Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(184)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/sandbox_policy_base.cc

Issue 2316333003: Fix sandbox::PolicyBase leak (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: avoid using RefCountedThreadSafe Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/sandbox.h ('k') | sandbox/win/tests/common/controller.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/sandbox_policy_base.h" 5 #include "sandbox/win/src/sandbox_policy_base.h"
6 6
7 #include <sddl.h> 7 #include <sddl.h>
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <stdint.h> 9 #include <stdint.h>
10 10
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; 108 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level;
109 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; 109 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations;
110 110
111 // Initializes static members. 111 // Initializes static members.
112 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; 112 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL;
113 HDESK PolicyBase::alternate_desktop_handle_ = NULL; 113 HDESK PolicyBase::alternate_desktop_handle_ = NULL;
114 IntegrityLevel PolicyBase::alternate_desktop_integrity_level_label_ = 114 IntegrityLevel PolicyBase::alternate_desktop_integrity_level_label_ =
115 INTEGRITY_LEVEL_SYSTEM; 115 INTEGRITY_LEVEL_SYSTEM;
116 116
117 PolicyBase::PolicyBase() 117 PolicyBase::PolicyBase()
118 : ref_count(1), 118 : ref_count(0),
119 lockdown_level_(USER_LOCKDOWN), 119 lockdown_level_(USER_LOCKDOWN),
120 initial_level_(USER_LOCKDOWN), 120 initial_level_(USER_LOCKDOWN),
121 job_level_(JOB_LOCKDOWN), 121 job_level_(JOB_LOCKDOWN),
122 ui_exceptions_(0), 122 ui_exceptions_(0),
123 memory_limit_(0), 123 memory_limit_(0),
124 use_alternate_desktop_(false), 124 use_alternate_desktop_(false),
125 use_alternate_winstation_(false), 125 use_alternate_winstation_(false),
126 file_system_init_(false), 126 file_system_init_(false),
127 relaxed_interceptions_(true), 127 relaxed_interceptions_(true),
128 stdout_handle_(INVALID_HANDLE_VALUE), 128 stdout_handle_(INVALID_HANDLE_VALUE),
(...skipping 25 matching lines...) Expand all
154 ::LocalFree(lowbox_sid_); 154 ::LocalFree(lowbox_sid_);
155 155
156 ::DeleteCriticalSection(&lock_); 156 ::DeleteCriticalSection(&lock_);
157 } 157 }
158 158
159 void PolicyBase::AddRef() { 159 void PolicyBase::AddRef() {
160 ::InterlockedIncrement(&ref_count); 160 ::InterlockedIncrement(&ref_count);
161 } 161 }
162 162
163 void PolicyBase::Release() { 163 void PolicyBase::Release() {
164 if (0 == ::InterlockedDecrement(&ref_count)) 164 if (0 == ::InterlockedDecrement(&ref_count))
Will Harris 2016/09/07 23:28:33 does this check not need to change now?
165 delete this; 165 delete this;
166 } 166 }
167 167
168 ResultCode PolicyBase::SetTokenLevel(TokenLevel initial, TokenLevel lockdown) { 168 ResultCode PolicyBase::SetTokenLevel(TokenLevel initial, TokenLevel lockdown) {
169 if (initial < lockdown) { 169 if (initial < lockdown) {
170 return SBOX_ERROR_BAD_PARAMS; 170 return SBOX_ERROR_BAD_PARAMS;
171 } 171 }
172 initial_level_ = initial; 172 initial_level_ = initial;
173 lockdown_level_ = lockdown; 173 lockdown_level_ = lockdown;
174 return SBOX_ALL_OK; 174 return SBOX_ALL_OK;
(...skipping 547 matching lines...) Expand 10 before | Expand all | Expand 10 after
722 break; 722 break;
723 } 723 }
724 724
725 default: { return SBOX_ERROR_UNSUPPORTED; } 725 default: { return SBOX_ERROR_UNSUPPORTED; }
726 } 726 }
727 727
728 return SBOX_ALL_OK; 728 return SBOX_ALL_OK;
729 } 729 }
730 730
731 } // namespace sandbox 731 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/sandbox.h ('k') | sandbox/win/tests/common/controller.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698