| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/process_thread_policy.h" | 5 #include "sandbox/win/src/process_thread_policy.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <memory> |
| 9 #include <string> | 10 #include <string> |
| 10 | 11 |
| 11 #include "base/memory/free_deleter.h" | 12 #include "base/memory/free_deleter.h" |
| 12 #include "base/memory/scoped_ptr.h" | |
| 13 #include "sandbox/win/src/ipc_tags.h" | 13 #include "sandbox/win/src/ipc_tags.h" |
| 14 #include "sandbox/win/src/nt_internals.h" | 14 #include "sandbox/win/src/nt_internals.h" |
| 15 #include "sandbox/win/src/policy_engine_opcodes.h" | 15 #include "sandbox/win/src/policy_engine_opcodes.h" |
| 16 #include "sandbox/win/src/policy_params.h" | 16 #include "sandbox/win/src/policy_params.h" |
| 17 #include "sandbox/win/src/sandbox_types.h" | 17 #include "sandbox/win/src/sandbox_types.h" |
| 18 #include "sandbox/win/src/win_utils.h" | 18 #include "sandbox/win/src/win_utils.h" |
| 19 | 19 |
| 20 namespace { | 20 namespace { |
| 21 | 21 |
| 22 // These are the only safe rights that can be given to a sandboxed | 22 // These are the only safe rights that can be given to a sandboxed |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 72 return TRUE; | 72 return TRUE; |
| 73 } | 73 } |
| 74 | 74 |
| 75 } | 75 } |
| 76 | 76 |
| 77 namespace sandbox { | 77 namespace sandbox { |
| 78 | 78 |
| 79 bool ProcessPolicy::GenerateRules(const wchar_t* name, | 79 bool ProcessPolicy::GenerateRules(const wchar_t* name, |
| 80 TargetPolicy::Semantics semantics, | 80 TargetPolicy::Semantics semantics, |
| 81 LowLevelPolicy* policy) { | 81 LowLevelPolicy* policy) { |
| 82 scoped_ptr<PolicyRule> process; | 82 std::unique_ptr<PolicyRule> process; |
| 83 switch (semantics) { | 83 switch (semantics) { |
| 84 case TargetPolicy::PROCESS_MIN_EXEC: { | 84 case TargetPolicy::PROCESS_MIN_EXEC: { |
| 85 process.reset(new PolicyRule(GIVE_READONLY)); | 85 process.reset(new PolicyRule(GIVE_READONLY)); |
| 86 break; | 86 break; |
| 87 }; | 87 }; |
| 88 case TargetPolicy::PROCESS_ALL_EXEC: { | 88 case TargetPolicy::PROCESS_ALL_EXEC: { |
| 89 process.reset(new PolicyRule(GIVE_ALLACCESS)); | 89 process.reset(new PolicyRule(GIVE_ALLACCESS)); |
| 90 break; | 90 break; |
| 91 }; | 91 }; |
| 92 default: { | 92 default: { |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 219 const base::string16 &app_name, | 219 const base::string16 &app_name, |
| 220 const base::string16 &command_line, | 220 const base::string16 &command_line, |
| 221 PROCESS_INFORMATION* process_info) { | 221 PROCESS_INFORMATION* process_info) { |
| 222 // The only action supported is ASK_BROKER which means create the process. | 222 // The only action supported is ASK_BROKER which means create the process. |
| 223 if (GIVE_ALLACCESS != eval_result && GIVE_READONLY != eval_result) { | 223 if (GIVE_ALLACCESS != eval_result && GIVE_READONLY != eval_result) { |
| 224 return ERROR_ACCESS_DENIED; | 224 return ERROR_ACCESS_DENIED; |
| 225 } | 225 } |
| 226 | 226 |
| 227 STARTUPINFO startup_info = {0}; | 227 STARTUPINFO startup_info = {0}; |
| 228 startup_info.cb = sizeof(startup_info); | 228 startup_info.cb = sizeof(startup_info); |
| 229 scoped_ptr<wchar_t, base::FreeDeleter> | 229 std::unique_ptr<wchar_t, base::FreeDeleter> cmd_line( |
| 230 cmd_line(_wcsdup(command_line.c_str())); | 230 _wcsdup(command_line.c_str())); |
| 231 | 231 |
| 232 BOOL should_give_full_access = (GIVE_ALLACCESS == eval_result); | 232 BOOL should_give_full_access = (GIVE_ALLACCESS == eval_result); |
| 233 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, | 233 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, |
| 234 app_name.c_str(), cmd_line.get(), NULL, NULL, | 234 app_name.c_str(), cmd_line.get(), NULL, NULL, |
| 235 FALSE, 0, NULL, NULL, &startup_info, | 235 FALSE, 0, NULL, NULL, &startup_info, |
| 236 process_info)) { | 236 process_info)) { |
| 237 return ERROR_ACCESS_DENIED; | 237 return ERROR_ACCESS_DENIED; |
| 238 } | 238 } |
| 239 return ERROR_SUCCESS; | 239 return ERROR_SUCCESS; |
| 240 } | 240 } |
| (...skipping 14 matching lines...) Expand all Loading... |
| 255 } | 255 } |
| 256 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 256 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 257 client_info.process, handle, 0, FALSE, | 257 client_info.process, handle, 0, FALSE, |
| 258 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 258 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 259 return ERROR_ACCESS_DENIED; | 259 return ERROR_ACCESS_DENIED; |
| 260 } | 260 } |
| 261 return ERROR_SUCCESS; | 261 return ERROR_SUCCESS; |
| 262 } | 262 } |
| 263 | 263 |
| 264 } // namespace sandbox | 264 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1849323003:
Convert //sandbox to use std::unique_ptr (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master