WCHAR_TYPE, address) {}
1.156 +};
1.157 +
1.158 +
1.159 +template<>
1.160 +class ParameterSetEx<unsigned long> : public ParameterSet {
1.161 + public:
1.162 + ParameterSetEx(const void* address)
1.163 + : ParameterSet(ULONG_TYPE, address) {}
1.164 +};
1.165 +
1.166 +template<>
1.167 +class ParameterSetEx<UNICODE_STRING> : public ParameterSet {
1.168 + public:
1.169 + ParameterSetEx(const void* address)
1.170 + : ParameterSet(UNISTR_TYPE, address) {}
1.171 +};
1.172 +
1.173 +template <typename T>
1.174 +ParameterSet ParamPickerMake(T& parameter) {
1.175 + return ParameterSetEx<T>(¶meter);
1.176 +};
1.177 +
1.178 +struct CountedParameterSetBase {
1.179 + int count;
1.180 + ParameterSet parameters[1];
1.181 +};
1.182 +
1.183 +// This template defines the actual list of policy parameters for a given
1.184 +// interception.
1.185 +// Warning: This template stores the address to the actual variables, in
1.186 +// other words, the values are not copied.
1.187 +template <typename T>
1.188 +struct CountedParameterSet {
1.189 + CountedParameterSet() : count(T::PolParamLast) {}
1.190 +
1.191 + ParameterSet& operator[](typename T::Args n) {
1.192 + return parameters[n];
1.193 + }
1.194 +
1.195 + CountedParameterSetBase* GetBase() {
1.196 + return reinterpret_cast<CountedParameterSetBase*>(this);
1.197 + }
1.198 +
1.199 + int count;
1.200 + ParameterSet parameters[T::PolParamLast];
1.201 +};
1.202 +
1.203 +} // namespace sandbox
1.204 +
1.205 +#endif // SANDBOX_SRC_POLICY_ENGINE_PARAMS_H__
