| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/restricted_token.h" | 5 #include "sandbox/win/src/restricted_token.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 133 sids_to_restrict_array, | 133 sids_to_restrict_array, |
| 134 &new_token_handle); | 134 &new_token_handle); |
| 135 } else { | 135 } else { |
| 136 // Duplicate the token even if it's not modified at this point | 136 // Duplicate the token even if it's not modified at this point |
| 137 // because any subsequent changes to this token would also affect the | 137 // because any subsequent changes to this token would also affect the |
| 138 // current process. | 138 // current process. |
| 139 result = ::DuplicateTokenEx(effective_token_.Get(), TOKEN_ALL_ACCESS, NULL, | 139 result = ::DuplicateTokenEx(effective_token_.Get(), TOKEN_ALL_ACCESS, NULL, |
| 140 SecurityIdentification, TokenPrimary, | 140 SecurityIdentification, TokenPrimary, |
| 141 &new_token_handle); | 141 &new_token_handle); |
| 142 } | 142 } |
| 143 auto last_error = ::GetLastError(); |
| 143 | 144 |
| 144 if (deny_only_array) | 145 if (deny_only_array) |
| 145 delete[] deny_only_array; | 146 delete[] deny_only_array; |
| 146 | 147 |
| 147 if (sids_to_restrict_array) | 148 if (sids_to_restrict_array) |
| 148 delete[] sids_to_restrict_array; | 149 delete[] sids_to_restrict_array; |
| 149 | 150 |
| 150 if (privileges_to_disable_array) | 151 if (privileges_to_disable_array) |
| 151 delete[] privileges_to_disable_array; | 152 delete[] privileges_to_disable_array; |
| 152 | 153 |
| 153 if (!result) | 154 if (!result) |
| 154 return ::GetLastError(); | 155 return last_error; |
| 155 | 156 |
| 156 base::win::ScopedHandle new_token(new_token_handle); | 157 base::win::ScopedHandle new_token(new_token_handle); |
| 157 | 158 |
| 158 // Modify the default dacl on the token to contain Restricted and the user. | 159 // Modify the default dacl on the token to contain Restricted and the user. |
| 159 if (!AddSidToDefaultDacl(new_token.Get(), WinRestrictedCodeSid, GENERIC_ALL)) | 160 if (!AddSidToDefaultDacl(new_token.Get(), WinRestrictedCodeSid, GENERIC_ALL)) |
| 160 return ::GetLastError(); | 161 return ::GetLastError(); |
| 161 | 162 |
| 162 if (!AddUserSidToDefaultDacl(new_token.Get(), GENERIC_ALL)) | 163 if (!AddUserSidToDefaultDacl(new_token.Get(), GENERIC_ALL)) |
| 163 return ::GetLastError(); | 164 return ::GetLastError(); |
| 164 | 165 |
| (...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 413 | 414 |
| 414 return ERROR_SUCCESS; | 415 return ERROR_SUCCESS; |
| 415 } | 416 } |
| 416 | 417 |
| 417 DWORD RestrictedToken::SetIntegrityLevel(IntegrityLevel integrity_level) { | 418 DWORD RestrictedToken::SetIntegrityLevel(IntegrityLevel integrity_level) { |
| 418 integrity_level_ = integrity_level; | 419 integrity_level_ = integrity_level; |
| 419 return ERROR_SUCCESS; | 420 return ERROR_SUCCESS; |
| 420 } | 421 } |
| 421 | 422 |
| 422 } // namespace sandbox | 423 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1337223002:
Fixes to possible GetLastError bugs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master