| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/src/target_services.h" | 5 #include "sandbox/src/target_services.h" |
| 6 | 6 |
| 7 #include <process.h> | 7 #include <process.h> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "sandbox/src/crosscall_client.h" | 10 #include "sandbox/src/crosscall_client.h" |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 TargetServicesBase::TargetServicesBase() { | 64 TargetServicesBase::TargetServicesBase() { |
| 65 } | 65 } |
| 66 | 66 |
| 67 ResultCode TargetServicesBase::Init() { | 67 ResultCode TargetServicesBase::Init() { |
| 68 process_state_.SetInitCalled(); | 68 process_state_.SetInitCalled(); |
| 69 return SBOX_ALL_OK; | 69 return SBOX_ALL_OK; |
| 70 } | 70 } |
| 71 | 71 |
| 72 // Failure here is a breach of security so the process is terminated. | 72 // Failure here is a breach of security so the process is terminated. |
| 73 void TargetServicesBase::LowerToken() { | 73 void TargetServicesBase::LowerToken() { |
| 74 if (ERROR_SUCCESS != | 74 DWORD error_code = SetProcessIntegrityLevel(g_shared_delayed_integrity_level); |
| 75 SetProcessIntegrityLevel(g_shared_delayed_integrity_level)) | 75 // Here we don't terminate the process if the error is ERROR_INVALID_HANDLE, |
| 76 // this is because this error is not possible in normal circumstances, unless |
| 77 // it is hooked by sftldr_wow64.dll, in which case we prefer to keep running. |
| 78 // See http://crbug.com/95888. |
| 79 if (ERROR_SUCCESS != error_code && ERROR_INVALID_HANDLE != error_code) |
| 76 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_INTEGRITY); | 80 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_INTEGRITY); |
| 77 process_state_.SetRevertedToSelf(); | 81 process_state_.SetRevertedToSelf(); |
| 78 // If the client code as called RegOpenKey, advapi32.dll has cached some | 82 // If the client code as called RegOpenKey, advapi32.dll has cached some |
| 79 // handles. The following code gets rid of them. | 83 // handles. The following code gets rid of them. |
| 80 if (!::RevertToSelf()) | 84 if (!::RevertToSelf()) |
| 81 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_DROPTOKEN); | 85 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_DROPTOKEN); |
| 82 if (!FlushCachedRegHandles()) | 86 if (!FlushCachedRegHandles()) |
| 83 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_FLUSHANDLES); | 87 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_FLUSHANDLES); |
| 84 if (ERROR_SUCCESS != ::RegDisablePredefinedCache()) | 88 if (ERROR_SUCCESS != ::RegDisablePredefinedCache()) |
| 85 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CACHEDISABLE); | 89 ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CACHEDISABLE); |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 169 if (process_state_ < 2) | 173 if (process_state_ < 2) |
| 170 process_state_ = 2; | 174 process_state_ = 2; |
| 171 } | 175 } |
| 172 | 176 |
| 173 void ProcessState::SetRevertedToSelf() { | 177 void ProcessState::SetRevertedToSelf() { |
| 174 if (process_state_ < 3) | 178 if (process_state_ < 3) |
| 175 process_state_ = 3; | 179 process_state_ = 3; |
| 176 } | 180 } |
| 177 | 181 |
| 178 } // namespace sandbox | 182 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7857022:
Prevent the renderer from dying if launched under App-V/SoftGrid. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/