OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/broker_services.h" | 5 #include "sandbox/win/src/broker_services.h" |
6 | 6 |
7 #include <AclAPI.h> | 7 #include <AclAPI.h> |
8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 |
| 10 #include <memory> |
9 #include <utility> | 11 #include <utility> |
10 | 12 |
11 #include "base/logging.h" | 13 #include "base/logging.h" |
12 #include "base/macros.h" | 14 #include "base/macros.h" |
13 #include "base/memory/scoped_ptr.h" | |
14 #include "base/stl_util.h" | 15 #include "base/stl_util.h" |
15 #include "base/threading/platform_thread.h" | 16 #include "base/threading/platform_thread.h" |
16 #include "base/win/scoped_handle.h" | 17 #include "base/win/scoped_handle.h" |
17 #include "base/win/scoped_process_information.h" | 18 #include "base/win/scoped_process_information.h" |
18 #include "base/win/startup_information.h" | 19 #include "base/win/startup_information.h" |
19 #include "base/win/windows_version.h" | 20 #include "base/win/windows_version.h" |
20 #include "sandbox/win/src/app_container.h" | 21 #include "sandbox/win/src/app_container.h" |
21 #include "sandbox/win/src/process_mitigations.h" | 22 #include "sandbox/win/src/process_mitigations.h" |
22 #include "sandbox/win/src/sandbox.h" | 23 #include "sandbox/win/src/sandbox.h" |
23 #include "sandbox/win/src/sandbox_policy_base.h" | 24 #include "sandbox/win/src/sandbox_policy_base.h" |
(...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
467 | 468 |
468 // Now the policy is the owner of the target. | 469 // Now the policy is the owner of the target. |
469 if (!policy_base->AddTarget(target)) { | 470 if (!policy_base->AddTarget(target)) { |
470 return SpawnCleanup(target, 0); | 471 return SpawnCleanup(target, 0); |
471 } | 472 } |
472 | 473 |
473 // We are going to keep a pointer to the policy because we'll call it when | 474 // We are going to keep a pointer to the policy because we'll call it when |
474 // the job object generates notifications using the completion port. | 475 // the job object generates notifications using the completion port. |
475 policy_base->AddRef(); | 476 policy_base->AddRef(); |
476 if (job.IsValid()) { | 477 if (job.IsValid()) { |
477 scoped_ptr<JobTracker> tracker(new JobTracker(std::move(job), policy_base)); | 478 std::unique_ptr<JobTracker> tracker( |
| 479 new JobTracker(std::move(job), policy_base)); |
478 | 480 |
479 // There is no obvious recovery after failure here. Previous version with | 481 // There is no obvious recovery after failure here. Previous version with |
480 // SpawnCleanup() caused deletion of TargetProcess twice. crbug.com/480639 | 482 // SpawnCleanup() caused deletion of TargetProcess twice. crbug.com/480639 |
481 CHECK(AssociateCompletionPort(tracker->job.Get(), job_port_.Get(), | 483 CHECK(AssociateCompletionPort(tracker->job.Get(), job_port_.Get(), |
482 tracker.get())); | 484 tracker.get())); |
483 | 485 |
484 // Save the tracker because in cleanup we might need to force closing | 486 // Save the tracker because in cleanup we might need to force closing |
485 // the Jobs. | 487 // the Jobs. |
486 tracker_list_.push_back(tracker.release()); | 488 tracker_list_.push_back(tracker.release()); |
487 child_process_ids_.insert(process_info.process_id()); | 489 child_process_ids_.insert(process_info.process_id()); |
(...skipping 29 matching lines...) Expand all Loading... |
517 | 519 |
518 VOID CALLBACK BrokerServicesBase::RemovePeer(PVOID parameter, BOOLEAN timeout) { | 520 VOID CALLBACK BrokerServicesBase::RemovePeer(PVOID parameter, BOOLEAN timeout) { |
519 PeerTracker* peer = reinterpret_cast<PeerTracker*>(parameter); | 521 PeerTracker* peer = reinterpret_cast<PeerTracker*>(parameter); |
520 // Don't check the return code because we this may fail (safely) at shutdown. | 522 // Don't check the return code because we this may fail (safely) at shutdown. |
521 ::PostQueuedCompletionStatus( | 523 ::PostQueuedCompletionStatus( |
522 peer->job_port, 0, THREAD_CTRL_REMOVE_PEER, | 524 peer->job_port, 0, THREAD_CTRL_REMOVE_PEER, |
523 reinterpret_cast<LPOVERLAPPED>(static_cast<uintptr_t>(peer->id))); | 525 reinterpret_cast<LPOVERLAPPED>(static_cast<uintptr_t>(peer->id))); |
524 } | 526 } |
525 | 527 |
526 ResultCode BrokerServicesBase::AddTargetPeer(HANDLE peer_process) { | 528 ResultCode BrokerServicesBase::AddTargetPeer(HANDLE peer_process) { |
527 scoped_ptr<PeerTracker> peer(new PeerTracker(::GetProcessId(peer_process), | 529 std::unique_ptr<PeerTracker> peer( |
528 job_port_.Get())); | 530 new PeerTracker(::GetProcessId(peer_process), job_port_.Get())); |
529 if (!peer->id) | 531 if (!peer->id) |
530 return SBOX_ERROR_GENERIC; | 532 return SBOX_ERROR_GENERIC; |
531 | 533 |
532 HANDLE process_handle; | 534 HANDLE process_handle; |
533 if (!::DuplicateHandle(::GetCurrentProcess(), peer_process, | 535 if (!::DuplicateHandle(::GetCurrentProcess(), peer_process, |
534 ::GetCurrentProcess(), &process_handle, | 536 ::GetCurrentProcess(), &process_handle, |
535 SYNCHRONIZE, FALSE, 0)) { | 537 SYNCHRONIZE, FALSE, 0)) { |
536 return SBOX_ERROR_GENERIC; | 538 return SBOX_ERROR_GENERIC; |
537 } | 539 } |
538 peer->process.Set(process_handle); | 540 peer->process.Set(process_handle); |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
573 return SBOX_ERROR_UNSUPPORTED; | 575 return SBOX_ERROR_UNSUPPORTED; |
574 | 576 |
575 base::string16 name = LookupAppContainer(sid); | 577 base::string16 name = LookupAppContainer(sid); |
576 if (name.empty()) | 578 if (name.empty()) |
577 return SBOX_ERROR_INVALID_APP_CONTAINER; | 579 return SBOX_ERROR_INVALID_APP_CONTAINER; |
578 | 580 |
579 return DeleteAppContainer(sid); | 581 return DeleteAppContainer(sid); |
580 } | 582 } |
581 | 583 |
582 } // namespace sandbox | 584 } // namespace sandbox |
OLD | NEW |