| OLD | NEW |
|---|
| 1 | 1 |
| 2 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 2 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 3 // Use of this source code is governed by a BSD-style license that can be | 3 // Use of this source code is governed by a BSD-style license that can be |
| 4 // found in the LICENSE file. | 4 // found in the LICENSE file. |
| 5 // | 5 // |
| 6 // This file implements the Windows service controlling Me2Me host processes | 6 // This file implements the Windows service controlling Me2Me host processes |
| 7 // running within user sessions. | 7 // running within user sessions. |
| 8 | 8 |
| 9 #include "remoting/host/win/unprivileged_process_delegate.h" | 9 #include "remoting/host/win/unprivileged_process_delegate.h" |
| 10 | 10 |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 93 | 93 |
| 94 // Set low integrity level if supported by the OS. | 94 // Set low integrity level if supported by the OS. |
| 95 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { | 95 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { |
| 96 if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW) | 96 if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW) |
| 97 != ERROR_SUCCESS) { | 97 != ERROR_SUCCESS) { |
| 98 return false; | 98 return false; |
| 99 } | 99 } |
| 100 } | 100 } |
| 101 | 101 |
| 102 // Return the resulting token. | 102 // Return the resulting token. |
| 103 if (restricted_token.GetRestrictedTokenHandle(&temp_handle) == | 103 if (restricted_token.GetRestrictedToken(token_out) == ERROR_SUCCESS) |
| 104 ERROR_SUCCESS) { | |
| 105 token_out->Set(temp_handle); | |
| 106 return true; | 104 return true; |
| 107 } | 105 |
| 108 return false; | 106 return false; |
| 109 } | 107 } |
| 110 | 108 |
| 111 // Creates a window station with a given name and the default desktop giving | 109 // Creates a window station with a given name and the default desktop giving |
| 112 // the complete access to |logon_sid|. | 110 // the complete access to |logon_sid|. |
| 113 bool CreateWindowStationAndDesktop(ScopedSid logon_sid, | 111 bool CreateWindowStationAndDesktop(ScopedSid logon_sid, |
| 114 WindowStationAndDesktop* handles_out) { | 112 WindowStationAndDesktop* handles_out) { |
| 115 // Convert the logon SID into a string. | 113 // Convert the logon SID into a string. |
| 116 std::string logon_sid_string = ConvertSidToString(logon_sid.get()); | 114 std::string logon_sid_string = ConvertSidToString(logon_sid.get()); |
| 117 if (logon_sid_string.empty()) { | 115 if (logon_sid_string.empty()) { |
| (...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 413 PLOG(ERROR) << "Failed to duplicate a handle"; | 411 PLOG(ERROR) << "Failed to duplicate a handle"; |
| 414 ReportFatalError(); | 412 ReportFatalError(); |
| 415 return; | 413 return; |
| 416 } | 414 } |
| 417 ScopedHandle limited_handle(temp_handle); | 415 ScopedHandle limited_handle(temp_handle); |
| 418 | 416 |
| 419 event_handler_->OnProcessLaunched(limited_handle.Pass()); | 417 event_handler_->OnProcessLaunched(limited_handle.Pass()); |
| 420 } | 418 } |
| 421 | 419 |
| 422 } // namespace remoting | 420 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1232963002:
Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master