| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/desktop_session_win.h" | 5 #include "remoting/host/desktop_session_win.h" |
| 6 | 6 |
| 7 #include <sddl.h> | 7 #include <sddl.h> |
| 8 | 8 |
| 9 #include <limits> | 9 #include <limits> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 54 | 54 |
| 55 // The security descriptor of the daemon IPC endpoint. It gives full access | 55 // The security descriptor of the daemon IPC endpoint. It gives full access |
| 56 // to SYSTEM and denies access by anyone else. | 56 // to SYSTEM and denies access by anyone else. |
| 57 const wchar_t kDaemonIpcSecurityDescriptor[] = | 57 const wchar_t kDaemonIpcSecurityDescriptor[] = |
| 58 SDDL_OWNER L":" SDDL_LOCAL_SYSTEM | 58 SDDL_OWNER L":" SDDL_LOCAL_SYSTEM |
| 59 SDDL_GROUP L":" SDDL_LOCAL_SYSTEM | 59 SDDL_GROUP L":" SDDL_LOCAL_SYSTEM |
| 60 SDDL_DACL L":(" | 60 SDDL_DACL L":(" |
| 61 SDDL_ACCESS_ALLOWED L";;" SDDL_GENERIC_ALL L";;;" SDDL_LOCAL_SYSTEM | 61 SDDL_ACCESS_ALLOWED L";;" SDDL_GENERIC_ALL L";;;" SDDL_LOCAL_SYSTEM |
| 62 L")"; | 62 L")"; |
| 63 | 63 |
| 64 // This security descriptor is used to give the network process, running in the | |
| 65 // local service context, the PROCESS_QUERY_LIMITED_INFORMATION access right. | |
| 66 // It also gives SYSTEM full control of the process and PROCESS_VM_READ, | |
| 67 // PROCESS_QUERY_INFORMATION, PROCESS_TERMINATE, and READ_CONTROL rights to the | |
| 68 // built-in administrators group. | |
| 69 const wchar_t kDesktopProcessSecurityDescriptor[] = | |
| 70 SDDL_OWNER L":" SDDL_LOCAL_SYSTEM | |
| 71 SDDL_GROUP L":" SDDL_LOCAL_SYSTEM | |
| 72 SDDL_DACL L":" | |
| 73 SDDL_ACCESS_ALLOWED L";;" SDDL_GENERIC_ALL L";;;" SDDL_LOCAL_SYSTEM | |
| 74 L")(" | |
| 75 SDDL_ACCESS_ALLOWED L";;0x21411;;;" SDDL_BUILTIN_ADMINISTRATORS | |
| 76 L")(" | |
| 77 SDDL_ACCESS_ALLOWED L";;0x1000;;;" SDDL_LOCAL_SERVICE | |
| 78 L")"; | |
| 79 | |
| 80 // The command line parameters that should be copied from the service's command | 64 // The command line parameters that should be copied from the service's command |
| 81 // line to the desktop process. | 65 // line to the desktop process. |
| 82 const char* kCopiedSwitchNames[] = { switches::kV, switches::kVModule }; | 66 const char* kCopiedSwitchNames[] = { switches::kV, switches::kVModule }; |
| 83 | 67 |
| 84 // The default screen dimensions for an RDP session. | 68 // The default screen dimensions for an RDP session. |
| 85 const int kDefaultRdpScreenWidth = 1280; | 69 const int kDefaultRdpScreenWidth = 1280; |
| 86 const int kDefaultRdpScreenHeight = 768; | 70 const int kDefaultRdpScreenHeight = 768; |
| 87 | 71 |
| 88 // RDC 6.1 (W2K8) supports dimensions of up to 4096x2048. | 72 // RDC 6.1 (W2K8) supports dimensions of up to 4096x2048. |
| 89 const int kMaxRdpScreenWidth = 4096; | 73 const int kMaxRdpScreenWidth = 4096; |
| (...skipping 552 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 642 new base::CommandLine(desktop_binary)); | 626 new base::CommandLine(desktop_binary)); |
| 643 target->AppendSwitchASCII(kProcessTypeSwitchName, kProcessTypeDesktop); | 627 target->AppendSwitchASCII(kProcessTypeSwitchName, kProcessTypeDesktop); |
| 644 // Copy the command line switches enabling verbose logging. | 628 // Copy the command line switches enabling verbose logging. |
| 645 target->CopySwitchesFrom(*base::CommandLine::ForCurrentProcess(), | 629 target->CopySwitchesFrom(*base::CommandLine::ForCurrentProcess(), |
| 646 kCopiedSwitchNames, arraysize(kCopiedSwitchNames)); | 630 kCopiedSwitchNames, arraysize(kCopiedSwitchNames)); |
| 647 | 631 |
| 648 // Create a delegate capable of launching a process in a different session. | 632 // Create a delegate capable of launching a process in a different session. |
| 649 std::unique_ptr<WtsSessionProcessDelegate> delegate( | 633 std::unique_ptr<WtsSessionProcessDelegate> delegate( |
| 650 new WtsSessionProcessDelegate( | 634 new WtsSessionProcessDelegate( |
| 651 io_task_runner_, std::move(target), launch_elevated, | 635 io_task_runner_, std::move(target), launch_elevated, |
| 652 base::WideToUTF8(kDaemonIpcSecurityDescriptor), | 636 base::WideToUTF8(kDaemonIpcSecurityDescriptor))); |
| 653 base::WideToUTF8(kDesktopProcessSecurityDescriptor))); | |
| 654 if (!delegate->Initialize(session_id)) { | 637 if (!delegate->Initialize(session_id)) { |
| 655 TerminateSession(); | 638 TerminateSession(); |
| 656 return; | 639 return; |
| 657 } | 640 } |
| 658 | 641 |
| 659 // Create a launcher for the desktop process, using the per-session delegate. | 642 // Create a launcher for the desktop process, using the per-session delegate. |
| 660 launcher_.reset(new WorkerProcessLauncher(std::move(delegate), this)); | 643 launcher_.reset(new WorkerProcessLauncher(std::move(delegate), this)); |
| 661 session_id_ = session_id; | 644 session_id_ = session_id; |
| 662 } | 645 } |
| 663 | 646 |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 708 exploded.hour, | 691 exploded.hour, |
| 709 exploded.minute, | 692 exploded.minute, |
| 710 exploded.second, | 693 exploded.second, |
| 711 exploded.millisecond, | 694 exploded.millisecond, |
| 712 passed.c_str()); | 695 passed.c_str()); |
| 713 | 696 |
| 714 last_timestamp_ = now; | 697 last_timestamp_ = now; |
| 715 } | 698 } |
| 716 | 699 |
| 717 } // namespace remoting | 700 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2567003003:
Removing unnecessary process ACL'ing for the remoting_desktop process (Closed)
