Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(323)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: remoting/host/win/unprivileged_process_delegate.cc

Issue 2037163002: Removing WinXP and Vista specific code from Chromoting. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@sas_be_gone
Patch Set: Doing a bit more trimming Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« remoting/host/win/com_security.cc ('K') | « remoting/host/win/session_input_injector.cc ('k') | remoting/host/win/worker_process_launcher.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: remoting/host/win/unprivileged_process_delegate.cc
diff --git a/remoting/host/win/unprivileged_process_delegate.cc b/remoting/host/win/unprivileged_process_delegate.cc
index cf538d392a123615cadb3816225ae1b498b285aa..0338f4dc13c26e80349a3da018092dcec072e3d1 100644
--- a/remoting/host/win/unprivileged_process_delegate.cc
+++ b/remoting/host/win/unprivileged_process_delegate.cc
@@ -22,7 +22,6 @@
#include "base/strings/utf_string_conversions.h"
#include "base/synchronization/lock.h"
#include "base/win/scoped_handle.h"
-#include "base/win/windows_version.h"
#include "ipc/attachment_broker.h"
#include "ipc/ipc_channel.h"
#include "ipc/ipc_channel_proxy.h"
@@ -92,34 +91,23 @@ bool CreateRestrictedToken(ScopedHandle* token_out) {
if (restricted_token.Init(token.Get()) != ERROR_SUCCESS)
return false;
- if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
- // "SeChangeNotifyPrivilege" is needed to access the machine certificate
- // (including its private key) in the "Local Machine" cert store. This is
- // needed for HTTPS client third-party authentication . But the presence of
- // "SeChangeNotifyPrivilege" also allows it to open and manipulate objects
- // owned by the same user. This risk is only mitigated by setting the
- // process integrity level to Low, which is why it is unsafe to enable
- // "SeChangeNotifyPrivilege" on Windows XP where we don't have process
- // integrity to protect us.
- std::vector<base::string16> exceptions;
- exceptions.push_back(base::string16(L"SeChangeNotifyPrivilege"));
-
- // Remove privileges in the token.
- if (restricted_token.DeleteAllPrivileges(&exceptions) != ERROR_SUCCESS)
- return false;
-
- // Set low integrity level if supported by the OS.
- if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW)
- != ERROR_SUCCESS) {
- return false;
- }
- } else {
- // Remove all privileges in the token.
- // Since "SeChangeNotifyPrivilege" is among the privileges being removed,
- // the network process won't be able to acquire certificates from the local
- // machine store. This means third-party authentication won't work.
- if (restricted_token.DeleteAllPrivileges(nullptr) != ERROR_SUCCESS)
- return false;
+ // "SeChangeNotifyPrivilege" is needed to access the machine certificate
+ // (including its private key) in the "Local Machine" cert store. This is
+ // needed for HTTPS client third-party authentication . But the presence of
+ // "SeChangeNotifyPrivilege" also allows it to open and manipulate objects
+ // owned by the same user. This risk is only mitigated by setting the
+ // process integrity level to Low.
+ std::vector<base::string16> exceptions;
+ exceptions.push_back(base::string16(L"SeChangeNotifyPrivilege"));
+
+ // Remove privileges in the token.
+ if (restricted_token.DeleteAllPrivileges(&exceptions) != ERROR_SUCCESS)
+ return false;
+
+ // Set low integrity level.
+ if (restricted_token.SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW) !=
+ ERROR_SUCCESS) {
+ return false;
}
// Return the resulting token.
@@ -152,10 +140,8 @@ bool CreateWindowStationAndDesktop(ScopedSid logon_sid,
// The worker runs at low integrity level. Make sure it will be able to attach
// to the window station and desktop.
- if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
- desktop_sddl += kLowIntegrityMandatoryLabel;
- window_station_sddl += kLowIntegrityMandatoryLabel;
- }
+ desktop_sddl += kLowIntegrityMandatoryLabel;
+ window_station_sddl += kLowIntegrityMandatoryLabel;
Hzj_jie 2016/06/06 18:48:54 Do no need to concat anymore.
joedow 2016/06/06 22:49:46 Done. I still want to define the two pieces separ
// Create the desktop and window station security descriptors.
ScopedSd desktop_sd = ConvertSddlToSd(desktop_sddl);
@@ -177,9 +163,7 @@ bool CreateWindowStationAndDesktop(ScopedSid logon_sid,
// Make sure that a new window station will be created instead of opening
// an existing one.
- DWORD window_station_flags = 0;
- if (base::win::GetVersion() >= base::win::VERSION_VISTA)
- window_station_flags = CWF_CREATE_ONLY;
+ DWORD window_station_flags = CWF_CREATE_ONLY;
// Request full access because this handle will be inherited by the worker
// process which needs full access in order to attach to the window station.
« remoting/host/win/com_security.cc ('K') | « remoting/host/win/session_input_injector.cc ('k') | remoting/host/win/worker_process_launcher.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698