| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <aclapi.h> | 5 #include <aclapi.h> |
| 6 #include <sddl.h> | 6 #include <sddl.h> |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "sandbox/win/src/restricted_token_utils.h" | 9 #include "sandbox/win/src/restricted_token_utils.h" |
| 10 | 10 |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/win/scoped_handle.h" | 12 #include "base/win/scoped_handle.h" |
| 13 #include "base/win/scoped_process_information.h" | 13 #include "base/win/scoped_process_information.h" |
| 14 #include "base/win/windows_version.h" | 14 #include "base/win/windows_version.h" |
| 15 #include "sandbox/win/src/job.h" | 15 #include "sandbox/win/src/job.h" |
| 16 #include "sandbox/win/src/restricted_token.h" | 16 #include "sandbox/win/src/restricted_token.h" |
| 17 #include "sandbox/win/src/security_level.h" | 17 #include "sandbox/win/src/security_level.h" |
| 18 #include "sandbox/win/src/sid.h" | 18 #include "sandbox/win/src/sid.h" |
| 19 | 19 |
| 20 namespace sandbox { | 20 namespace sandbox { |
| 21 | 21 |
| 22 DWORD CreateRestrictedToken(TokenLevel security_level, | 22 DWORD CreateRestrictedToken(HANDLE *token_handle, |
| 23 TokenLevel security_level, |
| 23 IntegrityLevel integrity_level, | 24 IntegrityLevel integrity_level, |
| 24 TokenType token_type, | 25 TokenType token_type) { |
| 25 base::win::ScopedHandle* token) { | 26 if (!token_handle) |
| 27 return ERROR_BAD_ARGUMENTS; |
| 28 |
| 26 RestrictedToken restricted_token; | 29 RestrictedToken restricted_token; |
| 27 restricted_token.Init(NULL); // Initialized with the current process token | 30 restricted_token.Init(NULL); // Initialized with the current process token |
| 28 | 31 |
| 29 std::vector<base::string16> privilege_exceptions; | 32 std::vector<base::string16> privilege_exceptions; |
| 30 std::vector<Sid> sid_exceptions; | 33 std::vector<Sid> sid_exceptions; |
| 31 | 34 |
| 32 bool deny_sids = true; | 35 bool deny_sids = true; |
| 33 bool remove_privileges = true; | 36 bool remove_privileges = true; |
| 34 | 37 |
| 35 switch (security_level) { | 38 switch (security_level) { |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 113 if (remove_privileges) { | 116 if (remove_privileges) { |
| 114 err_code = restricted_token.DeleteAllPrivileges(&privilege_exceptions); | 117 err_code = restricted_token.DeleteAllPrivileges(&privilege_exceptions); |
| 115 if (ERROR_SUCCESS != err_code) | 118 if (ERROR_SUCCESS != err_code) |
| 116 return err_code; | 119 return err_code; |
| 117 } | 120 } |
| 118 | 121 |
| 119 restricted_token.SetIntegrityLevel(integrity_level); | 122 restricted_token.SetIntegrityLevel(integrity_level); |
| 120 | 123 |
| 121 switch (token_type) { | 124 switch (token_type) { |
| 122 case PRIMARY: { | 125 case PRIMARY: { |
| 123 err_code = restricted_token.GetRestrictedToken(token); | 126 err_code = restricted_token.GetRestrictedTokenHandle(token_handle); |
| 124 break; | 127 break; |
| 125 } | 128 } |
| 126 case IMPERSONATION: { | 129 case IMPERSONATION: { |
| 127 err_code = restricted_token.GetRestrictedTokenForImpersonation(token); | 130 err_code = restricted_token.GetRestrictedTokenHandleForImpersonation( |
| 131 token_handle); |
| 128 break; | 132 break; |
| 129 } | 133 } |
| 130 default: { | 134 default: { |
| 131 err_code = ERROR_BAD_ARGUMENTS; | 135 err_code = ERROR_BAD_ARGUMENTS; |
| 132 break; | 136 break; |
| 133 } | 137 } |
| 134 } | 138 } |
| 135 | 139 |
| 136 return err_code; | 140 return err_code; |
| 137 } | 141 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 148 | 152 |
| 149 if (JOB_UNPROTECTED != job_level) { | 153 if (JOB_UNPROTECTED != job_level) { |
| 150 // Share the Desktop handle to be able to use MessageBox() in the sandboxed | 154 // Share the Desktop handle to be able to use MessageBox() in the sandboxed |
| 151 // application. | 155 // application. |
| 152 err_code = job.UserHandleGrantAccess(GetDesktopWindow()); | 156 err_code = job.UserHandleGrantAccess(GetDesktopWindow()); |
| 153 if (ERROR_SUCCESS != err_code) | 157 if (ERROR_SUCCESS != err_code) |
| 154 return err_code; | 158 return err_code; |
| 155 } | 159 } |
| 156 | 160 |
| 157 // Create the primary (restricted) token for the process | 161 // Create the primary (restricted) token for the process |
| 158 base::win::ScopedHandle primary_token; | 162 HANDLE primary_token_handle = NULL; |
| 159 err_code = CreateRestrictedToken(primary_level, INTEGRITY_LEVEL_LAST, | 163 err_code = CreateRestrictedToken(&primary_token_handle, |
| 160 PRIMARY, &primary_token); | 164 primary_level, |
| 161 if (ERROR_SUCCESS != err_code) | 165 INTEGRITY_LEVEL_LAST, |
| 166 PRIMARY); |
| 167 if (ERROR_SUCCESS != err_code) { |
| 162 return err_code; | 168 return err_code; |
| 163 | 169 } |
| 170 base::win::ScopedHandle primary_token(primary_token_handle); |
| 164 | 171 |
| 165 // Create the impersonation token (restricted) to be able to start the | 172 // Create the impersonation token (restricted) to be able to start the |
| 166 // process. | 173 // process. |
| 167 base::win::ScopedHandle impersonation_token; | 174 HANDLE impersonation_token_handle; |
| 168 err_code = CreateRestrictedToken(impersonation_level, INTEGRITY_LEVEL_LAST, | 175 err_code = CreateRestrictedToken(&impersonation_token_handle, |
| 169 IMPERSONATION, &impersonation_token); | 176 impersonation_level, |
| 170 if (ERROR_SUCCESS != err_code) | 177 INTEGRITY_LEVEL_LAST, |
| 178 IMPERSONATION); |
| 179 if (ERROR_SUCCESS != err_code) { |
| 171 return err_code; | 180 return err_code; |
| 181 } |
| 182 base::win::ScopedHandle impersonation_token(impersonation_token_handle); |
| 172 | 183 |
| 173 // Start the process | 184 // Start the process |
| 174 STARTUPINFO startup_info = {0}; | 185 STARTUPINFO startup_info = {0}; |
| 175 PROCESS_INFORMATION temp_process_info = {}; | 186 PROCESS_INFORMATION temp_process_info = {}; |
| 176 DWORD flags = CREATE_SUSPENDED; | 187 DWORD flags = CREATE_SUSPENDED; |
| 177 | 188 |
| 178 if (base::win::GetVersion() < base::win::VERSION_WIN8) { | 189 if (base::win::GetVersion() < base::win::VERSION_WIN8) { |
| 179 // Windows 8 implements nested jobs, but for older systems we need to | 190 // Windows 8 implements nested jobs, but for older systems we need to |
| 180 // break out of any job we're in to enforce our restrictions. | 191 // break out of any job we're in to enforce our restrictions. |
| 181 flags |= CREATE_BREAKAWAY_FROM_JOB; | 192 flags |= CREATE_BREAKAWAY_FROM_JOB; |
| (...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 388 if (!::OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, | 399 if (!::OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, |
| 389 &token_handle)) | 400 &token_handle)) |
| 390 return ::GetLastError(); | 401 return ::GetLastError(); |
| 391 | 402 |
| 392 base::win::ScopedHandle token(token_handle); | 403 base::win::ScopedHandle token(token_handle); |
| 393 | 404 |
| 394 return HardenTokenIntegrityLevelPolicy(token.Get()); | 405 return HardenTokenIntegrityLevelPolicy(token.Get()); |
| 395 } | 406 } |
| 396 | 407 |
| 397 } // namespace sandbox | 408 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1231853005:
Revert of Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master