search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "Merged all Chromoting Host code into remoting_core.dll (Windows)."
[chromium-blink-merge.git] / sandbox / win / src / registry_policy.cc
blob55f3bcd06743da698e6b26cfd08f86c356b3f37a
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6
7 #include "sandbox/win/src/registry_policy.h"
8
9 #include "base/logging.h"
10 #include "sandbox/win/src/ipc_tags.h"
11 #include "sandbox/win/src/policy_engine_opcodes.h"
12 #include "sandbox/win/src/policy_params.h"
13 #include "sandbox/win/src/sandbox_utils.h"
14 #include "sandbox/win/src/sandbox_types.h"
15 #include "sandbox/win/src/win_utils.h"
16
17 namespace {
18
19 static const DWORD kAllowedRegFlags = KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS |
20 KEY_NOTIFY | KEY_READ | GENERIC_READ |
21 GENERIC_EXECUTE | READ_CONTROL;
22
23 // Opens the key referenced by |obj_attributes| with |access| and
24 // checks what permission was given. Remove the WRITE flags and update
25 // |access| with the new value.
26 NTSTATUS TranslateMaximumAllowed(OBJECT_ATTRIBUTES* obj_attributes,
27 DWORD* access) {
28 NtOpenKeyFunction NtOpenKey = NULL;
29 ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey);
30
31 NtCloseFunction NtClose = NULL;
32 ResolveNTFunctionPtr("NtClose", &NtClose);
33
34 NtQueryObjectFunction NtQueryObject = NULL;
35 ResolveNTFunctionPtr("NtQueryObject", &NtQueryObject);
36
37 // Open the key.
38 HANDLE handle;
39 NTSTATUS status = NtOpenKey(&handle, *access, obj_attributes);
40 if (!NT_SUCCESS(status))
41 return status;
42
43 OBJECT_BASIC_INFORMATION info = {0};
44 status = NtQueryObject(handle, ObjectBasicInformation, &info, sizeof(info),
45 NULL);
46 NtClose(handle);
47 if (!NT_SUCCESS(status))
48 return status;
49
50 *access = info.GrantedAccess & kAllowedRegFlags;
51 return STATUS_SUCCESS;
52 }
53
54 NTSTATUS NtCreateKeyInTarget(HANDLE* target_key_handle,
55 ACCESS_MASK desired_access,
56 OBJECT_ATTRIBUTES* obj_attributes,
57 ULONG title_index,
58 UNICODE_STRING* class_name,
59 ULONG create_options,
60 ULONG* disposition,
61 HANDLE target_process) {
62 NtCreateKeyFunction NtCreateKey = NULL;
63 ResolveNTFunctionPtr("NtCreateKey", &NtCreateKey);
64
65 if (MAXIMUM_ALLOWED & desired_access) {
66 NTSTATUS status = TranslateMaximumAllowed(obj_attributes, &desired_access);
67 if (!NT_SUCCESS(status))
68 return STATUS_ACCESS_DENIED;
69 }
70
71 HANDLE local_handle = INVALID_HANDLE_VALUE;
72 NTSTATUS status = NtCreateKey(&local_handle, desired_access, obj_attributes,
73 title_index, class_name, create_options,
74 disposition);
75 if (!NT_SUCCESS(status))
76 return status;
77
78 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
79 target_process, target_key_handle, 0, FALSE,
80 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
81 ::CloseHandle(local_handle);
82 return STATUS_ACCESS_DENIED;
83 }
84 return STATUS_SUCCESS;
85 }
86
87 NTSTATUS NtOpenKeyInTarget(HANDLE* target_key_handle,
88 ACCESS_MASK desired_access,
89 OBJECT_ATTRIBUTES* obj_attributes,
90 HANDLE target_process) {
91 NtOpenKeyFunction NtOpenKey = NULL;
92 ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey);
93
94 if (MAXIMUM_ALLOWED & desired_access) {
95 NTSTATUS status = TranslateMaximumAllowed(obj_attributes, &desired_access);
96 if (!NT_SUCCESS(status))
97 return STATUS_ACCESS_DENIED;
98 }
99
100 HANDLE local_handle = INVALID_HANDLE_VALUE;
101 NTSTATUS status = NtOpenKey(&local_handle, desired_access, obj_attributes);
102
103 if (!NT_SUCCESS(status))
104 return status;
105
106 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
107 target_process, target_key_handle, 0, FALSE,
108 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
109 ::CloseHandle(local_handle);
110 return STATUS_ACCESS_DENIED;
111 }
112 return STATUS_SUCCESS;
113 }
114
115 }
116
117 namespace sandbox {
118
119 bool RegistryPolicy::GenerateRules(const wchar_t* name,
120 TargetPolicy::Semantics semantics,
121 LowLevelPolicy* policy) {
122 std::wstring resovled_name(name);
123 if (resovled_name.empty()) {
124 return false;
125 }
126
127 if (!ResolveRegistryName(resovled_name, &resovled_name))
128 return false;
129
130 name = resovled_name.c_str();
131
132 EvalResult result = ASK_BROKER;
133
134 PolicyRule open(result);
135 PolicyRule create(result);
136
137 switch (semantics) {
138 case TargetPolicy::REG_ALLOW_READONLY: {
139 // We consider all flags that are not known to be readonly as potentially
140 // used for write. Here we also support MAXIMUM_ALLOWED, but we are going
141 // to expand it to read-only before the call.
142 DWORD restricted_flags = ~(kAllowedRegFlags | MAXIMUM_ALLOWED);
143 open.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND);
144 create.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND);
145 break;
146 }
147 case TargetPolicy::REG_ALLOW_ANY: {
148 break;
149 }
150 default: {
151 NOTREACHED();
152 return false;
153 }
154 }
155
156 if (!create.AddStringMatch(IF, OpenKey::NAME, name, CASE_INSENSITIVE) ||
157 !policy->AddRule(IPC_NTCREATEKEY_TAG, &create)) {
158 return false;
159 }
160
161 if (!open.AddStringMatch(IF, OpenKey::NAME, name, CASE_INSENSITIVE) ||
162 !policy->AddRule(IPC_NTOPENKEY_TAG, &open)) {
163 return false;
164 }
165
166 return true;
167 }
168
169 bool RegistryPolicy::CreateKeyAction(EvalResult eval_result,
170 const ClientInfo& client_info,
171 const std::wstring &key,
172 uint32 attributes,
173 HANDLE root_directory,
174 uint32 desired_access,
175 uint32 title_index,
176 uint32 create_options,
177 HANDLE* handle,
178 NTSTATUS* nt_status,
179 ULONG* disposition) {
180 // The only action supported is ASK_BROKER which means create the requested
181 // file as specified.
182 if (ASK_BROKER != eval_result) {
183 *nt_status = STATUS_ACCESS_DENIED;
184 return false;
185 }
186
187 // We don't support creating link keys, volatile keys or backup/restore.
188 if (create_options) {
189 *nt_status = STATUS_ACCESS_DENIED;
190 return false;
191 }
192
193 UNICODE_STRING uni_name = {0};
194 OBJECT_ATTRIBUTES obj_attributes = {0};
195 InitObjectAttribs(key, attributes, root_directory, &obj_attributes,
196 &uni_name);
197 *nt_status = NtCreateKeyInTarget(handle, desired_access, &obj_attributes,
198 title_index, NULL, create_options,
199 disposition, client_info.process);
200 return true;
201 }
202
203 bool RegistryPolicy::OpenKeyAction(EvalResult eval_result,
204 const ClientInfo& client_info,
205 const std::wstring &key,
206 uint32 attributes,
207 HANDLE root_directory,
208 uint32 desired_access,
209 HANDLE* handle,
210 NTSTATUS* nt_status) {
211 // The only action supported is ASK_BROKER which means open the requested
212 // file as specified.
213 if (ASK_BROKER != eval_result) {
214 *nt_status = STATUS_ACCESS_DENIED;
215 return true;
216 }
217
218 UNICODE_STRING uni_name = {0};
219 OBJECT_ATTRIBUTES obj_attributes = {0};
220 InitObjectAttribs(key, attributes, root_directory, &obj_attributes,
221 &uni_name);
222 *nt_status = NtOpenKeyInTarget(handle, desired_access, &obj_attributes,
223 client_info.process);
224 return true;
225 }
226
227 } // namespace sandbox