| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include <sddl.h> | 7 #include <sddl.h> |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 468 PRIMARY, lockdown); | 468 PRIMARY, lockdown); |
| 469 if (ERROR_SUCCESS != result) | 469 if (ERROR_SUCCESS != result) |
| 470 return SBOX_ERROR_GENERIC; | 470 return SBOX_ERROR_GENERIC; |
| 471 | 471 |
| 472 // If we're launching on the alternate desktop we need to make sure the | 472 // If we're launching on the alternate desktop we need to make sure the |
| 473 // integrity label on the object is no higher than the sandboxed process's | 473 // integrity label on the object is no higher than the sandboxed process's |
| 474 // integrity level. So, we lower the label on the desktop process if it's | 474 // integrity level. So, we lower the label on the desktop process if it's |
| 475 // not already low enough for our process. | 475 // not already low enough for our process. |
| 476 if (alternate_desktop_handle_ && use_alternate_desktop_ && | 476 if (alternate_desktop_handle_ && use_alternate_desktop_ && |
| 477 integrity_level_ != INTEGRITY_LEVEL_LAST && | 477 integrity_level_ != INTEGRITY_LEVEL_LAST && |
| 478 alternate_desktop_integrity_level_label_ < integrity_level_ && | 478 alternate_desktop_integrity_level_label_ < integrity_level_) { |
| 479 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { | |
| 480 // Integrity label enum is reversed (higher level is a lower value). | 479 // Integrity label enum is reversed (higher level is a lower value). |
| 481 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, | 480 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, |
| 482 "Integrity level ordering reversed."); | 481 "Integrity level ordering reversed."); |
| 483 result = SetObjectIntegrityLabel(alternate_desktop_handle_, | 482 result = SetObjectIntegrityLabel(alternate_desktop_handle_, |
| 484 SE_WINDOW_OBJECT, | 483 SE_WINDOW_OBJECT, |
| 485 L"", | 484 L"", |
| 486 GetIntegrityLevelString(integrity_level_)); | 485 GetIntegrityLevelString(integrity_level_)); |
| 487 if (ERROR_SUCCESS != result) | 486 if (ERROR_SUCCESS != result) |
| 488 return SBOX_ERROR_GENERIC; | 487 return SBOX_ERROR_GENERIC; |
| 489 | 488 |
| (...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 762 break; | 761 break; |
| 763 } | 762 } |
| 764 | 763 |
| 765 default: { return SBOX_ERROR_UNSUPPORTED; } | 764 default: { return SBOX_ERROR_UNSUPPORTED; } |
| 766 } | 765 } |
| 767 | 766 |
| 768 return SBOX_ALL_OK; | 767 return SBOX_ALL_OK; |
| 769 } | 768 } |
| 770 | 769 |
| 771 } // namespace sandbox | 770 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1814863004:
Cleanup/Remove Windows XP/Vista version checks from Windows sandbox code (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master