Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(436)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/target_process.cc

Issue 2130753002: Made setting lowbox token a warning. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Reverted change to logging Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/target_process.h ('k') | sandbox/win/tests/common/controller.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/target_process.cc
diff --git a/sandbox/win/src/target_process.cc b/sandbox/win/src/target_process.cc
index 7e09171e27a94032d0ffd5361cc8ae477b7e7d96..7fddffb4c41d0672a7539562ab41a93cd14ec6a4 100644
--- a/sandbox/win/src/target_process.cc
+++ b/sandbox/win/src/target_process.cc
@@ -72,7 +72,6 @@ void* GetBaseAddress(const wchar_t* exe_name, void* entry_point) {
TargetProcess::TargetProcess(base::win::ScopedHandle initial_token,
base::win::ScopedHandle lockdown_token,
- base::win::ScopedHandle lowbox_token,
HANDLE job,
ThreadProvider* thread_pool)
// This object owns everything initialized here except thread_pool and
@@ -80,7 +79,6 @@ TargetProcess::TargetProcess(base::win::ScopedHandle initial_token,
// eventually in a call to our dtor.
: lockdown_token_(std::move(lockdown_token)),
initial_token_(std::move(initial_token)),
- lowbox_token_(std::move(lowbox_token)),
job_(job),
thread_pool_(thread_pool),
base_address_(NULL) {}
@@ -126,12 +124,6 @@ ResultCode TargetProcess::Create(
const base::win::StartupInformation& startup_info,
base::win::ScopedProcessInformation* target_info,
DWORD* win_error) {
- if (lowbox_token_.IsValid() &&
- base::win::GetVersion() < base::win::VERSION_WIN8) {
- // We don't allow lowbox_token below Windows 8.
- return SBOX_ERROR_BAD_PARAMS;
- }
-
exe_name_.reset(_wcsdup(exe_path));
// the command line needs to be writable by CreateProcess().
@@ -212,25 +204,6 @@ ResultCode TargetProcess::Create(
return SBOX_ERROR_DUPLICATE_TARGET_INFO;
}
- if (lowbox_token_.IsValid()) {
- PROCESS_ACCESS_TOKEN process_access_token;
- process_access_token.thread = process_info.thread_handle();
- process_access_token.token = lowbox_token_.Get();
-
- NtSetInformationProcess SetInformationProcess = NULL;
- ResolveNTFunctionPtr("NtSetInformationProcess", &SetInformationProcess);
-
- NTSTATUS status = SetInformationProcess(
- process_info.process_handle(),
- static_cast<PROCESS_INFORMATION_CLASS>(NtProcessInformationAccessToken),
- &process_access_token, sizeof(process_access_token));
- if (!NT_SUCCESS(status)) {
- *win_error = GetLastErrorFromNtStatus(status);
- ::TerminateProcess(process_info.process_handle(), 0); // exit code
- return SBOX_ERROR_SET_LOW_BOX_TOKEN;
- }
- }
-
base_address_ = GetBaseAddress(exe_path, entry_point);
sandbox_process_info_.Set(process_info.Take());
return SBOX_ALL_OK;
@@ -362,10 +335,30 @@ void TargetProcess::Terminate() {
::TerminateProcess(sandbox_process_info_.process_handle(), 0);
}
+ResultCode TargetProcess::AssignLowBoxToken(
+ const base::win::ScopedHandle& token) {
+ if (!token.IsValid())
+ return SBOX_ALL_OK;
+ PROCESS_ACCESS_TOKEN process_access_token = {};
+ process_access_token.token = token.Get();
+
+ NtSetInformationProcess SetInformationProcess = NULL;
+ ResolveNTFunctionPtr("NtSetInformationProcess", &SetInformationProcess);
+
+ NTSTATUS status = SetInformationProcess(
+ sandbox_process_info_.process_handle(),
+ static_cast<PROCESS_INFORMATION_CLASS>(NtProcessInformationAccessToken),
+ &process_access_token, sizeof(process_access_token));
+ if (!NT_SUCCESS(status)) {
+ ::SetLastError(GetLastErrorFromNtStatus(status));
+ return SBOX_ERROR_SET_LOW_BOX_TOKEN;
+ }
+ return SBOX_ALL_OK;
+}
+
TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address) {
- TargetProcess* target =
- new TargetProcess(base::win::ScopedHandle(), base::win::ScopedHandle(),
- base::win::ScopedHandle(), NULL, NULL);
+ TargetProcess* target = new TargetProcess(
+ base::win::ScopedHandle(), base::win::ScopedHandle(), NULL, NULL);
PROCESS_INFORMATION process_info = {};
process_info.hProcess = process;
target->sandbox_process_info_.Set(process_info);
« no previous file with comments | « sandbox/win/src/target_process.h ('k') | sandbox/win/tests/common/controller.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698