michael@0: // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #include "sandbox/win/src/filesystem_dispatcher.h" michael@0: michael@0: #include "sandbox/win/src/crosscall_client.h" michael@0: #include "sandbox/win/src/filesystem_interception.h" michael@0: #include "sandbox/win/src/filesystem_policy.h" michael@0: #include "sandbox/win/src/interception.h" michael@0: #include "sandbox/win/src/interceptors.h" michael@0: #include "sandbox/win/src/ipc_tags.h" michael@0: #include "sandbox/win/src/policy_broker.h" michael@0: #include "sandbox/win/src/policy_params.h" michael@0: #include "sandbox/win/src/sandbox.h" michael@0: #include "sandbox/win/src/sandbox_nt_util.h" michael@0: michael@0: namespace sandbox { michael@0: michael@0: FilesystemDispatcher::FilesystemDispatcher(PolicyBase* policy_base) michael@0: : policy_base_(policy_base) { michael@0: static const IPCCall create_params = { michael@0: {IPC_NTCREATEFILE_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE, michael@0: ULONG_TYPE, ULONG_TYPE, ULONG_TYPE}, michael@0: reinterpret_cast(&FilesystemDispatcher::NtCreateFile) michael@0: }; michael@0: michael@0: static const IPCCall open_file = { michael@0: {IPC_NTOPENFILE_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE, michael@0: ULONG_TYPE}, michael@0: reinterpret_cast(&FilesystemDispatcher::NtOpenFile) michael@0: }; michael@0: michael@0: static const IPCCall attribs = { michael@0: {IPC_NTQUERYATTRIBUTESFILE_TAG, WCHAR_TYPE, ULONG_TYPE, INOUTPTR_TYPE}, michael@0: reinterpret_cast( michael@0: &FilesystemDispatcher::NtQueryAttributesFile) michael@0: }; michael@0: michael@0: static const IPCCall full_attribs = { michael@0: {IPC_NTQUERYFULLATTRIBUTESFILE_TAG, WCHAR_TYPE, ULONG_TYPE, INOUTPTR_TYPE}, michael@0: reinterpret_cast( michael@0: &FilesystemDispatcher::NtQueryFullAttributesFile) michael@0: }; michael@0: michael@0: static const IPCCall set_info = { michael@0: {IPC_NTSETINFO_RENAME_TAG, VOIDPTR_TYPE, INOUTPTR_TYPE, INOUTPTR_TYPE, michael@0: ULONG_TYPE, ULONG_TYPE}, michael@0: reinterpret_cast( michael@0: &FilesystemDispatcher::NtSetInformationFile) michael@0: }; michael@0: michael@0: ipc_calls_.push_back(create_params); michael@0: ipc_calls_.push_back(open_file); michael@0: ipc_calls_.push_back(attribs); michael@0: ipc_calls_.push_back(full_attribs); michael@0: ipc_calls_.push_back(set_info); michael@0: } michael@0: michael@0: bool FilesystemDispatcher::SetupService(InterceptionManager* manager, michael@0: int service) { michael@0: switch (service) { michael@0: case IPC_NTCREATEFILE_TAG: michael@0: return INTERCEPT_NT(manager, NtCreateFile, CREATE_FILE_ID, 48); michael@0: michael@0: case IPC_NTOPENFILE_TAG: michael@0: return INTERCEPT_NT(manager, NtOpenFile, OPEN_FILE_ID, 28); michael@0: michael@0: case IPC_NTQUERYATTRIBUTESFILE_TAG: michael@0: return INTERCEPT_NT(manager, NtQueryAttributesFile, QUERY_ATTRIB_FILE_ID, michael@0: 12); michael@0: michael@0: case IPC_NTQUERYFULLATTRIBUTESFILE_TAG: michael@0: return INTERCEPT_NT(manager, NtQueryFullAttributesFile, michael@0: QUERY_FULL_ATTRIB_FILE_ID, 12); michael@0: michael@0: case IPC_NTSETINFO_RENAME_TAG: michael@0: return INTERCEPT_NT(manager, NtSetInformationFile, SET_INFO_FILE_ID, 24); michael@0: michael@0: default: michael@0: return false; michael@0: } michael@0: } michael@0: michael@0: bool FilesystemDispatcher::NtCreateFile( michael@0: IPCInfo* ipc, std::wstring* name, DWORD attributes, DWORD desired_access, michael@0: DWORD file_attributes, DWORD share_access, DWORD create_disposition, michael@0: DWORD create_options) { michael@0: if (!PreProcessName(*name, name)) { michael@0: // The path requested might contain a reparse point. michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: michael@0: const wchar_t* filename = name->c_str(); michael@0: michael@0: ULONG broker = TRUE; michael@0: CountedParameterSet params; michael@0: params[OpenFile::NAME] = ParamPickerMake(filename); michael@0: params[OpenFile::ACCESS] = ParamPickerMake(desired_access); michael@0: params[OpenFile::OPTIONS] = ParamPickerMake(create_options); michael@0: params[OpenFile::BROKER] = ParamPickerMake(broker); michael@0: michael@0: // To evaluate the policy we need to call back to the policy object. We michael@0: // are just middlemen in the operation since is the FileSystemPolicy which michael@0: // knows what to do. michael@0: EvalResult result = policy_base_->EvalPolicy(IPC_NTCREATEFILE_TAG, michael@0: params.GetBase()); michael@0: HANDLE handle; michael@0: ULONG_PTR io_information = 0; michael@0: NTSTATUS nt_status; michael@0: if (!FileSystemPolicy::CreateFileAction(result, *ipc->client_info, *name, michael@0: attributes, desired_access, michael@0: file_attributes, share_access, michael@0: create_disposition, create_options, michael@0: &handle, &nt_status, michael@0: &io_information)) { michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: // Return operation status on the IPC. michael@0: ipc->return_info.extended[0].ulong_ptr = io_information; michael@0: ipc->return_info.nt_status = nt_status; michael@0: ipc->return_info.handle = handle; michael@0: return true; michael@0: } michael@0: michael@0: bool FilesystemDispatcher::NtOpenFile( michael@0: IPCInfo* ipc, std::wstring* name, DWORD attributes, DWORD desired_access, michael@0: DWORD share_access, DWORD open_options) { michael@0: if (!PreProcessName(*name, name)) { michael@0: // The path requested might contain a reparse point. michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: michael@0: const wchar_t* filename = name->c_str(); michael@0: michael@0: ULONG broker = TRUE; michael@0: CountedParameterSet params; michael@0: params[OpenFile::NAME] = ParamPickerMake(filename); michael@0: params[OpenFile::ACCESS] = ParamPickerMake(desired_access); michael@0: params[OpenFile::OPTIONS] = ParamPickerMake(open_options); michael@0: params[OpenFile::BROKER] = ParamPickerMake(broker); michael@0: michael@0: // To evaluate the policy we need to call back to the policy object. We michael@0: // are just middlemen in the operation since is the FileSystemPolicy which michael@0: // knows what to do. michael@0: EvalResult result = policy_base_->EvalPolicy(IPC_NTOPENFILE_TAG, michael@0: params.GetBase()); michael@0: HANDLE handle; michael@0: ULONG_PTR io_information = 0; michael@0: NTSTATUS nt_status; michael@0: if (!FileSystemPolicy::OpenFileAction(result, *ipc->client_info, *name, michael@0: attributes, desired_access, michael@0: share_access, open_options, &handle, michael@0: &nt_status, &io_information)) { michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: // Return operation status on the IPC. michael@0: ipc->return_info.extended[0].ulong_ptr = io_information; michael@0: ipc->return_info.nt_status = nt_status; michael@0: ipc->return_info.handle = handle; michael@0: return true; michael@0: } michael@0: michael@0: bool FilesystemDispatcher::NtQueryAttributesFile( michael@0: IPCInfo* ipc, std::wstring* name, DWORD attributes, CountedBuffer* info) { michael@0: if (sizeof(FILE_BASIC_INFORMATION) != info->Size()) michael@0: return false; michael@0: michael@0: if (!PreProcessName(*name, name)) { michael@0: // The path requested might contain a reparse point. michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: michael@0: ULONG broker = TRUE; michael@0: const wchar_t* filename = name->c_str(); michael@0: CountedParameterSet params; michael@0: params[FileName::NAME] = ParamPickerMake(filename); michael@0: params[FileName::BROKER] = ParamPickerMake(broker); michael@0: michael@0: // To evaluate the policy we need to call back to the policy object. We michael@0: // are just middlemen in the operation since is the FileSystemPolicy which michael@0: // knows what to do. michael@0: EvalResult result = policy_base_->EvalPolicy(IPC_NTQUERYATTRIBUTESFILE_TAG, michael@0: params.GetBase()); michael@0: michael@0: FILE_BASIC_INFORMATION* information = michael@0: reinterpret_cast(info->Buffer()); michael@0: NTSTATUS nt_status; michael@0: if (!FileSystemPolicy::QueryAttributesFileAction(result, *ipc->client_info, michael@0: *name, attributes, michael@0: information, &nt_status)) { michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: michael@0: // Return operation status on the IPC. michael@0: ipc->return_info.nt_status = nt_status; michael@0: return true; michael@0: } michael@0: michael@0: bool FilesystemDispatcher::NtQueryFullAttributesFile( michael@0: IPCInfo* ipc, std::wstring* name, DWORD attributes, CountedBuffer* info) { michael@0: if (sizeof(FILE_NETWORK_OPEN_INFORMATION) != info->Size()) michael@0: return false; michael@0: michael@0: if (!PreProcessName(*name, name)) { michael@0: // The path requested might contain a reparse point. michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: michael@0: ULONG broker = TRUE; michael@0: const wchar_t* filename = name->c_str(); michael@0: CountedParameterSet params; michael@0: params[FileName::NAME] = ParamPickerMake(filename); michael@0: params[FileName::BROKER] = ParamPickerMake(broker); michael@0: michael@0: // To evaluate the policy we need to call back to the policy object. We michael@0: // are just middlemen in the operation since is the FileSystemPolicy which michael@0: // knows what to do. michael@0: EvalResult result = policy_base_->EvalPolicy( michael@0: IPC_NTQUERYFULLATTRIBUTESFILE_TAG, params.GetBase()); michael@0: michael@0: FILE_NETWORK_OPEN_INFORMATION* information = michael@0: reinterpret_cast(info->Buffer()); michael@0: NTSTATUS nt_status; michael@0: if (!FileSystemPolicy::QueryFullAttributesFileAction(result, michael@0: *ipc->client_info, michael@0: *name, attributes, michael@0: information, michael@0: &nt_status)) { michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: michael@0: // Return operation status on the IPC. michael@0: ipc->return_info.nt_status = nt_status; michael@0: return true; michael@0: } michael@0: michael@0: bool FilesystemDispatcher::NtSetInformationFile( michael@0: IPCInfo* ipc, HANDLE handle, CountedBuffer* status, CountedBuffer* info, michael@0: DWORD length, DWORD info_class) { michael@0: if (sizeof(IO_STATUS_BLOCK) != status->Size()) michael@0: return false; michael@0: if (length != info->Size()) michael@0: return false; michael@0: michael@0: FILE_RENAME_INFORMATION* rename_info = michael@0: reinterpret_cast(info->Buffer()); michael@0: michael@0: if (!IsSupportedRenameCall(rename_info, length, info_class)) michael@0: return false; michael@0: michael@0: std::wstring name; michael@0: name.assign(rename_info->FileName, rename_info->FileNameLength / michael@0: sizeof(rename_info->FileName[0])); michael@0: if (!PreProcessName(name, &name)) { michael@0: // The path requested might contain a reparse point. michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: michael@0: ULONG broker = TRUE; michael@0: const wchar_t* filename = name.c_str(); michael@0: CountedParameterSet params; michael@0: params[FileName::NAME] = ParamPickerMake(filename); michael@0: params[FileName::BROKER] = ParamPickerMake(broker); michael@0: michael@0: // To evaluate the policy we need to call back to the policy object. We michael@0: // are just middlemen in the operation since is the FileSystemPolicy which michael@0: // knows what to do. michael@0: EvalResult result = policy_base_->EvalPolicy(IPC_NTSETINFO_RENAME_TAG, michael@0: params.GetBase()); michael@0: michael@0: IO_STATUS_BLOCK* io_status = michael@0: reinterpret_cast(status->Buffer()); michael@0: NTSTATUS nt_status; michael@0: if (!FileSystemPolicy::SetInformationFileAction(result, *ipc->client_info, michael@0: handle, rename_info, length, michael@0: info_class, io_status, michael@0: &nt_status)) { michael@0: ipc->return_info.nt_status = STATUS_ACCESS_DENIED; michael@0: return true; michael@0: } michael@0: michael@0: // Return operation status on the IPC. michael@0: ipc->return_info.nt_status = nt_status; michael@0: return true; michael@0: } michael@0: michael@0: } // namespace sandbox