blob: 2d1788aa59342a0f188560549b267b125e5c59c5 [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <limits>
#include <ostream>
#include <vector>
#include "chrome/chrome_cleaner/strings/string16_embedded_nulls.h"
#include "sandbox/win/src/nt_internals.h"
namespace chrome_cleaner_sandbox {
// Possible errors in native registry parameter strings (keys or values). Note
// that these strings allow embedded nulls, but must also be null terminated.
enum class NtRegistryParamError {
PathOutsideRegistry, // Only valid for keys.
// The maximum length the sandboxed scanner/cleaner APIs will accept for a
// registry key or value.
constexpr uint32_t kMaxRegistryParamLength =
// Initializes the given |unicode_string| with the character data stored in
// |data|.
// It is assumed that |data| is a null-terminated list of wchar_ts. |data| may
// also contain embedded NULL chars, making this a convenient alternative to
// RtlInitUnicodeString if you wish to handle data with embedded NULLs.
// It is important that whatever |data| points to outlives any usage
// of |unicode_string| since |unicode_string| will point into |data|'s buffer.
// It is also important that |data| not be modified after a call to this
// function.
void InitUnicodeString(UNICODE_STRING* unicode_string,
std::vector<wchar_t>* data);
// Returns true if |new_value| can be arrived at solely by deleting 0 or more
// characters from |old_value|.
bool ValidateRegistryValueChange(
const chrome_cleaner::String16EmbeddedNulls& old_value,
const chrome_cleaner::String16EmbeddedNulls& new_value);
// Checks for errors in a value parameter for a native registry function.
NtRegistryParamError ValidateNtRegistryValue(
const chrome_cleaner::String16EmbeddedNulls& param);
// Checks for errors in a native registry function parameter that is expected
// to be NULL-terminated (keys and value names).
NtRegistryParamError ValidateNtRegistryNullTerminatedParam(
const chrome_cleaner::String16EmbeddedNulls& param);
// Checks for errors in a native registry key path: all the errors detected by
// ValidateNtRegistryParam, plus if it's an absolute path it must be under
// \Registry.
NtRegistryParamError ValidateNtRegistryKey(
const chrome_cleaner::String16EmbeddedNulls& key);
// Format a native registry key, value or value name (which may contain
// embedded NULLs) for logging.
base::string16 FormatNtRegistryMemberForLogging(
const chrome_cleaner::String16EmbeddedNulls& key);
// Format NtRegistryParamError and write it to a stream for logging.
std::ostream& operator<<(std::ostream& os, NtRegistryParamError param_error);
// |key_name| must be a null-terminated list of wchar_ts, that may also include
// embedded nulls. |key_name| is not a const& since under the hood the native
// functions take non-const pointers.
NTSTATUS NativeCreateKey(HANDLE parent_key,
std::vector<wchar_t>* key_name,
HANDLE* out_handle,
ULONG* out_disposition);
// |key_name| must be a null-terminated string.
NTSTATUS NativeOpenKey(HANDLE parent_key,
const chrome_cleaner::String16EmbeddedNulls& key_name,
uint32_t dw_access,
HANDLE* out_handle);
// |value_name| and |value| must be null-terminated strings. |value_name| may be
// empty to signify setting |key|'s default value. |type| is one of the registry
// value types described here:
NTSTATUS NativeSetValueKey(
const chrome_cleaner::String16EmbeddedNulls& value_name,
ULONG type,
const chrome_cleaner::String16EmbeddedNulls& value);
// Retrieves the type and data of the value under |registry_handle| specified by
// |value_name| and places it them in |out_type| and |out_value|. Either or both
// of |out_type| and |out_value| may be null in which case they won't be
// returned. Returns true on success, false otherwise.
NTSTATUS NativeQueryValueKey(
const chrome_cleaner::String16EmbeddedNulls& value_name,
ULONG* out_type,
chrome_cleaner::String16EmbeddedNulls* out_value);
NTSTATUS NativeDeleteKey(HANDLE handle);
} // namespace chrome_cleaner_sandbox