Driver: Set max weight to Sublayer

2024-11-15 01:55:44 +00:00 · 2024-10-24 12:00:26 +05:00 · 2024-10-24 12:00:26 +05:00 · 31549f5987
commit 31549f5987
parent ee4a369257
6 changed files with 24 additions and 12 deletions
--- a/src/driver/common/fortprov.c
+++ b/src/driver/common/fortprov.c
@ -279,7 +279,7 @@ static void fort_prov_init_provider(void)
    boot_provider->flags = FWPM_PROVIDER_FLAG_PERSISTENT;
 }

-static void fort_prov_init_sublayer(void)
+static void fort_prov_init_sublayer(const FORT_PROV_INIT_CONF init_conf)
 {
    FWPM_SUBLAYER0 *sublayer = &g_provGlobal.sublayer;
    sublayer->flags = 0;
@ -287,18 +287,19 @@ static void fort_prov_init_sublayer(void)
    sublayer->displayData.name = (PWCHAR) L"FortSublayer";
    sublayer->displayData.description = (PWCHAR) L"Fort Firewall Sublayer";
    sublayer->providerKey = (GUID *) &FORT_GUID_PROVIDER;
+    sublayer->weight = init_conf.sublayer_weight;

    FWPM_SUBLAYER0 *boot_sublayer = &g_provGlobal.boot_sublayer;
    *boot_sublayer = *sublayer;
    boot_sublayer->flags = FWPM_SUBLAYER_FLAG_PERSISTENT;
 }

-FORT_API void fort_prov_init()
+FORT_API void fort_prov_init(const FORT_PROV_INIT_CONF init_conf)
 {
    RtlZeroMemory(&g_provGlobal, sizeof(g_provGlobal));

    fort_prov_init_provider();
-    fort_prov_init_sublayer();
+    fort_prov_init_sublayer(init_conf);

    fort_prov_init_callouts();

--- a/src/driver/common/fortprov.h
+++ b/src/driver/common/fortprov.h
@ -3,6 +3,13 @@

 #include "common.h"

+#define FORT_SUBLAYER_MAX_WEIGHT 0xFFFF
+
+typedef struct fort_prov_init_conf
+{
+    UINT16 sublayer_weight;
+} FORT_PROV_INIT_CONF, *PFORT_PROV_INIT_CONF;
+
 typedef struct fort_prov_boot_conf
 {
    union {
@ -26,7 +33,7 @@ typedef struct fort_prov_boot_conf
 extern "C" {
 #endif

-FORT_API void fort_prov_init(void);
+FORT_API void fort_prov_init(const FORT_PROV_INIT_CONF init_conf);

 FORT_API DWORD fort_prov_trans_open(HANDLE *engine);

--- a/src/driver/fortdev.c
+++ b/src/driver/fortdev.c
@ -407,7 +407,11 @@ static NTSTATUS fort_device_register_provider(void)
 {
    NTSTATUS status;

-    fort_prov_init();
+    const FORT_PROV_INIT_CONF init_conf = {
+        .sublayer_weight = (UINT16) fort_reg_value(L"sublayerWeight", FORT_SUBLAYER_MAX_WEIGHT),
+    };
+
+    fort_prov_init(init_conf);

    HANDLE engine;
    status = fort_prov_trans_open(&engine);
@ -418,7 +422,7 @@ static NTSTATUS fort_device_register_provider(void)

    if (!fort_prov_get_boot_conf(engine, &boot_conf)) {
        // Default flags from Registry
-        boot_conf.boot_filter = fort_reg_flag(L"bootFilter");
+        boot_conf.boot_filter = fort_reg_value(L"bootFilter", 0);
    }

    fort_device_flag_set(&fort_device()->conf, FORT_DEVICE_BOOT_FILTER, boot_conf.boot_filter);
--- a/src/driver/fortdrv.c
+++ b/src/driver/fortdrv.c
@ -33,7 +33,7 @@ static NTSTATUS fort_driver_create_device(PDRIVER_OBJECT driver)
    UNICODE_STRING device_name;
    RtlInitUnicodeString(&device_name, FORT_NT_DEVICE_NAME);

-    const BOOL isDriverNonAdmin = fort_reg_flag(L"isDriverNonAdmin") != 0;
+    const BOOL isDriverNonAdmin = fort_reg_value(L"isDriverNonAdmin", 0) != 0;
    const PCUNICODE_STRING sddl = (isDriverNonAdmin ? &SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RWX_RES_RWX
                                                    : &SDDL_DEVOBJ_SYS_ALL_ADM_ALL);

--- a/src/driver/fortutl.c
+++ b/src/driver/fortutl.c
@ -121,7 +121,7 @@ FORT_API NTSTATUS fort_driver_path(
    return status;
 }

-FORT_API DWORD fort_reg_flag(PCWSTR name)
+FORT_API DWORD fort_reg_value(PCWSTR name, DWORD defaultValue)
 {
    NTSTATUS status;

@ -134,19 +134,19 @@ FORT_API DWORD fort_reg_flag(PCWSTR name)
    InitializeObjectAttributes(
            &objectAttr, &regPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);

-    DWORD flagValue = 0;
+    DWORD value = 0;

    status = ZwOpenKey(&regKey, KEY_READ, &objectAttr);
    if (NT_SUCCESS(status)) {
        UNICODE_STRING valueName;
        RtlInitUnicodeString(&valueName, name);

-        status = fort_reg_value_dword(regKey, &valueName, &flagValue);
+        status = fort_reg_value_dword(regKey, &valueName, &value);

        ZwClose(regKey);
    }

-    return NT_SUCCESS(status) ? flagValue : 0;
+    return NT_SUCCESS(status) ? value : defaultValue;
 }

 static void fort_system_drive_init(PCUNICODE_STRING path)
--- a/src/driver/fortutl.h
+++ b/src/driver/fortutl.h
@ -12,7 +12,7 @@ extern "C" {
 FORT_API NTSTATUS fort_driver_path(
        PDRIVER_OBJECT driver, PUNICODE_STRING regPath, PUNICODE_STRING outPath);

-FORT_API DWORD fort_reg_flag(PCWSTR name);
+FORT_API DWORD fort_reg_value(PCWSTR name, DWORD defaultValue);

 FORT_API void fort_path_prefix_adjust(PUNICODE_STRING path);