| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include <sddl.h> | 7 #include <sddl.h> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 532 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 543 | 543 |
| 544 ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial, | 544 ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial, |
| 545 base::win::ScopedHandle* lockdown) { | 545 base::win::ScopedHandle* lockdown) { |
| 546 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer() && | 546 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer() && |
| 547 lowbox_sid_) { | 547 lowbox_sid_) { |
| 548 return SBOX_ERROR_BAD_PARAMS; | 548 return SBOX_ERROR_BAD_PARAMS; |
| 549 } | 549 } |
| 550 | 550 |
| 551 // Create the 'naked' token. This will be the permanent token associated | 551 // Create the 'naked' token. This will be the permanent token associated |
| 552 // with the process and therefore with any thread that is not impersonating. | 552 // with the process and therefore with any thread that is not impersonating. |
| 553 DWORD result = CreateRestrictedToken(lockdown_level_, integrity_level_, | 553 HANDLE temp_handle; |
| 554 PRIMARY, lockdown); | 554 DWORD result = CreateRestrictedToken(&temp_handle, lockdown_level_, |
| 555 integrity_level_, PRIMARY); |
| 555 if (ERROR_SUCCESS != result) | 556 if (ERROR_SUCCESS != result) |
| 556 return SBOX_ERROR_GENERIC; | 557 return SBOX_ERROR_GENERIC; |
| 557 | 558 |
| 559 lockdown->Set(temp_handle); |
| 560 |
| 558 // If we're launching on the alternate desktop we need to make sure the | 561 // If we're launching on the alternate desktop we need to make sure the |
| 559 // integrity label on the object is no higher than the sandboxed process's | 562 // integrity label on the object is no higher than the sandboxed process's |
| 560 // integrity level. So, we lower the label on the desktop process if it's | 563 // integrity level. So, we lower the label on the desktop process if it's |
| 561 // not already low enough for our process. | 564 // not already low enough for our process. |
| 562 if (alternate_desktop_handle_ && use_alternate_desktop_ && | 565 if (alternate_desktop_handle_ && use_alternate_desktop_ && |
| 563 integrity_level_ != INTEGRITY_LEVEL_LAST && | 566 integrity_level_ != INTEGRITY_LEVEL_LAST && |
| 564 alternate_desktop_integrity_level_label_ < integrity_level_ && | 567 alternate_desktop_integrity_level_label_ < integrity_level_ && |
| 565 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { | 568 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { |
| 566 // Integrity label enum is reversed (higher level is a lower value). | 569 // Integrity label enum is reversed (higher level is a lower value). |
| 567 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, | 570 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 612 if (!NT_SUCCESS(status)) | 615 if (!NT_SUCCESS(status)) |
| 613 return SBOX_ERROR_GENERIC; | 616 return SBOX_ERROR_GENERIC; |
| 614 | 617 |
| 615 DCHECK(token_lowbox); | 618 DCHECK(token_lowbox); |
| 616 lockdown->Set(token_lowbox); | 619 lockdown->Set(token_lowbox); |
| 617 } | 620 } |
| 618 | 621 |
| 619 // Create the 'better' token. We use this token as the one that the main | 622 // Create the 'better' token. We use this token as the one that the main |
| 620 // thread uses when booting up the process. It should contain most of | 623 // thread uses when booting up the process. It should contain most of |
| 621 // what we need (before reaching main( )) | 624 // what we need (before reaching main( )) |
| 622 result = CreateRestrictedToken(initial_level_, integrity_level_, | 625 result = CreateRestrictedToken(&temp_handle, initial_level_, |
| 623 IMPERSONATION, initial); | 626 integrity_level_, IMPERSONATION); |
| 624 if (ERROR_SUCCESS != result) | 627 if (ERROR_SUCCESS != result) |
| 625 return SBOX_ERROR_GENERIC; | 628 return SBOX_ERROR_GENERIC; |
| 626 | 629 |
| 630 initial->Set(temp_handle); |
| 627 return SBOX_ALL_OK; | 631 return SBOX_ALL_OK; |
| 628 } | 632 } |
| 629 | 633 |
| 630 const AppContainerAttributes* PolicyBase::GetAppContainer() const { | 634 const AppContainerAttributes* PolicyBase::GetAppContainer() const { |
| 631 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) | 635 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) |
| 632 return NULL; | 636 return NULL; |
| 633 | 637 |
| 634 return appcontainer_list_.get(); | 638 return appcontainer_list_.get(); |
| 635 } | 639 } |
| 636 | 640 |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 873 break; | 877 break; |
| 874 } | 878 } |
| 875 | 879 |
| 876 default: { return SBOX_ERROR_UNSUPPORTED; } | 880 default: { return SBOX_ERROR_UNSUPPORTED; } |
| 877 } | 881 } |
| 878 | 882 |
| 879 return SBOX_ALL_OK; | 883 return SBOX_ALL_OK; |
| 880 } | 884 } |
| 881 | 885 |
| 882 } // namespace sandbox | 886 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1231853005:
Revert of Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master