| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <aclapi.h> | 5 #include <aclapi.h> |
| 6 #include <sddl.h> | 6 #include <sddl.h> |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "sandbox/win/src/restricted_token_utils.h" | 9 #include "sandbox/win/src/restricted_token_utils.h" |
| 10 | 10 |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 211 if (!::ConvertStringSidToSid(integrity_level_str, &integrity_sid)) | 211 if (!::ConvertStringSidToSid(integrity_level_str, &integrity_sid)) |
| 212 return ::GetLastError(); | 212 return ::GetLastError(); |
| 213 | 213 |
| 214 TOKEN_MANDATORY_LABEL label = {}; | 214 TOKEN_MANDATORY_LABEL label = {}; |
| 215 label.Label.Attributes = SE_GROUP_INTEGRITY; | 215 label.Label.Attributes = SE_GROUP_INTEGRITY; |
| 216 label.Label.Sid = integrity_sid; | 216 label.Label.Sid = integrity_sid; |
| 217 | 217 |
| 218 DWORD size = sizeof(TOKEN_MANDATORY_LABEL) + ::GetLengthSid(integrity_sid); | 218 DWORD size = sizeof(TOKEN_MANDATORY_LABEL) + ::GetLengthSid(integrity_sid); |
| 219 BOOL result = ::SetTokenInformation(token, TokenIntegrityLevel, &label, | 219 BOOL result = ::SetTokenInformation(token, TokenIntegrityLevel, &label, |
| 220 size); | 220 size); |
| 221 auto last_error = ::GetLastError(); |
| 221 ::LocalFree(integrity_sid); | 222 ::LocalFree(integrity_sid); |
| 222 | 223 |
| 223 return result ? ERROR_SUCCESS : ::GetLastError(); | 224 return result ? ERROR_SUCCESS : last_error; |
| 224 } | 225 } |
| 225 | 226 |
| 226 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level) { | 227 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level) { |
| 227 if (base::win::GetVersion() < base::win::VERSION_VISTA) | 228 if (base::win::GetVersion() < base::win::VERSION_VISTA) |
| 228 return ERROR_SUCCESS; | 229 return ERROR_SUCCESS; |
| 229 | 230 |
| 230 // We don't check for an invalid level here because we'll just let it | 231 // We don't check for an invalid level here because we'll just let it |
| 231 // fail on the SetTokenIntegrityLevel call later on. | 232 // fail on the SetTokenIntegrityLevel call later on. |
| 232 if (integrity_level == INTEGRITY_LEVEL_LAST) { | 233 if (integrity_level == INTEGRITY_LEVEL_LAST) { |
| 233 // No mandatory level specified, we don't change it. | 234 // No mandatory level specified, we don't change it. |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 301 if (!::OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, | 302 if (!::OpenProcessToken(GetCurrentProcess(), READ_CONTROL | WRITE_OWNER, |
| 302 &token_handle)) | 303 &token_handle)) |
| 303 return ::GetLastError(); | 304 return ::GetLastError(); |
| 304 | 305 |
| 305 base::win::ScopedHandle token(token_handle); | 306 base::win::ScopedHandle token(token_handle); |
| 306 | 307 |
| 307 return HardenTokenIntegrityLevelPolicy(token.Get()); | 308 return HardenTokenIntegrityLevelPolicy(token.Get()); |
| 308 } | 309 } |
| 309 | 310 |
| 310 } // namespace sandbox | 311 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1337223002:
Fixes to possible GetLastError bugs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master