Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(904)

Unified Diff: sandbox/win/src/restricted_token.cc

Issue 1232963002: Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: sandbox/win/src/restricted_token.cc
diff --git a/sandbox/win/src/restricted_token.cc b/sandbox/win/src/restricted_token.cc
index d94ca06ef65902841e74f3288e3a17809464bf1c..7fadb2bba61dad4782eb643d3ecef0019f457230 100644
--- a/sandbox/win/src/restricted_token.cc
+++ b/sandbox/win/src/restricted_token.cc
@@ -53,7 +53,8 @@ unsigned RestrictedToken::Init(const HANDLE effective_token) {
return ERROR_SUCCESS;
}
-unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
+unsigned RestrictedToken::GetRestrictedToken(
+ base::win::ScopedHandle* token) const {
DCHECK(init_);
if (!init_)
return ERROR_NO_TOKEN;
@@ -95,7 +96,7 @@ unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
}
BOOL result = TRUE;
- HANDLE new_token = NULL;
+ HANDLE new_token_handle = NULL;
// The SANDBOX_INERT flag did nothing in XP and it was just a way to tell
// if a token has ben restricted given the limiations of IsTokenRestricted()
// but it appears that in Windows 7 it hints the AppLocker subsystem to
@@ -109,14 +110,14 @@ unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
privileges_to_disable_array,
static_cast<DWORD>(restrict_size),
sids_to_restrict_array,
- &new_token);
+ &new_token_handle);
} else {
// Duplicate the token even if it's not modified at this point
// because any subsequent changes to this token would also affect the
// current process.
result = ::DuplicateTokenEx(effective_token_, TOKEN_ALL_ACCESS, NULL,
SecurityIdentification, TokenPrimary,
- &new_token);
+ &new_token_handle);
}
if (deny_only_array)
@@ -131,68 +132,59 @@ unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
if (!result)
return ::GetLastError();
+ base::win::ScopedHandle new_token(new_token_handle);
+
// Modify the default dacl on the token to contain Restricted and the user.
- if (!AddSidToDefaultDacl(new_token, WinRestrictedCodeSid, GENERIC_ALL))
+ if (!AddSidToDefaultDacl(new_token.Get(), WinRestrictedCodeSid, GENERIC_ALL))
return ::GetLastError();
- if (!AddUserSidToDefaultDacl(new_token, GENERIC_ALL))
+ if (!AddUserSidToDefaultDacl(new_token.Get(), GENERIC_ALL))
return ::GetLastError();
- DWORD error = SetTokenIntegrityLevel(new_token, integrity_level_);
+ DWORD error = SetTokenIntegrityLevel(new_token.Get(), integrity_level_);
if (ERROR_SUCCESS != error)
return error;
- BOOL status = ::DuplicateHandle(::GetCurrentProcess(),
- new_token,
- ::GetCurrentProcess(),
- token_handle,
- TOKEN_ALL_ACCESS,
- FALSE, // Don't inherit.
- 0);
-
- if (new_token != effective_token_)
- ::CloseHandle(new_token);
-
- if (!status)
+ HANDLE token_handle;
+ if (!::DuplicateHandle(::GetCurrentProcess(), new_token.Get(),
+ ::GetCurrentProcess(), &token_handle,
+ TOKEN_ALL_ACCESS, FALSE, // Don't inherit.
+ 0)) {
return ::GetLastError();
+ }
+ token->Set(token_handle);
return ERROR_SUCCESS;
}
-unsigned RestrictedToken::GetRestrictedTokenHandleForImpersonation(
- HANDLE *token_handle) const {
+unsigned RestrictedToken::GetRestrictedTokenForImpersonation(
+ base::win::ScopedHandle* token) const {
DCHECK(init_);
if (!init_)
return ERROR_NO_TOKEN;
- HANDLE restricted_token_handle;
- unsigned err_code = GetRestrictedTokenHandle(&restricted_token_handle);
+ base::win::ScopedHandle restricted_token;
+ unsigned err_code = GetRestrictedToken(&restricted_token);
if (ERROR_SUCCESS != err_code)
return err_code;
- HANDLE impersonation_token;
- if (!::DuplicateToken(restricted_token_handle,
+ HANDLE impersonation_token_handle;
+ if (!::DuplicateToken(restricted_token.Get(),
SecurityImpersonation,
- &impersonation_token)) {
- ::CloseHandle(restricted_token_handle);
+ &impersonation_token_handle)) {
return ::GetLastError();
}
+ base::win::ScopedHandle impersonation_token(impersonation_token_handle);
- ::CloseHandle(restricted_token_handle);
-
- BOOL status = ::DuplicateHandle(::GetCurrentProcess(),
- impersonation_token,
- ::GetCurrentProcess(),
- token_handle,
- TOKEN_ALL_ACCESS,
- FALSE, // Don't inherit.
- 0);
-
- ::CloseHandle(impersonation_token);
-
- if (!status)
+ HANDLE token_handle;
+ if (!::DuplicateHandle(::GetCurrentProcess(), impersonation_token.Get(),
+ ::GetCurrentProcess(), &token_handle,
+ TOKEN_ALL_ACCESS, FALSE, // Don't inherit.
+ 0)) {
return ::GetLastError();
+ }
+ token->Set(token_handle);
return ERROR_SUCCESS;
}

Powered by Google App Engine
This is Rietveld 408576698