tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

47_add_back_query_file_semantics.patch (2737B)

      1 Adds back the ability to allow just querying of file attributes to the config.
      2 We currently use this for shader cache rules.
      3 
      4 diff --git a/sandbox/win/src/filesystem_policy.cc b/sandbox/win/src/filesystem_policy.cc
      5 --- a/sandbox/win/src/filesystem_policy.cc
      6 +++ b/sandbox/win/src/filesystem_policy.cc
      7 @@ -114,24 +114,27 @@ bool FileSystemPolicy::GenerateRules(con
      8                           GENERIC_EXECUTE | READ_CONTROL;
      9     DWORD restricted_flags = ~allowed_flags;
     10     open.AddNumberMatch(IF_NOT, OpenFile::ACCESS, restricted_flags, AND);
     11     open.AddNumberMatch(IF, OpenFile::OPENONLY, true, EQUAL);
     12     create.AddNumberMatch(IF_NOT, OpenFile::ACCESS, restricted_flags, AND);
     13     create.AddNumberMatch(IF, OpenFile::OPENONLY, true, EQUAL);
     14   }
     15 
     16 -  if (!create.AddStringMatch(IF, OpenFile::NAME, name, CASE_INSENSITIVE) ||
     17 -      !policy->AddRule(IpcTag::NTCREATEFILE, &create)) {
     18 -    return false;
     19 -  }
     20 +  // Create and open are not allowed for query.
     21 +  if (semantics != FileSemantics::kAllowQuery) {
     22 +    if (!create.AddStringMatch(IF, OpenFile::NAME, name, CASE_INSENSITIVE) ||
     23 +        !policy->AddRule(IpcTag::NTCREATEFILE, &create)) {
     24 +      return false;
     25 +    }
     26 
     27 -  if (!open.AddStringMatch(IF, OpenFile::NAME, name, CASE_INSENSITIVE) ||
     28 -      !policy->AddRule(IpcTag::NTOPENFILE, &open)) {
     29 -    return false;
     30 +    if (!open.AddStringMatch(IF, OpenFile::NAME, name, CASE_INSENSITIVE) ||
     31 +        !policy->AddRule(IpcTag::NTOPENFILE, &open)) {
     32 +      return false;
     33 +    }
     34   }
     35 
     36   if (!query.AddStringMatch(IF, OpenFile::NAME, name, CASE_INSENSITIVE) ||
     37       !policy->AddRule(IpcTag::NTQUERYATTRIBUTESFILE, &query)) {
     38     return false;
     39   }
     40 
     41   if (!query_full.AddStringMatch(IF, OpenFile::NAME, name, CASE_INSENSITIVE) ||
     42 diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h
     43 --- a/sandbox/win/src/sandbox_policy.h
     44 +++ b/sandbox/win/src/sandbox_policy.h
     45 @@ -28,16 +28,17 @@ enum class Desktop {
     46 };
     47 
     48 // Allowable semantics when an AllowFileAccess() rule is matched.
     49 enum class FileSemantics {
     50   kAllowAny,       // Allows open or create for any kind of access that
     51                    // the file system supports.
     52   kAllowReadonly,  // Allows open or create with read access only
     53                    // (includes access to query the attributes of a file).
     54 +  kAllowQuery,     // Allows access to query the attributes of a file.
     55 };
     56 
     57 // Policy configuration that can be shared over multiple targets of the same tag
     58 // (see BrokerServicesBase::CreatePolicy(tag)). Methods in TargetConfig will
     59 // only need to be called the first time a TargetPolicy object with a given tag
     60 // is configured.
     61 //
     62 // We need [[clang::lto_visibility_public]] because instances of this class are