Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(156)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/broker_services.cc

Issue 1077893005: UpdateProcThreadAttribute has a restriction that its lpValue parameter (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: . Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/broker_services.h" 5 #include "sandbox/win/src/broker_services.h"
6 6
7 #include <AclAPI.h> 7 #include <AclAPI.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
(...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after
394 394
395 HANDLE job_temp; 395 HANDLE job_temp;
396 result = policy_base->MakeJobObject(&job_temp); 396 result = policy_base->MakeJobObject(&job_temp);
397 if (SBOX_ALL_OK != result) 397 if (SBOX_ALL_OK != result)
398 return result; 398 return result;
399 399
400 base::win::ScopedHandle job(job_temp); 400 base::win::ScopedHandle job(job_temp);
401 401
402 // Initialize the startup information from the policy. 402 // Initialize the startup information from the policy.
403 base::win::StartupInformation startup_info; 403 base::win::StartupInformation startup_info;
404 // The liftime of |mitigations| and |inherit_handle_list| have to be at least
405 // as long as |startup_info| because |UpdateProcThreadAttribute| requires that
406 // its |lpValue| parameter persist until |DeleteProcThreadAttributeList| is
407 // called; StartupInformation's destructor makes such a call.
408 DWORD64 mitigations;
409 HANDLE inherit_handle_list[2];
404 base::string16 desktop = policy_base->GetAlternateDesktop(); 410 base::string16 desktop = policy_base->GetAlternateDesktop();
405 if (!desktop.empty()) { 411 if (!desktop.empty()) {
406 startup_info.startup_info()->lpDesktop = 412 startup_info.startup_info()->lpDesktop =
407 const_cast<wchar_t*>(desktop.c_str()); 413 const_cast<wchar_t*>(desktop.c_str());
408 } 414 }
409 415
410 bool inherit_handles = false; 416 bool inherit_handles = false;
411 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { 417 if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
412 int attribute_count = 0; 418 int attribute_count = 0;
413 const AppContainerAttributes* app_container = 419 const AppContainerAttributes* app_container =
414 policy_base->GetAppContainer(); 420 policy_base->GetAppContainer();
415 if (app_container) 421 if (app_container)
416 ++attribute_count; 422 ++attribute_count;
417 423
418 DWORD64 mitigations;
419 size_t mitigations_size; 424 size_t mitigations_size;
420 ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(), 425 ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(),
421 &mitigations, &mitigations_size); 426 &mitigations, &mitigations_size);
422 if (mitigations) 427 if (mitigations)
423 ++attribute_count; 428 ++attribute_count;
424 429
425 HANDLE stdout_handle = policy_base->GetStdoutHandle(); 430 HANDLE stdout_handle = policy_base->GetStdoutHandle();
426 HANDLE stderr_handle = policy_base->GetStderrHandle(); 431 HANDLE stderr_handle = policy_base->GetStderrHandle();
427 HANDLE inherit_handle_list[2];
428 int inherit_handle_count = 0; 432 int inherit_handle_count = 0;
429 if (stdout_handle != INVALID_HANDLE_VALUE) 433 if (stdout_handle != INVALID_HANDLE_VALUE)
430 inherit_handle_list[inherit_handle_count++] = stdout_handle; 434 inherit_handle_list[inherit_handle_count++] = stdout_handle;
431 // Handles in the list must be unique. 435 // Handles in the list must be unique.
432 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) 436 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE)
433 inherit_handle_list[inherit_handle_count++] = stderr_handle; 437 inherit_handle_list[inherit_handle_count++] = stderr_handle;
434 if (inherit_handle_count) 438 if (inherit_handle_count)
435 ++attribute_count; 439 ++attribute_count;
436 440
437 if (!startup_info.InitializeProcThreadAttributeList(attribute_count)) 441 if (!startup_info.InitializeProcThreadAttributeList(attribute_count))
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after
586 return SBOX_ERROR_UNSUPPORTED; 590 return SBOX_ERROR_UNSUPPORTED;
587 591
588 base::string16 name = LookupAppContainer(sid); 592 base::string16 name = LookupAppContainer(sid);
589 if (name.empty()) 593 if (name.empty())
590 return SBOX_ERROR_INVALID_APP_CONTAINER; 594 return SBOX_ERROR_INVALID_APP_CONTAINER;
591 595
592 return DeleteAppContainer(sid); 596 return DeleteAppContainer(sid);
593 } 597 }
594 598
595 } // namespace sandbox 599 } // namespace sandbox
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698