OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/restricted_token.h" | 5 #include "sandbox/win/src/restricted_token.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
133 sids_to_restrict_array, | 133 sids_to_restrict_array, |
134 &new_token_handle); | 134 &new_token_handle); |
135 } else { | 135 } else { |
136 // Duplicate the token even if it's not modified at this point | 136 // Duplicate the token even if it's not modified at this point |
137 // because any subsequent changes to this token would also affect the | 137 // because any subsequent changes to this token would also affect the |
138 // current process. | 138 // current process. |
139 result = ::DuplicateTokenEx(effective_token_.Get(), TOKEN_ALL_ACCESS, NULL, | 139 result = ::DuplicateTokenEx(effective_token_.Get(), TOKEN_ALL_ACCESS, NULL, |
140 SecurityIdentification, TokenPrimary, | 140 SecurityIdentification, TokenPrimary, |
141 &new_token_handle); | 141 &new_token_handle); |
142 } | 142 } |
143 auto last_error = ::GetLastError(); | |
brucedawson
2015/09/12 00:33:55
VS 2015 makes "operator new" clear LastError in so
| |
143 | 144 |
144 if (deny_only_array) | 145 if (deny_only_array) |
145 delete[] deny_only_array; | 146 delete[] deny_only_array; |
146 | 147 |
147 if (sids_to_restrict_array) | 148 if (sids_to_restrict_array) |
148 delete[] sids_to_restrict_array; | 149 delete[] sids_to_restrict_array; |
149 | 150 |
150 if (privileges_to_disable_array) | 151 if (privileges_to_disable_array) |
151 delete[] privileges_to_disable_array; | 152 delete[] privileges_to_disable_array; |
152 | 153 |
153 if (!result) | 154 if (!result) |
154 return ::GetLastError(); | 155 return last_error; |
155 | 156 |
156 base::win::ScopedHandle new_token(new_token_handle); | 157 base::win::ScopedHandle new_token(new_token_handle); |
157 | 158 |
158 // Modify the default dacl on the token to contain Restricted and the user. | 159 // Modify the default dacl on the token to contain Restricted and the user. |
159 if (!AddSidToDefaultDacl(new_token.Get(), WinRestrictedCodeSid, GENERIC_ALL)) | 160 if (!AddSidToDefaultDacl(new_token.Get(), WinRestrictedCodeSid, GENERIC_ALL)) |
160 return ::GetLastError(); | 161 return ::GetLastError(); |
161 | 162 |
162 if (!AddUserSidToDefaultDacl(new_token.Get(), GENERIC_ALL)) | 163 if (!AddUserSidToDefaultDacl(new_token.Get(), GENERIC_ALL)) |
163 return ::GetLastError(); | 164 return ::GetLastError(); |
164 | 165 |
(...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
413 | 414 |
414 return ERROR_SUCCESS; | 415 return ERROR_SUCCESS; |
415 } | 416 } |
416 | 417 |
417 DWORD RestrictedToken::SetIntegrityLevel(IntegrityLevel integrity_level) { | 418 DWORD RestrictedToken::SetIntegrityLevel(IntegrityLevel integrity_level) { |
418 integrity_level_ = integrity_level; | 419 integrity_level_ = integrity_level; |
419 return ERROR_SUCCESS; | 420 return ERROR_SUCCESS; |
420 } | 421 } |
421 | 422 |
422 } // namespace sandbox | 423 } // namespace sandbox |
OLD | NEW |