OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/process_thread_policy.h" | 5 #include "sandbox/win/src/process_thread_policy.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 | 8 |
| 9 #include <memory> |
9 #include <string> | 10 #include <string> |
10 | 11 |
11 #include "base/memory/free_deleter.h" | 12 #include "base/memory/free_deleter.h" |
12 #include "base/memory/scoped_ptr.h" | |
13 #include "sandbox/win/src/ipc_tags.h" | 13 #include "sandbox/win/src/ipc_tags.h" |
14 #include "sandbox/win/src/nt_internals.h" | 14 #include "sandbox/win/src/nt_internals.h" |
15 #include "sandbox/win/src/policy_engine_opcodes.h" | 15 #include "sandbox/win/src/policy_engine_opcodes.h" |
16 #include "sandbox/win/src/policy_params.h" | 16 #include "sandbox/win/src/policy_params.h" |
17 #include "sandbox/win/src/sandbox_types.h" | 17 #include "sandbox/win/src/sandbox_types.h" |
18 #include "sandbox/win/src/win_utils.h" | 18 #include "sandbox/win/src/win_utils.h" |
19 | 19 |
20 namespace { | 20 namespace { |
21 | 21 |
22 // These are the only safe rights that can be given to a sandboxed | 22 // These are the only safe rights that can be given to a sandboxed |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
72 return TRUE; | 72 return TRUE; |
73 } | 73 } |
74 | 74 |
75 } | 75 } |
76 | 76 |
77 namespace sandbox { | 77 namespace sandbox { |
78 | 78 |
79 bool ProcessPolicy::GenerateRules(const wchar_t* name, | 79 bool ProcessPolicy::GenerateRules(const wchar_t* name, |
80 TargetPolicy::Semantics semantics, | 80 TargetPolicy::Semantics semantics, |
81 LowLevelPolicy* policy) { | 81 LowLevelPolicy* policy) { |
82 scoped_ptr<PolicyRule> process; | 82 std::unique_ptr<PolicyRule> process; |
83 switch (semantics) { | 83 switch (semantics) { |
84 case TargetPolicy::PROCESS_MIN_EXEC: { | 84 case TargetPolicy::PROCESS_MIN_EXEC: { |
85 process.reset(new PolicyRule(GIVE_READONLY)); | 85 process.reset(new PolicyRule(GIVE_READONLY)); |
86 break; | 86 break; |
87 }; | 87 }; |
88 case TargetPolicy::PROCESS_ALL_EXEC: { | 88 case TargetPolicy::PROCESS_ALL_EXEC: { |
89 process.reset(new PolicyRule(GIVE_ALLACCESS)); | 89 process.reset(new PolicyRule(GIVE_ALLACCESS)); |
90 break; | 90 break; |
91 }; | 91 }; |
92 default: { | 92 default: { |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
219 const base::string16 &app_name, | 219 const base::string16 &app_name, |
220 const base::string16 &command_line, | 220 const base::string16 &command_line, |
221 PROCESS_INFORMATION* process_info) { | 221 PROCESS_INFORMATION* process_info) { |
222 // The only action supported is ASK_BROKER which means create the process. | 222 // The only action supported is ASK_BROKER which means create the process. |
223 if (GIVE_ALLACCESS != eval_result && GIVE_READONLY != eval_result) { | 223 if (GIVE_ALLACCESS != eval_result && GIVE_READONLY != eval_result) { |
224 return ERROR_ACCESS_DENIED; | 224 return ERROR_ACCESS_DENIED; |
225 } | 225 } |
226 | 226 |
227 STARTUPINFO startup_info = {0}; | 227 STARTUPINFO startup_info = {0}; |
228 startup_info.cb = sizeof(startup_info); | 228 startup_info.cb = sizeof(startup_info); |
229 scoped_ptr<wchar_t, base::FreeDeleter> | 229 std::unique_ptr<wchar_t, base::FreeDeleter> cmd_line( |
230 cmd_line(_wcsdup(command_line.c_str())); | 230 _wcsdup(command_line.c_str())); |
231 | 231 |
232 BOOL should_give_full_access = (GIVE_ALLACCESS == eval_result); | 232 BOOL should_give_full_access = (GIVE_ALLACCESS == eval_result); |
233 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, | 233 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, |
234 app_name.c_str(), cmd_line.get(), NULL, NULL, | 234 app_name.c_str(), cmd_line.get(), NULL, NULL, |
235 FALSE, 0, NULL, NULL, &startup_info, | 235 FALSE, 0, NULL, NULL, &startup_info, |
236 process_info)) { | 236 process_info)) { |
237 return ERROR_ACCESS_DENIED; | 237 return ERROR_ACCESS_DENIED; |
238 } | 238 } |
239 return ERROR_SUCCESS; | 239 return ERROR_SUCCESS; |
240 } | 240 } |
(...skipping 14 matching lines...) Expand all Loading... |
255 } | 255 } |
256 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 256 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
257 client_info.process, handle, 0, FALSE, | 257 client_info.process, handle, 0, FALSE, |
258 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 258 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
259 return ERROR_ACCESS_DENIED; | 259 return ERROR_ACCESS_DENIED; |
260 } | 260 } |
261 return ERROR_SUCCESS; | 261 return ERROR_SUCCESS; |
262 } | 262 } |
263 | 263 |
264 } // namespace sandbox | 264 } // namespace sandbox |
OLD | NEW |