Updating trunk VERSION from 2139.0 to 2140.0
[chromium-blink-merge.git] / sandbox / win / src / policy_engine_processor.cc
blob7ca25b2ed2ec66781db325cce4014616804feba2
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/policy_engine_processor.h"
7 namespace sandbox {
9 void PolicyProcessor::SetInternalState(size_t index, EvalResult result) {
10 state_.current_index_ = index;
11 state_.current_result_ = result;
14 EvalResult PolicyProcessor::GetAction() const {
15 return state_.current_result_;
18 // Decides if an opcode can be skipped (not evaluated) or not. The function
19 // takes as inputs the opcode and the current evaluation context and returns
20 // true if the opcode should be skipped or not and also can set keep_skipping
21 // to false to signal that the current instruction should be skipped but not
22 // the next after the current one.
23 bool SkipOpcode(const PolicyOpcode& opcode, MatchContext* context,
24 bool* keep_skipping) {
25 if (opcode.IsAction()) {
26 uint32 options = context->options;
27 context->Clear();
28 *keep_skipping = false;
29 return (kPolUseOREval != options);
31 *keep_skipping = true;
32 return true;
35 PolicyResult PolicyProcessor::Evaluate(uint32 options,
36 ParameterSet* parameters,
37 size_t param_count) {
38 if (NULL == policy_) {
39 return NO_POLICY_MATCH;
41 if (0 == policy_->opcode_count) {
42 return NO_POLICY_MATCH;
44 if (!(kShortEval & options)) {
45 return POLICY_ERROR;
48 MatchContext context;
49 bool evaluation = false;
50 bool skip_group = false;
51 SetInternalState(0, EVAL_FALSE);
52 size_t count = policy_->opcode_count;
54 // Loop over all the opcodes Evaluating in sequence. Since we only support
55 // short circuit evaluation, we stop as soon as we find an 'action' opcode
56 // and the current evaluation is true.
58 // Skipping opcodes can happen when we are in AND mode (!kPolUseOREval) and
59 // have got EVAL_FALSE or when we are in OR mode (kPolUseOREval) and got
60 // EVAL_TRUE. Skipping will stop at the next action opcode or at the opcode
61 // after the action depending on kPolUseOREval.
63 for (size_t ix = 0; ix != count; ++ix) {
64 PolicyOpcode& opcode = policy_->opcodes[ix];
65 // Skipping block.
66 if (skip_group) {
67 if (SkipOpcode(opcode, &context, &skip_group)) {
68 continue;
71 // Evaluation block.
72 EvalResult result = opcode.Evaluate(parameters, param_count, &context);
73 switch (result) {
74 case EVAL_FALSE:
75 evaluation = false;
76 if (kPolUseOREval != context.options) {
77 skip_group = true;
79 break;
80 case EVAL_ERROR:
81 if (kStopOnErrors & options) {
82 return POLICY_ERROR;
84 break;
85 case EVAL_TRUE:
86 evaluation = true;
87 if (kPolUseOREval == context.options) {
88 skip_group = true;
90 break;
91 default:
92 // We have evaluated an action.
93 SetInternalState(ix, result);
94 return POLICY_MATCH;
98 if (evaluation) {
99 // Reaching the end of the policy with a positive evaluation is probably
100 // an error: we did not find a final action opcode?
101 return POLICY_ERROR;
103 return NO_POLICY_MATCH;
107 } // namespace sandbox