Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Side by Side Diff: sandbox/win/src/sandbox_policy_base.cc

Issue 1232963002: Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/sandbox_policy_base.h" 5 #include "sandbox/win/src/sandbox_policy_base.h"
6 6
7 #include <sddl.h> 7 #include <sddl.h>
8 8
9 #include "base/basictypes.h" 9 #include "base/basictypes.h"
10 #include "base/callback.h" 10 #include "base/callback.h"
(...skipping 532 matching lines...) Expand 10 before | Expand all | Expand 10 after
543 543
544 ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial, 544 ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial,
545 base::win::ScopedHandle* lockdown) { 545 base::win::ScopedHandle* lockdown) {
546 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer() && 546 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer() &&
547 lowbox_sid_) { 547 lowbox_sid_) {
548 return SBOX_ERROR_BAD_PARAMS; 548 return SBOX_ERROR_BAD_PARAMS;
549 } 549 }
550 550
551 // Create the 'naked' token. This will be the permanent token associated 551 // Create the 'naked' token. This will be the permanent token associated
552 // with the process and therefore with any thread that is not impersonating. 552 // with the process and therefore with any thread that is not impersonating.
553 HANDLE temp_handle; 553 DWORD result = CreateRestrictedToken(lockdown, lockdown_level_,
554 DWORD result = CreateRestrictedToken(&temp_handle, lockdown_level_,
555 integrity_level_, PRIMARY); 554 integrity_level_, PRIMARY);
556 if (ERROR_SUCCESS != result) 555 if (ERROR_SUCCESS != result)
557 return SBOX_ERROR_GENERIC; 556 return SBOX_ERROR_GENERIC;
558 557
559 lockdown->Set(temp_handle);
560
561 // If we're launching on the alternate desktop we need to make sure the 558 // If we're launching on the alternate desktop we need to make sure the
562 // integrity label on the object is no higher than the sandboxed process's 559 // integrity label on the object is no higher than the sandboxed process's
563 // integrity level. So, we lower the label on the desktop process if it's 560 // integrity level. So, we lower the label on the desktop process if it's
564 // not already low enough for our process. 561 // not already low enough for our process.
565 if (alternate_desktop_handle_ && use_alternate_desktop_ && 562 if (alternate_desktop_handle_ && use_alternate_desktop_ &&
566 integrity_level_ != INTEGRITY_LEVEL_LAST && 563 integrity_level_ != INTEGRITY_LEVEL_LAST &&
567 alternate_desktop_integrity_level_label_ < integrity_level_ && 564 alternate_desktop_integrity_level_label_ < integrity_level_ &&
568 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { 565 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
569 // Integrity label enum is reversed (higher level is a lower value). 566 // Integrity label enum is reversed (higher level is a lower value).
570 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, 567 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED,
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
615 if (!NT_SUCCESS(status)) 612 if (!NT_SUCCESS(status))
616 return SBOX_ERROR_GENERIC; 613 return SBOX_ERROR_GENERIC;
617 614
618 DCHECK(token_lowbox); 615 DCHECK(token_lowbox);
619 lockdown->Set(token_lowbox); 616 lockdown->Set(token_lowbox);
620 } 617 }
621 618
622 // Create the 'better' token. We use this token as the one that the main 619 // Create the 'better' token. We use this token as the one that the main
623 // thread uses when booting up the process. It should contain most of 620 // thread uses when booting up the process. It should contain most of
624 // what we need (before reaching main( )) 621 // what we need (before reaching main( ))
625 result = CreateRestrictedToken(&temp_handle, initial_level_, 622 result = CreateRestrictedToken(initial, initial_level_,
626 integrity_level_, IMPERSONATION); 623 integrity_level_, IMPERSONATION);
627 if (ERROR_SUCCESS != result) 624 if (ERROR_SUCCESS != result)
628 return SBOX_ERROR_GENERIC; 625 return SBOX_ERROR_GENERIC;
629 626
630 initial->Set(temp_handle);
631 return SBOX_ALL_OK; 627 return SBOX_ALL_OK;
632 } 628 }
633 629
634 const AppContainerAttributes* PolicyBase::GetAppContainer() const { 630 const AppContainerAttributes* PolicyBase::GetAppContainer() const {
635 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) 631 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer())
636 return NULL; 632 return NULL;
637 633
638 return appcontainer_list_.get(); 634 return appcontainer_list_.get();
639 } 635 }
640 636
(...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after
877 break; 873 break;
878 } 874 }
879 875
880 default: { return SBOX_ERROR_UNSUPPORTED; } 876 default: { return SBOX_ERROR_UNSUPPORTED; }
881 } 877 }
882 878
883 return SBOX_ALL_OK; 879 return SBOX_ALL_OK;
884 } 880 }
885 881
886 } // namespace sandbox 882 } // namespace sandbox
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698