Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/tools/launcher/launcher.cc

Issue 10689170: Move the Windows sandbox to sandbox/win (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase on top of tree (properly this time) Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/tools/finder/ntundoc.h ('k') | sandbox/tools/launcher/launcher.vcproj » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "sandbox/src/restricted_token_utils.h"
6
7 // launcher.exe is an application used to launch another application with a
8 // restricted token. This is to be used for testing only.
9 // The parameters are the level of security of the primary token, the
10 // impersonation token and the job object along with the command line to
11 // execute.
12 // See the usage (launcher.exe without parameters) for the correct format.
13
14 #define PARAM_IS(y) (argc > i) && (_wcsicmp(argv[i], y) == 0)
15
16 void PrintUsage(const wchar_t *application_name) {
17 wprintf(L"\n\nUsage: \n %ls --main level --init level --job level cmd_line ",
18 application_name);
19 wprintf(L"\n\n Levels : \n\tLOCKDOWN \n\tRESTRICTED "
20 L"\n\tLIMITED_USER \n\tINTERACTIVE_USER \n\tNON_ADMIN \n\tUNPROTECTED");
21 wprintf(L"\n\n main: Security level of the main token");
22 wprintf(L"\n init: Security level of the impersonation token");
23 wprintf(L"\n job: Security level of the job object");
24 }
25
26 bool GetTokenLevelFromString(const wchar_t *param,
27 sandbox::TokenLevel* level) {
28 if (_wcsicmp(param, L"LOCKDOWN") == 0) {
29 *level = sandbox::USER_LOCKDOWN;
30 } else if (_wcsicmp(param, L"RESTRICTED") == 0) {
31 *level = sandbox::USER_RESTRICTED;
32 } else if (_wcsicmp(param, L"LIMITED_USER") == 0) {
33 *level = sandbox::USER_LIMITED;
34 } else if (_wcsicmp(param, L"INTERACTIVE_USER") == 0) {
35 *level = sandbox::USER_INTERACTIVE;
36 } else if (_wcsicmp(param, L"NON_ADMIN") == 0) {
37 *level = sandbox::USER_NON_ADMIN;
38 } else if (_wcsicmp(param, L"USER_RESTRICTED_SAME_ACCESS") == 0) {
39 *level = sandbox::USER_RESTRICTED_SAME_ACCESS;
40 } else if (_wcsicmp(param, L"UNPROTECTED") == 0) {
41 *level = sandbox::USER_UNPROTECTED;
42 } else {
43 return false;
44 }
45
46 return true;
47 }
48
49 bool GetJobLevelFromString(const wchar_t *param, sandbox::JobLevel* level) {
50 if (_wcsicmp(param, L"LOCKDOWN") == 0) {
51 *level = sandbox::JOB_LOCKDOWN;
52 } else if (_wcsicmp(param, L"RESTRICTED") == 0) {
53 *level = sandbox::JOB_RESTRICTED;
54 } else if (_wcsicmp(param, L"LIMITED_USER") == 0) {
55 *level = sandbox::JOB_LIMITED_USER;
56 } else if (_wcsicmp(param, L"INTERACTIVE_USER") == 0) {
57 *level = sandbox::JOB_INTERACTIVE;
58 } else if (_wcsicmp(param, L"NON_ADMIN") == 0) {
59 wprintf(L"\nNON_ADMIN is not a supported job type");
60 return false;
61 } else if (_wcsicmp(param, L"UNPROTECTED") == 0) {
62 *level = sandbox::JOB_UNPROTECTED;
63 } else {
64 return false;
65 }
66
67 return true;
68 }
69
70 int wmain(int argc, wchar_t *argv[]) {
71 // Extract the filename from the path.
72 wchar_t *app_name = wcsrchr(argv[0], L'\\');
73 if (!app_name) {
74 app_name = argv[0];
75 } else {
76 app_name++;
77 }
78
79 // no argument
80 if (argc == 1) {
81 PrintUsage(app_name);
82 return -1;
83 }
84
85 sandbox::TokenLevel primary_level = sandbox::USER_LOCKDOWN;
86 sandbox::TokenLevel impersonation_level =
87 sandbox::USER_RESTRICTED_SAME_ACCESS;
88 sandbox::JobLevel job_level = sandbox::JOB_LOCKDOWN;
89 ATL::CString command_line;
90
91 // parse command line.
92 for (int i = 1; i < argc; ++i) {
93 if (PARAM_IS(L"--main")) {
94 i++;
95 if (argc > i) {
96 if (!GetTokenLevelFromString(argv[i], &primary_level)) {
97 wprintf(L"\nAbord, Unrecognized main token level \"%ls\"", argv[i]);
98 PrintUsage(app_name);
99 return -1;
100 }
101 }
102 } else if (PARAM_IS(L"--init")) {
103 i++;
104 if (argc > i) {
105 if (!GetTokenLevelFromString(argv[i], &impersonation_level)) {
106 wprintf(L"\nAbord, Unrecognized init token level \"%ls\"", argv[i]);
107 PrintUsage(app_name);
108 return -1;
109 }
110 }
111 } else if (PARAM_IS(L"--job")) {
112 i++;
113 if (argc > i) {
114 if (!GetJobLevelFromString(argv[i], &job_level)) {
115 wprintf(L"\nAbord, Unrecognized job security level \"%ls\"", argv[i]);
116 PrintUsage(app_name);
117 return -1;
118 }
119 }
120 } else {
121 if (command_line.GetLength()) {
122 command_line += L' ';
123 }
124 command_line += argv[i];
125 }
126 }
127
128 if (!command_line.GetLength()) {
129 wprintf(L"\nAbord, No command line specified");
130 PrintUsage(app_name);
131 return -1;
132 }
133
134 wprintf(L"\nLaunching command line: \"%ls\"\n", command_line.GetBuffer());
135
136 HANDLE job_handle;
137 DWORD err_code = sandbox::StartRestrictedProcessInJob(
138 command_line.GetBuffer(),
139 primary_level,
140 impersonation_level,
141 job_level,
142 &job_handle);
143 if (ERROR_SUCCESS != err_code) {
144 wprintf(L"\nAbord, Error %d while launching command line.", err_code);
145 return -1;
146 }
147
148 wprintf(L"\nPress any key to continue.");
149 while(!_kbhit()) {
150 Sleep(100);
151 }
152
153 ::CloseHandle(job_handle);
154
155 return 0;
156 }
OLDNEW
« no previous file with comments | « sandbox/tools/finder/ntundoc.h ('k') | sandbox/tools/launcher/launcher.vcproj » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698