| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include <sddl.h> | 7 #include <sddl.h> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 532 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 543 | 543 |
| 544 ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial, | 544 ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial, |
| 545 base::win::ScopedHandle* lockdown) { | 545 base::win::ScopedHandle* lockdown) { |
| 546 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer() && | 546 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer() && |
| 547 lowbox_sid_) { | 547 lowbox_sid_) { |
| 548 return SBOX_ERROR_BAD_PARAMS; | 548 return SBOX_ERROR_BAD_PARAMS; |
| 549 } | 549 } |
| 550 | 550 |
| 551 // Create the 'naked' token. This will be the permanent token associated | 551 // Create the 'naked' token. This will be the permanent token associated |
| 552 // with the process and therefore with any thread that is not impersonating. | 552 // with the process and therefore with any thread that is not impersonating. |
| 553 HANDLE temp_handle; | 553 DWORD result = CreateRestrictedToken(lockdown_level_, integrity_level_, |
| 554 DWORD result = CreateRestrictedToken(&temp_handle, lockdown_level_, | 554 PRIMARY, lockdown); |
| 555 integrity_level_, PRIMARY); | |
| 556 if (ERROR_SUCCESS != result) | 555 if (ERROR_SUCCESS != result) |
| 557 return SBOX_ERROR_GENERIC; | 556 return SBOX_ERROR_GENERIC; |
| 558 | 557 |
| 559 lockdown->Set(temp_handle); | |
| 560 | |
| 561 // If we're launching on the alternate desktop we need to make sure the | 558 // If we're launching on the alternate desktop we need to make sure the |
| 562 // integrity label on the object is no higher than the sandboxed process's | 559 // integrity label on the object is no higher than the sandboxed process's |
| 563 // integrity level. So, we lower the label on the desktop process if it's | 560 // integrity level. So, we lower the label on the desktop process if it's |
| 564 // not already low enough for our process. | 561 // not already low enough for our process. |
| 565 if (alternate_desktop_handle_ && use_alternate_desktop_ && | 562 if (alternate_desktop_handle_ && use_alternate_desktop_ && |
| 566 integrity_level_ != INTEGRITY_LEVEL_LAST && | 563 integrity_level_ != INTEGRITY_LEVEL_LAST && |
| 567 alternate_desktop_integrity_level_label_ < integrity_level_ && | 564 alternate_desktop_integrity_level_label_ < integrity_level_ && |
| 568 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { | 565 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { |
| 569 // Integrity label enum is reversed (higher level is a lower value). | 566 // Integrity label enum is reversed (higher level is a lower value). |
| 570 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, | 567 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 615 if (!NT_SUCCESS(status)) | 612 if (!NT_SUCCESS(status)) |
| 616 return SBOX_ERROR_GENERIC; | 613 return SBOX_ERROR_GENERIC; |
| 617 | 614 |
| 618 DCHECK(token_lowbox); | 615 DCHECK(token_lowbox); |
| 619 lockdown->Set(token_lowbox); | 616 lockdown->Set(token_lowbox); |
| 620 } | 617 } |
| 621 | 618 |
| 622 // Create the 'better' token. We use this token as the one that the main | 619 // Create the 'better' token. We use this token as the one that the main |
| 623 // thread uses when booting up the process. It should contain most of | 620 // thread uses when booting up the process. It should contain most of |
| 624 // what we need (before reaching main( )) | 621 // what we need (before reaching main( )) |
| 625 result = CreateRestrictedToken(&temp_handle, initial_level_, | 622 result = CreateRestrictedToken(initial_level_, integrity_level_, |
| 626 integrity_level_, IMPERSONATION); | 623 IMPERSONATION, initial); |
| 627 if (ERROR_SUCCESS != result) | 624 if (ERROR_SUCCESS != result) |
| 628 return SBOX_ERROR_GENERIC; | 625 return SBOX_ERROR_GENERIC; |
| 629 | 626 |
| 630 initial->Set(temp_handle); | |
| 631 return SBOX_ALL_OK; | 627 return SBOX_ALL_OK; |
| 632 } | 628 } |
| 633 | 629 |
| 634 const AppContainerAttributes* PolicyBase::GetAppContainer() const { | 630 const AppContainerAttributes* PolicyBase::GetAppContainer() const { |
| 635 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) | 631 if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer()) |
| 636 return NULL; | 632 return NULL; |
| 637 | 633 |
| 638 return appcontainer_list_.get(); | 634 return appcontainer_list_.get(); |
| 639 } | 635 } |
| 640 | 636 |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 877 break; | 873 break; |
| 878 } | 874 } |
| 879 | 875 |
| 880 default: { return SBOX_ERROR_UNSUPPORTED; } | 876 default: { return SBOX_ERROR_UNSUPPORTED; } |
| 881 } | 877 } |
| 882 | 878 |
| 883 return SBOX_ALL_OK; | 879 return SBOX_ALL_OK; |
| 884 } | 880 } |
| 885 | 881 |
| 886 } // namespace sandbox | 882 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1232963002:
Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master