Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(547)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/sandbox_policy_base.cc

Issue 1923653002: Wire up process launch error codes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix debug and clang Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/sandbox_policy_base.h ('k') | sandbox/win/src/sandbox_types.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/sandbox_policy_base.cc
diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc
index adb9ad2cc3d2360440575234b41558b152c77441..14070db07c529c3e24276081af3947e80ea89c2a 100644
--- a/sandbox/win/src/sandbox_policy_base.cc
+++ b/sandbox/win/src/sandbox_policy_base.cc
@@ -503,51 +503,56 @@ PSID PolicyBase::GetLowBoxSid() const {
return lowbox_sid_;
}
-bool PolicyBase::AddTarget(TargetProcess* target) {
+ResultCode PolicyBase::AddTarget(TargetProcess* target) {
if (NULL != policy_)
policy_maker_->Done();
if (!ApplyProcessMitigationsToSuspendedProcess(target->Process(),
mitigations_)) {
- return false;
+ return SBOX_ERROR_APPLY_ASLR_MITIGATIONS;
}
- if (!SetupAllInterceptions(target))
- return false;
+ ResultCode ret = SetupAllInterceptions(target);
+
+ if (ret != SBOX_ALL_OK)
+ return ret;
if (!SetupHandleCloser(target))
- return false;
+ return SBOX_ERROR_SETUP_HANDLE_CLOSER;
+ DWORD win_error = ERROR_SUCCESS;
// Initialize the sandbox infrastructure for the target.
- if (ERROR_SUCCESS !=
- target->Init(dispatcher_.get(), policy_, kIPCMemSize, kPolMemSize))
- return false;
+ // TODO(wfh) do something with win_error code here.
+ ret = target->Init(dispatcher_.get(), policy_, kIPCMemSize, kPolMemSize,
+ &win_error);
+
+ if (ret != SBOX_ALL_OK)
+ return ret;
g_shared_delayed_integrity_level = delayed_integrity_level_;
- ResultCode ret = target->TransferVariable(
- "g_shared_delayed_integrity_level",
- &g_shared_delayed_integrity_level,
- sizeof(g_shared_delayed_integrity_level));
+ ret = target->TransferVariable("g_shared_delayed_integrity_level",
+ &g_shared_delayed_integrity_level,
+ sizeof(g_shared_delayed_integrity_level));
g_shared_delayed_integrity_level = INTEGRITY_LEVEL_LAST;
if (SBOX_ALL_OK != ret)
- return false;
+ return ret;
// Add in delayed mitigations and pseudo-mitigations enforced at startup.
g_shared_delayed_mitigations = delayed_mitigations_ |
FilterPostStartupProcessMitigations(mitigations_);
if (!CanSetProcessMitigationsPostStartup(g_shared_delayed_mitigations))
- return false;
+ return SBOX_ERROR_BAD_PARAMS;
ret = target->TransferVariable("g_shared_delayed_mitigations",
&g_shared_delayed_mitigations,
sizeof(g_shared_delayed_mitigations));
g_shared_delayed_mitigations = 0;
if (SBOX_ALL_OK != ret)
- return false;
+ return ret;
AutoLock lock(&lock_);
targets_.push_back(target);
- return true;
+ return SBOX_ALL_OK;
}
bool PolicyBase::OnJobEmpty(HANDLE job) {
@@ -616,13 +621,13 @@ bool PolicyBase::GetEnableOPMRedirection() {
return enable_opm_redirection_;
}
-bool PolicyBase::SetupAllInterceptions(TargetProcess* target) {
+ResultCode PolicyBase::SetupAllInterceptions(TargetProcess* target) {
InterceptionManager manager(target, relaxed_interceptions_);
if (policy_) {
for (int i = 0; i < IPC_LAST_TAG; i++) {
if (policy_->entry[i] && !dispatcher_->SetupService(&manager, i))
- return false;
+ return SBOX_ERROR_SETUP_INTERCEPTION_SERVICE;
}
}
@@ -634,13 +639,16 @@ bool PolicyBase::SetupAllInterceptions(TargetProcess* target) {
}
if (!SetupBasicInterceptions(&manager, is_csrss_connected_))
- return false;
+ return SBOX_ERROR_SETUP_BASIC_INTERCEPTIONS;
if (!manager.InitializeInterceptions())
- return false;
+ return SBOX_ERROR_INITIALIZE_INTERCEPTIONS;
// Finally, setup imports on the target so the interceptions can work.
- return SetupNtdllImports(target);
+ if (!SetupNtdllImports(target))
+ return SBOX_ERROR_SETUP_NTDLL_IMPORTS;
+
+ return SBOX_ALL_OK;
}
bool PolicyBase::SetupHandleCloser(TargetProcess* target) {
« no previous file with comments | « sandbox/win/src/sandbox_policy_base.h ('k') | sandbox/win/src/sandbox_types.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698