diff --git a/xtoskrnl/CMakeLists.txt b/xtoskrnl/CMakeLists.txt index b7d7b17..5025097 100644 --- a/xtoskrnl/CMakeLists.txt +++ b/xtoskrnl/CMakeLists.txt @@ -113,7 +113,9 @@ list(APPEND XTOSKRNL_SOURCE ${XTOSKRNL_SOURCE_DIR}/rtl/string.cc ${XTOSKRNL_SOURCE_DIR}/rtl/time.cc ${XTOSKRNL_SOURCE_DIR}/rtl/unicode.cc - ${XTOSKRNL_SOURCE_DIR}/rtl/widestr.cc) + ${XTOSKRNL_SOURCE_DIR}/rtl/widestr.cc + ${XTOSKRNL_SOURCE_DIR}/se/descript.cc + ${XTOSKRNL_SOURCE_DIR}/se/privileg.cc) # Set module definition SPEC file set_specfile(xtoskrnl.spec xtoskrnl.exe) diff --git a/xtoskrnl/includes/se.hh b/xtoskrnl/includes/se.hh new file mode 100644 index 0000000..75ef5bf --- /dev/null +++ b/xtoskrnl/includes/se.hh @@ -0,0 +1,18 @@ +/** + * PROJECT: ExectOS + * COPYRIGHT: See COPYING.md in the top level directory + * FILE: xtoskrnl/includes/se.hh + * DESCRIPTION: Kernel Security + * DEVELOPERS: Aiken Harris + */ + +#ifndef __XTOSKRNL_SE_HH +#define __XTOSKRNL_SE_HH + +#include + +#include +#include + + +#endif /* __XTOSKRNL_SE_HH */ diff --git a/xtoskrnl/includes/se/descript.hh b/xtoskrnl/includes/se/descript.hh new file mode 100644 index 0000000..5a4c87d --- /dev/null +++ b/xtoskrnl/includes/se/descript.hh @@ -0,0 +1,35 @@ +/** + * PROJECT: ExectOS + * COPYRIGHT: See COPYING.md in the top level directory + * FILE: xtoskrnl/includes/se/descript.hh + * DESCRIPTION: Security Descriptors + * DEVELOPERS: Aiken Harris + */ + +#ifndef __XTOSKRNL_SE_DESCRIPT_HH +#define __XTOSKRNL_SE_DESCRIPT_HH + +#include + + +/* Kernel Security */ +namespace SE +{ + class Descriptor + { + public: + STATIC XTAPI XTSTATUS CaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputDescriptor, + IN KPROCESSOR_MODE ProcessorMode, + IN MMPOOL_TYPE PoolType, + IN BOOLEAN ForceCapture, + OUT PSECURITY_DESCRIPTOR *OutputDescriptor); + STATIC XTFASTCALL ULONG ComputeSecurityQuota(IN ULONG Size); + STATIC XTAPI XTSTATUS ComputeQuotaInformationSize(IN PSECURITY_DESCRIPTOR SecurityDescriptor, + OUT PULONG QuotaSize); + STATIC XTAPI VOID ReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR Descriptor, + IN KPROCESSOR_MODE ProcessorMode, + IN BOOLEAN ForceRelease); + }; +} + +#endif /* __XTOSKRNL_SE_DESCRIPT_HH */ diff --git a/xtoskrnl/includes/se/privileg.hh b/xtoskrnl/includes/se/privileg.hh new file mode 100644 index 0000000..0cebb56 --- /dev/null +++ b/xtoskrnl/includes/se/privileg.hh @@ -0,0 +1,27 @@ +/** + * PROJECT: ExectOS + * COPYRIGHT: See COPYING.md in the top level directory + * FILE: xtoskrnl/includes/se/privileg.hh + * DESCRIPTION: Privileges Management + * DEVELOPERS: Aiken Harris + */ + +#ifndef __XTOSKRNL_SE_PRIVILEG_HH +#define __XTOSKRNL_SE_PRIVILEG_HH + +#include + + +/* Kernel Security */ +namespace SE +{ + class Privileges + { + + public: + STATIC XTAPI BOOLEAN CheckSinglePrivilege(LUID PrivilegeValue, + KPROCESSOR_MODE ProcessorMode); + }; +} + +#endif /* __XTOSKRNL_SE_PRIVILEG_HH */ diff --git a/xtoskrnl/includes/xtos.hh b/xtoskrnl/includes/xtos.hh index 368357c..a14e6ca 100644 --- a/xtoskrnl/includes/xtos.hh +++ b/xtoskrnl/includes/xtos.hh @@ -26,3 +26,4 @@ #include #include #include +#include diff --git a/xtoskrnl/se/descript.cc b/xtoskrnl/se/descript.cc new file mode 100644 index 0000000..0a4e3c7 --- /dev/null +++ b/xtoskrnl/se/descript.cc @@ -0,0 +1,127 @@ +/** + * PROJECT: ExectOS + * COPYRIGHT: See COPYING.md in the top level directory + * FILE: xtoskrnl/se/descript.cc + * DESCRIPTION: Security Descriptors + * DEVELOPERS: Aiken Harris + */ + +#include + + +/** +* Creates a safe kernel-space copy of a security descriptor to prevent TOC/TOU vulnerabilities. +* +* @param InputDescriptor +* Supplies a pointer to the original security descriptor to be captured. +* +* @param ProcessorMode +* Supplies the processor mode from which the request originated. +* +* @param PoolType +* Supplies the type of memory pool to allocate the captured copy from. +* +* @param ForceCapture +* Supplies a boolean value indicating whether to force the capture in kernel mode. +* +* @param OutputDescriptor +* Supplies a pointer to a variable that receives the safely captured security descriptor. +* +* @return This routine returns a status code indicating the success or failure of the operation. +* +* @since XT 1.0 +*/ +XTAPI +XTSTATUS +SE::Descriptor::CaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputDescriptor, + IN KPROCESSOR_MODE ProcessorMode, + IN MMPOOL_TYPE PoolType, + IN BOOLEAN ForceCapture, + OUT PSECURITY_DESCRIPTOR *OutputDescriptor) +{ + UNIMPLEMENTED; + + /* Return success */ + return STATUS_SUCCESS; +} + +/** + * Computes the memory quota required for a security descriptor. + * + * @param Size + * Supplies the base size of the security information in bytes. + * + * @return This routine returns the computed security quota in bytes. + * + * @since XT 1.0 + */ +XTFASTCALL +ULONG +SE::Descriptor::ComputeSecurityQuota(IN ULONG Size) +{ + ULONG ComputedSize; + + /* Calculate double the base size */ + ComputedSize = Size * 2; + + /* Ensure the allocated quota meets the minimum default system threshold */ + return (ComputedSize > SE_DEFAULT_SECURITY_QUOTA) ? ComputedSize : SE_DEFAULT_SECURITY_QUOTA; +} + +/** +* Calculates the exact memory footprint of a security descriptor for quota accounting. +* +* @param SecurityDescriptor +* Supplies a pointer to a valid, captured security descriptor. +* +* @param QuotaSize +* Supplies a pointer to a variable that receives the calculated quota size in bytes. +* +* @return This routine returns a status code indicating the success or failure of the operation. +* +* @since XT 1.0 +*/ +XTAPI +XTSTATUS +SE::Descriptor::ComputeQuotaInformationSize(IN PSECURITY_DESCRIPTOR SecurityDescriptor, + OUT PULONG QuotaSize) +{ + UNIMPLEMENTED; + + /* Return success */ + return STATUS_SUCCESS; +} + +/** +* Frees the memory of a captured security descriptor. +* +* @param Descriptor +* Supplies a pointer to the captured security descriptor to be released. +* +* @param ProcessorMode +* Supplies the processor mode that was originally used to capture the descriptor. +* +* @param ForceRelease +* Supplies a boolean value indicating whether to force the deallocation. +* +* @return This routine does not return any value. +* +* @since XT 1.0 +*/ +XTAPI +VOID +SE::Descriptor::ReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR Descriptor, + IN KPROCESSOR_MODE ProcessorMode, + IN BOOLEAN ForceRelease) +{ + /* Check if the descriptor should be released */ + if(((ProcessorMode == KernelMode) && (ForceRelease == TRUE)) || (ProcessorMode == UserMode)) + { + /* Ensure the descriptor is valid */ + if(Descriptor) + { + /* Free the descriptor */ + MM::Allocator::FreePool(Descriptor, TAG_SE_DESCRIPTOR); + } + } +} diff --git a/xtoskrnl/se/privileg.cc b/xtoskrnl/se/privileg.cc new file mode 100644 index 0000000..cdcfa6c --- /dev/null +++ b/xtoskrnl/se/privileg.cc @@ -0,0 +1,34 @@ +/** + * PROJECT: ExectOS + * COPYRIGHT: See COPYING.md in the top level directory + * FILE: xtoskrnl/se/privileg.cc + * DESCRIPTION: Privileges Management + * DEVELOPERS: Aiken Harris + */ + +#include + + +/** +* Checks if the current thread's access token holds a specific privilege. +* +* @param PrivilegeValue +* Supplies the locally unique identifier (LUID) of the privilege to check. +* +* @param ProcessorMode +* Supplies the processor mode from which the request originated. +* +* @return This routine returns TRUE if the privilege is held, or FALSE otherwise. +* +* @since XT 1.0 +*/ +XTAPI +BOOLEAN +SE::Privileges::CheckSinglePrivilege(LUID PrivilegeValue, + KPROCESSOR_MODE ProcessorMode) +{ + UNIMPLEMENTED; + + /* Return TRUE */ + return TRUE; +}