Removed old AppContainer support.

sandbox/win/src/sandbox_policy_base.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/sandbox_policy_base.h"
 
 #include <sddl.h>
 #include <stddef.h>
 #include <stdint.h>
 
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/win/windows_version.h"
-#include "sandbox/win/src/app_container.h"
 #include "sandbox/win/src/filesystem_policy.h"
 #include "sandbox/win/src/handle_policy.h"
 #include "sandbox/win/src/interception.h"
 #include "sandbox/win/src/job.h"
 #include "sandbox/win/src/named_pipe_policy.h"
 #include "sandbox/win/src/policy_broker.h"
 #include "sandbox/win/src/policy_engine_processor.h"
 #include "sandbox/win/src/policy_low_level.h"
 #include "sandbox/win/src/process_mitigations.h"
 #include "sandbox/win/src/process_mitigations_win32k_policy.h"
@@ skipping 277 matching lines @@
 IntegrityLevel PolicyBase::GetIntegrityLevel() const {
   return integrity_level_;
 }
 
 ResultCode PolicyBase::SetDelayedIntegrityLevel(
     IntegrityLevel integrity_level) {
   delayed_integrity_level_ = integrity_level;
   return SBOX_ALL_OK;
 }
 
-ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) {
-  if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
-    return SBOX_ALL_OK;
-
-  // SetLowBox and SetAppContainer are mutually exclusive.
-  if (lowbox_sid_)
-    return SBOX_ERROR_UNSUPPORTED;
-
-  // Windows refuses to work with an impersonation token for a process inside
-  // an AppContainer. If the caller wants to use a more privileged initial
-  // token, or if the lockdown level will prevent the process from starting,
-  // we have to fail the operation.
-  if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_)
-    return SBOX_ERROR_CANNOT_INIT_APPCONTAINER;
-
-  DCHECK(!appcontainer_list_.get());
-  appcontainer_list_.reset(new AppContainerAttributes);
-  ResultCode rv = appcontainer_list_->SetAppContainer(sid, capabilities_);
-  if (rv != SBOX_ALL_OK)
-    return rv;
-
-  return SBOX_ALL_OK;
-}
-
 ResultCode PolicyBase::SetCapability(const wchar_t* sid) {
   capabilities_.push_back(sid);
   return SBOX_ALL_OK;
 }
 
 ResultCode PolicyBase::SetLowBox(const wchar_t* sid) {
   if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)
     return SBOX_ERROR_UNSUPPORTED;
 
-  // SetLowBox and SetAppContainer are mutually exclusive.
-  if (appcontainer_list_.get())
-    return SBOX_ERROR_UNSUPPORTED;
-
   DCHECK(sid);
-
   if (lowbox_sid_)
     return SBOX_ERROR_BAD_PARAMS;
 
   if (!ConvertStringSidToSid(sid, &lowbox_sid_))
     return SBOX_ERROR_GENERIC;
 
   return SBOX_ALL_OK;
 }
 
 ResultCode PolicyBase::SetProcessMitigations(
@@ skipping 91 matching lines @@
     *job = job_obj.Take();
   } else {
     *job = base::win::ScopedHandle();
   }
   return SBOX_ALL_OK;
 }
 
 ResultCode PolicyBase::MakeTokens(base::win::ScopedHandle* initial,
                                   base::win::ScopedHandle* lockdown,
                                   base::win::ScopedHandle* lowbox) {
-  if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer() &&
-      lowbox_sid_) {
-    return SBOX_ERROR_BAD_PARAMS;
-  }
-
   // Create the 'naked' token. This will be the permanent token associated
   // with the process and therefore with any thread that is not impersonating.
   DWORD result =
       CreateRestrictedToken(lockdown_level_, integrity_level_, PRIMARY,
                             lockdown_default_dacl_, lockdown);
   if (ERROR_SUCCESS != result)
     return SBOX_ERROR_GENERIC;
 
   // If we're launching on the alternate desktop we need to make sure the
   // integrity label on the object is no higher than the sandboxed process's
   // integrity level. So, we lower the label on the desktop process if it's
   // not already low enough for our process.
   if (alternate_desktop_handle_ && use_alternate_desktop_ &&
       integrity_level_ != INTEGRITY_LEVEL_LAST &&
       alternate_desktop_integrity_level_label_ < integrity_level_) {
     // Integrity label enum is reversed (higher level is a lower value).
     static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED,
                   "Integrity level ordering reversed.");
     result = SetObjectIntegrityLabel(alternate_desktop_handle_,
                                      SE_WINDOW_OBJECT,
                                      L"",
                                      GetIntegrityLevelString(integrity_level_));
     if (ERROR_SUCCESS != result)
       return SBOX_ERROR_GENERIC;
 
     alternate_desktop_integrity_level_label_ = integrity_level_;
   }
 
-  // We are maintaining two mutually exclusive approaches. One is to start an
-  // AppContainer process through StartupInfoEx and other is replacing
-  // existing token with LowBox token after process creation.
-  if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) {
-    // Windows refuses to work with an impersonation token. See SetAppContainer
-    // implementation for more details.
-    if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_)
-      return SBOX_ERROR_CANNOT_INIT_APPCONTAINER;
-
-    *initial = base::win::ScopedHandle();
-    return SBOX_ALL_OK;
-  }
-
   if (lowbox_sid_) {
     NtCreateLowBoxToken CreateLowBoxToken = NULL;
     ResolveNTFunctionPtr("NtCreateLowBoxToken", &CreateLowBoxToken);
     OBJECT_ATTRIBUTES obj_attr;
     InitializeObjectAttributes(&obj_attr, NULL, 0, NULL, NULL);
     HANDLE token_lowbox = NULL;
 
     if (!lowbox_directory_.IsValid())
       lowbox_directory_.Set(CreateLowBoxObjectDirectory(lowbox_sid_));
     DCHECK(lowbox_directory_.IsValid());
@@ skipping 19 matching lines @@
   // what we need (before reaching main( ))
   result =
       CreateRestrictedToken(initial_level_, integrity_level_, IMPERSONATION,
                             lockdown_default_dacl_, initial);
   if (ERROR_SUCCESS != result)
     return SBOX_ERROR_GENERIC;
 
   return SBOX_ALL_OK;
 }
 
-const AppContainerAttributes* PolicyBase::GetAppContainer() const {
-  if (!appcontainer_list_.get() || !appcontainer_list_->HasAppContainer())
-    return NULL;
-
-  return appcontainer_list_.get();
-}
-
 PSID PolicyBase::GetLowBoxSid() const {
   return lowbox_sid_;
 }
 
 bool PolicyBase::AddTarget(TargetProcess* target) {
   if (NULL != policy_)
     policy_maker_->Done();
 
   if (!ApplyProcessMitigationsToSuspendedProcess(target->Process(),
                                                  mitigations_)) {
@@ skipping 201 matching lines @@
       break;
     }
 
     default: { return SBOX_ERROR_UNSUPPORTED; }
   }
 
   return SBOX_ALL_OK;
 }
 
 }  // namespace sandbox