| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <aclapi.h> | 5 #include <aclapi.h> |
| 6 #include <sddl.h> | 6 #include <sddl.h> |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "sandbox/win/src/restricted_token_utils.h" | 9 #include "sandbox/win/src/restricted_token_utils.h" |
| 10 | 10 |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/win/scoped_handle.h" | 12 #include "base/win/scoped_handle.h" |
| 13 #include "base/win/scoped_process_information.h" | 13 #include "base/win/scoped_process_information.h" |
| 14 #include "base/win/windows_version.h" | 14 #include "base/win/windows_version.h" |
| 15 #include "sandbox/win/src/job.h" | 15 #include "sandbox/win/src/job.h" |
| 16 #include "sandbox/win/src/restricted_token.h" | 16 #include "sandbox/win/src/restricted_token.h" |
| 17 #include "sandbox/win/src/security_level.h" | 17 #include "sandbox/win/src/security_level.h" |
| 18 #include "sandbox/win/src/sid.h" | 18 #include "sandbox/win/src/sid.h" |
| 19 | 19 |
| 20 namespace sandbox { | 20 namespace sandbox { |
| 21 | 21 |
| 22 DWORD CreateRestrictedToken(HANDLE *token_handle, | 22 DWORD CreateRestrictedToken(TokenLevel security_level, |
| 23 TokenLevel security_level, | |
| 24 IntegrityLevel integrity_level, | 23 IntegrityLevel integrity_level, |
| 25 TokenType token_type) { | 24 TokenType token_type, |
| 26 if (!token_handle) | 25 base::win::ScopedHandle* token) { |
| 27 return ERROR_BAD_ARGUMENTS; | |
| 28 | |
| 29 RestrictedToken restricted_token; | 26 RestrictedToken restricted_token; |
| 30 restricted_token.Init(NULL); // Initialized with the current process token | 27 restricted_token.Init(NULL); // Initialized with the current process token |
| 31 | 28 |
| 32 std::vector<base::string16> privilege_exceptions; | 29 std::vector<base::string16> privilege_exceptions; |
| 33 std::vector<Sid> sid_exceptions; | 30 std::vector<Sid> sid_exceptions; |
| 34 | 31 |
| 35 bool deny_sids = true; | 32 bool deny_sids = true; |
| 36 bool remove_privileges = true; | 33 bool remove_privileges = true; |
| 37 | 34 |
| 38 switch (security_level) { | 35 switch (security_level) { |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 116 if (remove_privileges) { | 113 if (remove_privileges) { |
| 117 err_code = restricted_token.DeleteAllPrivileges(&privilege_exceptions); | 114 err_code = restricted_token.DeleteAllPrivileges(&privilege_exceptions); |
| 118 if (ERROR_SUCCESS != err_code) | 115 if (ERROR_SUCCESS != err_code) |
| 119 return err_code; | 116 return err_code; |
| 120 } | 117 } |
| 121 | 118 |
| 122 restricted_token.SetIntegrityLevel(integrity_level); | 119 restricted_token.SetIntegrityLevel(integrity_level); |
| 123 | 120 |
| 124 switch (token_type) { | 121 switch (token_type) { |
| 125 case PRIMARY: { | 122 case PRIMARY: { |
| 126 err_code = restricted_token.GetRestrictedTokenHandle(token_handle); | 123 err_code = restricted_token.GetRestrictedToken(token); |
| 127 break; | 124 break; |
| 128 } | 125 } |
| 129 case IMPERSONATION: { | 126 case IMPERSONATION: { |
| 130 err_code = restricted_token.GetRestrictedTokenHandleForImpersonation( | 127 err_code = restricted_token.GetRestrictedTokenForImpersonation(token); |
| 131 token_handle); | |
| 132 break; | 128 break; |
| 133 } | 129 } |
| 134 default: { | 130 default: { |
| 135 err_code = ERROR_BAD_ARGUMENTS; | 131 err_code = ERROR_BAD_ARGUMENTS; |
| 136 break; | 132 break; |
| 137 } | 133 } |
| 138 } | 134 } |
| 139 | 135 |
| 140 return err_code; | 136 return err_code; |
| 141 } | 137 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 152 | 148 |
| 153 if (JOB_UNPROTECTED != job_level) { | 149 if (JOB_UNPROTECTED != job_level) { |
| 154 // Share the Desktop handle to be able to use MessageBox() in the sandboxed | 150 // Share the Desktop handle to be able to use MessageBox() in the sandboxed |
| 155 // application. | 151 // application. |
| 156 err_code = job.UserHandleGrantAccess(GetDesktopWindow()); | 152 err_code = job.UserHandleGrantAccess(GetDesktopWindow()); |
| 157 if (ERROR_SUCCESS != err_code) | 153 if (ERROR_SUCCESS != err_code) |
| 158 return err_code; | 154 return err_code; |
| 159 } | 155 } |
| 160 | 156 |
| 161 // Create the primary (restricted) token for the process | 157 // Create the primary (restricted) token for the process |
| 162 HANDLE primary_token_handle = NULL; | 158 base::win::ScopedHandle primary_token; |
| 163 err_code = CreateRestrictedToken(&primary_token_handle, | 159 err_code = CreateRestrictedToken(primary_level, INTEGRITY_LEVEL_LAST, |
| 164 primary_level, | 160 PRIMARY, &primary_token); |
| 165 INTEGRITY_LEVEL_LAST, | 161 if (ERROR_SUCCESS != err_code) |
| 166 PRIMARY); | |
| 167 if (ERROR_SUCCESS != err_code) { | |
| 168 return err_code; | 162 return err_code; |
| 169 } | 163 |
| 170 base::win::ScopedHandle primary_token(primary_token_handle); | |
| 171 | 164 |
| 172 // Create the impersonation token (restricted) to be able to start the | 165 // Create the impersonation token (restricted) to be able to start the |
| 173 // process. | 166 // process. |
| 174 HANDLE impersonation_token_handle; | 167 base::win::ScopedHandle impersonation_token; |
| 175 err_code = CreateRestrictedToken(&impersonation_token_handle, | 168 err_code = CreateRestrictedToken(impersonation_level, INTEGRITY_LEVEL_LAST, |
| 176 impersonation_level, | 169 IMPERSONATION, &impersonation_token); |
| 177 INTEGRITY_LEVEL_LAST, | 170 if (ERROR_SUCCESS != err_code) |
| 178 IMPERSONATION); | |
| 179 if (ERROR_SUCCESS != err_code) { | |
| 180 return err_code; | 171 return err_code; |
| 181 } | |
| 182 base::win::ScopedHandle impersonation_token(impersonation_token_handle); | |
| 183 | 172 |
| 184 // Start the process | 173 // Start the process |
| 185 STARTUPINFO startup_info = {0}; | 174 STARTUPINFO startup_info = {0}; |
| 186 PROCESS_INFORMATION temp_process_info = {}; | 175 PROCESS_INFORMATION temp_process_info = {}; |
| 187 DWORD flags = CREATE_SUSPENDED; | 176 DWORD flags = CREATE_SUSPENDED; |
| 188 | 177 |
| 189 if (base::win::GetVersion() < base::win::VERSION_WIN8) { | 178 if (base::win::GetVersion() < base::win::VERSION_WIN8) { |
| 190 // Windows 8 implements nested jobs, but for older systems we need to | 179 // Windows 8 implements nested jobs, but for older systems we need to |
| 191 // break out of any job we're in to enforce our restrictions. | 180 // break out of any job we're in to enforce our restrictions. |
| 192 flags |= CREATE_BREAKAWAY_FROM_JOB; | 181 flags |= CREATE_BREAKAWAY_FROM_JOB; |
| (...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 399 if (!::OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, | 388 if (!::OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, |
| 400 &token_handle)) | 389 &token_handle)) |
| 401 return ::GetLastError(); | 390 return ::GetLastError(); |
| 402 | 391 |
| 403 base::win::ScopedHandle token(token_handle); | 392 base::win::ScopedHandle token(token_handle); |
| 404 | 393 |
| 405 return HardenTokenIntegrityLevelPolicy(token.Get()); | 394 return HardenTokenIntegrityLevelPolicy(token.Get()); |
| 406 } | 395 } |
| 407 | 396 |
| 408 } // namespace sandbox | 397 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1232963002:
Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master