Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1020)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/restricted_token_utils.cc

Issue 109843003: Replace wstring with string16 in sandbox (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/win/src/restricted_token_unittest.cc ('k') | sandbox/win/src/sandbox_policy.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <aclapi.h> 5 #include <aclapi.h>
6 #include <sddl.h> 6 #include <sddl.h>
7 #include <vector> 7 #include <vector>
8 8
9 #include "sandbox/win/src/restricted_token_utils.h" 9 #include "sandbox/win/src/restricted_token_utils.h"
10 10
(...skipping 11 matching lines...) Expand all
22 DWORD CreateRestrictedToken(HANDLE *token_handle, 22 DWORD CreateRestrictedToken(HANDLE *token_handle,
23 TokenLevel security_level, 23 TokenLevel security_level,
24 IntegrityLevel integrity_level, 24 IntegrityLevel integrity_level,
25 TokenType token_type) { 25 TokenType token_type) {
26 if (!token_handle) 26 if (!token_handle)
27 return ERROR_BAD_ARGUMENTS; 27 return ERROR_BAD_ARGUMENTS;
28 28
29 RestrictedToken restricted_token; 29 RestrictedToken restricted_token;
30 restricted_token.Init(NULL); // Initialized with the current process token 30 restricted_token.Init(NULL); // Initialized with the current process token
31 31
32 std::vector<std::wstring> privilege_exceptions; 32 std::vector<base::string16> privilege_exceptions;
33 std::vector<Sid> sid_exceptions; 33 std::vector<Sid> sid_exceptions;
34 34
35 bool deny_sids = true; 35 bool deny_sids = true;
36 bool remove_privileges = true; 36 bool remove_privileges = true;
37 37
38 switch (security_level) { 38 switch (security_level) {
39 case USER_UNPROTECTED: { 39 case USER_UNPROTECTED: {
40 deny_sids = false; 40 deny_sids = false;
41 remove_privileges = false; 41 remove_privileges = false;
42 break; 42 break;
(...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after
230 230
231 (*job_handle_ret) = job.Detach(); 231 (*job_handle_ret) = job.Detach();
232 232
233 return ERROR_SUCCESS; 233 return ERROR_SUCCESS;
234 } 234 }
235 235
236 DWORD SetObjectIntegrityLabel(HANDLE handle, SE_OBJECT_TYPE type, 236 DWORD SetObjectIntegrityLabel(HANDLE handle, SE_OBJECT_TYPE type,
237 const wchar_t* ace_access, 237 const wchar_t* ace_access,
238 const wchar_t* integrity_level_sid) { 238 const wchar_t* integrity_level_sid) {
239 // Build the SDDL string for the label. 239 // Build the SDDL string for the label.
240 std::wstring sddl = L"S:("; // SDDL for a SACL. 240 base::string16 sddl = L"S:("; // SDDL for a SACL.
241 sddl += SDDL_MANDATORY_LABEL; // Ace Type is "Mandatory Label". 241 sddl += SDDL_MANDATORY_LABEL; // Ace Type is "Mandatory Label".
242 sddl += L";;"; // No Ace Flags. 242 sddl += L";;"; // No Ace Flags.
243 sddl += ace_access; // Add the ACE access. 243 sddl += ace_access; // Add the ACE access.
244 sddl += L";;;"; // No ObjectType and Inherited Object Type. 244 sddl += L";;;"; // No ObjectType and Inherited Object Type.
245 sddl += integrity_level_sid; // Trustee Sid. 245 sddl += integrity_level_sid; // Trustee Sid.
246 sddl += L")"; 246 sddl += L")";
247 247
248 DWORD error = ERROR_SUCCESS; 248 DWORD error = ERROR_SUCCESS;
249 PSECURITY_DESCRIPTOR sec_desc = NULL; 249 PSECURITY_DESCRIPTOR sec_desc = NULL;
250 250
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
336 if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT, 336 if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT,
337 &token_handle)) 337 &token_handle))
338 return ::GetLastError(); 338 return ::GetLastError();
339 339
340 base::win::ScopedHandle token(token_handle); 340 base::win::ScopedHandle token(token_handle);
341 341
342 return SetTokenIntegrityLevel(token.Get(), integrity_level); 342 return SetTokenIntegrityLevel(token.Get(), integrity_level);
343 } 343 }
344 344
345 } // namespace sandbox 345 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/restricted_token_unittest.cc ('k') | sandbox/win/src/sandbox_policy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698