/* --- PUBLIC FUNCTIONS ----------------------------------------------------- */
void PLUGIN_GENERIC_HELP(
_In_ PLUGIN_API_TABLE const * const api
) {
API_LOG(Bypass, _T("Keeps ACE with an InheritedObjectType matching the one specified in the <inhobjtype> plugin option"));
API_LOG(Bypass, _T("If <inhobjtype> is not specified, keeps Object-ACE with an empty InheritedObjectType"));
API_LOG(Bypass, _T("<inhobjtype> must be a GUID, enclosed or not in curly braces"));
}
/* --- PUBLIC FUNCTIONS ----------------------------------------------------- */
void PLUGIN_GENERIC_HELP(
_In_ PLUGIN_API_TABLE const * const api
) {
API_LOG(Bypass, _T("Specify the DN or SID of the trustee to be filtered with the <trustee> plugin option (no default)"));
API_LOG(Bypass, _T("If a SID is specified, it musts start with <%s> to be valid"), SID_STR_PREFIX);
API_LOG(Bypass, _T("ACE granting permissions to trustees matching the specified values are kept."));
}
/* --- PUBLIC FUNCTIONS ----------------------------------------------------- */
void PLUGIN_GENERIC_HELP(
_In_ PLUGIN_API_TABLE const * const api
) {
API_LOG(Bypass, _T("Specify the outfile with the <msrout> plugin option"));
API_LOG(Bypass, _T("The default outfile is <%s>"), DEFAULT_MSR_OUTFILE);
API_LOG(Bypass, _T("Some filters does not associate 'relations' (and the corresponding keywords) to ACE they filter,"));
API_LOG(Bypass, _T("in this case, the generic relation keyword is used in the msr outfile : <%s>"), DEFAULT_MSR_NO_RELATION_KEYWORD);
}
/* --- PUBLIC FUNCTIONS ----------------------------------------------------- */
void PLUGIN_GENERIC_HELP(
_In_ PLUGIN_API_TABLE const * const api
) {
API_LOG(Bypass, _T("Keeps ACE allowing control relations on files. Currently checked control relations are :"));
API_LOG(Bypass, _T("- Generic rights : GENERIC_ALL, GENERIC_WRITE"));
API_LOG(Bypass, _T("- Standard rights : WRITE_DAC, WRITE_OWNER"));
API_LOG(Bypass, _T("- Specific rights : FILE_WRITE_DATA/FILE_ADD_FILE, FILE_APPEND_DATA/FILE_ADD_SUBDIRECTORY"));
API_LOG(Bypass, _T("This filter set 'relations' on the ACE, and must be combined with the MSR writer for these relations to be outputed."));
}
BOOL PLUGIN_GENERIC_INITIALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
BOOL bResult = FALSE;
PTCHAR pptAttrsListForCsv[MMR_OUTFILE_HEADER_COUNT] = MMR_OUTFILE_HEADER;
bResult = ApiHeapCreateX(&gs_hHeapMasterSlave, MASTERMAILBOX_HEAP_NAME, NULL);
if (API_FAILED(bResult)) {
return ERROR_VALUE;
}
gs_outfileName = api->Common.GetPluginOption(_T("mmrout"), FALSE);
if (!gs_outfileName) {
gs_outfileName = DEFAULT_MMR_OUTFILE;
}
gs_outDenyfileName = ApiHeapAllocX(gs_hHeapMasterSlave, (DWORD)((_tcslen(gs_outfileName) + 10) * sizeof(TCHAR)));
_stprintf_s(gs_outDenyfileName, _tcslen(gs_outfileName) + 10, _T("%s.deny.csv"), gs_outfileName);
API_LOG(Info, _T("Outfiles are <%s>/<%s>"), gs_outfileName, gs_outDenyfileName);
bResult = api->InputCsv.CsvOpenWrite(gs_outfileName, MMR_OUTFILE_HEADER_COUNT, pptAttrsListForCsv, &gs_hOutfile);
if (!bResult) {
API_FATAL(_T("Failed to open CSV outfile <%s>: <err:%#08x>"), gs_outfileName, api->InputCsv.CsvGetLastError(gs_hOutfile));
}
bResult = api->InputCsv.CsvOpenWrite(gs_outDenyfileName, MMR_OUTFILE_HEADER_COUNT, pptAttrsListForCsv, &gs_hOutDenyfile);
if (!bResult) {
API_FATAL(_T("Failed to open CSV outfile <%s>: <err:%#08x>"), gs_outDenyfileName, api->InputCsv.CsvGetLastError(gs_hOutDenyfile));
}
return TRUE;
}
BOOL PLUGIN_WRITER_WRITEACE(
_In_ PLUGIN_API_TABLE const * const api,
_Inout_ PIMPORTED_ACE ace
) {
DWORD i = 0;
DWORD relCount = 0;
LPTSTR resolvedTrustee = NULL;
LPTSTR resolvedMail = NULL;
resolvedTrustee = api->Resolver.ResolverGetAceTrusteeStr(ace);
resolvedMail = api->Resolver.ResolverGetAceObjectMail(ace);
if (!resolvedMail) {
API_LOG(Dbg, _T("Object has mbx sd without mail address : <%s>"), ace->imported.objectDn);
return TRUE;
}
for (i = 0; i < ACE_REL_COUNT; i++) {
if (HAS_RELATION(ace, i)) {
relCount++;
if (IS_ALLOWED_ACE(ace->imported.raw))
WriteRelation(api, resolvedTrustee, resolvedMail, api->Ace.GetAceRelationStr(i), gs_hOutfile);
else
WriteRelation(api, resolvedTrustee, resolvedMail, api->Ace.GetAceRelationStr(i), gs_hOutDenyfile);
}
}
return TRUE;
}
BOOL PLUGIN_GENERIC_FINALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
if (!CloseHandle(gs_hOutfile)) {
API_LOG(Err, _T("Failed to close outfile handle : <%u>"), GetLastError());
return FALSE;
}
return TRUE;
}
BOOL PLUGIN_GENERIC_INITIALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
BOOL bResult = FALSE;
LPTSTR trustee = api->Common.GetPluginOption(_T("trustee"), TRUE);
if (_tcsncmp(SID_STR_PREFIX, trustee, strlen(SID_STR_PREFIX)) == 0) {
bResult = ConvertStringSidToSid(trustee, &gs_TrusteeFilter);
if (!bResult) {
API_FATAL(_T("Failed to convert SID <%s> to its binary form : <%u>"), trustee, GetLastError());
}
API_LOG(Info, _T("Filtering trustee by SID <%s>"), trustee);
}
else {
// Resolution will take place later since resolver has not been activated yet
gs_TrusteeDnFilter = trustee;
API_LOG(Info, _T("Filtering trustee by DN <%s>"), trustee);
}
return TRUE;
}
static void camrea_flash_set_enable(struct camera_flash_dev *dev, int value)
{
API_LOG("%s(%d) \n", __func__, value);
if( value == 1 )
{
camera_flash_test_mode_led_trigger(MSM_CAMERA_LED_LOW);
}
else
{
camera_flash_test_mode_led_trigger(MSM_CAMERA_LED_OFF);
}
}
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */
static void WriteRelation(
_In_ PLUGIN_API_TABLE const * const api,
_In_ LPTSTR master,
_In_ LPTSTR slave,
_In_ LPTSTR relationKeyword
) {
TCHAR outline[MAX_LINE] = { 0 };
DWORD dwWritten = 0;
BOOL bResult = FALSE;
int size = 0;
size = _stprintf_s(outline, _countof(outline)-1, MSR_OUTFILE_FORMAT, master, slave, relationKeyword);
if (size == -1) {
API_LOG(Err, _T("Failed to format outline <%s : %s>"), master, slave);
return;
}
else {
bResult = WriteFile(gs_hOutfile, outline, size, &dwWritten, NULL);
if (!bResult) {
API_LOG(Err, _T("Failed to write outline <%s : %s>"), master, slave);
}
}
}
BOOL PLUGIN_GENERIC_INITIALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
BOOL bResult = FALSE;
LPTSTR inhobjty = api->Common.GetPluginOption(_T("inhobjtype"), FALSE);
// TODO : guid resolution from resolved str form could be nice here
if (!inhobjty) {
API_LOG(Info, _T("Filtering empty inheritedObjectType"));
gs_EmptyInhObjType = TRUE;
}
else {
bResult = api->Common.ConvertStrGuidToGuid(inhobjty, &gs_InhObjectTypeFilter);
gs_EmptyInhObjType = FALSE;
if (bResult != NOERROR) {
API_FATAL(_T("Error while converting inherited object type guid <%s> to its binary form : <%#08x)"), inhobjty, bResult);
}
else {
API_LOG(Info, _T("Filtering inheritedObjectType <%s>"), inhobjty);
}
}
return TRUE;
}
BOOL PLUGIN_GENERIC_FINALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
BOOL bResult = FALSE;
if (!api->InputCsv.CsvClose(&gs_hOutfile) || !api->InputCsv.CsvClose(&gs_hOutDenyfile)) {
API_LOG(Err, _T("Failed to close outfiles handles : <%u>"), GetLastError());
return FALSE;
}
bResult = ApiHeapDestroyX(&gs_hHeapMasterSlave);
if (API_FAILED(bResult)) {
return ERROR_VALUE;
}
return TRUE;
}
BOOL PLUGIN_GENERIC_INITIALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
DWORD dwWritten = 0;
BOOL bResult = FALSE;
gs_outfileName = api->Common.GetPluginOption(_T("msrout"), FALSE);
if (!gs_outfileName) {
gs_outfileName = DEFAULT_MSR_OUTFILE;
}
API_LOG(Info, _T("Outfile is <%s>"), gs_outfileName);
gs_hOutfile = CreateFile(gs_outfileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_TEMPORARY, NULL);
if (gs_hOutfile == INVALID_HANDLE_VALUE) {
API_FATAL(_T("Failed to create outfile <%s> : <%u>"), gs_outfileName, GetLastError());
}
bResult = WriteFile(gs_hOutfile, MSR_OUTFILE_HEADER, (DWORD)_tcslen(MSR_OUTFILE_HEADER), &dwWritten, NULL);
if (!bResult) {
API_FATAL(_T("Failed to write header to outfile <%s> : <%u>"), gs_outfileName, GetLastError());
}
return TRUE;
}
static int camrea_flash_get_select(struct camera_flash_dev *dev)
{
API_LOG("%s() \n", __func__);
return(cabl_mode);
}
BOOL PLUGIN_FILTER_FILTERACE(
_In_ PLUGIN_API_TABLE const * const api,
_Inout_ PIMPORTED_ACE ace
) {
/*
- Generic rights :
--- GENERIC_WRITE
--- GENERIC_ALL
- Standards rights :
--- WRITE_DAC
--- WRITE_OWNER
- Files Specific rights (file/dir) :
--- FILE_WRITE_DATA / FILE_ADD_FILE
--- FILE_APPEND_DATA / FILE_ADD_SUBDIRECTORY
*/
DWORD dwAccessMask = 0;
DWORD i = 0;
//
// Get properties
//
dwAccessMask = api->Ace.GetAccessMask(ace);
//
// Control case : Generic right GENERIC_WRITE
//
if (dwAccessMask & ADS_RIGHT_GENERIC_WRITE)
SET_RELATION(ace, GEN_RIGHT_WRITE);
//
// Control case : Generic right GENERIC_ALL
//
if (dwAccessMask & ADS_RIGHT_GENERIC_ALL)
SET_RELATION(ace, GEN_RIGHT_ALL);
//
// Control case : Standard right WRITE_DAC
//
if (dwAccessMask & ADS_RIGHT_WRITE_DAC)
SET_RELATION(ace, STAND_RIGHT_WRITE_DAC);
//
// Control case : Standard right WRITE_OWNER
//
if (dwAccessMask & ADS_RIGHT_WRITE_OWNER)
SET_RELATION(ace, STAND_RIGHT_WRITE_OWNER);
//
// Control case : Specific right FILE_WRITE_DATA / FILE_ADD_FILE
//
if (dwAccessMask & FILE_WRITEDATA_ADDFILE)
SET_RELATION(ace, FS_RIGHT_WRITEDATA_ADDFILE);
//
// Control case : Specific right FILE_APPEND_DATA / FILE_ADD_SUBDIRECTORY
//
if (dwAccessMask & FILE_APPENDDATA_ADDSUBDIR)
SET_RELATION(ace, FS_RIGHT_APPENDDATA_ADDSUBDIR);
//
// Only "*_ALLOWED_*" ace types can allow control
// But DENY ace on control parameters cannot be processed on a per-ace model in the control paths approach
//
if (!IS_ALLOWED_ACE(ace->imported.raw)) {
for (i = 0; i < ACE_REL_COUNT; i++) {
if (HAS_RELATION(ace, i)) {
API_LOG(Succ, _T("<%s> control is limited by a DENY %s ACE on object <%s>"), api->Resolver.ResolverGetAceTrusteeStr(ace), api->Ace.GetAceRelationStr(i), api->Resolver.ResolverGetAceObject(ace)->imported.dn);
}
}
return FALSE;
}
for (i = 0; i < ACE_REL_COUNT; i++) {
if (HAS_RELATION(ace, i)) {
return TRUE;
}
}
return FALSE;
}
