| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 690 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 701 if (!handles_to_inherit.empty()) { | 701 if (!handles_to_inherit.empty()) { |
| 702 options.inherit_handles = true; | 702 options.inherit_handles = true; |
| 703 options.handles_to_inherit = &handles; | 703 options.handles_to_inherit = &handles; |
| 704 } | 704 } |
| 705 base::Process unsandboxed_process = base::LaunchProcess(*cmd_line, options); | 705 base::Process unsandboxed_process = base::LaunchProcess(*cmd_line, options); |
| 706 | 706 |
| 707 *process = std::move(unsandboxed_process); | 707 *process = std::move(unsandboxed_process); |
| 708 return sandbox::SBOX_ALL_OK; | 708 return sandbox::SBOX_ALL_OK; |
| 709 } | 709 } |
| 710 | 710 |
| 711 scoped_refptr<sandbox::TargetPolicy> policy = | 711 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); |
| 712 g_broker_services->CreatePolicy(); | |
| 713 | 712 |
| 714 // Add any handles to be inherited to the policy. | 713 // Add any handles to be inherited to the policy. |
| 715 for (HANDLE handle : handles_to_inherit) | 714 for (HANDLE handle : handles_to_inherit) |
| 716 policy->AddHandleToShare(handle); | 715 policy->AddHandleToShare(handle); |
| 717 | 716 |
| 718 // Pre-startup mitigations. | 717 // Pre-startup mitigations. |
| 719 sandbox::MitigationFlags mitigations = | 718 sandbox::MitigationFlags mitigations = |
| 720 sandbox::MITIGATION_HEAP_TERMINATE | | 719 sandbox::MITIGATION_HEAP_TERMINATE | |
| 721 sandbox::MITIGATION_BOTTOM_UP_ASLR | | 720 sandbox::MITIGATION_BOTTOM_UP_ASLR | |
| 722 sandbox::MITIGATION_DEP | | 721 sandbox::MITIGATION_DEP | |
| 723 sandbox::MITIGATION_DEP_NO_ATL_THUNK | | 722 sandbox::MITIGATION_DEP_NO_ATL_THUNK | |
| 724 sandbox::MITIGATION_SEHOP | | 723 sandbox::MITIGATION_SEHOP | |
| 725 sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE | | 724 sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE | |
| 726 sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE | | 725 sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE | |
| 727 sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL; | 726 sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL; |
| 728 | 727 |
| 729 if (base::FeatureList::IsEnabled(features::kWinSboxDisableExtensionPoints)) | 728 if (base::FeatureList::IsEnabled(features::kWinSboxDisableExtensionPoints)) |
| 730 mitigations |= sandbox::MITIGATION_EXTENSION_POINT_DISABLE; | 729 mitigations |= sandbox::MITIGATION_EXTENSION_POINT_DISABLE; |
| 731 | 730 |
| 732 sandbox::ResultCode result = sandbox::SBOX_ERROR_GENERIC; | 731 sandbox::ResultCode result = sandbox::SBOX_ERROR_GENERIC; |
| 733 result = policy->SetProcessMitigations(mitigations); | 732 result = policy->SetProcessMitigations(mitigations); |
| 734 | 733 |
| 735 if (result != sandbox::SBOX_ALL_OK) | 734 if (result != sandbox::SBOX_ALL_OK) |
| 736 return result; | 735 return result; |
| 737 | 736 |
| 738 #if !defined(NACL_WIN64) | 737 #if !defined(NACL_WIN64) |
| 739 if (type_str == switches::kRendererProcess && | 738 if (type_str == switches::kRendererProcess && |
| 740 IsWin32kRendererLockdownEnabled()) { | 739 IsWin32kRendererLockdownEnabled()) { |
| 741 result = AddWin32kLockdownPolicy(policy.get(), false); | 740 result = AddWin32kLockdownPolicy(policy, false); |
| 742 if (result != sandbox::SBOX_ALL_OK) | 741 if (result != sandbox::SBOX_ALL_OK) |
| 743 return result; | 742 return result; |
| 744 } | 743 } |
| 745 #endif | 744 #endif |
| 746 | 745 |
| 747 // Post-startup mitigations. | 746 // Post-startup mitigations. |
| 748 mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS | | 747 mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS | |
| 749 sandbox::MITIGATION_DLL_SEARCH_ORDER; | 748 sandbox::MITIGATION_DLL_SEARCH_ORDER; |
| 750 | 749 |
| 751 result = policy->SetDelayedProcessMitigations(mitigations); | 750 result = policy->SetDelayedProcessMitigations(mitigations); |
| 752 if (result != sandbox::SBOX_ALL_OK) | 751 if (result != sandbox::SBOX_ALL_OK) |
| 753 return result; | 752 return result; |
| 754 | 753 |
| 755 result = SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy.get()); | 754 result = SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy); |
| 756 if (result != sandbox::SBOX_ALL_OK) | 755 if (result != sandbox::SBOX_ALL_OK) |
| 757 return result; | 756 return result; |
| 758 | 757 |
| 759 if (!delegate->DisableDefaultPolicy()) { | 758 if (!delegate->DisableDefaultPolicy()) { |
| 760 result = AddPolicyForSandboxedProcess(policy.get()); | 759 result = AddPolicyForSandboxedProcess(policy); |
| 761 if (result != sandbox::SBOX_ALL_OK) | 760 if (result != sandbox::SBOX_ALL_OK) |
| 762 return result; | 761 return result; |
| 763 } | 762 } |
| 764 | 763 |
| 765 #if !defined(NACL_WIN64) | 764 #if !defined(NACL_WIN64) |
| 766 if (type_str == switches::kRendererProcess || | 765 if (type_str == switches::kRendererProcess || |
| 767 type_str == switches::kPpapiPluginProcess) { | 766 type_str == switches::kPpapiPluginProcess) { |
| 768 AddDirectory(base::DIR_WINDOWS_FONTS, NULL, true, | 767 AddDirectory(base::DIR_WINDOWS_FONTS, NULL, true, |
| 769 sandbox::TargetPolicy::FILES_ALLOW_READONLY, policy.get()); | 768 sandbox::TargetPolicy::FILES_ALLOW_READONLY, policy); |
| 770 } | 769 } |
| 771 #endif | 770 #endif |
| 772 | 771 |
| 773 if (type_str != switches::kRendererProcess) { | 772 if (type_str != switches::kRendererProcess) { |
| 774 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into | 773 // Hack for Google Desktop crash. Trick GD into not injecting its DLL into |
| 775 // this subprocess. See | 774 // this subprocess. See |
| 776 // http://code.google.com/p/chromium/issues/detail?id=25580 | 775 // http://code.google.com/p/chromium/issues/detail?id=25580 |
| 777 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); | 776 cmd_line->AppendSwitchASCII("ignored", " --type=renderer "); |
| 778 } | 777 } |
| 779 | 778 |
| 780 result = AddGenericPolicy(policy.get()); | 779 result = AddGenericPolicy(policy); |
| 781 | 780 |
| 782 if (result != sandbox::SBOX_ALL_OK) { | 781 if (result != sandbox::SBOX_ALL_OK) { |
| 783 NOTREACHED(); | 782 NOTREACHED(); |
| 784 return result; | 783 return result; |
| 785 } | 784 } |
| 786 | 785 |
| 787 // Allow the renderer and gpu processes to access the log file. | 786 // Allow the renderer and gpu processes to access the log file. |
| 788 if (type_str == switches::kRendererProcess || | 787 if (type_str == switches::kRendererProcess || |
| 789 type_str == switches::kGpuProcess) { | 788 type_str == switches::kGpuProcess) { |
| 790 if (logging::IsLoggingToFileEnabled()) { | 789 if (logging::IsLoggingToFileEnabled()) { |
| 791 DCHECK(base::FilePath(logging::GetLogFileFullPath()).IsAbsolute()); | 790 DCHECK(base::FilePath(logging::GetLogFileFullPath()).IsAbsolute()); |
| 792 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | 791 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
| 793 sandbox::TargetPolicy::FILES_ALLOW_ANY, | 792 sandbox::TargetPolicy::FILES_ALLOW_ANY, |
| 794 logging::GetLogFileFullPath().c_str()); | 793 logging::GetLogFileFullPath().c_str()); |
| 795 if (result != sandbox::SBOX_ALL_OK) | 794 if (result != sandbox::SBOX_ALL_OK) |
| 796 return result; | 795 return result; |
| 797 } | 796 } |
| 798 } | 797 } |
| 799 | 798 |
| 800 // If stdout/stderr point to a Windows console, these calls will | 799 // If stdout/stderr point to a Windows console, these calls will |
| 801 // have no effect. These calls can fail with SBOX_ERROR_BAD_PARAMS. | 800 // have no effect. These calls can fail with SBOX_ERROR_BAD_PARAMS. |
| 802 policy->SetStdoutHandle(GetStdHandle(STD_OUTPUT_HANDLE)); | 801 policy->SetStdoutHandle(GetStdHandle(STD_OUTPUT_HANDLE)); |
| 803 policy->SetStderrHandle(GetStdHandle(STD_ERROR_HANDLE)); | 802 policy->SetStderrHandle(GetStdHandle(STD_ERROR_HANDLE)); |
| 804 | 803 |
| 805 if (!delegate->PreSpawnTarget(policy.get())) | 804 if (!delegate->PreSpawnTarget(policy)) |
| 806 return sandbox::SBOX_ERROR_DELEGATE_PRE_SPAWN; | 805 return sandbox::SBOX_ERROR_DELEGATE_PRE_SPAWN; |
| 807 | 806 |
| 808 TRACE_EVENT_BEGIN0("startup", "StartProcessWithAccess::LAUNCHPROCESS"); | 807 TRACE_EVENT_BEGIN0("startup", "StartProcessWithAccess::LAUNCHPROCESS"); |
| 809 | 808 |
| 810 PROCESS_INFORMATION temp_process_info = {}; | 809 PROCESS_INFORMATION temp_process_info = {}; |
| 811 sandbox::ResultCode last_warning = sandbox::SBOX_ALL_OK; | 810 sandbox::ResultCode last_warning = sandbox::SBOX_ALL_OK; |
| 812 DWORD last_error = ERROR_SUCCESS; | 811 DWORD last_error = ERROR_SUCCESS; |
| 813 result = g_broker_services->SpawnTarget( | 812 result = g_broker_services->SpawnTarget( |
| 814 cmd_line->GetProgram().value().c_str(), | 813 cmd_line->GetProgram().value().c_str(), |
| 815 cmd_line->GetCommandLineString().c_str(), policy, &last_warning, | 814 cmd_line->GetCommandLineString().c_str(), policy, &last_warning, |
| (...skipping 18 matching lines...) Expand all Loading... |
| 834 } | 833 } |
| 835 | 834 |
| 836 delegate->PostSpawnTarget(target.process_handle()); | 835 delegate->PostSpawnTarget(target.process_handle()); |
| 837 | 836 |
| 838 CHECK(ResumeThread(target.thread_handle()) != static_cast<DWORD>(-1)); | 837 CHECK(ResumeThread(target.thread_handle()) != static_cast<DWORD>(-1)); |
| 839 *process = base::Process(target.TakeProcessHandle()); | 838 *process = base::Process(target.TakeProcessHandle()); |
| 840 return sandbox::SBOX_ALL_OK; | 839 return sandbox::SBOX_ALL_OK; |
| 841 } | 840 } |
| 842 | 841 |
| 843 } // namespace content | 842 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2453063003:
Revert "Fix sandbox::PolicyBase leak" (Closed)
