Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(222)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/handle_policy.cc

Issue 136543008: Use the same handle for checking and duplicating in DuplicateHandleProxy (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/win/src/handle_dispatcher.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/handle_policy.h" 5 #include "sandbox/win/src/handle_policy.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/win/scoped_handle.h" 9 #include "base/win/scoped_handle.h"
10 #include "sandbox/win/src/broker_services.h" 10 #include "sandbox/win/src/broker_services.h"
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
45 CASE_INSENSITIVE)) { 45 CASE_INSENSITIVE)) {
46 return false; 46 return false;
47 } 47 }
48 if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &duplicate_rule)) { 48 if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &duplicate_rule)) {
49 return false; 49 return false;
50 } 50 }
51 return true; 51 return true;
52 } 52 }
53 53
54 DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result, 54 DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,
55 const ClientInfo& client_info, 55 const ClientInfo& client_info,
cpu_(ooo_6.6-7.5) 2014/02/11 18:30:19 remove client info.
56 HANDLE source_handle, 56 HANDLE source_handle,
57 DWORD target_process_id, 57 DWORD target_process_id,
58 HANDLE* target_handle, 58 HANDLE* target_handle,
59 DWORD desired_access, 59 DWORD desired_access,
60 DWORD options) { 60 DWORD options) {
61 // The only action supported is ASK_BROKER which means duplicate the handle. 61 // The only action supported is ASK_BROKER which means duplicate the handle.
62 if (ASK_BROKER != eval_result) { 62 if (ASK_BROKER != eval_result) {
63 return ERROR_ACCESS_DENIED; 63 return ERROR_ACCESS_DENIED;
64 } 64 }
65 65
66 base::win::ScopedHandle remote_target_process; 66 base::win::ScopedHandle remote_target_process;
67 if (target_process_id != ::GetCurrentProcessId()) { 67 if (target_process_id != ::GetCurrentProcessId()) {
68 // Sandboxed children are dynamic, so we check that manually. 68 // Sandboxed children are dynamic, so we check that manually.
69 if (!BrokerServicesBase::GetInstance()->IsActiveTarget(target_process_id)) { 69 if (!BrokerServicesBase::GetInstance()->IsActiveTarget(target_process_id)) {
70 return ERROR_ACCESS_DENIED; 70 return ERROR_ACCESS_DENIED;
71 } 71 }
72 72
73 remote_target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE, 73 remote_target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
74 target_process_id)); 74 target_process_id));
75 if (!remote_target_process.IsValid()) 75 if (!remote_target_process.IsValid())
76 return ::GetLastError(); 76 return ::GetLastError();
77 } 77 }
78 78
79 // If the policy didn't block us and we have no valid target, then the broker 79 // If the policy didn't block us and we have no valid target, then the broker
80 // (this process) is the valid target. 80 // (this process) is the valid target.
81 HANDLE target_process = remote_target_process.IsValid() ? 81 HANDLE target_process = remote_target_process.IsValid() ?
82 remote_target_process.Get() : ::GetCurrentProcess(); 82 remote_target_process.Get() : ::GetCurrentProcess();
83 DWORD result = ERROR_SUCCESS; 83 DWORD result = ERROR_SUCCESS;
84 if (!::DuplicateHandle(client_info.process, source_handle, target_process, 84 if (!::DuplicateHandle(::GetCurrentProcess(), source_handle, target_process,
85 target_handle, desired_access, FALSE, 85 target_handle, desired_access, FALSE,
86 options)) { 86 options)) {
87 return ::GetLastError(); 87 return ::GetLastError();
88 } 88 }
89 89
90 return ERROR_SUCCESS; 90 return ERROR_SUCCESS;
91 } 91 }
92 92
93 } // namespace sandbox 93 } // namespace sandbox
94 94
OLDNEW
« no previous file with comments | « sandbox/win/src/handle_dispatcher.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698