| Index: sandbox/win/src/restricted_token.cc
|
| diff --git a/sandbox/win/src/restricted_token.cc b/sandbox/win/src/restricted_token.cc
|
| index d94ca06ef65902841e74f3288e3a17809464bf1c..7fadb2bba61dad4782eb643d3ecef0019f457230 100644
|
| --- a/sandbox/win/src/restricted_token.cc
|
| +++ b/sandbox/win/src/restricted_token.cc
|
| @@ -53,7 +53,8 @@ unsigned RestrictedToken::Init(const HANDLE effective_token) {
|
| return ERROR_SUCCESS;
|
| }
|
|
|
| -unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
|
| +unsigned RestrictedToken::GetRestrictedToken(
|
| + base::win::ScopedHandle* token) const {
|
| DCHECK(init_);
|
| if (!init_)
|
| return ERROR_NO_TOKEN;
|
| @@ -95,7 +96,7 @@ unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
|
| }
|
|
|
| BOOL result = TRUE;
|
| - HANDLE new_token = NULL;
|
| + HANDLE new_token_handle = NULL;
|
| // The SANDBOX_INERT flag did nothing in XP and it was just a way to tell
|
| // if a token has ben restricted given the limiations of IsTokenRestricted()
|
| // but it appears that in Windows 7 it hints the AppLocker subsystem to
|
| @@ -109,14 +110,14 @@ unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
|
| privileges_to_disable_array,
|
| static_cast<DWORD>(restrict_size),
|
| sids_to_restrict_array,
|
| - &new_token);
|
| + &new_token_handle);
|
| } else {
|
| // Duplicate the token even if it's not modified at this point
|
| // because any subsequent changes to this token would also affect the
|
| // current process.
|
| result = ::DuplicateTokenEx(effective_token_, TOKEN_ALL_ACCESS, NULL,
|
| SecurityIdentification, TokenPrimary,
|
| - &new_token);
|
| + &new_token_handle);
|
| }
|
|
|
| if (deny_only_array)
|
| @@ -131,68 +132,59 @@ unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
|
| if (!result)
|
| return ::GetLastError();
|
|
|
| + base::win::ScopedHandle new_token(new_token_handle);
|
| +
|
| // Modify the default dacl on the token to contain Restricted and the user.
|
| - if (!AddSidToDefaultDacl(new_token, WinRestrictedCodeSid, GENERIC_ALL))
|
| + if (!AddSidToDefaultDacl(new_token.Get(), WinRestrictedCodeSid, GENERIC_ALL))
|
| return ::GetLastError();
|
|
|
| - if (!AddUserSidToDefaultDacl(new_token, GENERIC_ALL))
|
| + if (!AddUserSidToDefaultDacl(new_token.Get(), GENERIC_ALL))
|
| return ::GetLastError();
|
|
|
| - DWORD error = SetTokenIntegrityLevel(new_token, integrity_level_);
|
| + DWORD error = SetTokenIntegrityLevel(new_token.Get(), integrity_level_);
|
| if (ERROR_SUCCESS != error)
|
| return error;
|
|
|
| - BOOL status = ::DuplicateHandle(::GetCurrentProcess(),
|
| - new_token,
|
| - ::GetCurrentProcess(),
|
| - token_handle,
|
| - TOKEN_ALL_ACCESS,
|
| - FALSE, // Don't inherit.
|
| - 0);
|
| -
|
| - if (new_token != effective_token_)
|
| - ::CloseHandle(new_token);
|
| -
|
| - if (!status)
|
| + HANDLE token_handle;
|
| + if (!::DuplicateHandle(::GetCurrentProcess(), new_token.Get(),
|
| + ::GetCurrentProcess(), &token_handle,
|
| + TOKEN_ALL_ACCESS, FALSE, // Don't inherit.
|
| + 0)) {
|
| return ::GetLastError();
|
| + }
|
|
|
| + token->Set(token_handle);
|
| return ERROR_SUCCESS;
|
| }
|
|
|
| -unsigned RestrictedToken::GetRestrictedTokenHandleForImpersonation(
|
| - HANDLE *token_handle) const {
|
| +unsigned RestrictedToken::GetRestrictedTokenForImpersonation(
|
| + base::win::ScopedHandle* token) const {
|
| DCHECK(init_);
|
| if (!init_)
|
| return ERROR_NO_TOKEN;
|
|
|
| - HANDLE restricted_token_handle;
|
| - unsigned err_code = GetRestrictedTokenHandle(&restricted_token_handle);
|
| + base::win::ScopedHandle restricted_token;
|
| + unsigned err_code = GetRestrictedToken(&restricted_token);
|
| if (ERROR_SUCCESS != err_code)
|
| return err_code;
|
|
|
| - HANDLE impersonation_token;
|
| - if (!::DuplicateToken(restricted_token_handle,
|
| + HANDLE impersonation_token_handle;
|
| + if (!::DuplicateToken(restricted_token.Get(),
|
| SecurityImpersonation,
|
| - &impersonation_token)) {
|
| - ::CloseHandle(restricted_token_handle);
|
| + &impersonation_token_handle)) {
|
| return ::GetLastError();
|
| }
|
| + base::win::ScopedHandle impersonation_token(impersonation_token_handle);
|
|
|
| - ::CloseHandle(restricted_token_handle);
|
| -
|
| - BOOL status = ::DuplicateHandle(::GetCurrentProcess(),
|
| - impersonation_token,
|
| - ::GetCurrentProcess(),
|
| - token_handle,
|
| - TOKEN_ALL_ACCESS,
|
| - FALSE, // Don't inherit.
|
| - 0);
|
| -
|
| - ::CloseHandle(impersonation_token);
|
| -
|
| - if (!status)
|
| + HANDLE token_handle;
|
| + if (!::DuplicateHandle(::GetCurrentProcess(), impersonation_token.Get(),
|
| + ::GetCurrentProcess(), &token_handle,
|
| + TOKEN_ALL_ACCESS, FALSE, // Don't inherit.
|
| + 0)) {
|
| return ::GetLastError();
|
| + }
|
|
|
| + token->Set(token_handle);
|
| return ERROR_SUCCESS;
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 1232963002:
Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master