OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/src/acl.h" | 5 #include "sandbox/src/acl.h" |
6 | 6 |
7 #include <aclapi.h> | 7 #include <aclapi.h> |
8 #include <sddl.h> | 8 #include <sddl.h> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 | 11 |
12 namespace sandbox { | 12 namespace sandbox { |
13 | 13 |
14 bool GetDefaultDacl(HANDLE token, | 14 bool GetDefaultDacl(HANDLE token, |
15 scoped_ptr<TOKEN_DEFAULT_DACL>* default_dacl) { | 15 scoped_ptr_malloc<TOKEN_DEFAULT_DACL>* default_dacl) { |
16 if (token == NULL) | 16 if (token == NULL) |
17 return false; | 17 return false; |
18 | 18 |
19 DCHECK(default_dacl != NULL); | 19 DCHECK(default_dacl != NULL); |
20 | 20 |
21 unsigned long length = 0; | 21 unsigned long length = 0; |
22 ::GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &length); | 22 ::GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &length); |
23 if (length == 0) { | 23 if (length == 0) { |
24 NOTREACHED(); | 24 NOTREACHED(); |
25 return false; | 25 return false; |
26 } | 26 } |
27 | 27 |
28 TOKEN_DEFAULT_DACL* acl = | 28 TOKEN_DEFAULT_DACL* acl = |
29 reinterpret_cast<TOKEN_DEFAULT_DACL*>(new char[length]); | 29 reinterpret_cast<TOKEN_DEFAULT_DACL*>(malloc(length)); |
30 default_dacl->reset(acl); | 30 default_dacl->reset(acl); |
31 | 31 |
32 if (!::GetTokenInformation(token, TokenDefaultDacl, default_dacl->get(), | 32 if (!::GetTokenInformation(token, TokenDefaultDacl, default_dacl->get(), |
33 length, &length)) | 33 length, &length)) |
34 return false; | 34 return false; |
35 | 35 |
36 return true; | 36 return true; |
37 } | 37 } |
38 | 38 |
39 bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MASK access, | 39 bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MASK access, |
(...skipping 12 matching lines...) Expand all Loading... |
52 if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &new_access, old_dacl, new_dacl)) | 52 if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &new_access, old_dacl, new_dacl)) |
53 return false; | 53 return false; |
54 | 54 |
55 return true; | 55 return true; |
56 } | 56 } |
57 | 57 |
58 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access) { | 58 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access) { |
59 if (token == NULL) | 59 if (token == NULL) |
60 return false; | 60 return false; |
61 | 61 |
62 scoped_ptr<TOKEN_DEFAULT_DACL> default_dacl; | 62 scoped_ptr_malloc<TOKEN_DEFAULT_DACL> default_dacl; |
63 if (!GetDefaultDacl(token, &default_dacl)) | 63 if (!GetDefaultDacl(token, &default_dacl)) |
64 return false; | 64 return false; |
65 | 65 |
66 ACL* new_dacl = NULL; | 66 ACL* new_dacl = NULL; |
67 if (!AddSidToDacl(sid, default_dacl->DefaultDacl, access, &new_dacl)) | 67 if (!AddSidToDacl(sid, default_dacl->DefaultDacl, access, &new_dacl)) |
68 return false; | 68 return false; |
69 | 69 |
70 TOKEN_DEFAULT_DACL new_token_dacl = {0}; | 70 TOKEN_DEFAULT_DACL new_token_dacl = {0}; |
71 new_token_dacl.DefaultDacl = new_dacl; | 71 new_token_dacl.DefaultDacl = new_dacl; |
72 | 72 |
73 BOOL ret = ::SetTokenInformation(token, TokenDefaultDacl, &new_token_dacl, | 73 BOOL ret = ::SetTokenInformation(token, TokenDefaultDacl, &new_token_dacl, |
74 sizeof(new_token_dacl)); | 74 sizeof(new_token_dacl)); |
75 ::LocalFree(new_dacl); | 75 ::LocalFree(new_dacl); |
76 return (TRUE == ret); | 76 return (TRUE == ret); |
77 } | 77 } |
78 | 78 |
79 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access) { | 79 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access) { |
80 DWORD size = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; | 80 DWORD size = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; |
81 TOKEN_USER* token_user = reinterpret_cast<TOKEN_USER*>(new BYTE[size]); | 81 TOKEN_USER* token_user = reinterpret_cast<TOKEN_USER*>(malloc(size)); |
82 | 82 |
83 scoped_ptr<TOKEN_USER> token_user_ptr(token_user); | 83 scoped_ptr_malloc<TOKEN_USER> token_user_ptr(token_user); |
84 | 84 |
85 if (!::GetTokenInformation(token, TokenUser, token_user, size, &size)) | 85 if (!::GetTokenInformation(token, TokenUser, token_user, size, &size)) |
86 return false; | 86 return false; |
87 | 87 |
88 return AddSidToDefaultDacl(token, | 88 return AddSidToDefaultDacl(token, |
89 reinterpret_cast<SID*>(token_user->User.Sid), | 89 reinterpret_cast<SID*>(token_user->User.Sid), |
90 access); | 90 access); |
91 } | 91 } |
92 | 92 |
93 bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid, | 93 bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid, |
(...skipping 19 matching lines...) Expand all Loading... |
113 ::LocalFree(new_dacl); | 113 ::LocalFree(new_dacl); |
114 ::LocalFree(descriptor); | 114 ::LocalFree(descriptor); |
115 | 115 |
116 if (ERROR_SUCCESS != result) | 116 if (ERROR_SUCCESS != result) |
117 return false; | 117 return false; |
118 | 118 |
119 return true; | 119 return true; |
120 } | 120 } |
121 | 121 |
122 } // namespace sandbox | 122 } // namespace sandbox |
OLD | NEW |