| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/acl.h" | 5 #include "sandbox/win/src/acl.h" |
| 6 | 6 |
| 7 #include <aclapi.h> | 7 #include <aclapi.h> |
| 8 #include <sddl.h> | 8 #include <sddl.h> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 | 11 |
| 12 namespace sandbox { | 12 namespace sandbox { |
| 13 | 13 |
| 14 bool GetDefaultDacl(HANDLE token, | 14 bool GetDefaultDacl( |
| 15 scoped_ptr_malloc<TOKEN_DEFAULT_DACL>* default_dacl) { | 15 HANDLE token, |
| 16 scoped_ptr<TOKEN_DEFAULT_DACL, base::FreeDeleter>* default_dacl) { |
| 16 if (token == NULL) | 17 if (token == NULL) |
| 17 return false; | 18 return false; |
| 18 | 19 |
| 19 DCHECK(default_dacl != NULL); | 20 DCHECK(default_dacl != NULL); |
| 20 | 21 |
| 21 unsigned long length = 0; | 22 unsigned long length = 0; |
| 22 ::GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &length); | 23 ::GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &length); |
| 23 if (length == 0) { | 24 if (length == 0) { |
| 24 NOTREACHED(); | 25 NOTREACHED(); |
| 25 return false; | 26 return false; |
| (...skipping 26 matching lines...) Expand all Loading... |
| 52 if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &new_access, old_dacl, new_dacl)) | 53 if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &new_access, old_dacl, new_dacl)) |
| 53 return false; | 54 return false; |
| 54 | 55 |
| 55 return true; | 56 return true; |
| 56 } | 57 } |
| 57 | 58 |
| 58 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access) { | 59 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access) { |
| 59 if (token == NULL) | 60 if (token == NULL) |
| 60 return false; | 61 return false; |
| 61 | 62 |
| 62 scoped_ptr_malloc<TOKEN_DEFAULT_DACL> default_dacl; | 63 scoped_ptr<TOKEN_DEFAULT_DACL, base::FreeDeleter> default_dacl; |
| 63 if (!GetDefaultDacl(token, &default_dacl)) | 64 if (!GetDefaultDacl(token, &default_dacl)) |
| 64 return false; | 65 return false; |
| 65 | 66 |
| 66 ACL* new_dacl = NULL; | 67 ACL* new_dacl = NULL; |
| 67 if (!AddSidToDacl(sid, default_dacl->DefaultDacl, access, &new_dacl)) | 68 if (!AddSidToDacl(sid, default_dacl->DefaultDacl, access, &new_dacl)) |
| 68 return false; | 69 return false; |
| 69 | 70 |
| 70 TOKEN_DEFAULT_DACL new_token_dacl = {0}; | 71 TOKEN_DEFAULT_DACL new_token_dacl = {0}; |
| 71 new_token_dacl.DefaultDacl = new_dacl; | 72 new_token_dacl.DefaultDacl = new_dacl; |
| 72 | 73 |
| 73 BOOL ret = ::SetTokenInformation(token, TokenDefaultDacl, &new_token_dacl, | 74 BOOL ret = ::SetTokenInformation(token, TokenDefaultDacl, &new_token_dacl, |
| 74 sizeof(new_token_dacl)); | 75 sizeof(new_token_dacl)); |
| 75 ::LocalFree(new_dacl); | 76 ::LocalFree(new_dacl); |
| 76 return (TRUE == ret); | 77 return (TRUE == ret); |
| 77 } | 78 } |
| 78 | 79 |
| 79 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access) { | 80 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access) { |
| 80 DWORD size = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; | 81 DWORD size = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; |
| 81 TOKEN_USER* token_user = reinterpret_cast<TOKEN_USER*>(malloc(size)); | 82 TOKEN_USER* token_user = reinterpret_cast<TOKEN_USER*>(malloc(size)); |
| 82 | 83 |
| 83 scoped_ptr_malloc<TOKEN_USER> token_user_ptr(token_user); | 84 scoped_ptr<TOKEN_USER, base::FreeDeleter> token_user_ptr(token_user); |
| 84 | 85 |
| 85 if (!::GetTokenInformation(token, TokenUser, token_user, size, &size)) | 86 if (!::GetTokenInformation(token, TokenUser, token_user, size, &size)) |
| 86 return false; | 87 return false; |
| 87 | 88 |
| 88 return AddSidToDefaultDacl(token, | 89 return AddSidToDefaultDacl(token, |
| 89 reinterpret_cast<SID*>(token_user->User.Sid), | 90 reinterpret_cast<SID*>(token_user->User.Sid), |
| 90 access); | 91 access); |
| 91 } | 92 } |
| 92 | 93 |
| 93 bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid, | 94 bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid, |
| (...skipping 19 matching lines...) Expand all Loading... |
| 113 ::LocalFree(new_dacl); | 114 ::LocalFree(new_dacl); |
| 114 ::LocalFree(descriptor); | 115 ::LocalFree(descriptor); |
| 115 | 116 |
| 116 if (ERROR_SUCCESS != result) | 117 if (ERROR_SUCCESS != result) |
| 117 return false; | 118 return false; |
| 118 | 119 |
| 119 return true; | 120 return true; |
| 120 } | 121 } |
| 121 | 122 |
| 122 } // namespace sandbox | 123 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 169193002:
Convert scoped_ptr_malloc -> scoped_ptr, part 2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src