diff options
| author | pkasting <pkasting@chromium.org> | 2014-10-03 18:34:21 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-10-04 01:34:33 +0000 |
| commit | d17d10648a9a3f67ce31d6a598d19ef5f7cd3884 (patch) | |
| tree | 40249bb86714c5e1f734218d728345e0db59f2d1 /sandbox | |
| parent | c0c73d72f18bae9ba46e43cf13d1e7144d84fe5b (diff) | |
| download | chromium_src-d17d10648a9a3f67ce31d6a598d19ef5f7cd3884.zip chromium_src-d17d10648a9a3f67ce31d6a598d19ef5f7cd3884.tar.gz chromium_src-d17d10648a9a3f67ce31d6a598d19ef5f7cd3884.tar.bz2 | |
Fixes for more MSVC warnings, sandbox/ edition.
This is mainly about fixing warning C4244 about type conversions that
potentially truncate the value.
BUG=81439
TEST=none
Review URL: https://codereview.chromium.org/610943003
Cr-Commit-Position: refs/heads/master@{#298156}
Diffstat (limited to 'sandbox')
33 files changed, 351 insertions, 249 deletions
diff --git a/sandbox/win/src/crosscall_client.h b/sandbox/win/src/crosscall_client.h index 2715f96..2a482b4 100644 --- a/sandbox/win/src/crosscall_client.h +++ b/sandbox/win/src/crosscall_client.h @@ -47,7 +47,7 @@ const uint32 kIPCChannelSize = 1024; // IPC. These template facility can be made more sophisticated as need arises. // The default copy helper. It catches the general case where no other -// specialized template matches better. We set the type to ULONG_TYPE, so this +// specialized template matches better. We set the type to UINT32_TYPE, so this // only works with objects whose size is 32 bits. template<typename T> class CopyHelper { @@ -79,7 +79,7 @@ class CopyHelper { // Returns this object's type. ArgType GetType() { COMPILE_ASSERT(sizeof(T) == sizeof(uint32), need_specialization); - return ULONG_TYPE; + return UINT32_TYPE; } private: diff --git a/sandbox/win/src/crosscall_params.h b/sandbox/win/src/crosscall_params.h index cc82c16..4a71f69 100644 --- a/sandbox/win/src/crosscall_params.h +++ b/sandbox/win/src/crosscall_params.h @@ -200,14 +200,16 @@ class ActualCallParams : public CrossCallParams { // constructor. Pass the ipc unique tag as input explicit ActualCallParams(uint32 tag) : CrossCallParams(tag, NUMBER_PARAMS) { - param_info_[0].offset_ = parameters_ - reinterpret_cast<char*>(this); + param_info_[0].offset_ = + static_cast<uint32>(parameters_ - reinterpret_cast<char*>(this)); } // Testing-only constructor. Allows setting the |number_params| to a // wrong value. ActualCallParams(uint32 tag, uint32 number_params) : CrossCallParams(tag, number_params) { - param_info_[0].offset_ = parameters_ - reinterpret_cast<char*>(this); + param_info_[0].offset_ = + static_cast<uint32>(parameters_ - reinterpret_cast<char*>(this)); } // Testing-only method. Allows setting the apparent size to a wrong value. diff --git a/sandbox/win/src/crosscall_server.cc b/sandbox/win/src/crosscall_server.cc index 65a9084..a01af66 100644 --- a/sandbox/win/src/crosscall_server.cc +++ b/sandbox/win/src/crosscall_server.cc @@ -215,7 +215,7 @@ bool CrossCallParamsEx::GetParameter32(uint32 index, uint32* param) { uint32 size = 0; ArgType type; void* start = GetRawParameter(index, &size, &type); - if ((NULL == start) || (4 != size) || (ULONG_TYPE != type)) { + if ((NULL == start) || (4 != size) || (UINT32_TYPE != type)) { return false; } // Copy the 4 bytes. diff --git a/sandbox/win/src/filesystem_dispatcher.cc b/sandbox/win/src/filesystem_dispatcher.cc index 275122be..354fe4f 100644 --- a/sandbox/win/src/filesystem_dispatcher.cc +++ b/sandbox/win/src/filesystem_dispatcher.cc @@ -20,32 +20,32 @@ namespace sandbox { FilesystemDispatcher::FilesystemDispatcher(PolicyBase* policy_base) : policy_base_(policy_base) { static const IPCCall create_params = { - {IPC_NTCREATEFILE_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE, - ULONG_TYPE, ULONG_TYPE, ULONG_TYPE}, + {IPC_NTCREATEFILE_TAG, WCHAR_TYPE, UINT32_TYPE, UINT32_TYPE, UINT32_TYPE, + UINT32_TYPE, UINT32_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>(&FilesystemDispatcher::NtCreateFile) }; static const IPCCall open_file = { - {IPC_NTOPENFILE_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE, - ULONG_TYPE}, + {IPC_NTOPENFILE_TAG, WCHAR_TYPE, UINT32_TYPE, UINT32_TYPE, UINT32_TYPE, + UINT32_TYPE}, reinterpret_cast<CallbackGeneric>(&FilesystemDispatcher::NtOpenFile) }; static const IPCCall attribs = { - {IPC_NTQUERYATTRIBUTESFILE_TAG, WCHAR_TYPE, ULONG_TYPE, INOUTPTR_TYPE}, + {IPC_NTQUERYATTRIBUTESFILE_TAG, WCHAR_TYPE, UINT32_TYPE, INOUTPTR_TYPE}, reinterpret_cast<CallbackGeneric>( &FilesystemDispatcher::NtQueryAttributesFile) }; static const IPCCall full_attribs = { - {IPC_NTQUERYFULLATTRIBUTESFILE_TAG, WCHAR_TYPE, ULONG_TYPE, INOUTPTR_TYPE}, + {IPC_NTQUERYFULLATTRIBUTESFILE_TAG, WCHAR_TYPE, UINT32_TYPE, INOUTPTR_TYPE}, reinterpret_cast<CallbackGeneric>( &FilesystemDispatcher::NtQueryFullAttributesFile) }; static const IPCCall set_info = { {IPC_NTSETINFO_RENAME_TAG, VOIDPTR_TYPE, INOUTPTR_TYPE, INOUTPTR_TYPE, - ULONG_TYPE, ULONG_TYPE}, + UINT32_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>( &FilesystemDispatcher::NtSetInformationFile) }; @@ -82,10 +82,14 @@ bool FilesystemDispatcher::SetupService(InterceptionManager* manager, } } -bool FilesystemDispatcher::NtCreateFile( - IPCInfo* ipc, base::string16* name, DWORD attributes, DWORD desired_access, - DWORD file_attributes, DWORD share_access, DWORD create_disposition, - DWORD create_options) { +bool FilesystemDispatcher::NtCreateFile(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + uint32 desired_access, + uint32 file_attributes, + uint32 share_access, + uint32 create_disposition, + uint32 create_options) { if (!PreProcessName(*name, name)) { // The path requested might contain a reparse point. ipc->return_info.nt_status = STATUS_ACCESS_DENIED; @@ -94,7 +98,7 @@ bool FilesystemDispatcher::NtCreateFile( const wchar_t* filename = name->c_str(); - ULONG broker = TRUE; + uint32 broker = TRUE; CountedParameterSet<OpenFile> params; params[OpenFile::NAME] = ParamPickerMake(filename); params[OpenFile::ACCESS] = ParamPickerMake(desired_access); @@ -125,9 +129,12 @@ bool FilesystemDispatcher::NtCreateFile( return true; } -bool FilesystemDispatcher::NtOpenFile( - IPCInfo* ipc, base::string16* name, DWORD attributes, DWORD desired_access, - DWORD share_access, DWORD open_options) { +bool FilesystemDispatcher::NtOpenFile(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + uint32 desired_access, + uint32 share_access, + uint32 open_options) { if (!PreProcessName(*name, name)) { // The path requested might contain a reparse point. ipc->return_info.nt_status = STATUS_ACCESS_DENIED; @@ -136,7 +143,7 @@ bool FilesystemDispatcher::NtOpenFile( const wchar_t* filename = name->c_str(); - ULONG broker = TRUE; + uint32 broker = TRUE; CountedParameterSet<OpenFile> params; params[OpenFile::NAME] = ParamPickerMake(filename); params[OpenFile::ACCESS] = ParamPickerMake(desired_access); @@ -165,8 +172,10 @@ bool FilesystemDispatcher::NtOpenFile( return true; } -bool FilesystemDispatcher::NtQueryAttributesFile( - IPCInfo* ipc, base::string16* name, DWORD attributes, CountedBuffer* info) { +bool FilesystemDispatcher::NtQueryAttributesFile(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + CountedBuffer* info) { if (sizeof(FILE_BASIC_INFORMATION) != info->Size()) return false; @@ -176,7 +185,7 @@ bool FilesystemDispatcher::NtQueryAttributesFile( return true; } - ULONG broker = TRUE; + uint32 broker = TRUE; const wchar_t* filename = name->c_str(); CountedParameterSet<FileName> params; params[FileName::NAME] = ParamPickerMake(filename); @@ -203,8 +212,10 @@ bool FilesystemDispatcher::NtQueryAttributesFile( return true; } -bool FilesystemDispatcher::NtQueryFullAttributesFile( - IPCInfo* ipc, base::string16* name, DWORD attributes, CountedBuffer* info) { +bool FilesystemDispatcher::NtQueryFullAttributesFile(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + CountedBuffer* info) { if (sizeof(FILE_NETWORK_OPEN_INFORMATION) != info->Size()) return false; @@ -214,7 +225,7 @@ bool FilesystemDispatcher::NtQueryFullAttributesFile( return true; } - ULONG broker = TRUE; + uint32 broker = TRUE; const wchar_t* filename = name->c_str(); CountedParameterSet<FileName> params; params[FileName::NAME] = ParamPickerMake(filename); @@ -243,9 +254,12 @@ bool FilesystemDispatcher::NtQueryFullAttributesFile( return true; } -bool FilesystemDispatcher::NtSetInformationFile( - IPCInfo* ipc, HANDLE handle, CountedBuffer* status, CountedBuffer* info, - DWORD length, DWORD info_class) { +bool FilesystemDispatcher::NtSetInformationFile(IPCInfo* ipc, + HANDLE handle, + CountedBuffer* status, + CountedBuffer* info, + uint32 length, + uint32 info_class) { if (sizeof(IO_STATUS_BLOCK) != status->Size()) return false; if (length != info->Size()) @@ -266,7 +280,7 @@ bool FilesystemDispatcher::NtSetInformationFile( return true; } - ULONG broker = TRUE; + uint32 broker = TRUE; const wchar_t* filename = name.c_str(); CountedParameterSet<FileName> params; params[FileName::NAME] = ParamPickerMake(filename); diff --git a/sandbox/win/src/filesystem_dispatcher.h b/sandbox/win/src/filesystem_dispatcher.h index 257e4f7..935a084 100644 --- a/sandbox/win/src/filesystem_dispatcher.h +++ b/sandbox/win/src/filesystem_dispatcher.h @@ -23,33 +23,45 @@ class FilesystemDispatcher : public Dispatcher { private: // Processes IPC requests coming from calls to NtCreateFile in the target. - bool NtCreateFile(IPCInfo* ipc, base::string16* name, DWORD attributes, - DWORD desired_access, DWORD file_attributes, - DWORD share_access, DWORD create_disposition, - DWORD create_options); + bool NtCreateFile(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + uint32 desired_access, + uint32 file_attributes, + uint32 share_access, + uint32 create_disposition, + uint32 create_options); // Processes IPC requests coming from calls to NtOpenFile in the target. - bool NtOpenFile(IPCInfo* ipc, base::string16* name, DWORD attributes, - DWORD desired_access, DWORD share_access, - DWORD create_options); + bool NtOpenFile(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + uint32 desired_access, + uint32 share_access, + uint32 create_options); // Processes IPC requests coming from calls to NtQueryAttributesFile in the // target. - bool NtQueryAttributesFile(IPCInfo* ipc, base::string16* name, - DWORD attributes, + bool NtQueryAttributesFile(IPCInfo* ipc, + base::string16* name, + uint32 attributes, CountedBuffer* info); // Processes IPC requests coming from calls to NtQueryFullAttributesFile in // the target. - bool NtQueryFullAttributesFile(IPCInfo* ipc, base::string16* name, - DWORD attributes, CountedBuffer* info); + bool NtQueryFullAttributesFile(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + CountedBuffer* info); // Processes IPC requests coming from calls to NtSetInformationFile with the // rename information class. - bool NtSetInformationFile(IPCInfo* ipc, HANDLE handle, + bool NtSetInformationFile(IPCInfo* ipc, + HANDLE handle, CountedBuffer* status, - CountedBuffer* info, DWORD length, - DWORD info_class); + CountedBuffer* info, + uint32 length, + uint32 info_class); PolicyBase* policy_base_; DISALLOW_COPY_AND_ASSIGN(FilesystemDispatcher); diff --git a/sandbox/win/src/filesystem_interception.cc b/sandbox/win/src/filesystem_interception.cc index 2d9d36d..179cad5 100644 --- a/sandbox/win/src/filesystem_interception.cc +++ b/sandbox/win/src/filesystem_interception.cc @@ -52,11 +52,13 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile, if (!NT_SUCCESS(ret) || NULL == name) break; - ULONG broker = FALSE; + uint32 desired_access_uint32 = desired_access; + uint32 options_uint32 = options; + uint32 broker = FALSE; CountedParameterSet<OpenFile> params; params[OpenFile::NAME] = ParamPickerMake(name); - params[OpenFile::ACCESS] = ParamPickerMake(desired_access); - params[OpenFile::OPTIONS] = ParamPickerMake(options); + params[OpenFile::ACCESS] = ParamPickerMake(desired_access_uint32); + params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32); params[OpenFile::BROKER] = ParamPickerMake(broker); if (!QueryBroker(IPC_NTCREATEFILE_TAG, params.GetBase())) @@ -67,8 +69,8 @@ NTSTATUS WINAPI TargetNtCreateFile(NtCreateFileFunction orig_CreateFile, // The following call must match in the parameters with // FilesystemDispatcher::ProcessNtCreateFile. ResultCode code = CrossCall(ipc, IPC_NTCREATEFILE_TAG, name, attributes, - desired_access, file_attributes, sharing, - disposition, options, &answer); + desired_access_uint32, file_attributes, sharing, + disposition, options_uint32, &answer); if (SBOX_ALL_OK != code) break; @@ -123,11 +125,13 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file, if (!NT_SUCCESS(ret) || NULL == name) break; - ULONG broker = FALSE; + uint32 desired_access_uint32 = desired_access; + uint32 options_uint32 = options; + uint32 broker = FALSE; CountedParameterSet<OpenFile> params; params[OpenFile::NAME] = ParamPickerMake(name); - params[OpenFile::ACCESS] = ParamPickerMake(desired_access); - params[OpenFile::OPTIONS] = ParamPickerMake(options); + params[OpenFile::ACCESS] = ParamPickerMake(desired_access_uint32); + params[OpenFile::OPTIONS] = ParamPickerMake(options_uint32); params[OpenFile::BROKER] = ParamPickerMake(broker); if (!QueryBroker(IPC_NTOPENFILE_TAG, params.GetBase())) @@ -136,7 +140,8 @@ NTSTATUS WINAPI TargetNtOpenFile(NtOpenFileFunction orig_OpenFile, PHANDLE file, SharedMemIPCClient ipc(memory); CrossCallReturn answer = {0}; ResultCode code = CrossCall(ipc, IPC_NTOPENFILE_TAG, name, attributes, - desired_access, sharing, options, &answer); + desired_access_uint32, sharing, options_uint32, + &answer); if (SBOX_ALL_OK != code) break; @@ -190,7 +195,7 @@ NTSTATUS WINAPI TargetNtQueryAttributesFile( InOutCountedBuffer file_info(file_attributes, sizeof(FILE_BASIC_INFORMATION)); - ULONG broker = FALSE; + uint32 broker = FALSE; CountedParameterSet<FileName> params; params[FileName::NAME] = ParamPickerMake(name); params[FileName::BROKER] = ParamPickerMake(broker); @@ -251,7 +256,7 @@ NTSTATUS WINAPI TargetNtQueryFullAttributesFile( InOutCountedBuffer file_info(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION)); - ULONG broker = FALSE; + uint32 broker = FALSE; CountedParameterSet<FileName> params; params[FileName::NAME] = ParamPickerMake(name); params[FileName::BROKER] = ParamPickerMake(broker); @@ -326,7 +331,7 @@ NTSTATUS WINAPI TargetNtSetInformationFile( if (!NT_SUCCESS(ret) || !name) break; - ULONG broker = FALSE; + uint32 broker = FALSE; CountedParameterSet<FileName> params; params[FileName::NAME] = ParamPickerMake(name); params[FileName::BROKER] = ParamPickerMake(broker); diff --git a/sandbox/win/src/handle_dispatcher.cc b/sandbox/win/src/handle_dispatcher.cc index 02d0034..66308f4 100644 --- a/sandbox/win/src/handle_dispatcher.cc +++ b/sandbox/win/src/handle_dispatcher.cc @@ -20,8 +20,8 @@ namespace sandbox { HandleDispatcher::HandleDispatcher(PolicyBase* policy_base) : policy_base_(policy_base) { static const IPCCall duplicate_handle_proxy = { - {IPC_DUPLICATEHANDLEPROXY_TAG, VOIDPTR_TYPE, ULONG_TYPE, ULONG_TYPE, - ULONG_TYPE}, + {IPC_DUPLICATEHANDLEPROXY_TAG, VOIDPTR_TYPE, UINT32_TYPE, UINT32_TYPE, + UINT32_TYPE}, reinterpret_cast<CallbackGeneric>(&HandleDispatcher::DuplicateHandleProxy) }; @@ -41,9 +41,9 @@ bool HandleDispatcher::SetupService(InterceptionManager* manager, bool HandleDispatcher::DuplicateHandleProxy(IPCInfo* ipc, HANDLE source_handle, - DWORD target_process_id, - DWORD desired_access, - DWORD options) { + uint32 target_process_id, + uint32 desired_access, + uint32 options) { static NtQueryObject QueryObject = NULL; if (!QueryObject) ResolveNTFunctionPtr("NtQueryObject", &QueryObject); diff --git a/sandbox/win/src/handle_dispatcher.h b/sandbox/win/src/handle_dispatcher.h index a3dc6cf..739045d 100644 --- a/sandbox/win/src/handle_dispatcher.h +++ b/sandbox/win/src/handle_dispatcher.h @@ -23,9 +23,11 @@ class HandleDispatcher : public Dispatcher { private: // Processes IPC requests coming from calls to // TargetServices::DuplicateHandle() in the target. - bool DuplicateHandleProxy(IPCInfo* ipc, HANDLE source_handle, - DWORD target_process_id, DWORD desired_access, - DWORD options); + bool DuplicateHandleProxy(IPCInfo* ipc, + HANDLE source_handle, + uint32 target_process_id, + uint32 desired_access, + uint32 options); PolicyBase* policy_base_; DISALLOW_COPY_AND_ASSIGN(HandleDispatcher); diff --git a/sandbox/win/src/handle_table.cc b/sandbox/win/src/handle_table.cc index 3b2febe..5575dc0 100644 --- a/sandbox/win/src/handle_table.cc +++ b/sandbox/win/src/handle_table.cc @@ -66,7 +66,7 @@ HandleTable::HandleTable() { HandleTable::Iterator HandleTable::HandlesForProcess(ULONG process_id) const { SYSTEM_HANDLE_INFORMATION key; - key.ProcessId = process_id; + key.ProcessId = static_cast<USHORT>(process_id); const SYSTEM_HANDLE_INFORMATION* start = handle_info()->Information; const SYSTEM_HANDLE_INFORMATION* finish = diff --git a/sandbox/win/src/internal_types.h b/sandbox/win/src/internal_types.h index d5e2620..026bedb 100644 --- a/sandbox/win/src/internal_types.h +++ b/sandbox/win/src/internal_types.h @@ -17,7 +17,7 @@ const wchar_t kKernelBasedllName[] = L"kernelbase.dll"; enum ArgType { INVALID_TYPE = 0, WCHAR_TYPE, - ULONG_TYPE, + UINT32_TYPE, UNISTR_TYPE, VOIDPTR_TYPE, INPTR_TYPE, diff --git a/sandbox/win/src/ipc_unittest.cc b/sandbox/win/src/ipc_unittest.cc index 7bdd286..fc1f2a2 100644 --- a/sandbox/win/src/ipc_unittest.cc +++ b/sandbox/win/src/ipc_unittest.cc @@ -251,7 +251,7 @@ TEST(IPCTest, CrossCallIntPacking) { uint32 param_size = 1; void* param_addr = actual_params->GetRawParameter(0, ¶m_size, &type); ASSERT_EQ(sizeof(dw), param_size); - EXPECT_EQ(ULONG_TYPE, type); + EXPECT_EQ(UINT32_TYPE, type); ASSERT_TRUE(NULL != param_addr); EXPECT_EQ(0, memcmp(&dw, param_addr, param_size)); @@ -282,7 +282,7 @@ TEST(IPCTest, CrossCallIntPacking) { type = INVALID_TYPE; param_addr = actual_params->GetRawParameter(1, ¶m_size, &type); ASSERT_EQ(sizeof(dw), param_size); - EXPECT_EQ(ULONG_TYPE, type); + EXPECT_EQ(UINT32_TYPE, type); ASSERT_TRUE(NULL != param_addr); EXPECT_EQ(0, memcmp(&dw, param_addr, param_size)); type = INVALID_TYPE; @@ -302,7 +302,7 @@ TEST(IPCTest, CrossCallValidation) { const uint32 kTag = 33; const uint32 kBufferSize = 256; ActualCallParams<1, kBufferSize> params_1(kTag); - params_1.CopyParamIn(0, &value, sizeof(value), false, ULONG_TYPE); + params_1.CopyParamIn(0, &value, sizeof(value), false, UINT32_TYPE); void* buffer = const_cast<void*>(params_1.GetBuffer()); uint32 out_size = 0; @@ -322,7 +322,7 @@ TEST(IPCTest, CrossCallValidation) { for (int32 ix = -1; ix != 3; ++ix) { uint32 fake_num_params = (kuint32max / kPtrDiffSz) + ix; ActualCallParams<1, kBufferSize> params_2(kTag, fake_num_params); - params_2.CopyParamIn(0, &value, sizeof(value), false, ULONG_TYPE); + params_2.CopyParamIn(0, &value, sizeof(value), false, UINT32_TYPE); buffer = const_cast<void*>(params_2.GetBuffer()); EXPECT_TRUE(NULL != buffer); @@ -333,7 +333,7 @@ TEST(IPCTest, CrossCallValidation) { } ActualCallParams<1, kBufferSize> params_3(kTag, 1); - params_3.CopyParamIn(0, &value, sizeof(value), false, ULONG_TYPE); + params_3.CopyParamIn(0, &value, sizeof(value), false, UINT32_TYPE); buffer = const_cast<void*>(params_3.GetBuffer()); EXPECT_TRUE(NULL != buffer); @@ -352,7 +352,7 @@ TEST(IPCTest, CrossCallValidation) { // Make sure that two parameters work as expected. ActualCallParams<2, kBufferSize> params_4(kTag, 2); - params_4.CopyParamIn(0, &value, sizeof(value), false, ULONG_TYPE); + params_4.CopyParamIn(0, &value, sizeof(value), false, UINT32_TYPE); params_4.CopyParamIn(1, buffer, sizeof(buffer), false, VOIDPTR_TYPE); buffer = const_cast<void*>(params_4.GetBuffer()); EXPECT_TRUE(NULL != buffer); @@ -572,25 +572,25 @@ class UnitTestIPCDispatcher : public Dispatcher { } private: - bool CallOneHandler(IPCInfo* ipc, HANDLE p1, DWORD p2) { + bool CallOneHandler(IPCInfo* ipc, HANDLE p1, uint32 p2) { ipc->return_info.extended[0].handle = p1; ipc->return_info.extended[1].unsigned_int = p2; return true; } - bool CallTwoHandler(IPCInfo* ipc, HANDLE p1, DWORD p2) { + bool CallTwoHandler(IPCInfo* ipc, HANDLE p1, uint32 p2) { return true; } }; UnitTestIPCDispatcher::UnitTestIPCDispatcher() { static const IPCCall call_one = { - {CALL_ONE_TAG, VOIDPTR_TYPE, ULONG_TYPE}, + {CALL_ONE_TAG, VOIDPTR_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>( &UnitTestIPCDispatcher::CallOneHandler) }; static const IPCCall call_two = { - {CALL_TWO_TAG, VOIDPTR_TYPE, ULONG_TYPE}, + {CALL_TWO_TAG, VOIDPTR_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>( &UnitTestIPCDispatcher::CallTwoHandler) }; diff --git a/sandbox/win/src/named_pipe_dispatcher.cc b/sandbox/win/src/named_pipe_dispatcher.cc index daf88f8..5527319 100644 --- a/sandbox/win/src/named_pipe_dispatcher.cc +++ b/sandbox/win/src/named_pipe_dispatcher.cc @@ -23,8 +23,8 @@ namespace sandbox { NamedPipeDispatcher::NamedPipeDispatcher(PolicyBase* policy_base) : policy_base_(policy_base) { static const IPCCall create_params = { - {IPC_CREATENAMEDPIPEW_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE, ULONG_TYPE, - ULONG_TYPE, ULONG_TYPE, ULONG_TYPE}, + {IPC_CREATENAMEDPIPEW_TAG, WCHAR_TYPE, UINT32_TYPE, UINT32_TYPE, + UINT32_TYPE, UINT32_TYPE, UINT32_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>(&NamedPipeDispatcher::CreateNamedPipe) }; @@ -40,10 +40,14 @@ bool NamedPipeDispatcher::SetupService(InterceptionManager* manager, return false; } -bool NamedPipeDispatcher::CreateNamedPipe( - IPCInfo* ipc, base::string16* name, DWORD open_mode, DWORD pipe_mode, - DWORD max_instances, DWORD out_buffer_size, DWORD in_buffer_size, - DWORD default_timeout) { +bool NamedPipeDispatcher::CreateNamedPipe(IPCInfo* ipc, + base::string16* name, + uint32 open_mode, + uint32 pipe_mode, + uint32 max_instances, + uint32 out_buffer_size, + uint32 in_buffer_size, + uint32 default_timeout) { ipc->return_info.win32_result = ERROR_ACCESS_DENIED; ipc->return_info.handle = INVALID_HANDLE_VALUE; diff --git a/sandbox/win/src/named_pipe_dispatcher.h b/sandbox/win/src/named_pipe_dispatcher.h index 0707284..1b87828 100644 --- a/sandbox/win/src/named_pipe_dispatcher.h +++ b/sandbox/win/src/named_pipe_dispatcher.h @@ -24,10 +24,14 @@ class NamedPipeDispatcher : public Dispatcher { private: // Processes IPC requests coming from calls to CreateNamedPipeW() in the // target. - bool CreateNamedPipe(IPCInfo* ipc, base::string16* name, DWORD open_mode, - DWORD pipe_mode, DWORD max_instances, - DWORD out_buffer_size, DWORD in_buffer_size, - DWORD default_timeout); + bool CreateNamedPipe(IPCInfo* ipc, + base::string16* name, + uint32 open_mode, + uint32 pipe_mode, + uint32 max_instances, + uint32 out_buffer_size, + uint32 in_buffer_size, + uint32 default_timeout); PolicyBase* policy_base_; DISALLOW_COPY_AND_ASSIGN(NamedPipeDispatcher); diff --git a/sandbox/win/src/policy_engine_opcodes.cc b/sandbox/win/src/policy_engine_opcodes.cc index 5a03ea1..24ba119 100644 --- a/sandbox/win/src/policy_engine_opcodes.cc +++ b/sandbox/win/src/policy_engine_opcodes.cc @@ -106,17 +106,17 @@ EvalResult OpcodeEval<OP_ACTION>(PolicyOpcode* opcode, ////////////////////////////////////////////////////////////////////////////// // Opcode OpNumberMatch: -// Requires a unsigned long or void* in selected_param +// Requires a uint32 or void* in selected_param // Argument 0 is the stored number to match. // Argument 1 is the C++ type of the 0th argument. PolicyOpcode* OpcodeFactory::MakeOpNumberMatch(int16 selected_param, - unsigned long match, + uint32 match, uint32 options) { PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH, options, selected_param); if (NULL == opcode) return NULL; opcode->SetArgument(0, match); - opcode->SetArgument(1, ULONG_TYPE); + opcode->SetArgument(1, UINT32_TYPE); return opcode; } @@ -135,11 +135,11 @@ EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, const ParameterSet* param, MatchContext* context) { UNREFERENCED_PARAMETER(context); - unsigned long value_ulong = 0; - if (param->Get(&value_ulong)) { - unsigned long match_ulong = 0; - opcode->GetArgument(0, &match_ulong); - return (match_ulong != value_ulong)? EVAL_FALSE : EVAL_TRUE; + uint32 value_uint32 = 0; + if (param->Get(&value_uint32)) { + uint32 match_uint32 = 0; + opcode->GetArgument(0, &match_uint32); + return (match_uint32 != value_uint32)? EVAL_FALSE : EVAL_TRUE; } else { const void* value_ptr = NULL; if (param->Get(&value_ptr)) { @@ -152,19 +152,19 @@ EvalResult OpcodeEval<OP_NUMBER_MATCH>(PolicyOpcode* opcode, } ////////////////////////////////////////////////////////////////////////////// -// Opcode OpUlongMatchRange -// Requires a unsigned long in selected_param. +// Opcode OpNumberMatchRange +// Requires a uint32 in selected_param. // Argument 0 is the stored lower bound to match. // Argument 1 is the stored upper bound to match. -PolicyOpcode* OpcodeFactory::MakeOpUlongMatchRange(int16 selected_param, - unsigned long lower_bound, - unsigned long upper_bound, - uint32 options) { +PolicyOpcode* OpcodeFactory::MakeOpNumberMatchRange(int16 selected_param, + uint32 lower_bound, + uint32 upper_bound, + uint32 options) { if (lower_bound > upper_bound) { return NULL; } - PolicyOpcode* opcode = MakeBase(OP_ULONG_MATCH_RANGE, options, + PolicyOpcode* opcode = MakeBase(OP_NUMBER_MATCH_RANGE, options, selected_param); if (NULL == opcode) return NULL; opcode->SetArgument(0, lower_bound); @@ -173,15 +173,15 @@ PolicyOpcode* OpcodeFactory::MakeOpUlongMatchRange(int16 selected_param, } template <> -EvalResult OpcodeEval<OP_ULONG_MATCH_RANGE>(PolicyOpcode* opcode, - const ParameterSet* param, - MatchContext* context) { +EvalResult OpcodeEval<OP_NUMBER_MATCH_RANGE>(PolicyOpcode* opcode, + const ParameterSet* param, + MatchContext* context) { UNREFERENCED_PARAMETER(context); - unsigned long value = 0; + uint32 value = 0; if (!param->Get(&value)) return EVAL_ERROR; - unsigned long lower_bound = 0; - unsigned long upper_bound = 0; + uint32 lower_bound = 0; + uint32 upper_bound = 0; opcode->GetArgument(0, &lower_bound); opcode->GetArgument(1, &upper_bound); return((lower_bound <= value) && (upper_bound >= value))? @@ -189,28 +189,28 @@ EvalResult OpcodeEval<OP_ULONG_MATCH_RANGE>(PolicyOpcode* opcode, } ////////////////////////////////////////////////////////////////////////////// -// Opcode OpUlongAndMatch: -// Requires a unsigned long in selected_param. +// Opcode OpNumberAndMatch: +// Requires a uint32 in selected_param. // Argument 0 is the stored number to match. -PolicyOpcode* OpcodeFactory::MakeOpUlongAndMatch(int16 selected_param, - unsigned long match, - uint32 options) { - PolicyOpcode* opcode = MakeBase(OP_ULONG_AND_MATCH, options, selected_param); +PolicyOpcode* OpcodeFactory::MakeOpNumberAndMatch(int16 selected_param, + uint32 match, + uint32 options) { + PolicyOpcode* opcode = MakeBase(OP_NUMBER_AND_MATCH, options, selected_param); if (NULL == opcode) return NULL; opcode->SetArgument(0, match); return opcode; } template <> -EvalResult OpcodeEval<OP_ULONG_AND_MATCH>(PolicyOpcode* opcode, - const ParameterSet* param, - MatchContext* context) { +EvalResult OpcodeEval<OP_NUMBER_AND_MATCH>(PolicyOpcode* opcode, + const ParameterSet* param, + MatchContext* context) { UNREFERENCED_PARAMETER(context); - unsigned long value = 0; + uint32 value = 0; if (!param->Get(&value)) return EVAL_ERROR; - unsigned long number = 0; + uint32 number = 0; opcode->GetArgument(0, &number); return (number & value)? EVAL_TRUE : EVAL_FALSE; } @@ -287,7 +287,7 @@ EvalResult OpcodeEval<OP_WSTRING_MATCH>(PolicyOpcode* opcode, return EVAL_FALSE; } - BOOL case_sensitive = (match_opts & CASE_INSENSITIVE) ? TRUE : FALSE; + BOOLEAN case_sensitive = (match_opts & CASE_INSENSITIVE) ? TRUE : FALSE; // We have three cases, depending on the value of start_pos: // Case 1. We skip N characters and compare once. @@ -362,7 +362,7 @@ PolicyOpcode* OpcodeFactory::MakeBase(OpcodeID opcode_id, // Fill in the standard fields, that every opcode has. memory_top_ += sizeof(PolicyOpcode); opcode->opcode_id_ = opcode_id; - opcode->options_ = static_cast<int16>(options); + opcode->SetOptions(options); opcode->parameter_ = selected_param; return opcode; } @@ -440,9 +440,9 @@ EvalResult PolicyOpcode::EvaluateHelper(const ParameterSet* parameters, OPCODE_EVAL(OP_ALWAYS_FALSE, this, parameters, match); OPCODE_EVAL(OP_ALWAYS_TRUE, this, parameters, match); OPCODE_EVAL(OP_NUMBER_MATCH, this, parameters, match); - OPCODE_EVAL(OP_ULONG_MATCH_RANGE, this, parameters, match); + OPCODE_EVAL(OP_NUMBER_MATCH_RANGE, this, parameters, match); + OPCODE_EVAL(OP_NUMBER_AND_MATCH, this, parameters, match); OPCODE_EVAL(OP_WSTRING_MATCH, this, parameters, match); - OPCODE_EVAL(OP_ULONG_AND_MATCH, this, parameters, match); OPCODE_EVAL(OP_ACTION, this, parameters, match); default: return EVAL_ERROR; diff --git a/sandbox/win/src/policy_engine_opcodes.h b/sandbox/win/src/policy_engine_opcodes.h index 306e677..741ebe3 100644 --- a/sandbox/win/src/policy_engine_opcodes.h +++ b/sandbox/win/src/policy_engine_opcodes.h @@ -5,8 +5,9 @@ #ifndef SANDBOX_WIN_SRC_POLICY_ENGINE_OPCODES_H_ #define SANDBOX_WIN_SRC_POLICY_ENGINE_OPCODES_H_ -#include "sandbox/win/src/policy_engine_params.h" #include "base/basictypes.h" +#include "base/numerics/safe_conversions.h" +#include "sandbox/win/src/policy_engine_params.h" // The low-level policy is implemented using the concept of policy 'opcodes'. // An opcode is a structure that contains enough information to perform one @@ -74,8 +75,8 @@ enum OpcodeID { OP_ALWAYS_FALSE, // Evaluates to false (EVAL_FALSE). OP_ALWAYS_TRUE, // Evaluates to true (EVAL_TRUE). OP_NUMBER_MATCH, // Match a 32-bit integer as n == a. - OP_ULONG_MATCH_RANGE, // Match an ulong integer as a <= n <= b. - OP_ULONG_AND_MATCH, // Match using bitwise AND; as in: n & a != 0. + OP_NUMBER_MATCH_RANGE, // Match a 32-bit integer as a <= n <= b. + OP_NUMBER_AND_MATCH, // Match using bitwise AND; as in: n & a != 0. OP_WSTRING_MATCH, // Match a string for equality. OP_ACTION // Evaluates to an action opcode. }; @@ -194,8 +195,8 @@ class PolicyOpcode { } // Sets the stored options such as kPolNegateEval. - void SetOptions(int16 options) { - options_ = options; + void SetOptions(uint32 options) { + options_ = base::checked_cast<uint16>(options); } private: @@ -218,7 +219,10 @@ class PolicyOpcode { MatchContext* match); OpcodeID opcode_id_; int16 parameter_; - int16 options_; + // TODO(cpu): Making |options_| a uint32 would avoid casting, but causes test + // failures. Somewhere code is relying on the size of this struct. + // http://crbug.com/420296 + uint16 options_; OpcodeArgument arguments_[PolicyOpcode::kArgumentCount]; }; @@ -303,27 +307,29 @@ class OpcodeFactory { PolicyOpcode* MakeOpAction(EvalResult action, uint32 options); // Creates an OpNumberMatch opcode. - // selected_param: index of the input argument. It must be a ulong or the + // selected_param: index of the input argument. It must be a uint32 or the // evaluation result will generate a EVAL_ERROR. // match: the number to compare against the selected_param. - PolicyOpcode* MakeOpNumberMatch(int16 selected_param, unsigned long match, + PolicyOpcode* MakeOpNumberMatch(int16 selected_param, + uint32 match, uint32 options); // Creates an OpNumberMatch opcode (void pointers are cast to numbers). // selected_param: index of the input argument. It must be an void* or the // evaluation result will generate a EVAL_ERROR. // match: the pointer numeric value to compare against selected_param. - PolicyOpcode* MakeOpVoidPtrMatch(int16 selected_param, const void* match, + PolicyOpcode* MakeOpVoidPtrMatch(int16 selected_param, + const void* match, uint32 options); - // Creates an OpUlongMatchRange opcode using the memory passed in the ctor. - // selected_param: index of the input argument. It must be a ulong or the + // Creates an OpNumberMatchRange opcode using the memory passed in the ctor. + // selected_param: index of the input argument. It must be a uint32 or the // evaluation result will generate a EVAL_ERROR. // lower_bound, upper_bound: the range to compare against selected_param. - PolicyOpcode* MakeOpUlongMatchRange(int16 selected_param, - unsigned long lower_bound, - unsigned long upper_bound, - uint32 options); + PolicyOpcode* MakeOpNumberMatchRange(int16 selected_param, + uint32 lower_bound, + uint32 upper_bound, + uint32 options); // Creates an OpWStringMatch opcode using the raw memory passed in the ctor. // selected_param: index of the input argument. It must be a wide string @@ -344,13 +350,13 @@ class OpcodeFactory { StringMatchOptions match_opts, uint32 options); - // Creates an OpUlongAndMatch opcode using the raw memory passed in the ctor. - // selected_param: index of the input argument. It must be ulong or the + // Creates an OpNumberAndMatch opcode using the raw memory passed in the ctor. + // selected_param: index of the input argument. It must be uint32 or the // evaluation result will generate a EVAL_ERROR. // match: the value to bitwise AND against selected_param. - PolicyOpcode* MakeOpUlongAndMatch(int16 selected_param, - unsigned long match, - uint32 options); + PolicyOpcode* MakeOpNumberAndMatch(int16 selected_param, + uint32 match, + uint32 options); private: // Constructs the common part of every opcode. selected_param is the index diff --git a/sandbox/win/src/policy_engine_params.h b/sandbox/win/src/policy_engine_params.h index a1566f3..5b3c5ef 100644 --- a/sandbox/win/src/policy_engine_params.h +++ b/sandbox/win/src/policy_engine_params.h @@ -61,17 +61,17 @@ class ParameterSet { ParameterSet() : real_type_(INVALID_TYPE), address_(NULL) {} // Retrieve the stored parameter. If the type does not match ulong fail. - bool Get(unsigned long* destination) const { - if (ULONG_TYPE != real_type_) { + bool Get(uint32* destination) const { + if (real_type_ != UINT32_TYPE) { return false; } - *destination = Void2TypePointerCopy<unsigned long>(); + *destination = Void2TypePointerCopy<uint32>(); return true; } // Retrieve the stored parameter. If the type does not match void* fail. bool Get(const void** destination) const { - if (VOIDPTR_TYPE != real_type_) { + if (real_type_ != VOIDPTR_TYPE) { return false; } *destination = Void2TypePointerCopy<void*>(); @@ -80,7 +80,7 @@ class ParameterSet { // Retrieve the stored parameter. If the type does not match wchar_t* fail. bool Get(const wchar_t** destination) const { - if (WCHAR_TYPE != real_type_) { + if (real_type_ != WCHAR_TYPE) { return false; } *destination = Void2TypePointerCopy<const wchar_t*>(); @@ -89,7 +89,7 @@ class ParameterSet { // False if the parameter is not properly initialized. bool IsValid() const { - return INVALID_TYPE != real_type_; + return real_type_ != INVALID_TYPE; } protected: @@ -154,10 +154,10 @@ class ParameterSetEx<wchar_t const*> : public ParameterSet { template<> -class ParameterSetEx<unsigned long> : public ParameterSet { +class ParameterSetEx<uint32> : public ParameterSet { public: ParameterSetEx(const void* address) - : ParameterSet(ULONG_TYPE, address) {} + : ParameterSet(UINT32_TYPE, address) {} }; template<> diff --git a/sandbox/win/src/policy_engine_unittest.cc b/sandbox/win/src/policy_engine_unittest.cc index f96ff37..325a101 100644 --- a/sandbox/win/src/policy_engine_unittest.cc +++ b/sandbox/win/src/policy_engine_unittest.cc @@ -61,8 +61,8 @@ TEST(PolicyEngineTest, Rules1) { policy->opcode_count = 7; const wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt"; - unsigned long creation_mode = OPEN_EXISTING; - unsigned long flags = FILE_ATTRIBUTE_NORMAL; + uint32 creation_mode = OPEN_EXISTING; + uint32 flags = FILE_ATTRIBUTE_NORMAL; void* security_descriptor = NULL; POLPARAMS_BEGIN(eval_params) diff --git a/sandbox/win/src/policy_low_level.cc b/sandbox/win/src/policy_low_level.cc index b6331b9..ef9b4e1 100644 --- a/sandbox/win/src/policy_low_level.cc +++ b/sandbox/win/src/policy_low_level.cc @@ -274,8 +274,10 @@ bool PolicyRule::AddStringMatch(RuleType rule_type, int16 parameter, return true; } -bool PolicyRule::AddNumberMatch(RuleType rule_type, int16 parameter, - unsigned long number, RuleOp comparison_op) { +bool PolicyRule::AddNumberMatch(RuleType rule_type, + int16 parameter, + uint32 number, + RuleOp comparison_op) { if (done_) { // Do not allow to add more rules after generating the action opcode. return false; @@ -287,7 +289,8 @@ bool PolicyRule::AddNumberMatch(RuleType rule_type, int16 parameter, return false; } } else if (AND == comparison_op) { - if (NULL == opcode_factory_->MakeOpUlongAndMatch(parameter, number, opts)) { + if (NULL == opcode_factory_->MakeOpNumberAndMatch(parameter, number, + opts)) { return false; } } diff --git a/sandbox/win/src/policy_low_level.h b/sandbox/win/src/policy_low_level.h index ca8b36f..6b733ac 100644 --- a/sandbox/win/src/policy_low_level.h +++ b/sandbox/win/src/policy_low_level.h @@ -145,8 +145,10 @@ class PolicyRule { // parameter: the expected index of the argument for this rule. // number: the value to compare the input to. // comparison_op: the comparison kind (equal, logical and, etc). - bool AddNumberMatch(RuleType rule_type, int16 parameter, - unsigned long number, RuleOp comparison_op); + bool AddNumberMatch(RuleType rule_type, + int16 parameter, + uint32 number, + RuleOp comparison_op); // Returns the number of opcodes generated so far. size_t GetOpcodeCount() const { diff --git a/sandbox/win/src/policy_low_level_unittest.cc b/sandbox/win/src/policy_low_level_unittest.cc index c9424c6..4081a58 100644 --- a/sandbox/win/src/policy_low_level_unittest.cc +++ b/sandbox/win/src/policy_low_level_unittest.cc @@ -206,7 +206,7 @@ TEST(PolicyEngineTest, IfNotStrMatchTwoRulesWild1) { EXPECT_TRUE(policyGen.Done()); const wchar_t* filename = NULL; - unsigned long access = 0; + uint32 access = 0; POLPARAMS_BEGIN(eval_params) POLPARAM(filename) // Argument 0 POLPARAM(access) // Argument 1 @@ -255,8 +255,8 @@ TEST(PolicyEngineTest, IfNotStrMatchTwoRulesWild2) { EXPECT_TRUE(policyGen.Done()); const wchar_t* filename = NULL; - unsigned long access = 0; - unsigned long sharing = 66; + uint32 access = 0; + uint32 sharing = 66; POLPARAMS_BEGIN(eval_params) POLPARAM(filename) // Argument 0 @@ -329,8 +329,8 @@ TEST(PolicyEngineTest, OneRuleTest) { EXPECT_TRUE(policyGen.Done()); const wchar_t* filename = L"c:\\Documents and Settings\\Microsoft\\BLAH.txt"; - unsigned long creation_mode = OPEN_EXISTING; - unsigned long flags = FILE_ATTRIBUTE_NORMAL; + uint32 creation_mode = OPEN_EXISTING; + uint32 flags = FILE_ATTRIBUTE_NORMAL; void* security_descriptor = NULL; POLPARAMS_BEGIN(eval_params) @@ -472,7 +472,8 @@ TEST(PolicyEngineTest, ThreeRulesTest) { // Check the type of the first and last opcode of each service. - EXPECT_EQ(OP_ULONG_AND_MATCH, policy->entry[kNtFakeNone]->opcodes[0].GetID()); + EXPECT_EQ(OP_NUMBER_AND_MATCH, + policy->entry[kNtFakeNone]->opcodes[0].GetID()); EXPECT_EQ(OP_ACTION, policy->entry[kNtFakeNone]->opcodes[tc1-1].GetID()); EXPECT_EQ(OP_WSTRING_MATCH, policy->entry[kNtFakeCreateFile]->opcodes[0].GetID()); @@ -485,8 +486,8 @@ TEST(PolicyEngineTest, ThreeRulesTest) { // Test the policy evaluation. const wchar_t* filename = L""; - unsigned long creation_mode = OPEN_EXISTING; - unsigned long flags = FILE_ATTRIBUTE_NORMAL; + uint32 creation_mode = OPEN_EXISTING; + uint32 flags = FILE_ATTRIBUTE_NORMAL; void* security_descriptor = NULL; POLPARAMS_BEGIN(params) diff --git a/sandbox/win/src/policy_opcodes_unittest.cc b/sandbox/win/src/policy_opcodes_unittest.cc index 16fe064..c999348 100644 --- a/sandbox/win/src/policy_opcodes_unittest.cc +++ b/sandbox/win/src/policy_opcodes_unittest.cc @@ -17,6 +17,8 @@ namespace sandbox { +const size_t kOpcodeMemory = 1024; + SANDBOX_INTERCEPT NtExports g_nt; bool SetupNtdllImports() { @@ -43,7 +45,7 @@ TEST(PolicyEngineTest, ParameterSetTest) { // Test that we can store and retrieve a void pointer: const void* result1 =0; - unsigned long result2 = 0; + uint32 result2 = 0; EXPECT_TRUE(pset1.Get(&result1)); EXPECT_TRUE(pv1 == result1); EXPECT_FALSE(pset1.Get(&result2)); @@ -51,8 +53,8 @@ TEST(PolicyEngineTest, ParameterSetTest) { EXPECT_TRUE(pv2 == result1); EXPECT_FALSE(pset2.Get(&result2)); - // Test that we can store and retrieve a ulong: - unsigned long number = 12747; + // Test that we can store and retrieve a uint32: + uint32 number = 12747; ParameterSet pset3 = ParamPickerMake(number); EXPECT_FALSE(pset3.Get(&result1)); EXPECT_TRUE(pset3.Get(&result2)); @@ -81,16 +83,18 @@ TEST(PolicyEngineTest, OpcodeConstraints) { TEST(PolicyEngineTest, TrueFalseOpcodes) { void* dummy = NULL; ParameterSet ppb1 = ParamPickerMake(dummy); - char memory[1024]; + char memory[kOpcodeMemory]; OpcodeFactory opcode_maker(memory, sizeof(memory)); // This opcode always evaluates to true. PolicyOpcode* op1 = opcode_maker.MakeOpAlwaysFalse(kPolNone); + ASSERT_NE(nullptr, op1); EXPECT_EQ(EVAL_FALSE, op1->Evaluate(&ppb1, 1, NULL)); EXPECT_FALSE(op1->IsAction()); // This opcode always evaluates to false. PolicyOpcode* op2 = opcode_maker.MakeOpAlwaysTrue(kPolNone); + ASSERT_NE(nullptr, op2); EXPECT_EQ(EVAL_TRUE, op2->Evaluate(&ppb1, 1, NULL)); // Nulls not allowed on the params. @@ -105,12 +109,15 @@ TEST(PolicyEngineTest, TrueFalseOpcodes) { // any particular opcode evaluation so no need to repeat for all // opcodes. PolicyOpcode* op3 = opcode_maker.MakeOpAlwaysFalse(kPolNegateEval); + ASSERT_NE(nullptr, op3); EXPECT_EQ(EVAL_TRUE, op3->Evaluate(&ppb1, 1, NULL)); PolicyOpcode* op4 = opcode_maker.MakeOpAlwaysTrue(kPolNegateEval); + ASSERT_NE(nullptr, op4); EXPECT_EQ(EVAL_FALSE, op4->Evaluate(&ppb1, 1, NULL)); // Test that we clear the match context PolicyOpcode* op5 = opcode_maker.MakeOpAlwaysTrue(kPolClearContext); + ASSERT_NE(nullptr, op5); MatchContext context; context.position = 1; context.options = kPolUseOREval; @@ -126,18 +133,18 @@ TEST(PolicyEngineTest, OpcodeMakerCase1) { void* dummy = NULL; ParameterSet ppb1 = ParamPickerMake(dummy); - char memory[256]; + char memory[kOpcodeMemory]; OpcodeFactory opcode_maker(memory, sizeof(memory)); size_t count = sizeof(memory) / sizeof(PolicyOpcode); for (size_t ix =0; ix != count; ++ix) { - PolicyOpcode* op = opcode_maker.MakeOpAlwaysFalse(kPolNone); - ASSERT_TRUE(NULL != op); - EXPECT_EQ(EVAL_FALSE, op->Evaluate(&ppb1, 1, NULL)); + PolicyOpcode* op = opcode_maker.MakeOpAlwaysFalse(kPolNone); + ASSERT_NE(nullptr, op); + EXPECT_EQ(EVAL_FALSE, op->Evaluate(&ppb1, 1, NULL)); } // There should be no room more another opcode: PolicyOpcode* op1 = opcode_maker.MakeOpAlwaysFalse(kPolNone); - ASSERT_TRUE(NULL == op1); + ASSERT_EQ(nullptr, op1); } TEST(PolicyEngineTest, OpcodeMakerCase2) { @@ -152,7 +159,7 @@ TEST(PolicyEngineTest, OpcodeMakerCase2) { ParameterSet ppb1 = ParamPickerMake(txt1); MatchContext mc1; - char memory[256]; + char memory[kOpcodeMemory]; OpcodeFactory opcode_maker(memory, sizeof(memory)); size_t count = sizeof(memory) / (sizeof(PolicyOpcode) + sizeof(txt2)); @@ -161,7 +168,7 @@ TEST(PolicyEngineTest, OpcodeMakerCase2) { PolicyOpcode* op = opcode_maker.MakeOpWStringMatch(0, txt2, 0, CASE_SENSITIVE, kPolClearContext); - ASSERT_TRUE(NULL != op); + ASSERT_NE(nullptr, op); EXPECT_EQ(EVAL_TRUE, op->Evaluate(&ppb1, 1, &mc1)); } @@ -169,23 +176,24 @@ TEST(PolicyEngineTest, OpcodeMakerCase2) { PolicyOpcode* op1 = opcode_maker.MakeOpWStringMatch(0, txt2, 0, CASE_SENSITIVE, kPolNone); - ASSERT_TRUE(NULL == op1); + ASSERT_EQ(nullptr, op1); } TEST(PolicyEngineTest, IntegerOpcodes) { const wchar_t* txt = L"abcdef"; - unsigned long num1 = 42; - unsigned long num2 = 113377; + uint32 num1 = 42; + uint32 num2 = 113377; ParameterSet pp_wrong1 = ParamPickerMake(txt); ParameterSet pp_num1 = ParamPickerMake(num1); ParameterSet pp_num2 = ParamPickerMake(num2); - char memory[128]; + char memory[kOpcodeMemory]; OpcodeFactory opcode_maker(memory, sizeof(memory)); - // Test basic match for unsigned longs 42 == 42 and 42 != 113377. + // Test basic match for uint32s 42 == 42 and 42 != 113377. PolicyOpcode* op_m42 = opcode_maker.MakeOpNumberMatch(0, 42UL, kPolNone); + ASSERT_NE(nullptr, op_m42); EXPECT_EQ(EVAL_TRUE, op_m42->Evaluate(&pp_num1, 1, NULL)); EXPECT_EQ(EVAL_FALSE, op_m42->Evaluate(&pp_num2, 1, NULL)); EXPECT_EQ(EVAL_ERROR, op_m42->Evaluate(&pp_wrong1, 1, NULL)); @@ -195,30 +203,34 @@ TEST(PolicyEngineTest, IntegerOpcodes) { ParameterSet pp_num3 = ParamPickerMake(vp); PolicyOpcode* op_vp_null = opcode_maker.MakeOpVoidPtrMatch(0, NULL, kPolNone); + ASSERT_NE(nullptr, op_vp_null); EXPECT_EQ(EVAL_TRUE, op_vp_null->Evaluate(&pp_num3, 1, NULL)); EXPECT_EQ(EVAL_FALSE, op_vp_null->Evaluate(&pp_num1, 1, NULL)); EXPECT_EQ(EVAL_ERROR, op_vp_null->Evaluate(&pp_wrong1, 1, NULL)); // Basic range test [41 43] (inclusive). - PolicyOpcode* op_range1 = opcode_maker.MakeOpUlongMatchRange(0, 41, 43, - kPolNone); + PolicyOpcode* op_range1 = + opcode_maker.MakeOpNumberMatchRange(0, 41, 43, kPolNone); + ASSERT_NE(nullptr, op_range1); EXPECT_EQ(EVAL_TRUE, op_range1->Evaluate(&pp_num1, 1, NULL)); EXPECT_EQ(EVAL_FALSE, op_range1->Evaluate(&pp_num2, 1, NULL)); EXPECT_EQ(EVAL_ERROR, op_range1->Evaluate(&pp_wrong1, 1, NULL)); } TEST(PolicyEngineTest, LogicalOpcodes) { - char memory[128]; + char memory[kOpcodeMemory]; OpcodeFactory opcode_maker(memory, sizeof(memory)); - unsigned long num1 = 0x10100702; + uint32 num1 = 0x10100702; ParameterSet pp_num1 = ParamPickerMake(num1); - PolicyOpcode* op_and1 = opcode_maker.MakeOpUlongAndMatch(0, 0x00100000, - kPolNone); + PolicyOpcode* op_and1 = + opcode_maker.MakeOpNumberAndMatch(0, 0x00100000, kPolNone); + ASSERT_NE(nullptr, op_and1); EXPECT_EQ(EVAL_TRUE, op_and1->Evaluate(&pp_num1, 1, NULL)); - PolicyOpcode* op_and2 = opcode_maker.MakeOpUlongAndMatch(0, 0x00000001, - kPolNone); + PolicyOpcode* op_and2 = + opcode_maker.MakeOpNumberAndMatch(0, 0x00000001, kPolNone); + ASSERT_NE(nullptr, op_and2); EXPECT_EQ(EVAL_FALSE, op_and2->Evaluate(&pp_num1, 1, NULL)); } @@ -233,12 +245,13 @@ TEST(PolicyEngineTest, WCharOpcodes1) { const wchar_t txt6[] = L"g"; ParameterSet pp_tc1 = ParamPickerMake(txt1); - char memory[512]; + char memory[kOpcodeMemory]; OpcodeFactory opcode_maker(memory, sizeof(memory)); PolicyOpcode* op1 = opcode_maker.MakeOpWStringMatch(0, txt2, 0, CASE_SENSITIVE, kPolNone); + ASSERT_NE(nullptr, op1); // Simplest substring match from pos 0. It should be a successful match // and the match context should be updated. @@ -255,6 +268,7 @@ TEST(PolicyEngineTest, WCharOpcodes1) { PolicyOpcode* op3 = opcode_maker.MakeOpWStringMatch(0, txt3, 0, CASE_SENSITIVE, kPolNone); + ASSERT_NE(nullptr, op3); EXPECT_EQ(EVAL_TRUE, op3->Evaluate(&pp_tc1, 1, &mc1)); EXPECT_TRUE(_countof(txt3) + _countof(txt2) == mc1.position + 2); @@ -264,6 +278,7 @@ TEST(PolicyEngineTest, WCharOpcodes1) { PolicyOpcode* op4 = opcode_maker.MakeOpWStringMatch(0, txt4, 6, CASE_SENSITIVE, kPolClearContext); + ASSERT_NE(nullptr, op4); EXPECT_EQ(EVAL_TRUE, op4->Evaluate(&pp_tc1, 1, &mc1)); EXPECT_EQ(0, mc1.position); @@ -271,6 +286,7 @@ TEST(PolicyEngineTest, WCharOpcodes1) { PolicyOpcode* op4b = opcode_maker.MakeOpWStringMatch(0, txt4, kSeekToEnd, CASE_SENSITIVE, kPolClearContext); + ASSERT_NE(nullptr, op4b); EXPECT_EQ(EVAL_TRUE, op4b->Evaluate(&pp_tc1, 1, &mc1)); EXPECT_EQ(0, mc1.position); @@ -278,6 +294,7 @@ TEST(PolicyEngineTest, WCharOpcodes1) { // primitive we build '*' from. PolicyOpcode* op5 = opcode_maker.MakeOpWStringMatch(0, txt5, kSeekForward, CASE_SENSITIVE, kPolNone); + ASSERT_NE(nullptr, op5); EXPECT_EQ(EVAL_TRUE, op5->Evaluate(&pp_tc1, 1, &mc1)); EXPECT_EQ(24, mc1.position); @@ -285,20 +302,22 @@ TEST(PolicyEngineTest, WCharOpcodes1) { PolicyOpcode* op5b = opcode_maker.MakeOpWStringMatch(0, txt5, kSeekToEnd, CASE_SENSITIVE, kPolNone); + ASSERT_NE(nullptr, op5b); EXPECT_EQ(EVAL_FALSE, op5b->Evaluate(&pp_tc1, 1, &mc1)); EXPECT_EQ(24, mc1.position); // Test that we function if the string does not fit. In this case we // try to match 'the lazy dog' against 'he lazy dog'. - // !!! Are we supposed to Evaluate() this opcode and test the result? PolicyOpcode* op6 = opcode_maker.MakeOpWStringMatch(0, txt4, 2, CASE_SENSITIVE, kPolNone); + ASSERT_NE(nullptr, op6); EXPECT_EQ(EVAL_FALSE, op6->Evaluate(&pp_tc1, 1, &mc1)); // Testing matching against 'g' which should be the last char. MatchContext mc2; PolicyOpcode* op7 = opcode_maker.MakeOpWStringMatch(0, txt6, kSeekForward, CASE_SENSITIVE, kPolNone); + ASSERT_NE(nullptr, op7); EXPECT_EQ(EVAL_TRUE, op7->Evaluate(&pp_tc1, 1, &mc2)); EXPECT_EQ(37, mc2.position); @@ -315,7 +334,7 @@ TEST(PolicyEngineTest, WCharOpcodes2) { const wchar_t txt1[] = L"Settings\\microsoft"; ParameterSet pp_tc1 = ParamPickerMake(path1); - char memory[256]; + char memory[kOpcodeMemory]; OpcodeFactory opcode_maker(memory, sizeof(memory)); MatchContext mc1; @@ -324,22 +343,25 @@ TEST(PolicyEngineTest, WCharOpcodes2) { // coverage, here it is: PolicyOpcode* op1s = opcode_maker.MakeOpWStringMatch(0, txt1, kSeekForward, CASE_SENSITIVE, kPolNone); + ASSERT_NE(nullptr, op1s); PolicyOpcode* op1i = opcode_maker.MakeOpWStringMatch(0, txt1, kSeekForward, CASE_INSENSITIVE, kPolNone); + ASSERT_NE(nullptr, op1i); EXPECT_EQ(EVAL_FALSE, op1s->Evaluate(&pp_tc1, 1, &mc1)); EXPECT_EQ(EVAL_TRUE, op1i->Evaluate(&pp_tc1, 1, &mc1)); EXPECT_EQ(35, mc1.position); } TEST(PolicyEngineTest, ActionOpcodes) { - char memory[256]; + char memory[kOpcodeMemory]; OpcodeFactory opcode_maker(memory, sizeof(memory)); MatchContext mc1; void* dummy = NULL; ParameterSet ppb1 = ParamPickerMake(dummy); PolicyOpcode* op1 = opcode_maker.MakeOpAction(ASK_BROKER, kPolNone); + ASSERT_NE(nullptr, op1); EXPECT_TRUE(op1->IsAction()); EXPECT_EQ(ASK_BROKER, op1->Evaluate(&ppb1, 1, &mc1)); } diff --git a/sandbox/win/src/process_thread_dispatcher.cc b/sandbox/win/src/process_thread_dispatcher.cc index 39b4132..ca17d49 100644 --- a/sandbox/win/src/process_thread_dispatcher.cc +++ b/sandbox/win/src/process_thread_dispatcher.cc @@ -97,25 +97,25 @@ namespace sandbox { ThreadProcessDispatcher::ThreadProcessDispatcher(PolicyBase* policy_base) : policy_base_(policy_base) { static const IPCCall open_thread = { - {IPC_NTOPENTHREAD_TAG, ULONG_TYPE, ULONG_TYPE}, + {IPC_NTOPENTHREAD_TAG, UINT32_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>( &ThreadProcessDispatcher::NtOpenThread) }; static const IPCCall open_process = { - {IPC_NTOPENPROCESS_TAG, ULONG_TYPE, ULONG_TYPE}, + {IPC_NTOPENPROCESS_TAG, UINT32_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>( &ThreadProcessDispatcher::NtOpenProcess) }; static const IPCCall process_token = { - {IPC_NTOPENPROCESSTOKEN_TAG, VOIDPTR_TYPE, ULONG_TYPE}, + {IPC_NTOPENPROCESSTOKEN_TAG, VOIDPTR_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>( &ThreadProcessDispatcher::NtOpenProcessToken) }; static const IPCCall process_tokenex = { - {IPC_NTOPENPROCESSTOKENEX_TAG, VOIDPTR_TYPE, ULONG_TYPE, ULONG_TYPE}, + {IPC_NTOPENPROCESSTOKENEX_TAG, VOIDPTR_TYPE, UINT32_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>( &ThreadProcessDispatcher::NtOpenProcessTokenEx) }; @@ -155,8 +155,9 @@ bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager, } } -bool ThreadProcessDispatcher::NtOpenThread(IPCInfo* ipc, DWORD desired_access, - DWORD thread_id) { +bool ThreadProcessDispatcher::NtOpenThread(IPCInfo* ipc, + uint32 desired_access, + uint32 thread_id) { HANDLE handle; NTSTATUS ret = ProcessPolicy::OpenThreadAction(*ipc->client_info, desired_access, thread_id, @@ -166,8 +167,9 @@ bool ThreadProcessDispatcher::NtOpenThread(IPCInfo* ipc, DWORD desired_access, return true; } -bool ThreadProcessDispatcher::NtOpenProcess(IPCInfo* ipc, DWORD desired_access, - DWORD process_id) { +bool ThreadProcessDispatcher::NtOpenProcess(IPCInfo* ipc, + uint32 desired_access, + uint32 process_id) { HANDLE handle; NTSTATUS ret = ProcessPolicy::OpenProcessAction(*ipc->client_info, desired_access, process_id, @@ -177,8 +179,9 @@ bool ThreadProcessDispatcher::NtOpenProcess(IPCInfo* ipc, DWORD desired_access, return true; } -bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, HANDLE process, - DWORD desired_access) { +bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, + HANDLE process, + uint32 desired_access) { HANDLE handle; NTSTATUS ret = ProcessPolicy::OpenProcessTokenAction(*ipc->client_info, process, desired_access, @@ -188,9 +191,10 @@ bool ThreadProcessDispatcher::NtOpenProcessToken(IPCInfo* ipc, HANDLE process, return true; } -bool ThreadProcessDispatcher::NtOpenProcessTokenEx(IPCInfo* ipc, HANDLE process, - DWORD desired_access, - DWORD attributes) { +bool ThreadProcessDispatcher::NtOpenProcessTokenEx(IPCInfo* ipc, + HANDLE process, + uint32 desired_access, + uint32 attributes) { HANDLE handle; NTSTATUS ret = ProcessPolicy::OpenProcessTokenExAction(*ipc->client_info, process, diff --git a/sandbox/win/src/process_thread_dispatcher.h b/sandbox/win/src/process_thread_dispatcher.h index fba2754..c0b12d1 100644 --- a/sandbox/win/src/process_thread_dispatcher.h +++ b/sandbox/win/src/process_thread_dispatcher.h @@ -23,17 +23,19 @@ class ThreadProcessDispatcher : public Dispatcher { private: // Processes IPC requests coming from calls to NtOpenThread() in the target. - bool NtOpenThread(IPCInfo* ipc, DWORD desired_access, DWORD thread_id); + bool NtOpenThread(IPCInfo* ipc, uint32 desired_access, uint32 thread_id); // Processes IPC requests coming from calls to NtOpenProcess() in the target. - bool NtOpenProcess(IPCInfo* ipc, DWORD desired_access, DWORD process_id); + bool NtOpenProcess(IPCInfo* ipc, uint32 desired_access, uint32 process_id); // Processes IPC requests from calls to NtOpenProcessToken() in the target. - bool NtOpenProcessToken(IPCInfo* ipc, HANDLE process, DWORD desired_access); + bool NtOpenProcessToken(IPCInfo* ipc, HANDLE process, uint32 desired_access); // Processes IPC requests from calls to NtOpenProcessTokenEx() in the target. - bool NtOpenProcessTokenEx(IPCInfo* ipc, HANDLE process, DWORD desired_access, - DWORD attributes); + bool NtOpenProcessTokenEx(IPCInfo* ipc, + HANDLE process, + uint32 desired_access, + uint32 attributes); // Processes IPC requests coming from calls to CreateProcessW() in the target. bool CreateProcessW(IPCInfo* ipc, diff --git a/sandbox/win/src/registry_dispatcher.cc b/sandbox/win/src/registry_dispatcher.cc index f98d1d3..967fe65 100644 --- a/sandbox/win/src/registry_dispatcher.cc +++ b/sandbox/win/src/registry_dispatcher.cc @@ -42,13 +42,13 @@ namespace sandbox { RegistryDispatcher::RegistryDispatcher(PolicyBase* policy_base) : policy_base_(policy_base) { static const IPCCall create_params = { - {IPC_NTCREATEKEY_TAG, WCHAR_TYPE, ULONG_TYPE, VOIDPTR_TYPE, ULONG_TYPE, - ULONG_TYPE, ULONG_TYPE}, + {IPC_NTCREATEKEY_TAG, WCHAR_TYPE, UINT32_TYPE, VOIDPTR_TYPE, UINT32_TYPE, + UINT32_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>(&RegistryDispatcher::NtCreateKey) }; static const IPCCall open_params = { - {IPC_NTOPENKEY_TAG, WCHAR_TYPE, ULONG_TYPE, VOIDPTR_TYPE, ULONG_TYPE}, + {IPC_NTOPENKEY_TAG, WCHAR_TYPE, UINT32_TYPE, VOIDPTR_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>(&RegistryDispatcher::NtOpenKey) }; @@ -74,9 +74,13 @@ bool RegistryDispatcher::SetupService(InterceptionManager* manager, return false; } -bool RegistryDispatcher::NtCreateKey( - IPCInfo* ipc, base::string16* name, DWORD attributes, HANDLE root, - DWORD desired_access, DWORD title_index, DWORD create_options) { +bool RegistryDispatcher::NtCreateKey(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + HANDLE root, + uint32 desired_access, + uint32 title_index, + uint32 create_options) { base::win::ScopedHandle root_handle; base::string16 real_path = *name; @@ -120,9 +124,11 @@ bool RegistryDispatcher::NtCreateKey( return true; } -bool RegistryDispatcher::NtOpenKey(IPCInfo* ipc, base::string16* name, - DWORD attributes, HANDLE root, - DWORD desired_access) { +bool RegistryDispatcher::NtOpenKey(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + HANDLE root, + uint32 desired_access) { base::win::ScopedHandle root_handle; base::string16 real_path = *name; diff --git a/sandbox/win/src/registry_dispatcher.h b/sandbox/win/src/registry_dispatcher.h index 39f5f54..14411fa 100644 --- a/sandbox/win/src/registry_dispatcher.h +++ b/sandbox/win/src/registry_dispatcher.h @@ -23,13 +23,20 @@ class RegistryDispatcher : public Dispatcher { private: // Processes IPC requests coming from calls to NtCreateKey in the target. - bool NtCreateKey(IPCInfo* ipc, base::string16* name, DWORD attributes, - HANDLE root, DWORD desired_access, - DWORD title_index, DWORD create_options); + bool NtCreateKey(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + HANDLE root, + uint32 desired_access, + uint32 title_index, + uint32 create_options); // Processes IPC requests coming from calls to NtOpenKey in the target. - bool NtOpenKey(IPCInfo* ipc, base::string16* name, DWORD attributes, - HANDLE root, DWORD desired_access); + bool NtOpenKey(IPCInfo* ipc, + base::string16* name, + uint32 attributes, + HANDLE root, + uint32 desired_access); PolicyBase* policy_base_; DISALLOW_COPY_AND_ASSIGN(RegistryDispatcher); diff --git a/sandbox/win/src/registry_policy.cc b/sandbox/win/src/registry_policy.cc index 632525a..4c75d23 100644 --- a/sandbox/win/src/registry_policy.cc +++ b/sandbox/win/src/registry_policy.cc @@ -16,9 +16,9 @@ namespace { -static const DWORD kAllowedRegFlags = KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | - KEY_NOTIFY | KEY_READ | GENERIC_READ | - GENERIC_EXECUTE | READ_CONTROL; +static const uint32 kAllowedRegFlags = + KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY | KEY_READ | + GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL; // Opens the key referenced by |obj_attributes| with |access| and // checks what permission was given. Remove the WRITE flags and update @@ -137,7 +137,7 @@ bool RegistryPolicy::GenerateRules(const wchar_t* name, // We consider all flags that are not known to be readonly as potentially // used for write. Here we also support MAXIMUM_ALLOWED, but we are going // to expand it to read-only before the call. - DWORD restricted_flags = ~(kAllowedRegFlags | MAXIMUM_ALLOWED); + uint32 restricted_flags = ~(kAllowedRegFlags | MAXIMUM_ALLOWED); open.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND); create.AddNumberMatch(IF_NOT, OpenKey::ACCESS, restricted_flags, AND); break; diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc index 4604bfd..e4feef0 100644 --- a/sandbox/win/src/sandbox_policy_base.cc +++ b/sandbox/win/src/sandbox_policy_base.cc @@ -401,7 +401,7 @@ ResultCode PolicyBase::AddKernelObjectToClose(const base::char16* handle_type, Dispatcher* PolicyBase::OnMessageReady(IPCParams* ipc, CallbackGeneric* callback) { DCHECK(callback); - static const IPCParams ping1 = {IPC_PING1_TAG, ULONG_TYPE}; + static const IPCParams ping1 = {IPC_PING1_TAG, UINT32_TYPE}; static const IPCParams ping2 = {IPC_PING2_TAG, INOUTPTR_TYPE}; if (ping1.Matches(ipc) || ping2.Matches(ipc)) { diff --git a/sandbox/win/src/sharedmem_ipc_server.cc b/sandbox/win/src/sharedmem_ipc_server.cc index a1b881e..3b5fe6c 100644 --- a/sandbox/win/src/sharedmem_ipc_server.cc +++ b/sandbox/win/src/sharedmem_ipc_server.cc @@ -178,7 +178,7 @@ bool GetArgs(CrossCallParamsEx* params, IPCParams* ipc_params, args[i] = data.release(); break; } - case ULONG_TYPE: { + case UINT32_TYPE: { uint32 data; if (!params->GetParameter32(i, &data)) { ReleaseArgs(ipc_params, args); diff --git a/sandbox/win/src/sync_dispatcher.cc b/sandbox/win/src/sync_dispatcher.cc index 18a0743..b83055d 100644 --- a/sandbox/win/src/sync_dispatcher.cc +++ b/sandbox/win/src/sync_dispatcher.cc @@ -20,12 +20,12 @@ namespace sandbox { SyncDispatcher::SyncDispatcher(PolicyBase* policy_base) : policy_base_(policy_base) { static const IPCCall create_params = { - {IPC_CREATEEVENT_TAG, WCHAR_TYPE, ULONG_TYPE, ULONG_TYPE}, + {IPC_CREATEEVENT_TAG, WCHAR_TYPE, UINT32_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>(&SyncDispatcher::CreateEvent) }; static const IPCCall open_params = { - {IPC_OPENEVENT_TAG, WCHAR_TYPE, ULONG_TYPE}, + {IPC_OPENEVENT_TAG, WCHAR_TYPE, UINT32_TYPE}, reinterpret_cast<CallbackGeneric>(&SyncDispatcher::OpenEvent) }; @@ -42,8 +42,10 @@ bool SyncDispatcher::SetupService(InterceptionManager* manager, INTERCEPT_NT(manager, NtOpenEvent, OPEN_EVENT_ID, 16); } -bool SyncDispatcher::CreateEvent(IPCInfo* ipc, base::string16* name, - DWORD event_type, DWORD initial_state) { +bool SyncDispatcher::CreateEvent(IPCInfo* ipc, + base::string16* name, + uint32 event_type, + uint32 initial_state) { const wchar_t* event_name = name->c_str(); CountedParameterSet<NameBased> params; params[NameBased::NAME] = ParamPickerMake(event_name); @@ -58,8 +60,9 @@ bool SyncDispatcher::CreateEvent(IPCInfo* ipc, base::string16* name, return true; } -bool SyncDispatcher::OpenEvent(IPCInfo* ipc, base::string16* name, - DWORD desired_access) { +bool SyncDispatcher::OpenEvent(IPCInfo* ipc, + base::string16* name, + uint32 desired_access) { const wchar_t* event_name = name->c_str(); CountedParameterSet<OpenEventParams> params; diff --git a/sandbox/win/src/sync_dispatcher.h b/sandbox/win/src/sync_dispatcher.h index db44ba4..56b5664 100644 --- a/sandbox/win/src/sync_dispatcher.h +++ b/sandbox/win/src/sync_dispatcher.h @@ -23,11 +23,13 @@ class SyncDispatcher : public Dispatcher { private: // Processes IPC requests coming from calls to CreateEvent in the target. - bool CreateEvent(IPCInfo* ipc, base::string16* name, DWORD event_type, - DWORD initial_state); + bool CreateEvent(IPCInfo* ipc, + base::string16* name, + uint32 event_type, + uint32 initial_state); // Processes IPC requests coming from calls to OpenEvent in the target. - bool OpenEvent(IPCInfo* ipc, base::string16* name, DWORD desired_access); + bool OpenEvent(IPCInfo* ipc, base::string16* name, uint32 desired_access); PolicyBase* policy_base_; DISALLOW_COPY_AND_ASSIGN(SyncDispatcher); diff --git a/sandbox/win/src/sync_interception.cc b/sandbox/win/src/sync_interception.cc index cafbcb0..da612a5 100644 --- a/sandbox/win/src/sync_interception.cc +++ b/sandbox/win/src/sync_interception.cc @@ -16,7 +16,7 @@ namespace sandbox { ResultCode ProxyCreateEvent(LPCWSTR name, - BOOL initial_state, + uint32 initial_state, EVENT_TYPE event_type, void* ipc_memory, CrossCallReturn* answer) { @@ -33,7 +33,7 @@ ResultCode ProxyCreateEvent(LPCWSTR name, } ResultCode ProxyOpenEvent(LPCWSTR name, - ACCESS_MASK desired_access, + uint32 desired_access, void* ipc_memory, CrossCallReturn* answer) { CountedParameterSet<OpenEventParams> params; diff --git a/sandbox/win/src/sync_policy.cc b/sandbox/win/src/sync_policy.cc index 75399e6..5c7e0fe 100644 --- a/sandbox/win/src/sync_policy.cc +++ b/sandbox/win/src/sync_policy.cc @@ -78,9 +78,9 @@ NTSTATUS ResolveSymbolicLink(const base::string16& directory_name, return status; } - target_path.Buffer = new wchar_t[target_length + 1]; target_path.Length = 0; - target_path.MaximumLength = target_length; + target_path.MaximumLength = static_cast<USHORT>(target_length); + target_path.Buffer = new wchar_t[target_path.MaximumLength + 1]; status = NtQuerySymbolicLinkObject(symbolic_link, &target_path, &target_length); if (status == STATUS_SUCCESS) { @@ -155,8 +155,8 @@ bool SyncPolicy::GenerateRules(const wchar_t* name, if (TargetPolicy::EVENTS_ALLOW_READONLY == semantics) { // We consider all flags that are not known to be readonly as potentially // used for write. - DWORD allowed_flags = SYNCHRONIZE | GENERIC_READ | READ_CONTROL; - DWORD restricted_flags = ~allowed_flags; + uint32 allowed_flags = SYNCHRONIZE | GENERIC_READ | READ_CONTROL; + uint32 restricted_flags = ~allowed_flags; open.AddNumberMatch(IF_NOT, OpenEventParams::ACCESS, restricted_flags, AND); } @@ -202,7 +202,8 @@ NTSTATUS SyncPolicy::CreateEventAction(EvalResult eval_result, HANDLE local_handle = NULL; status = NtCreateEvent(&local_handle, EVENT_ALL_ACCESS, &object_attributes, - static_cast<EVENT_TYPE>(event_type), initial_state); + static_cast<EVENT_TYPE>(event_type), + static_cast<BOOLEAN>(initial_state)); if (NULL == local_handle) return status; diff --git a/sandbox/win/tests/common/controller.cc b/sandbox/win/tests/common/controller.cc index bdf9627..0033400 100644 --- a/sandbox/win/tests/common/controller.cc +++ b/sandbox/win/tests/common/controller.cc @@ -181,7 +181,7 @@ int TestRunner::RunTest(const wchar_t* command) { return SBOX_TEST_INVALID_PARAMETER; wchar_t state_number[2]; - state_number[0] = L'0' + state_; + state_number[0] = static_cast<wchar_t>(L'0' + state_); state_number[1] = L'\0'; base::string16 full_command(state_number); full_command += L" "; |