Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(180)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_policy.cc

Issue 7648035: Make PrependWindowsSessionPath thread safe (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_policy.h" 5 #include "content/common/sandbox_policy.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/debug/debugger.h" 10 #include "base/debug/debugger.h"
(...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after
191 // Eviction of injected DLLs is done by the sandbox so that the injected module 191 // Eviction of injected DLLs is done by the sandbox so that the injected module
192 // does not get a chance to execute any code. 192 // does not get a chance to execute any code.
193 void AddDllEvictionPolicy(sandbox::TargetPolicy* policy) { 193 void AddDllEvictionPolicy(sandbox::TargetPolicy* policy) {
194 for (int ix = 0; ix != arraysize(kTroublesomeDlls); ++ix) 194 for (int ix = 0; ix != arraysize(kTroublesomeDlls); ++ix)
195 BlacklistAddOneDll(kTroublesomeDlls[ix], policy); 195 BlacklistAddOneDll(kTroublesomeDlls[ix], policy);
196 } 196 }
197 197
198 // Returns the object path prepended with the current logon session. 198 // Returns the object path prepended with the current logon session.
199 string16 PrependWindowsSessionPath(const char16* object) { 199 string16 PrependWindowsSessionPath(const char16* object) {
200 // Cache this because it can't change after process creation. 200 // Cache this because it can't change after process creation.
201 static string16* session_prefix = NULL; 201 uintptr_t s_session_id = 0;
202 if (!session_prefix) { 202 if (s_session_id == 0) {
203 HANDLE token; 203 HANDLE token;
204 DWORD session_id;
205 DWORD session_id_length; 204 DWORD session_id_length;
205 DWORD session_id = 0;
206 206
207 CHECK(::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &token)); 207 CHECK(::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &token));
208 CHECK(::GetTokenInformation(token, TokenSessionId, &session_id, 208 CHECK(::GetTokenInformation(token, TokenSessionId, &session_id,
209 sizeof(session_id), &session_id_length)); 209 sizeof(session_id), &session_id_length));
210 CloseHandle(token); 210 CloseHandle(token);
211 211 s_session_id = session_id;
212 session_prefix = new string16(base::StringPrintf(L"\\Sessions\\%d",
213 session_id));
214 } 212 }
215 213
216 return *session_prefix + object; 214 return base::StringPrintf(L"\\Sessions\\%d%ls", s_session_id, object);
217 } 215 }
218 216
219 // Closes handles that are opened at process creation and initialization. 217 // Closes handles that are opened at process creation and initialization.
220 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) { 218 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) {
221 // Being able to manipulate anything BaseNamedObjects is bad. 219 // Being able to manipulate anything BaseNamedObjects is bad.
222 policy->AddKernelObjectToClose(L"Directory", PrependWindowsSessionPath( 220 policy->AddKernelObjectToClose(L"Directory", PrependWindowsSessionPath(
223 L"\\BaseNamedObjects").data()); 221 L"\\BaseNamedObjects").data());
224 policy->AddKernelObjectToClose(L"Section", PrependWindowsSessionPath( 222 policy->AddKernelObjectToClose(L"Section", PrependWindowsSessionPath(
225 L"\\BaseNamedObjects\\windows_shell_global_counters").data()); 223 L"\\BaseNamedObjects\\windows_shell_global_counters").data());
226 } 224 }
(...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after
503 501
504 // Help the process a little. It can't start the debugger by itself if 502 // Help the process a little. It can't start the debugger by itself if
505 // the process is in a sandbox. 503 // the process is in a sandbox.
506 if (child_needs_help) 504 if (child_needs_help)
507 base::debug::SpawnDebuggerOnProcess(target.dwProcessId); 505 base::debug::SpawnDebuggerOnProcess(target.dwProcessId);
508 506
509 return process; 507 return process;
510 } 508 }
511 509
512 } // namespace sandbox 510 } // namespace sandbox
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698