| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/memory/shared_memory.h" | 5 #include "base/memory/shared_memory.h" |
| 6 #include "base/strings/string_number_conversions.h" | 6 #include "base/strings/string_number_conversions.h" |
| 7 #include "base/strings/string_piece.h" | 7 #include "base/strings/string_piece.h" |
| 8 #include "base/win/scoped_process_information.h" | 8 #include "base/win/scoped_process_information.h" |
| 9 #include "base/win/windows_version.h" | 9 #include "base/win/windows_version.h" |
| 10 #include "sandbox/win/src/sandbox.h" | 10 #include "sandbox/win/src/sandbox.h" |
| (...skipping 220 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 231 // Get the path to the sandboxed app. | 231 // Get the path to the sandboxed app. |
| 232 wchar_t prog_name[MAX_PATH]; | 232 wchar_t prog_name[MAX_PATH]; |
| 233 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 233 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 234 | 234 |
| 235 base::string16 arguments(L"\""); | 235 base::string16 arguments(L"\""); |
| 236 arguments += prog_name; | 236 arguments += prog_name; |
| 237 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. | 237 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. |
| 238 | 238 |
| 239 // Launch the app. | 239 // Launch the app. |
| 240 ResultCode result = SBOX_ALL_OK; | 240 ResultCode result = SBOX_ALL_OK; |
| 241 ResultCode warning_result = SBOX_ALL_OK; |
| 242 DWORD last_error = ERROR_SUCCESS; |
| 241 base::win::ScopedProcessInformation target; | 243 base::win::ScopedProcessInformation target; |
| 242 | 244 |
| 243 TargetPolicy* policy = broker->CreatePolicy(); | 245 TargetPolicy* policy = broker->CreatePolicy(); |
| 244 policy->SetAlternateDesktop(false); | 246 policy->SetAlternateDesktop(false); |
| 245 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 247 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| 246 PROCESS_INFORMATION temp_process_info = {}; | 248 PROCESS_INFORMATION temp_process_info = {}; |
| 247 result = broker->SpawnTarget(prog_name, arguments.c_str(), policy, | 249 result = |
| 248 &temp_process_info); | 250 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, |
| 251 &last_error, &temp_process_info); |
| 249 base::string16 desktop_name = policy->GetAlternateDesktop(); | 252 base::string16 desktop_name = policy->GetAlternateDesktop(); |
| 250 policy->Release(); | 253 policy->Release(); |
| 251 | 254 |
| 252 EXPECT_EQ(SBOX_ALL_OK, result); | 255 EXPECT_EQ(SBOX_ALL_OK, result); |
| 253 if (result == SBOX_ALL_OK) | 256 if (result == SBOX_ALL_OK) |
| 254 target.Set(temp_process_info); | 257 target.Set(temp_process_info); |
| 255 | 258 |
| 256 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); | 259 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); |
| 257 | 260 |
| 258 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), | 261 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 295 // Get the path to the sandboxed app. | 298 // Get the path to the sandboxed app. |
| 296 wchar_t prog_name[MAX_PATH]; | 299 wchar_t prog_name[MAX_PATH]; |
| 297 GetModuleFileNameW(NULL, prog_name, MAX_PATH); | 300 GetModuleFileNameW(NULL, prog_name, MAX_PATH); |
| 298 | 301 |
| 299 base::string16 arguments(L"\""); | 302 base::string16 arguments(L"\""); |
| 300 arguments += prog_name; | 303 arguments += prog_name; |
| 301 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. | 304 arguments += L"\" -child 0 wait"; // Don't care about the "state" argument. |
| 302 | 305 |
| 303 // Launch the app. | 306 // Launch the app. |
| 304 ResultCode result = SBOX_ALL_OK; | 307 ResultCode result = SBOX_ALL_OK; |
| 308 ResultCode warning_result = SBOX_ALL_OK; |
| 305 base::win::ScopedProcessInformation target; | 309 base::win::ScopedProcessInformation target; |
| 306 | 310 |
| 307 TargetPolicy* policy = broker->CreatePolicy(); | 311 TargetPolicy* policy = broker->CreatePolicy(); |
| 308 policy->SetAlternateDesktop(true); | 312 policy->SetAlternateDesktop(true); |
| 309 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 313 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| 310 PROCESS_INFORMATION temp_process_info = {}; | 314 PROCESS_INFORMATION temp_process_info = {}; |
| 311 result = broker->SpawnTarget(prog_name, arguments.c_str(), policy, | 315 DWORD last_error = ERROR_SUCCESS; |
| 312 &temp_process_info); | 316 result = |
| 317 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, |
| 318 &last_error, &temp_process_info); |
| 313 base::string16 desktop_name = policy->GetAlternateDesktop(); | 319 base::string16 desktop_name = policy->GetAlternateDesktop(); |
| 314 policy->Release(); | 320 policy->Release(); |
| 315 | 321 |
| 316 EXPECT_EQ(SBOX_ALL_OK, result); | 322 EXPECT_EQ(SBOX_ALL_OK, result); |
| 317 if (result == SBOX_ALL_OK) | 323 if (result == SBOX_ALL_OK) |
| 318 target.Set(temp_process_info); | 324 target.Set(temp_process_info); |
| 319 | 325 |
| 320 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); | 326 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); |
| 321 | 327 |
| 322 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), | 328 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 375 policy->AddHandleToShare(read_only_view.handle().GetHandle()); | 381 policy->AddHandleToShare(read_only_view.handle().GetHandle()); |
| 376 | 382 |
| 377 base::string16 arguments(L"\""); | 383 base::string16 arguments(L"\""); |
| 378 arguments += prog_name; | 384 arguments += prog_name; |
| 379 arguments += L"\" -child 0 shared_memory_handle "; | 385 arguments += L"\" -child 0 shared_memory_handle "; |
| 380 arguments += base::UintToString16( | 386 arguments += base::UintToString16( |
| 381 base::win::HandleToUint32(read_only_view.handle().GetHandle())); | 387 base::win::HandleToUint32(read_only_view.handle().GetHandle())); |
| 382 | 388 |
| 383 // Launch the app. | 389 // Launch the app. |
| 384 ResultCode result = SBOX_ALL_OK; | 390 ResultCode result = SBOX_ALL_OK; |
| 391 ResultCode warning_result = SBOX_ALL_OK; |
| 385 base::win::ScopedProcessInformation target; | 392 base::win::ScopedProcessInformation target; |
| 386 | 393 |
| 387 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); | 394 policy->SetTokenLevel(USER_INTERACTIVE, USER_LOCKDOWN); |
| 388 PROCESS_INFORMATION temp_process_info = {}; | 395 PROCESS_INFORMATION temp_process_info = {}; |
| 389 result = broker->SpawnTarget(prog_name, arguments.c_str(), policy, | 396 DWORD last_error = ERROR_SUCCESS; |
| 390 &temp_process_info); | 397 result = |
| 398 broker->SpawnTarget(prog_name, arguments.c_str(), policy, &warning_result, |
| 399 &last_error, &temp_process_info); |
| 391 policy->Release(); | 400 policy->Release(); |
| 392 | 401 |
| 393 EXPECT_EQ(SBOX_ALL_OK, result); | 402 EXPECT_EQ(SBOX_ALL_OK, result); |
| 394 if (result == SBOX_ALL_OK) | 403 if (result == SBOX_ALL_OK) |
| 395 target.Set(temp_process_info); | 404 target.Set(temp_process_info); |
| 396 | 405 |
| 397 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); | 406 EXPECT_EQ(1u, ::ResumeThread(target.thread_handle())); |
| 398 | 407 |
| 399 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), | 408 EXPECT_EQ(static_cast<DWORD>(WAIT_TIMEOUT), |
| 400 ::WaitForSingleObject(target.process_handle(), 2000)); | 409 ::WaitForSingleObject(target.process_handle(), 2000)); |
| 401 | 410 |
| 402 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); | 411 EXPECT_TRUE(::TerminateProcess(target.process_handle(), 0)); |
| 403 | 412 |
| 404 ::WaitForSingleObject(target.process_handle(), INFINITE); | 413 ::WaitForSingleObject(target.process_handle(), INFINITE); |
| 405 } | 414 } |
| 406 | 415 |
| 407 } // namespace sandbox | 416 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2130753002:
Made setting lowbox token a warning. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master