| Index: sandbox/win/src/handle_policy.cc
|
| diff --git a/sandbox/win/src/handle_policy.cc b/sandbox/win/src/handle_policy.cc
|
| deleted file mode 100644
|
| index 1023030792741636ef34d7c30e78c82a0a26082d..0000000000000000000000000000000000000000
|
| --- a/sandbox/win/src/handle_policy.cc
|
| +++ /dev/null
|
| @@ -1,92 +0,0 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "sandbox/win/src/handle_policy.h"
|
| -
|
| -#include <string>
|
| -
|
| -#include "base/win/scoped_handle.h"
|
| -#include "sandbox/win/src/broker_services.h"
|
| -#include "sandbox/win/src/ipc_tags.h"
|
| -#include "sandbox/win/src/policy_engine_opcodes.h"
|
| -#include "sandbox/win/src/policy_params.h"
|
| -#include "sandbox/win/src/sandbox_types.h"
|
| -#include "sandbox/win/src/sandbox_utils.h"
|
| -
|
| -namespace sandbox {
|
| -
|
| -bool HandlePolicy::GenerateRules(const wchar_t* type_name,
|
| - TargetPolicy::Semantics semantics,
|
| - LowLevelPolicy* policy) {
|
| - PolicyRule duplicate_rule(ASK_BROKER);
|
| -
|
| - switch (semantics) {
|
| - case TargetPolicy::HANDLES_DUP_ANY: {
|
| - if (!duplicate_rule.AddNumberMatch(IF_NOT, HandleTarget::TARGET,
|
| - ::GetCurrentProcessId(), EQUAL)) {
|
| - return false;
|
| - }
|
| - break;
|
| - }
|
| -
|
| - case TargetPolicy::HANDLES_DUP_BROKER: {
|
| - if (!duplicate_rule.AddNumberMatch(IF, HandleTarget::TARGET,
|
| - ::GetCurrentProcessId(), EQUAL)) {
|
| - return false;
|
| - }
|
| - break;
|
| - }
|
| -
|
| - default:
|
| - return false;
|
| - }
|
| - if (!duplicate_rule.AddStringMatch(IF, HandleTarget::NAME, type_name,
|
| - CASE_INSENSITIVE)) {
|
| - return false;
|
| - }
|
| - if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &duplicate_rule)) {
|
| - return false;
|
| - }
|
| - return true;
|
| -}
|
| -
|
| -DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,
|
| - HANDLE source_handle,
|
| - DWORD target_process_id,
|
| - HANDLE* target_handle,
|
| - DWORD desired_access,
|
| - DWORD options) {
|
| - // The only action supported is ASK_BROKER which means duplicate the handle.
|
| - if (ASK_BROKER != eval_result) {
|
| - return ERROR_ACCESS_DENIED;
|
| - }
|
| -
|
| - base::win::ScopedHandle remote_target_process;
|
| - if (target_process_id != ::GetCurrentProcessId()) {
|
| - // Sandboxed children are dynamic, so we check that manually.
|
| - if (!BrokerServicesBase::GetInstance()->IsActiveTarget(target_process_id)) {
|
| - return ERROR_ACCESS_DENIED;
|
| - }
|
| -
|
| - remote_target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
|
| - target_process_id));
|
| - if (!remote_target_process.IsValid())
|
| - return ::GetLastError();
|
| - }
|
| -
|
| - // If the policy didn't block us and we have no valid target, then the broker
|
| - // (this process) is the valid target.
|
| - HANDLE target_process = remote_target_process.IsValid() ?
|
| - remote_target_process.Get() : ::GetCurrentProcess();
|
| - if (!::DuplicateHandle(::GetCurrentProcess(), source_handle, target_process,
|
| - target_handle, desired_access, FALSE,
|
| - options)) {
|
| - return ::GetLastError();
|
| - }
|
| -
|
| - return ERROR_SUCCESS;
|
| -}
|
| -
|
| -} // namespace sandbox
|
| -
|
|
|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master