OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <aclapi.h> | 5 #include <aclapi.h> |
6 #include <sddl.h> | 6 #include <sddl.h> |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "sandbox/win/src/restricted_token_utils.h" | 9 #include "sandbox/win/src/restricted_token_utils.h" |
10 | 10 |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
211 if (!::ConvertStringSidToSid(integrity_level_str, &integrity_sid)) | 211 if (!::ConvertStringSidToSid(integrity_level_str, &integrity_sid)) |
212 return ::GetLastError(); | 212 return ::GetLastError(); |
213 | 213 |
214 TOKEN_MANDATORY_LABEL label = {}; | 214 TOKEN_MANDATORY_LABEL label = {}; |
215 label.Label.Attributes = SE_GROUP_INTEGRITY; | 215 label.Label.Attributes = SE_GROUP_INTEGRITY; |
216 label.Label.Sid = integrity_sid; | 216 label.Label.Sid = integrity_sid; |
217 | 217 |
218 DWORD size = sizeof(TOKEN_MANDATORY_LABEL) + ::GetLengthSid(integrity_sid); | 218 DWORD size = sizeof(TOKEN_MANDATORY_LABEL) + ::GetLengthSid(integrity_sid); |
219 BOOL result = ::SetTokenInformation(token, TokenIntegrityLevel, &label, | 219 BOOL result = ::SetTokenInformation(token, TokenIntegrityLevel, &label, |
220 size); | 220 size); |
221 auto last_error = ::GetLastError(); | |
brucedawson
2015/09/12 00:33:55
Latch LastError before LocalFree. Probably doesn't
| |
221 ::LocalFree(integrity_sid); | 222 ::LocalFree(integrity_sid); |
222 | 223 |
223 return result ? ERROR_SUCCESS : ::GetLastError(); | 224 return result ? ERROR_SUCCESS : last_error; |
224 } | 225 } |
225 | 226 |
226 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level) { | 227 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level) { |
227 if (base::win::GetVersion() < base::win::VERSION_VISTA) | 228 if (base::win::GetVersion() < base::win::VERSION_VISTA) |
228 return ERROR_SUCCESS; | 229 return ERROR_SUCCESS; |
229 | 230 |
230 // We don't check for an invalid level here because we'll just let it | 231 // We don't check for an invalid level here because we'll just let it |
231 // fail on the SetTokenIntegrityLevel call later on. | 232 // fail on the SetTokenIntegrityLevel call later on. |
232 if (integrity_level == INTEGRITY_LEVEL_LAST) { | 233 if (integrity_level == INTEGRITY_LEVEL_LAST) { |
233 // No mandatory level specified, we don't change it. | 234 // No mandatory level specified, we don't change it. |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
301 if (!::OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, | 302 if (!::OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, |
302 &token_handle)) | 303 &token_handle)) |
303 return ::GetLastError(); | 304 return ::GetLastError(); |
304 | 305 |
305 base::win::ScopedHandle token(token_handle); | 306 base::win::ScopedHandle token(token_handle); |
306 | 307 |
307 return HardenTokenIntegrityLevelPolicy(token.Get()); | 308 return HardenTokenIntegrityLevelPolicy(token.Get()); |
308 } | 309 } |
309 | 310 |
310 } // namespace sandbox | 311 } // namespace sandbox |
OLD | NEW |