133873d2b41a5cd2597b20a4e88eb8942944c0f23Tyler Schultz// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. 2f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard// Use of this source code is governed by a BSD-style license that can be 322d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy// found in the LICENSE file. 4c195766c9cdf11194bd8ce283975b05947a232bfJoe Moore & Ryan Richard 522d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy#include "sandbox/win/src/filesystem_dispatcher.h" 6f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard 7f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard#include "sandbox/win/src/crosscall_client.h" 8f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard#include "sandbox/win/src/filesystem_interception.h" 922d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy#include "sandbox/win/src/filesystem_policy.h" 1022d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy#include "sandbox/win/src/interception.h" 11c195766c9cdf11194bd8ce283975b05947a232bfJoe Moore & Ryan Richard#include "sandbox/win/src/interceptors.h" 1222c22c9aa4ca68c2deac6164edc1d82bc9645310Christian Williams & Phil Goodwin#include "sandbox/win/src/ipc_tags.h" 1322c22c9aa4ca68c2deac6164edc1d82bc9645310Christian Williams & Phil Goodwin#include "sandbox/win/src/policy_broker.h" 14f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin#include "sandbox/win/src/policy_params.h" 15f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard#include "sandbox/win/src/sandbox.h" 16f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard#include "sandbox/win/src/sandbox_nt_util.h" 17be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore 18f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richardnamespace sandbox { 19f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin 20f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil GoodwinFilesystemDispatcher::FilesystemDispatcher(PolicyBase* policy_base) 21f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard : policy_base_(policy_base) { 22f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard static const IPCCall create_params = { 23afe0a89d904a7fe2f5980b9deb26cc3240192459Christian Williams {IPC_NTCREATEFILE_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE, 2407e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard ULONG_TYPE, ULONG_TYPE, ULONG_TYPE}, 2507e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard reinterpret_cast<CallbackGeneric>(&FilesystemDispatcher::NtCreateFile) 26be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore }; 2707e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard 28f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin static const IPCCall open_file = { 29f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin {IPC_NTOPENFILE_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE, 30cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin ULONG_TYPE}, 3107e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard reinterpret_cast<CallbackGeneric>(&FilesystemDispatcher::NtOpenFile) 3207e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard }; 33943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard 34a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz static const IPCCall attribs = { 35a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz {IPC_NTQUERYATTRIBUTESFILE_TAG, WCHAR_TYPE, ULONG_TYPE, INOUTPTR_TYPE}, 3601c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard reinterpret_cast<CallbackGeneric>( 37be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry &FilesystemDispatcher::NtQueryAttributesFile) 38f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard }; 39f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard 40f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard static const IPCCall full_attribs = { 41be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore {IPC_NTQUERYFULLATTRIBUTESFILE_TAG, WCHAR_TYPE, ULONG_TYPE, INOUTPTR_TYPE}, 42be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore reinterpret_cast<CallbackGeneric>( 43be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore &FilesystemDispatcher::NtQueryFullAttributesFile) 44c195766c9cdf11194bd8ce283975b05947a232bfJoe Moore & Ryan Richard }; 4597ffcf00dfda4a2c5c67264df1ce9ee64c925823Ryan Richard 46a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz static const IPCCall set_info = { 4797ffcf00dfda4a2c5c67264df1ce9ee64c925823Ryan Richard {IPC_NTSETINFO_RENAME_TAG, VOIDPTR_TYPE, INOUTPTR_TYPE, INOUTPTR_TYPE, 48f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard ULONG_TYPE, ULONG_TYPE}, 49f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard reinterpret_cast<CallbackGeneric>( 50f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard &FilesystemDispatcher::NtSetInformationFile) 5122d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy }; 5222d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy 5322d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy ipc_calls_.push_back(create_params); 5422d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy ipc_calls_.push_back(open_file); 5522d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy ipc_calls_.push_back(attribs); 5622d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy ipc_calls_.push_back(full_attribs); 5722d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy ipc_calls_.push_back(set_info); 5822d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy} 5922d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppy 6022d17eb1febbe07fdb6785467273e48c0ab1ed4fJohn Stuppybool FilesystemDispatcher::SetupService(InterceptionManager* manager, 613eeaacd94b8bf41d08dfc7d93cbebb5936842020Chris Perry int service) { 623eeaacd94b8bf41d08dfc7d93cbebb5936842020Chris Perry switch (service) { 633eeaacd94b8bf41d08dfc7d93cbebb5936842020Chris Perry case IPC_NTCREATEFILE_TAG: 643eeaacd94b8bf41d08dfc7d93cbebb5936842020Chris Perry return INTERCEPT_NT(manager, NtCreateFile, CREATE_FILE_ID, 48); 653eeaacd94b8bf41d08dfc7d93cbebb5936842020Chris Perry 663eeaacd94b8bf41d08dfc7d93cbebb5936842020Chris Perry case IPC_NTOPENFILE_TAG: 67e429b89e0edf6b77099f40e7e3af40b0cc1e7fc4Amrit Thakur & Ryan Richard return INTERCEPT_NT(manager, NtOpenFile, OPEN_FILE_ID, 28); 68e429b89e0edf6b77099f40e7e3af40b0cc1e7fc4Amrit Thakur & Ryan Richard 69e429b89e0edf6b77099f40e7e3af40b0cc1e7fc4Amrit Thakur & Ryan Richard case IPC_NTQUERYATTRIBUTESFILE_TAG: 70e429b89e0edf6b77099f40e7e3af40b0cc1e7fc4Amrit Thakur & Ryan Richard return INTERCEPT_NT(manager, NtQueryAttributesFile, QUERY_ATTRIB_FILE_ID, 71e429b89e0edf6b77099f40e7e3af40b0cc1e7fc4Amrit Thakur & Ryan Richard 12); 72e429b89e0edf6b77099f40e7e3af40b0cc1e7fc4Amrit Thakur & Ryan Richard 73e429b89e0edf6b77099f40e7e3af40b0cc1e7fc4Amrit Thakur & Ryan Richard case IPC_NTQUERYFULLATTRIBUTESFILE_TAG: 743eeaacd94b8bf41d08dfc7d93cbebb5936842020Chris Perry return INTERCEPT_NT(manager, NtQueryFullAttributesFile, 75f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard QUERY_FULL_ATTRIB_FILE_ID, 12); 76f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard 77f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard case IPC_NTSETINFO_RENAME_TAG: 78f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard return INTERCEPT_NT(manager, NtSetInformationFile, SET_INFO_FILE_ID, 24); 79bbf6ae3d37d2303d8463094096ef0bb9906fd658Christian Williams 80cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin default: 81cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin return false; 82cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin } 83cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin} 84f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard 85a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richardbool FilesystemDispatcher::NtCreateFile( 86a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richard IPCInfo* ipc, base::string16* name, DWORD attributes, DWORD desired_access, 87a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richard DWORD file_attributes, DWORD share_access, DWORD create_disposition, 88a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richard DWORD create_options) { 89a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richard if (!PreProcessName(*name, name)) { 907bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato // The path requested might contain a reparse point. 917bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 927bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato return true; 937bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato } 947bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato 957bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato const wchar_t* filename = name->c_str(); 967bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato 977bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato ULONG broker = TRUE; 987bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato CountedParameterSet<OpenFile> params; 997bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato params[OpenFile::NAME] = ParamPickerMake(filename); 1007bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato params[OpenFile::ACCESS] = ParamPickerMake(desired_access); 1017bef99eb8838ef331baa479e726f5b0fe8cc2f69Tony Allevato params[OpenFile::OPTIONS] = ParamPickerMake(create_options); 102f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard params[OpenFile::BROKER] = ParamPickerMake(broker); 103f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard 104f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard // To evaluate the policy we need to call back to the policy object. We 105f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard // are just middlemen in the operation since is the FileSystemPolicy which 106a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richard // knows what to do. 107a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richard EvalResult result = policy_base_->EvalPolicy(IPC_NTCREATEFILE_TAG, 108a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richard params.GetBase()); 109a329318a8b2661107af6f9b25ffecf892b3c2c72Christian Williams & Ryan Richard HANDLE handle; 110cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin ULONG_PTR io_information = 0; 111be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore NTSTATUS nt_status; 112be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore if (!FileSystemPolicy::CreateFileAction(result, *ipc->client_info, *name, 113be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore attributes, desired_access, 114be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore file_attributes, share_access, 11507e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard create_disposition, create_options, 11607e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard &handle, &nt_status, 11707e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard &io_information)) { 11807e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 11907e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard return true; 12007e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard } 12107e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard // Return operation status on the IPC. 12207e6c6574361950efbc98100729ccc2646c60000Chris Heisterkamp & Ryan Richard ipc->return_info.extended[0].ulong_ptr = io_information; 123cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin ipc->return_info.nt_status = nt_status; 124cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin ipc->return_info.handle = handle; 125cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin return true; 126cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin} 127cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin 128cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwinbool FilesystemDispatcher::NtOpenFile( 129cc54a84f7c9f42028529e545e50b043e83f53c1cChristian Williams & Phil Goodwin IPCInfo* ipc, base::string16* name, DWORD attributes, DWORD desired_access, 130f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin DWORD share_access, DWORD open_options) { 131a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz if (!PreProcessName(*name, name)) { 132a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz // The path requested might contain a reparse point. 133a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 134a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz return true; 135a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz } 136a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz 137a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz const wchar_t* filename = name->c_str(); 138a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz 139a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz ULONG broker = TRUE; 140a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz CountedParameterSet<OpenFile> params; 141a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz params[OpenFile::NAME] = ParamPickerMake(filename); 142a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz params[OpenFile::ACCESS] = ParamPickerMake(desired_access); 143a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz params[OpenFile::OPTIONS] = ParamPickerMake(open_options); 144a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz params[OpenFile::BROKER] = ParamPickerMake(broker); 145a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz 146a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz // To evaluate the policy we need to call back to the policy object. We 147a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz // are just middlemen in the operation since is the FileSystemPolicy which 148a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz // knows what to do. 149a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz EvalResult result = policy_base_->EvalPolicy(IPC_NTOPENFILE_TAG, 150a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz params.GetBase()); 151a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz HANDLE handle; 152a739b57a6b1a99f14d586f609f0f62f48b8e2284Ian Fisher & Tyler Schultz ULONG_PTR io_information = 0; 153f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin NTSTATUS nt_status; 154f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin if (!FileSystemPolicy::OpenFileAction(result, *ipc->client_info, *name, 155f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin attributes, desired_access, 156f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin share_access, open_options, &handle, 157f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin &nt_status, &io_information)) { 158f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 159f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin return true; 160f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin } 161f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin // Return operation status on the IPC. 162f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin ipc->return_info.extended[0].ulong_ptr = io_information; 163f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin ipc->return_info.nt_status = nt_status; 164f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin ipc->return_info.handle = handle; 165f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin return true; 166f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin} 167f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin 168f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwinbool FilesystemDispatcher::NtQueryAttributesFile( 169f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin IPCInfo* ipc, base::string16* name, DWORD attributes, CountedBuffer* info) { 170f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin if (sizeof(FILE_BASIC_INFORMATION) != info->Size()) 171f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin return false; 172f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin 173f58c6545761402d3ad215566a49b0add7f6192d3Christian Williams & Phil Goodwin if (!PreProcessName(*name, name)) { 174943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard // The path requested might contain a reparse point. 175943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 176943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard return true; 177943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard } 178943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard 179943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard ULONG broker = TRUE; 180be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry const wchar_t* filename = name->c_str(); 181be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry CountedParameterSet<FileName> params; 182be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry params[FileName::NAME] = ParamPickerMake(filename); 183be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry params[FileName::BROKER] = ParamPickerMake(broker); 184be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry 185943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard // To evaluate the policy we need to call back to the policy object. We 186943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard // are just middlemen in the operation since is the FileSystemPolicy which 187943e068baab69a32d09bfe0dcb5901911224d1baLowell Kirsh & Ryan Richard // knows what to do. 188be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore EvalResult result = policy_base_->EvalPolicy(IPC_NTQUERYATTRIBUTESFILE_TAG, 189be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore params.GetBase()); 190be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore 191be87a589a85b713d1755c36b2eca8462177f91f3David Farber & Joe Moore FILE_BASIC_INFORMATION* information = 19201c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard reinterpret_cast<FILE_BASIC_INFORMATION*>(info->Buffer()); 19301c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard NTSTATUS nt_status; 19401c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard if (!FileSystemPolicy::QueryAttributesFileAction(result, *ipc->client_info, 19501c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard *name, attributes, 19601c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard information, &nt_status)) { 19701c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 19801c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard return true; 19901c59a01c55d6cfd4b3da34a5036ba9a1c314dc2Aaron VonderHaar & Ryan Richard } 200be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry 201be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry // Return operation status on the IPC. 202be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry ipc->return_info.nt_status = nt_status; 203be2bfccace90099e150bae69ddfef42f501e997cAaron VonderHaar & Chris Perry return true; 204f1e19869f68b5b04688cc9701c3e2bf73cd35f76Ryan Richard} 205 206bool FilesystemDispatcher::NtQueryFullAttributesFile( 207 IPCInfo* ipc, base::string16* name, DWORD attributes, CountedBuffer* info) { 208 if (sizeof(FILE_NETWORK_OPEN_INFORMATION) != info->Size()) 209 return false; 210 211 if (!PreProcessName(*name, name)) { 212 // The path requested might contain a reparse point. 213 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 214 return true; 215 } 216 217 ULONG broker = TRUE; 218 const wchar_t* filename = name->c_str(); 219 CountedParameterSet<FileName> params; 220 params[FileName::NAME] = ParamPickerMake(filename); 221 params[FileName::BROKER] = ParamPickerMake(broker); 222 223 // To evaluate the policy we need to call back to the policy object. We 224 // are just middlemen in the operation since is the FileSystemPolicy which 225 // knows what to do. 226 EvalResult result = policy_base_->EvalPolicy( 227 IPC_NTQUERYFULLATTRIBUTESFILE_TAG, params.GetBase()); 228 229 FILE_NETWORK_OPEN_INFORMATION* information = 230 reinterpret_cast<FILE_NETWORK_OPEN_INFORMATION*>(info->Buffer()); 231 NTSTATUS nt_status; 232 if (!FileSystemPolicy::QueryFullAttributesFileAction(result, 233 *ipc->client_info, 234 *name, attributes, 235 information, 236 &nt_status)) { 237 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 238 return true; 239 } 240 241 // Return operation status on the IPC. 242 ipc->return_info.nt_status = nt_status; 243 return true; 244} 245 246bool FilesystemDispatcher::NtSetInformationFile( 247 IPCInfo* ipc, HANDLE handle, CountedBuffer* status, CountedBuffer* info, 248 DWORD length, DWORD info_class) { 249 if (sizeof(IO_STATUS_BLOCK) != status->Size()) 250 return false; 251 if (length != info->Size()) 252 return false; 253 254 FILE_RENAME_INFORMATION* rename_info = 255 reinterpret_cast<FILE_RENAME_INFORMATION*>(info->Buffer()); 256 257 if (!IsSupportedRenameCall(rename_info, length, info_class)) 258 return false; 259 260 base::string16 name; 261 name.assign(rename_info->FileName, rename_info->FileNameLength / 262 sizeof(rename_info->FileName[0])); 263 if (!PreProcessName(name, &name)) { 264 // The path requested might contain a reparse point. 265 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 266 return true; 267 } 268 269 ULONG broker = TRUE; 270 const wchar_t* filename = name.c_str(); 271 CountedParameterSet<FileName> params; 272 params[FileName::NAME] = ParamPickerMake(filename); 273 params[FileName::BROKER] = ParamPickerMake(broker); 274 275 // To evaluate the policy we need to call back to the policy object. We 276 // are just middlemen in the operation since is the FileSystemPolicy which 277 // knows what to do. 278 EvalResult result = policy_base_->EvalPolicy(IPC_NTSETINFO_RENAME_TAG, 279 params.GetBase()); 280 281 IO_STATUS_BLOCK* io_status = 282 reinterpret_cast<IO_STATUS_BLOCK*>(status->Buffer()); 283 NTSTATUS nt_status; 284 if (!FileSystemPolicy::SetInformationFileAction(result, *ipc->client_info, 285 handle, rename_info, length, 286 info_class, io_status, 287 &nt_status)) { 288 ipc->return_info.nt_status = STATUS_ACCESS_DENIED; 289 return true; 290 } 291 292 // Return operation status on the IPC. 293 ipc->return_info.nt_status = nt_status; 294 return true; 295} 296 297} // namespace sandbox 298