sandbox/win/src/policy_low_level.h

   1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef SANDBOX_SRC_POLICY_LOW_LEVEL_H__
   6 #define SANDBOX_SRC_POLICY_LOW_LEVEL_H__
   7
   8 #include <list>
   9
  10 #include "base/basictypes.h"
  11 #include "base/strings/string16.h"
  12 #include "sandbox/win/src/ipc_tags.h"
  13 #include "sandbox/win/src/policy_engine_params.h"
  14 #include "sandbox/win/src/policy_engine_opcodes.h"
  15
  16 // Low level policy classes.
  17 // Built on top of the PolicyOpcode and OpcodeFatory, the low level policy
  18 // provides a way to define rules on strings and numbers but it is unaware
  19 // of Windows specific details or how the Interceptions must be set up.
  20 // To use these classes you construct one or more rules and add them to the
  21 // LowLevelPolicy object like this:
  22 //
  23 //   PolicyRule rule1(ASK_BROKER);
  24 //   rule1.AddStringMatch(IF, 0, L"\\\\/?/?\\c:\\*Microsoft*\\*.exe", true);
  25 //   rule1.AddNumberMatch(IF_NOT, 1, CREATE_ALWAYS, EQUAL);
  26 //   rule1.AddNumberMatch(IF, 2, FILE_ATTRIBUTE_NORMAL, EQUAL);
  27 //
  28 //   PolicyRule rule2(FAKE_SUCCESS);
  29 //   rule2.AddStringMatch(IF, 0, L"\\\\/?/?\\Pipe\\Chrome.*", false));
  30 //   rule2.AddNumberMatch(IF, 1, OPEN_EXISTING, EQUAL));
  31 //
  32 //   LowLevelPolicy policyGen(*policy_memory);
  33 //   policyGen.AddRule(kNtCreateFileSvc, &rule1);
  34 //   policyGen.AddRule(kNtCreateFileSvc, &rule2);
  35 //   policyGen.Done();
  36 //
  37 // At this point (error checking omitted) the policy_memory can be copied
  38 // to the target process where it can be evaluated.
  39
  40 namespace sandbox {
  41
  42 // TODO(cpu): Move this constant to crosscall_client.h.
  43 const size_t kMaxServiceCount = 32;
  44 static_assert(IPC_LAST_TAG <= kMaxServiceCount,
  45               "kMaxServiceCount is too low");
  46
  47 // Defines the memory layout of the policy. This memory is filled by
  48 // LowLevelPolicy object.
  49 // For example:
  50 //
  51 //  [Service 0] --points to---\
  52 //  [Service 1] --------------|-----\
  53 //   ......                   |     |
  54 //  [Service N]               |     |
  55 //  [data_size]               |     |
  56 //  [Policy Buffer 0] <-------/     |
  57 //  [opcodes of]                    |
  58 //  .......                         |
  59 //  [Policy Buffer 1] <-------------/
  60 //  [opcodes]
  61 //  .......
  62 //  .......
  63 //  [Policy Buffer N]
  64 //  [opcodes]
  65 //  .......
  66 //   <possibly unused space here>
  67 //  .......
  68 //  [opcode string ]
  69 //  [opcode string ]
  70 //  .......
  71 //  [opcode string ]
  72 struct PolicyGlobal {
  73   PolicyBuffer* entry[kMaxServiceCount];
  74   size_t data_size;
  75   PolicyBuffer data[1];
  76 };
  77
  78 class PolicyRule;
  79
  80 // Provides the means to collect rules into a policy store (memory)
  81 class LowLevelPolicy {
  82  public:
  83   // policy_store: must contain allocated memory and the internal
  84   // size fields set to correct values.
  85   explicit LowLevelPolicy(PolicyGlobal* policy_store)
  86       : policy_store_(policy_store) {
  87   }
  88
  89   // Destroys all the policy rules.
  90   ~LowLevelPolicy();
  91
  92   // Adds a rule to be generated when Done() is called.
  93   // service: The id of the service that this rule is associated with,
  94   // for example the 'Open Thread' service or the "Create File" service.
  95   // returns false on error.
  96   bool AddRule(int service, PolicyRule* rule);
  97
  98   // Generates all the rules added with AddRule() into the memory area
  99   // passed on the constructor. Returns false on error.
 100   bool Done();
 101
 102  private:
 103   struct RuleNode {
 104     const PolicyRule* rule;
 105     int service;
 106   };
 107   std::list<RuleNode> rules_;
 108   PolicyGlobal* policy_store_;
 109   DISALLOW_IMPLICIT_CONSTRUCTORS(LowLevelPolicy);
 110 };
 111
 112 // There are 'if' rules and 'if not' comparisons
 113 enum RuleType {
 114   IF = 0,
 115   IF_NOT = 1,
 116 };
 117
 118 // Possible comparisons for numbers
 119 enum RuleOp {
 120   EQUAL,
 121   AND,
 122   RANGE   // TODO(cpu): Implement this option.
 123 };
 124
 125 // Provides the means to collect a set of comparisons into a single
 126 // rule and its associated action.
 127 class PolicyRule {
 128   friend class LowLevelPolicy;
 129
 130  public:
 131   explicit PolicyRule(EvalResult action);
 132   PolicyRule(const PolicyRule& other);
 133   ~PolicyRule();
 134
 135   // Adds a string comparison to the rule.
 136   // rule_type: possible values are IF and IF_NOT.
 137   // parameter: the expected index of the argument for this rule. For example
 138   // in a 'create file' service the file name argument can be at index 0.
 139   // string: is the desired matching pattern.
 140   // match_opts: if the pattern matching is case sensitive or not.
 141   bool AddStringMatch(RuleType rule_type, int16 parameter,
 142                       const wchar_t* string, StringMatchOptions match_opts);
 143
 144   // Adds a number match comparison to the rule.
 145   // rule_type: possible values are IF and IF_NOT.
 146   // parameter: the expected index of the argument for this rule.
 147   // number: the value to compare the input to.
 148   // comparison_op: the comparison kind (equal, logical and, etc).
 149   bool AddNumberMatch(RuleType rule_type,
 150                       int16 parameter,
 151                       uint32 number,
 152                       RuleOp comparison_op);
 153
 154   // Returns the number of opcodes generated so far.
 155   size_t GetOpcodeCount() const {
 156     return buffer_->opcode_count;
 157   }
 158
 159   // Called when there is no more comparisons to add. Internally it generates
 160   // the last opcode (the action opcode). Returns false if this operation fails.
 161   bool Done();
 162
 163  private:
 164   void operator=(const PolicyRule&);
 165   // Called in a loop from AddStringMatch to generate the required string
 166   // match opcodes. rule_type, match_opts and parameter are the same as
 167   // in AddStringMatch.
 168   bool GenStringOpcode(RuleType rule_type, StringMatchOptions match_opts,
 169                        uint16 parameter, int state, bool last_call,
 170                        int* skip_count, base::string16* fragment);
 171
 172   // Loop over all generated opcodes and copy them to increasing memory
 173   // addresses from opcode_start and copy the extra data (strings usually) into
 174   // decreasing addresses from data_start. Extra data is only present in the
 175   // string evaluation opcodes.
 176   bool RebindCopy(PolicyOpcode* opcode_start, size_t opcode_size,
 177                   char* data_start, size_t* data_size) const;
 178   PolicyBuffer* buffer_;
 179   OpcodeFactory* opcode_factory_;
 180   EvalResult action_;
 181   bool done_;
 182 };
 183
 184 }  // namespace sandbox
 185
 186 #endif  // SANDBOX_SRC_POLICY_LOW_LEVEL_H__