OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/sandbox_policy.h" | 5 #include "sandbox/win/src/sandbox_policy.h" |
6 | 6 |
7 #include <sddl.h> | 7 #include <sddl.h> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
105 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; | 105 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; |
106 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; | 106 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; |
107 | 107 |
108 // Initializes static members. | 108 // Initializes static members. |
109 HWINSTA TargetPolicy::alternate_winstation_handle_ = NULL; | 109 HWINSTA TargetPolicy::alternate_winstation_handle_ = NULL; |
110 HDESK TargetPolicy::alternate_desktop_handle_ = NULL; | 110 HDESK TargetPolicy::alternate_desktop_handle_ = NULL; |
111 IntegrityLevel TargetPolicy::alternate_desktop_integrity_level_label_ = | 111 IntegrityLevel TargetPolicy::alternate_desktop_integrity_level_label_ = |
112 INTEGRITY_LEVEL_SYSTEM; | 112 INTEGRITY_LEVEL_SYSTEM; |
113 | 113 |
114 TargetPolicy::TargetPolicy() | 114 TargetPolicy::TargetPolicy() |
115 : ref_count(1), | 115 : lockdown_level_(USER_LOCKDOWN), |
116 lockdown_level_(USER_LOCKDOWN), | |
117 initial_level_(USER_LOCKDOWN), | 116 initial_level_(USER_LOCKDOWN), |
118 job_level_(JOB_LOCKDOWN), | 117 job_level_(JOB_LOCKDOWN), |
119 ui_exceptions_(0), | 118 ui_exceptions_(0), |
120 memory_limit_(0), | 119 memory_limit_(0), |
121 use_alternate_desktop_(false), | 120 use_alternate_desktop_(false), |
122 use_alternate_winstation_(false), | 121 use_alternate_winstation_(false), |
123 file_system_init_(false), | 122 file_system_init_(false), |
124 relaxed_interceptions_(true), | 123 relaxed_interceptions_(true), |
125 stdout_handle_(INVALID_HANDLE_VALUE), | 124 stdout_handle_(INVALID_HANDLE_VALUE), |
126 stderr_handle_(INVALID_HANDLE_VALUE), | 125 stderr_handle_(INVALID_HANDLE_VALUE), |
(...skipping 18 matching lines...) Expand all Loading... |
145 } | 144 } |
146 delete policy_maker_; | 145 delete policy_maker_; |
147 delete policy_; | 146 delete policy_; |
148 | 147 |
149 if (lowbox_sid_) | 148 if (lowbox_sid_) |
150 ::LocalFree(lowbox_sid_); | 149 ::LocalFree(lowbox_sid_); |
151 | 150 |
152 ::DeleteCriticalSection(&lock_); | 151 ::DeleteCriticalSection(&lock_); |
153 } | 152 } |
154 | 153 |
155 void TargetPolicy::AddRef() { | |
156 ::InterlockedIncrement(&ref_count); | |
157 } | |
158 | |
159 void TargetPolicy::Release() { | |
160 if (0 == ::InterlockedDecrement(&ref_count)) | |
161 delete this; | |
162 } | |
163 | |
164 ResultCode TargetPolicy::SetTokenLevel(TokenLevel initial, | 154 ResultCode TargetPolicy::SetTokenLevel(TokenLevel initial, |
165 TokenLevel lockdown) { | 155 TokenLevel lockdown) { |
166 if (initial < lockdown) { | 156 if (initial < lockdown) { |
167 return SBOX_ERROR_BAD_PARAMS; | 157 return SBOX_ERROR_BAD_PARAMS; |
168 } | 158 } |
169 initial_level_ = initial; | 159 initial_level_ = initial; |
170 lockdown_level_ = lockdown; | 160 lockdown_level_ = lockdown; |
171 return SBOX_ALL_OK; | 161 return SBOX_ALL_OK; |
172 } | 162 } |
173 | 163 |
(...skipping 577 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
751 break; | 741 break; |
752 } | 742 } |
753 | 743 |
754 default: { return SBOX_ERROR_UNSUPPORTED; } | 744 default: { return SBOX_ERROR_UNSUPPORTED; } |
755 } | 745 } |
756 | 746 |
757 return SBOX_ALL_OK; | 747 return SBOX_ALL_OK; |
758 } | 748 } |
759 | 749 |
760 } // namespace sandbox | 750 } // namespace sandbox |
OLD | NEW |