| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/broker_services.h" | 5 #include "sandbox/win/src/broker_services.h" |
| 6 | 6 |
| 7 #include <AclAPI.h> | 7 #include <AclAPI.h> |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| (...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 340 DWORD child_process_creation = PROCESS_CREATION_CHILD_PROCESS_RESTRICTED; | 340 DWORD child_process_creation = PROCESS_CREATION_CHILD_PROCESS_RESTRICTED; |
| 341 | 341 |
| 342 base::string16 desktop = policy_base->GetAlternateDesktop(); | 342 base::string16 desktop = policy_base->GetAlternateDesktop(); |
| 343 if (!desktop.empty()) { | 343 if (!desktop.empty()) { |
| 344 startup_info.startup_info()->lpDesktop = | 344 startup_info.startup_info()->lpDesktop = |
| 345 const_cast<wchar_t*>(desktop.c_str()); | 345 const_cast<wchar_t*>(desktop.c_str()); |
| 346 } | 346 } |
| 347 | 347 |
| 348 bool inherit_handles = false; | 348 bool inherit_handles = false; |
| 349 | 349 |
| 350 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { | 350 int attribute_count = 0; |
| 351 int attribute_count = 0; | 351 const AppContainerAttributes* app_container = |
| 352 const AppContainerAttributes* app_container = | 352 policy_base->GetAppContainer(); |
| 353 policy_base->GetAppContainer(); | 353 if (app_container) |
| 354 if (app_container) | 354 ++attribute_count; |
| 355 ++attribute_count; | |
| 356 | 355 |
| 357 size_t mitigations_size; | 356 size_t mitigations_size; |
| 358 ConvertProcessMitigationsToPolicy(policy_base->GetProcessMitigations(), | 357 ConvertProcessMitigationsToPolicy(policy_base->GetProcessMitigations(), |
| 359 &mitigations, &mitigations_size); | 358 &mitigations, &mitigations_size); |
| 360 if (mitigations) | 359 if (mitigations) |
| 361 ++attribute_count; | 360 ++attribute_count; |
| 362 | 361 |
| 363 bool restrict_child_process_creation = false; | 362 bool restrict_child_process_creation = false; |
| 364 if (base::win::GetVersion() >= base::win::VERSION_WIN10_TH2 && | 363 if (base::win::GetVersion() >= base::win::VERSION_WIN10_TH2 && |
| 365 policy_base->GetJobLevel() <= JOB_LIMITED_USER) { | 364 policy_base->GetJobLevel() <= JOB_LIMITED_USER) { |
| 366 restrict_child_process_creation = true; | 365 restrict_child_process_creation = true; |
| 367 ++attribute_count; | 366 ++attribute_count; |
| 368 } | 367 } |
| 369 | 368 |
| 370 HANDLE stdout_handle = policy_base->GetStdoutHandle(); | 369 HANDLE stdout_handle = policy_base->GetStdoutHandle(); |
| 371 HANDLE stderr_handle = policy_base->GetStderrHandle(); | 370 HANDLE stderr_handle = policy_base->GetStderrHandle(); |
| 372 | 371 |
| 373 if (stdout_handle != INVALID_HANDLE_VALUE) | 372 if (stdout_handle != INVALID_HANDLE_VALUE) |
| 374 inherited_handle_list.push_back(stdout_handle); | 373 inherited_handle_list.push_back(stdout_handle); |
| 375 | 374 |
| 376 // Handles in the list must be unique. | 375 // Handles in the list must be unique. |
| 377 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) | 376 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) |
| 378 inherited_handle_list.push_back(stderr_handle); | 377 inherited_handle_list.push_back(stderr_handle); |
| 379 | 378 |
| 380 const base::HandlesToInheritVector& policy_handle_list = | 379 const base::HandlesToInheritVector& policy_handle_list = |
| 381 policy_base->GetHandlesBeingShared(); | 380 policy_base->GetHandlesBeingShared(); |
| 382 | 381 |
| 383 for (HANDLE handle : policy_handle_list) | 382 for (HANDLE handle : policy_handle_list) |
| 384 inherited_handle_list.push_back(handle); | 383 inherited_handle_list.push_back(handle); |
| 385 | 384 |
| 386 if (inherited_handle_list.size()) | 385 if (inherited_handle_list.size()) |
| 387 ++attribute_count; | 386 ++attribute_count; |
| 388 | 387 |
| 389 if (!startup_info.InitializeProcThreadAttributeList(attribute_count)) | 388 if (!startup_info.InitializeProcThreadAttributeList(attribute_count)) |
| 389 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
| 390 |
| 391 if (app_container) { |
| 392 result = app_container->ShareForStartup(&startup_info); |
| 393 if (SBOX_ALL_OK != result) |
| 394 return result; |
| 395 } |
| 396 |
| 397 if (mitigations) { |
| 398 if (!startup_info.UpdateProcThreadAttribute( |
| 399 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations, |
| 400 mitigations_size)) { |
| 390 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | 401 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
| 391 | |
| 392 if (app_container) { | |
| 393 result = app_container->ShareForStartup(&startup_info); | |
| 394 if (SBOX_ALL_OK != result) | |
| 395 return result; | |
| 396 } | |
| 397 | |
| 398 if (mitigations) { | |
| 399 if (!startup_info.UpdateProcThreadAttribute( | |
| 400 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations, | |
| 401 mitigations_size)) { | |
| 402 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | |
| 403 } | |
| 404 } | |
| 405 | |
| 406 if (restrict_child_process_creation) { | |
| 407 if (!startup_info.UpdateProcThreadAttribute( | |
| 408 PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY, | |
| 409 &child_process_creation, sizeof(child_process_creation))) { | |
| 410 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | |
| 411 } | |
| 412 } | |
| 413 | |
| 414 if (inherited_handle_list.size()) { | |
| 415 if (!startup_info.UpdateProcThreadAttribute( | |
| 416 PROC_THREAD_ATTRIBUTE_HANDLE_LIST, | |
| 417 &inherited_handle_list[0], | |
| 418 sizeof(HANDLE) * inherited_handle_list.size())) { | |
| 419 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | |
| 420 } | |
| 421 startup_info.startup_info()->dwFlags |= STARTF_USESTDHANDLES; | |
| 422 startup_info.startup_info()->hStdInput = INVALID_HANDLE_VALUE; | |
| 423 startup_info.startup_info()->hStdOutput = stdout_handle; | |
| 424 startup_info.startup_info()->hStdError = stderr_handle; | |
| 425 // Allowing inheritance of handles is only secure now that we | |
| 426 // have limited which handles will be inherited. | |
| 427 inherit_handles = true; | |
| 428 } | 402 } |
| 429 } | 403 } |
| 430 | 404 |
| 405 if (restrict_child_process_creation) { |
| 406 if (!startup_info.UpdateProcThreadAttribute( |
| 407 PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY, |
| 408 &child_process_creation, sizeof(child_process_creation))) { |
| 409 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
| 410 } |
| 411 } |
| 412 |
| 413 if (inherited_handle_list.size()) { |
| 414 if (!startup_info.UpdateProcThreadAttribute( |
| 415 PROC_THREAD_ATTRIBUTE_HANDLE_LIST, |
| 416 &inherited_handle_list[0], |
| 417 sizeof(HANDLE) * inherited_handle_list.size())) { |
| 418 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
| 419 } |
| 420 startup_info.startup_info()->dwFlags |= STARTF_USESTDHANDLES; |
| 421 startup_info.startup_info()->hStdInput = INVALID_HANDLE_VALUE; |
| 422 startup_info.startup_info()->hStdOutput = stdout_handle; |
| 423 startup_info.startup_info()->hStdError = stderr_handle; |
| 424 // Allowing inheritance of handles is only secure now that we |
| 425 // have limited which handles will be inherited. |
| 426 inherit_handles = true; |
| 427 } |
| 428 |
| 431 // Construct the thread pool here in case it is expensive. | 429 // Construct the thread pool here in case it is expensive. |
| 432 // The thread pool is shared by all the targets | 430 // The thread pool is shared by all the targets |
| 433 if (NULL == thread_pool_) | 431 if (NULL == thread_pool_) |
| 434 thread_pool_ = new Win2kThreadPool(); | 432 thread_pool_ = new Win2kThreadPool(); |
| 435 | 433 |
| 436 // Create the TargetProcess object and spawn the target suspended. Note that | 434 // Create the TargetProcess object and spawn the target suspended. Note that |
| 437 // Brokerservices does not own the target object. It is owned by the Policy. | 435 // Brokerservices does not own the target object. It is owned by the Policy. |
| 438 base::win::ScopedProcessInformation process_info; | 436 base::win::ScopedProcessInformation process_info; |
| 439 TargetProcess* target = | 437 TargetProcess* target = |
| 440 new TargetProcess(std::move(initial_token), std::move(lockdown_token), | 438 new TargetProcess(std::move(initial_token), std::move(lockdown_token), |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 556 return SBOX_ERROR_UNSUPPORTED; | 554 return SBOX_ERROR_UNSUPPORTED; |
| 557 | 555 |
| 558 base::string16 name = LookupAppContainer(sid); | 556 base::string16 name = LookupAppContainer(sid); |
| 559 if (name.empty()) | 557 if (name.empty()) |
| 560 return SBOX_ERROR_INVALID_APP_CONTAINER; | 558 return SBOX_ERROR_INVALID_APP_CONTAINER; |
| 561 | 559 |
| 562 return DeleteAppContainer(sid); | 560 return DeleteAppContainer(sid); |
| 563 } | 561 } |
| 564 | 562 |
| 565 } // namespace sandbox | 563 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1814863004:
Cleanup/Remove Windows XP/Vista version checks from Windows sandbox code (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master