Made setting lowbox token a warning.

sandbox/win/src/target_process.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/target_process.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <memory>
@@ skipping 54 matching lines @@
   PIMAGE_NT_HEADERS nt_header = pe.GetNTHeaders();
   char* base = reinterpret_cast<char*>(entry_point) -
     nt_header->OptionalHeader.AddressOfEntryPoint;
 
   ::FreeLibrary(exe);
   return base;
 }
 
 TargetProcess::TargetProcess(base::win::ScopedHandle initial_token,
                              base::win::ScopedHandle lockdown_token,
-                             base::win::ScopedHandle lowbox_token,
                              HANDLE job,
                              ThreadProvider* thread_pool)
     // This object owns everything initialized here except thread_pool and
     // the job_ handle. The Job handle is closed by BrokerServices and results
     // eventually in a call to our dtor.
     : lockdown_token_(std::move(lockdown_token)),
       initial_token_(std::move(initial_token)),
-      lowbox_token_(std::move(lowbox_token)),
       job_(job),
       thread_pool_(thread_pool),
       base_address_(NULL) {}
 
 TargetProcess::~TargetProcess() {
   DWORD exit_code = 0;
   // Give a chance to the process to die. In most cases the JOB_KILL_ON_CLOSE
   // will take effect only when the context changes. As far as the testing went,
   // this wait was enough to switch context and kill the processes in the job.
   // If this process is already dead, the function will return without waiting.
@@ skipping 25 matching lines @@
 
 // Creates the target (child) process suspended and assigns it to the job
 // object.
 ResultCode TargetProcess::Create(
     const wchar_t* exe_path,
     const wchar_t* command_line,
     bool inherit_handles,
     const base::win::StartupInformation& startup_info,
     base::win::ScopedProcessInformation* target_info,
     DWORD* win_error) {
-  if (lowbox_token_.IsValid() &&
-      base::win::GetVersion() < base::win::VERSION_WIN8) {
-    // We don't allow lowbox_token below Windows 8.
-    return SBOX_ERROR_BAD_PARAMS;
-  }
-
   exe_name_.reset(_wcsdup(exe_path));
 
   // the command line needs to be writable by CreateProcess().
   std::unique_ptr<wchar_t, base::FreeDeleter> cmd_line(_wcsdup(command_line));
 
   // Start the target process suspended.
   DWORD flags =
       CREATE_SUSPENDED | CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS;
 
   if (startup_info.has_extended_startup_info())
@@ skipping 60 matching lines @@
   void* entry_point = reinterpret_cast<void*>(context.Eax);
 #pragma warning(pop)
 #endif  // _WIN64
 
   if (!target_info->DuplicateFrom(process_info)) {
     *win_error = ::GetLastError();  // This may or may not be correct.
     ::TerminateProcess(process_info.process_handle(), 0);
     return SBOX_ERROR_DUPLICATE_TARGET_INFO;
   }
 
-  if (lowbox_token_.IsValid()) {
-    PROCESS_ACCESS_TOKEN process_access_token;
-    process_access_token.thread = process_info.thread_handle();
-    process_access_token.token = lowbox_token_.Get();
-
-    NtSetInformationProcess SetInformationProcess = NULL;
-    ResolveNTFunctionPtr("NtSetInformationProcess", &SetInformationProcess);
-
-    NTSTATUS status = SetInformationProcess(
-        process_info.process_handle(),
-        static_cast<PROCESS_INFORMATION_CLASS>(NtProcessInformationAccessToken),
-        &process_access_token, sizeof(process_access_token));
-    if (!NT_SUCCESS(status)) {
-      *win_error = GetLastErrorFromNtStatus(status);
-      ::TerminateProcess(process_info.process_handle(), 0);  // exit code
-      return SBOX_ERROR_SET_LOW_BOX_TOKEN;
-    }
-  }
-
   base_address_ = GetBaseAddress(exe_path, entry_point);
   sandbox_process_info_.Set(process_info.Take());
   return SBOX_ALL_OK;
 }
 
 ResultCode TargetProcess::TransferVariable(const char* name, void* address,
                                            size_t size) {
   if (!sandbox_process_info_.IsValid())
     return SBOX_ERROR_UNEXPECTED_CALL;
 
@@ skipping 111 matching lines @@
   return SBOX_ALL_OK;
 }
 
 void TargetProcess::Terminate() {
   if (!sandbox_process_info_.IsValid())
     return;
 
   ::TerminateProcess(sandbox_process_info_.process_handle(), 0);
 }
 
+ResultCode TargetProcess::AssignLowBoxToken(
+    const base::win::ScopedHandle& token) {
+  if (!token.IsValid())
+    return SBOX_ALL_OK;
+  PROCESS_ACCESS_TOKEN process_access_token = {};
+  process_access_token.token = token.Get();
+
+  NtSetInformationProcess SetInformationProcess = NULL;
+  ResolveNTFunctionPtr("NtSetInformationProcess", &SetInformationProcess);
+
+  NTSTATUS status = SetInformationProcess(
+      sandbox_process_info_.process_handle(),
+      static_cast<PROCESS_INFORMATION_CLASS>(NtProcessInformationAccessToken),
+      &process_access_token, sizeof(process_access_token));
+  if (!NT_SUCCESS(status)) {
+    ::SetLastError(GetLastErrorFromNtStatus(status));
+    return SBOX_ERROR_SET_LOW_BOX_TOKEN;
+  }
+  return SBOX_ALL_OK;
+}
+
 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address) {
-  TargetProcess* target =
-      new TargetProcess(base::win::ScopedHandle(), base::win::ScopedHandle(),
-                        base::win::ScopedHandle(), NULL, NULL);
+  TargetProcess* target = new TargetProcess(
+      base::win::ScopedHandle(), base::win::ScopedHandle(), NULL, NULL);
   PROCESS_INFORMATION process_info = {};
   process_info.hProcess = process;
   target->sandbox_process_info_.Set(process_info);
   target->base_address_ = base_address;
   return target;
 }
 
 }  // namespace sandbox