Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3039)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/broker_services.cc

Issue 1814863004: Cleanup/Remove Windows XP/Vista version checks from Windows sandbox code (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: revert disabled reparse point check Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/address_sanitizer_test.cc ('k') | sandbox/win/src/file_policy_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/broker_services.cc
diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc
index c3b490931d5c4bf84940a4a05111b5358c048cc9..f60c30b3bd6f519d15890c920fac47ec27788e51 100644
--- a/sandbox/win/src/broker_services.cc
+++ b/sandbox/win/src/broker_services.cc
@@ -347,85 +347,83 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path,
bool inherit_handles = false;
- if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
- int attribute_count = 0;
- const AppContainerAttributes* app_container =
- policy_base->GetAppContainer();
- if (app_container)
- ++attribute_count;
-
- size_t mitigations_size;
- ConvertProcessMitigationsToPolicy(policy_base->GetProcessMitigations(),
- &mitigations, &mitigations_size);
- if (mitigations)
- ++attribute_count;
-
- bool restrict_child_process_creation = false;
- if (base::win::GetVersion() >= base::win::VERSION_WIN10_TH2 &&
- policy_base->GetJobLevel() <= JOB_LIMITED_USER) {
- restrict_child_process_creation = true;
- ++attribute_count;
- }
+ int attribute_count = 0;
+ const AppContainerAttributes* app_container =
+ policy_base->GetAppContainer();
+ if (app_container)
+ ++attribute_count;
+
+ size_t mitigations_size;
+ ConvertProcessMitigationsToPolicy(policy_base->GetProcessMitigations(),
+ &mitigations, &mitigations_size);
+ if (mitigations)
+ ++attribute_count;
+
+ bool restrict_child_process_creation = false;
+ if (base::win::GetVersion() >= base::win::VERSION_WIN10_TH2 &&
+ policy_base->GetJobLevel() <= JOB_LIMITED_USER) {
+ restrict_child_process_creation = true;
+ ++attribute_count;
+ }
- HANDLE stdout_handle = policy_base->GetStdoutHandle();
- HANDLE stderr_handle = policy_base->GetStderrHandle();
+ HANDLE stdout_handle = policy_base->GetStdoutHandle();
+ HANDLE stderr_handle = policy_base->GetStderrHandle();
- if (stdout_handle != INVALID_HANDLE_VALUE)
- inherited_handle_list.push_back(stdout_handle);
+ if (stdout_handle != INVALID_HANDLE_VALUE)
+ inherited_handle_list.push_back(stdout_handle);
- // Handles in the list must be unique.
- if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE)
- inherited_handle_list.push_back(stderr_handle);
+ // Handles in the list must be unique.
+ if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE)
+ inherited_handle_list.push_back(stderr_handle);
- const base::HandlesToInheritVector& policy_handle_list =
- policy_base->GetHandlesBeingShared();
+ const base::HandlesToInheritVector& policy_handle_list =
+ policy_base->GetHandlesBeingShared();
- for (HANDLE handle : policy_handle_list)
- inherited_handle_list.push_back(handle);
+ for (HANDLE handle : policy_handle_list)
+ inherited_handle_list.push_back(handle);
- if (inherited_handle_list.size())
- ++attribute_count;
+ if (inherited_handle_list.size())
+ ++attribute_count;
- if (!startup_info.InitializeProcThreadAttributeList(attribute_count))
- return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
+ if (!startup_info.InitializeProcThreadAttributeList(attribute_count))
+ return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
- if (app_container) {
- result = app_container->ShareForStartup(&startup_info);
- if (SBOX_ALL_OK != result)
- return result;
- }
+ if (app_container) {
+ result = app_container->ShareForStartup(&startup_info);
+ if (SBOX_ALL_OK != result)
+ return result;
+ }
- if (mitigations) {
- if (!startup_info.UpdateProcThreadAttribute(
- PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations,
- mitigations_size)) {
- return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
- }
+ if (mitigations) {
+ if (!startup_info.UpdateProcThreadAttribute(
+ PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations,
+ mitigations_size)) {
+ return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
}
+ }
- if (restrict_child_process_creation) {
- if (!startup_info.UpdateProcThreadAttribute(
- PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY,
- &child_process_creation, sizeof(child_process_creation))) {
- return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
- }
+ if (restrict_child_process_creation) {
+ if (!startup_info.UpdateProcThreadAttribute(
+ PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY,
+ &child_process_creation, sizeof(child_process_creation))) {
+ return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
}
+ }
- if (inherited_handle_list.size()) {
- if (!startup_info.UpdateProcThreadAttribute(
- PROC_THREAD_ATTRIBUTE_HANDLE_LIST,
- &inherited_handle_list[0],
- sizeof(HANDLE) * inherited_handle_list.size())) {
- return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
- }
- startup_info.startup_info()->dwFlags |= STARTF_USESTDHANDLES;
- startup_info.startup_info()->hStdInput = INVALID_HANDLE_VALUE;
- startup_info.startup_info()->hStdOutput = stdout_handle;
- startup_info.startup_info()->hStdError = stderr_handle;
- // Allowing inheritance of handles is only secure now that we
- // have limited which handles will be inherited.
- inherit_handles = true;
+ if (inherited_handle_list.size()) {
+ if (!startup_info.UpdateProcThreadAttribute(
+ PROC_THREAD_ATTRIBUTE_HANDLE_LIST,
+ &inherited_handle_list[0],
+ sizeof(HANDLE) * inherited_handle_list.size())) {
+ return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
}
+ startup_info.startup_info()->dwFlags |= STARTF_USESTDHANDLES;
+ startup_info.startup_info()->hStdInput = INVALID_HANDLE_VALUE;
+ startup_info.startup_info()->hStdOutput = stdout_handle;
+ startup_info.startup_info()->hStdError = stderr_handle;
+ // Allowing inheritance of handles is only secure now that we
+ // have limited which handles will be inherited.
+ inherit_handles = true;
}
// Construct the thread pool here in case it is expensive.
« no previous file with comments | « sandbox/win/src/address_sanitizer_test.cc ('k') | sandbox/win/src/file_policy_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698