OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "sandbox/win/src/job.h" | |
6 | |
7 #include <stddef.h> | |
8 #include <utility> | |
9 | |
10 #include "base/win/windows_version.h" | |
11 #include "sandbox/win/src/restricted_token.h" | |
12 | |
13 namespace sandbox { | |
14 | |
15 Job::Job() : job_handle_(NULL) { | |
16 }; | |
17 | |
18 Job::~Job() { | |
19 }; | |
20 | |
21 DWORD Job::Init(JobLevel security_level, | |
22 const wchar_t* job_name, | |
23 DWORD ui_exceptions, | |
24 size_t memory_limit) { | |
25 if (job_handle_.IsValid()) | |
26 return ERROR_ALREADY_INITIALIZED; | |
27 | |
28 job_handle_.Set(::CreateJobObject(NULL, // No security attribute | |
29 job_name)); | |
30 if (!job_handle_.IsValid()) | |
31 return ::GetLastError(); | |
32 | |
33 JOBOBJECT_EXTENDED_LIMIT_INFORMATION jeli = {}; | |
34 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {}; | |
35 | |
36 // Set the settings for the different security levels. Note: The higher levels | |
37 // inherit from the lower levels. | |
38 switch (security_level) { | |
39 case JOB_LOCKDOWN: { | |
40 jeli.BasicLimitInformation.LimitFlags |= | |
41 JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION; | |
42 } | |
43 case JOB_RESTRICTED: { | |
44 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_WRITECLIPBOARD; | |
45 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_READCLIPBOARD; | |
46 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_HANDLES; | |
47 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_GLOBALATOMS; | |
48 } | |
49 case JOB_LIMITED_USER: { | |
50 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DISPLAYSETTINGS; | |
51 jeli.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_ACTIVE_PROCESS; | |
52 jeli.BasicLimitInformation.ActiveProcessLimit = 1; | |
53 } | |
54 case JOB_INTERACTIVE: { | |
55 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS; | |
56 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DESKTOP; | |
57 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_EXITWINDOWS; | |
58 } | |
59 case JOB_UNPROTECTED: { | |
60 if (memory_limit) { | |
61 jeli.BasicLimitInformation.LimitFlags |= | |
62 JOB_OBJECT_LIMIT_PROCESS_MEMORY; | |
63 jeli.ProcessMemoryLimit = memory_limit; | |
64 } | |
65 | |
66 jeli.BasicLimitInformation.LimitFlags |= | |
67 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE; | |
68 break; | |
69 } | |
70 default: { | |
71 return ERROR_BAD_ARGUMENTS; | |
72 } | |
73 } | |
74 | |
75 if (FALSE == ::SetInformationJobObject(job_handle_.Get(), | |
76 JobObjectExtendedLimitInformation, | |
77 &jeli, | |
78 sizeof(jeli))) { | |
79 return ::GetLastError(); | |
80 } | |
81 | |
82 jbur.UIRestrictionsClass = jbur.UIRestrictionsClass & (~ui_exceptions); | |
83 if (FALSE == ::SetInformationJobObject(job_handle_.Get(), | |
84 JobObjectBasicUIRestrictions, | |
85 &jbur, | |
86 sizeof(jbur))) { | |
87 return ::GetLastError(); | |
88 } | |
89 | |
90 return ERROR_SUCCESS; | |
91 } | |
92 | |
93 DWORD Job::UserHandleGrantAccess(HANDLE handle) { | |
94 if (!job_handle_.IsValid()) | |
95 return ERROR_NO_DATA; | |
96 | |
97 if (!::UserHandleGrantAccess(handle, | |
98 job_handle_.Get(), | |
99 TRUE)) { // Access allowed. | |
100 return ::GetLastError(); | |
101 } | |
102 | |
103 return ERROR_SUCCESS; | |
104 } | |
105 | |
106 base::win::ScopedHandle Job::Take() { | |
107 return std::move(job_handle_); | |
108 } | |
109 | |
110 DWORD Job::AssignProcessToJob(HANDLE process_handle) { | |
111 if (!job_handle_.IsValid()) | |
112 return ERROR_NO_DATA; | |
113 | |
114 if (FALSE == ::AssignProcessToJobObject(job_handle_.Get(), process_handle)) | |
115 return ::GetLastError(); | |
116 | |
117 return ERROR_SUCCESS; | |
118 } | |
119 | |
120 } // namespace sandbox | |
OLD | NEW |