| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "sandbox/src/window.h" |
| 6 |
| 7 #include <aclapi.h> |
| 8 |
| 9 #include "base/logging.h" |
| 10 #include "base/scoped_ptr.h" |
| 11 |
| 12 namespace { |
| 13 |
| 14 // Gets the security attributes of a window object referenced by |handle|. The |
| 15 // lpSecurityDescriptor member of the SECURITY_ATTRIBUTES parameter returned |
| 16 // must be freed using LocalFree by the caller. |
| 17 bool GetSecurityAttributes(HANDLE handle, SECURITY_ATTRIBUTES* attributes) { |
| 18 attributes->bInheritHandle = FALSE; |
| 19 attributes->nLength = sizeof(SECURITY_ATTRIBUTES); |
| 20 |
| 21 PACL dacl = NULL; |
| 22 DWORD result = ::GetSecurityInfo(handle, SE_WINDOW_OBJECT, |
| 23 DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, |
| 24 NULL, &attributes->lpSecurityDescriptor); |
| 25 if (ERROR_SUCCESS == result) |
| 26 return true; |
| 27 |
| 28 return false; |
| 29 } |
| 30 |
| 31 } |
| 32 |
| 33 namespace sandbox { |
| 34 |
| 35 ResultCode CreateAltWindowStation(HWINSTA* winsta) { |
| 36 // Get the security attributes from the current window station; we will |
| 37 // use this as the base security attributes for the new window station. |
| 38 SECURITY_ATTRIBUTES attributes = {0}; |
| 39 if (!GetSecurityAttributes(::GetProcessWindowStation(), &attributes)) { |
| 40 return SBOX_ERROR_CANNOT_CREATE_WINSTATION; |
| 41 } |
| 42 |
| 43 // Create the window station using NULL for the name to ask the os to |
| 44 // generate it. |
| 45 // TODO(nsylvain): don't ask for WINSTA_ALL_ACCESS if we don't need to. |
| 46 *winsta = ::CreateWindowStationW(NULL, 0, WINSTA_ALL_ACCESS, &attributes); |
| 47 LocalFree(attributes.lpSecurityDescriptor); |
| 48 |
| 49 if (*winsta) |
| 50 return SBOX_ALL_OK; |
| 51 |
| 52 return SBOX_ERROR_CANNOT_CREATE_WINSTATION; |
| 53 } |
| 54 |
| 55 ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop) { |
| 56 std::wstring desktop_name = L"sbox_alternate_desktop_"; |
| 57 |
| 58 // Append the current PID to the desktop name. |
| 59 wchar_t buffer[16]; |
| 60 _snwprintf_s(buffer, sizeof(buffer) / sizeof(wchar_t), L"0x%X", |
| 61 ::GetCurrentProcessId()); |
| 62 desktop_name += buffer; |
| 63 |
| 64 // Get the security attributes from the current desktop, we will use this as |
| 65 // the base security attributes for the new desktop. |
| 66 SECURITY_ATTRIBUTES attributes = {0}; |
| 67 if (!GetSecurityAttributes(GetThreadDesktop(GetCurrentThreadId()), |
| 68 &attributes)) { |
| 69 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; |
| 70 } |
| 71 |
| 72 // Back up the current window station, in case we need to switch it. |
| 73 HWINSTA current_winsta = ::GetProcessWindowStation(); |
| 74 |
| 75 if (winsta) { |
| 76 // We need to switch to the alternate window station before creating the |
| 77 // desktop. |
| 78 if (!::SetProcessWindowStation(winsta)) { |
| 79 ::LocalFree(attributes.lpSecurityDescriptor); |
| 80 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; |
| 81 } |
| 82 } |
| 83 |
| 84 // Create the destkop. |
| 85 // TODO(nsylvain): don't ask for GENERIC_ALL if we don't need to. |
| 86 *desktop = ::CreateDesktop(desktop_name.c_str(), NULL, NULL, 0, GENERIC_ALL, |
| 87 &attributes); |
| 88 ::LocalFree(attributes.lpSecurityDescriptor); |
| 89 |
| 90 if (winsta) { |
| 91 // Revert to the right window station. |
| 92 if (!::SetProcessWindowStation(current_winsta)) { |
| 93 return SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION; |
| 94 } |
| 95 } |
| 96 |
| 97 if (*desktop) |
| 98 return SBOX_ALL_OK; |
| 99 |
| 100 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; |
| 101 } |
| 102 |
| 103 std::wstring GetWindowObjectName(HANDLE handle) { |
| 104 // Get the size of the name. |
| 105 DWORD size = 0; |
| 106 ::GetUserObjectInformation(handle, UOI_NAME, NULL, 0, &size); |
| 107 |
| 108 if (!size) { |
| 109 NOTREACHED(); |
| 110 return std::wstring(); |
| 111 } |
| 112 |
| 113 // Create the buffer that will hold the name. |
| 114 scoped_ptr<wchar_t> name_buffer(new wchar_t[size]); |
| 115 |
| 116 // Query the name of the object. |
| 117 if (!::GetUserObjectInformation(handle, UOI_NAME, name_buffer.get(), size, |
| 118 &size)) { |
| 119 NOTREACHED(); |
| 120 return std::wstring(); |
| 121 } |
| 122 |
| 123 return std::wstring(name_buffer.get()); |
| 124 } |
| 125 |
| 126 std::wstring GetFullDesktopName(HWINSTA winsta, HDESK desktop) { |
| 127 if (!desktop) { |
| 128 NOTREACHED(); |
| 129 return std::wstring(); |
| 130 } |
| 131 |
| 132 std::wstring name; |
| 133 if (winsta) { |
| 134 name = GetWindowObjectName(winsta); |
| 135 name += L'\\'; |
| 136 } |
| 137 |
| 138 name += GetWindowObjectName(desktop); |
| 139 return name; |
| 140 } |
| 141 |
| 142 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 113190:
Add support for alternate window station. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/