sandbox/win/tests/common/controller.cc - Issue 1626623003: [Win10 sandbox mitigations] Four new Win10 mitigations added.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/win/tests/common/controller.cc

Issue 1626623003: [Win10 sandbox mitigations] Four new Win10 mitigations added. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Code review changes, part 5. "Fix the nit." Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/win/tests/common/controller.cc

diff --git a/sandbox/win/tests/common/controller.cc b/sandbox/win/tests/common/controller.cc

index 8d3e29dd9600bf643b55cdc46b01d2fe89a70baa..9d10d54f3b9c1b590f69763757fba5c821789c97 100644

--- a/sandbox/win/tests/common/controller.cc

+++ b/sandbox/win/tests/common/controller.cc

@@ -90,20 +90,28 @@ BrokerServices* GetBroker() {

return broker;

}

-TestRunner::TestRunner(JobLevel job_level, TokenLevel startup_token,

+TestRunner::TestRunner(JobLevel job_level,

+ TokenLevel startup_token,

TokenLevel main_token)

- : is_init_(false), is_async_(false), no_sandbox_(false),

+ : is_init_(false),

+ is_async_(false),

+ no_sandbox_(false),

+ disable_csrss_(true),

target_process_id_(0) {

Init(job_level, startup_token, main_token);

}

TestRunner::TestRunner()

- : is_init_(false), is_async_(false), no_sandbox_(false),

+ : is_init_(false),

+ is_async_(false),

+ no_sandbox_(false),

+ disable_csrss_(true),

target_process_id_(0) {

Init(JOB_LOCKDOWN, USER_RESTRICTED_SAME_ACCESS, USER_LOCKDOWN);

}

-void TestRunner::Init(JobLevel job_level, TokenLevel startup_token,

+void TestRunner::Init(JobLevel job_level,

+ TokenLevel startup_token,

TokenLevel main_token) {

broker_ = NULL;

policy_ = NULL;

@@ -124,11 +132,6 @@ void TestRunner::Init(JobLevel job_level, TokenLevel startup_token,

policy_->SetJobLevel(job_level, 0);

policy_->SetTokenLevel(startup_token, main_token);

- // Close all ALPC ports.

- if (base::win::GetVersion() >= base::win::VERSION_WIN8) {

- policy_->AddKernelObjectToClose(L"ALPC Port", NULL);

- }

is_init_ = true;

}

@@ -210,6 +213,13 @@ int TestRunner::InternalRunTest(const wchar_t* command) {

target_process_id_ = 0;

}

+ if (disable_csrss_) {

+ // Close all ALPC ports to disable CSRSS.

+ if (base::win::GetVersion() >= base::win::VERSION_WIN8) {

+ policy_->AddKernelObjectToClose(L"ALPC Port", NULL);

+ }

// Get the path to the sandboxed process.

wchar_t prog_name[MAX_PATH];

GetModuleFileNameW(NULL, prog_name, MAX_PATH);

« no previous file with comments | « sandbox/win/tests/common/controller.h ('k') | no next file » | no next file with comments »