| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 154 | 154 |
| 155 ResultCode PolicyBase::SetTokenLevel(TokenLevel initial, TokenLevel lockdown) { | 155 ResultCode PolicyBase::SetTokenLevel(TokenLevel initial, TokenLevel lockdown) { |
| 156 if (initial < lockdown) { | 156 if (initial < lockdown) { |
| 157 return SBOX_ERROR_BAD_PARAMS; | 157 return SBOX_ERROR_BAD_PARAMS; |
| 158 } | 158 } |
| 159 initial_level_ = initial; | 159 initial_level_ = initial; |
| 160 lockdown_level_ = lockdown; | 160 lockdown_level_ = lockdown; |
| 161 return SBOX_ALL_OK; | 161 return SBOX_ALL_OK; |
| 162 } | 162 } |
| 163 | 163 |
| 164 TokenLevel PolicyBase::GetInitialTokenLevel() const { |
| 165 return initial_level_; |
| 166 } |
| 167 |
| 168 TokenLevel PolicyBase::GetLockdownTokenLevel() const{ |
| 169 return lockdown_level_; |
| 170 } |
| 171 |
| 164 ResultCode PolicyBase::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { | 172 ResultCode PolicyBase::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { |
| 165 job_level_ = job_level; | 173 job_level_ = job_level; |
| 166 ui_exceptions_ = ui_exceptions; | 174 ui_exceptions_ = ui_exceptions; |
| 167 return SBOX_ALL_OK; | 175 return SBOX_ALL_OK; |
| 168 } | 176 } |
| 169 | 177 |
| 170 ResultCode PolicyBase::SetAlternateDesktop(bool alternate_winstation) { | 178 ResultCode PolicyBase::SetAlternateDesktop(bool alternate_winstation) { |
| 171 use_alternate_desktop_ = true; | 179 use_alternate_desktop_ = true; |
| 172 use_alternate_winstation_ = alternate_winstation; | 180 use_alternate_winstation_ = alternate_winstation; |
| 173 return CreateAlternateDesktop(alternate_winstation); | 181 return CreateAlternateDesktop(alternate_winstation); |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 258 ::CloseWindowStation(alternate_winstation_handle_); | 266 ::CloseWindowStation(alternate_winstation_handle_); |
| 259 alternate_winstation_handle_ = NULL; | 267 alternate_winstation_handle_ = NULL; |
| 260 } | 268 } |
| 261 } | 269 } |
| 262 | 270 |
| 263 ResultCode PolicyBase::SetIntegrityLevel(IntegrityLevel integrity_level) { | 271 ResultCode PolicyBase::SetIntegrityLevel(IntegrityLevel integrity_level) { |
| 264 integrity_level_ = integrity_level; | 272 integrity_level_ = integrity_level; |
| 265 return SBOX_ALL_OK; | 273 return SBOX_ALL_OK; |
| 266 } | 274 } |
| 267 | 275 |
| 276 IntegrityLevel PolicyBase::GetIntegrityLevel() const { |
| 277 return integrity_level_; |
| 278 } |
| 279 |
| 268 ResultCode PolicyBase::SetDelayedIntegrityLevel( | 280 ResultCode PolicyBase::SetDelayedIntegrityLevel( |
| 269 IntegrityLevel integrity_level) { | 281 IntegrityLevel integrity_level) { |
| 270 delayed_integrity_level_ = integrity_level; | 282 delayed_integrity_level_ = integrity_level; |
| 271 return SBOX_ALL_OK; | 283 return SBOX_ALL_OK; |
| 272 } | 284 } |
| 273 | 285 |
| 274 ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) { | 286 ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) { |
| 275 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 287 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
| 276 return SBOX_ALL_OK; | 288 return SBOX_ALL_OK; |
| 277 | 289 |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 309 } | 321 } |
| 310 | 322 |
| 311 ResultCode PolicyBase::SetDelayedProcessMitigations( | 323 ResultCode PolicyBase::SetDelayedProcessMitigations( |
| 312 MitigationFlags flags) { | 324 MitigationFlags flags) { |
| 313 if (!CanSetProcessMitigationsPostStartup(flags)) | 325 if (!CanSetProcessMitigationsPostStartup(flags)) |
| 314 return SBOX_ERROR_BAD_PARAMS; | 326 return SBOX_ERROR_BAD_PARAMS; |
| 315 delayed_mitigations_ = flags; | 327 delayed_mitigations_ = flags; |
| 316 return SBOX_ALL_OK; | 328 return SBOX_ALL_OK; |
| 317 } | 329 } |
| 318 | 330 |
| 319 MitigationFlags PolicyBase::GetDelayedProcessMitigations() { | 331 MitigationFlags PolicyBase::GetDelayedProcessMitigations() const { |
| 320 return delayed_mitigations_; | 332 return delayed_mitigations_; |
| 321 } | 333 } |
| 322 | 334 |
| 323 void PolicyBase::SetStrictInterceptions() { | 335 void PolicyBase::SetStrictInterceptions() { |
| 324 relaxed_interceptions_ = false; | 336 relaxed_interceptions_ = false; |
| 325 } | 337 } |
| 326 | 338 |
| 327 ResultCode PolicyBase::SetStdoutHandle(HANDLE handle) { | 339 ResultCode PolicyBase::SetStdoutHandle(HANDLE handle) { |
| 328 if (!IsInheritableHandle(handle)) | 340 if (!IsInheritableHandle(handle)) |
| 329 return SBOX_ERROR_BAD_PARAMS; | 341 return SBOX_ERROR_BAD_PARAMS; |
| (...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 666 | 678 |
| 667 // Finally, setup imports on the target so the interceptions can work. | 679 // Finally, setup imports on the target so the interceptions can work. |
| 668 return SetupNtdllImports(target); | 680 return SetupNtdllImports(target); |
| 669 } | 681 } |
| 670 | 682 |
| 671 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 683 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
| 672 return handle_closer_.InitializeTargetHandles(target); | 684 return handle_closer_.InitializeTargetHandles(target); |
| 673 } | 685 } |
| 674 | 686 |
| 675 } // namespace sandbox | 687 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
