| Index: sandbox/win/src/sandbox_policy_base.cc
|
| diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc
|
| index adb9ad2cc3d2360440575234b41558b152c77441..14070db07c529c3e24276081af3947e80ea89c2a 100644
|
| --- a/sandbox/win/src/sandbox_policy_base.cc
|
| +++ b/sandbox/win/src/sandbox_policy_base.cc
|
| @@ -503,51 +503,56 @@ PSID PolicyBase::GetLowBoxSid() const {
|
| return lowbox_sid_;
|
| }
|
|
|
| -bool PolicyBase::AddTarget(TargetProcess* target) {
|
| +ResultCode PolicyBase::AddTarget(TargetProcess* target) {
|
| if (NULL != policy_)
|
| policy_maker_->Done();
|
|
|
| if (!ApplyProcessMitigationsToSuspendedProcess(target->Process(),
|
| mitigations_)) {
|
| - return false;
|
| + return SBOX_ERROR_APPLY_ASLR_MITIGATIONS;
|
| }
|
|
|
| - if (!SetupAllInterceptions(target))
|
| - return false;
|
| + ResultCode ret = SetupAllInterceptions(target);
|
| +
|
| + if (ret != SBOX_ALL_OK)
|
| + return ret;
|
|
|
| if (!SetupHandleCloser(target))
|
| - return false;
|
| + return SBOX_ERROR_SETUP_HANDLE_CLOSER;
|
|
|
| + DWORD win_error = ERROR_SUCCESS;
|
| // Initialize the sandbox infrastructure for the target.
|
| - if (ERROR_SUCCESS !=
|
| - target->Init(dispatcher_.get(), policy_, kIPCMemSize, kPolMemSize))
|
| - return false;
|
| + // TODO(wfh) do something with win_error code here.
|
| + ret = target->Init(dispatcher_.get(), policy_, kIPCMemSize, kPolMemSize,
|
| + &win_error);
|
| +
|
| + if (ret != SBOX_ALL_OK)
|
| + return ret;
|
|
|
| g_shared_delayed_integrity_level = delayed_integrity_level_;
|
| - ResultCode ret = target->TransferVariable(
|
| - "g_shared_delayed_integrity_level",
|
| - &g_shared_delayed_integrity_level,
|
| - sizeof(g_shared_delayed_integrity_level));
|
| + ret = target->TransferVariable("g_shared_delayed_integrity_level",
|
| + &g_shared_delayed_integrity_level,
|
| + sizeof(g_shared_delayed_integrity_level));
|
| g_shared_delayed_integrity_level = INTEGRITY_LEVEL_LAST;
|
| if (SBOX_ALL_OK != ret)
|
| - return false;
|
| + return ret;
|
|
|
| // Add in delayed mitigations and pseudo-mitigations enforced at startup.
|
| g_shared_delayed_mitigations = delayed_mitigations_ |
|
| FilterPostStartupProcessMitigations(mitigations_);
|
| if (!CanSetProcessMitigationsPostStartup(g_shared_delayed_mitigations))
|
| - return false;
|
| + return SBOX_ERROR_BAD_PARAMS;
|
|
|
| ret = target->TransferVariable("g_shared_delayed_mitigations",
|
| &g_shared_delayed_mitigations,
|
| sizeof(g_shared_delayed_mitigations));
|
| g_shared_delayed_mitigations = 0;
|
| if (SBOX_ALL_OK != ret)
|
| - return false;
|
| + return ret;
|
|
|
| AutoLock lock(&lock_);
|
| targets_.push_back(target);
|
| - return true;
|
| + return SBOX_ALL_OK;
|
| }
|
|
|
| bool PolicyBase::OnJobEmpty(HANDLE job) {
|
| @@ -616,13 +621,13 @@ bool PolicyBase::GetEnableOPMRedirection() {
|
| return enable_opm_redirection_;
|
| }
|
|
|
| -bool PolicyBase::SetupAllInterceptions(TargetProcess* target) {
|
| +ResultCode PolicyBase::SetupAllInterceptions(TargetProcess* target) {
|
| InterceptionManager manager(target, relaxed_interceptions_);
|
|
|
| if (policy_) {
|
| for (int i = 0; i < IPC_LAST_TAG; i++) {
|
| if (policy_->entry[i] && !dispatcher_->SetupService(&manager, i))
|
| - return false;
|
| + return SBOX_ERROR_SETUP_INTERCEPTION_SERVICE;
|
| }
|
| }
|
|
|
| @@ -634,13 +639,16 @@ bool PolicyBase::SetupAllInterceptions(TargetProcess* target) {
|
| }
|
|
|
| if (!SetupBasicInterceptions(&manager, is_csrss_connected_))
|
| - return false;
|
| + return SBOX_ERROR_SETUP_BASIC_INTERCEPTIONS;
|
|
|
| if (!manager.InitializeInterceptions())
|
| - return false;
|
| + return SBOX_ERROR_INITIALIZE_INTERCEPTIONS;
|
|
|
| // Finally, setup imports on the target so the interceptions can work.
|
| - return SetupNtdllImports(target);
|
| + if (!SetupNtdllImports(target))
|
| + return SBOX_ERROR_SETUP_NTDLL_IMPORTS;
|
| +
|
| + return SBOX_ALL_OK;
|
| }
|
|
|
| bool PolicyBase::SetupHandleCloser(TargetProcess* target) {
|
|
|
Chromium Code Reviews
Issue 1923653002:
Wire up process launch error codes. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master