OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/job.h" | 5 #include "sandbox/win/src/job.h" |
6 | 6 |
7 #include "base/win/windows_version.h" | 7 #include "base/win/windows_version.h" |
8 #include "sandbox/win/src/restricted_token.h" | 8 #include "sandbox/win/src/restricted_token.h" |
9 | 9 |
10 namespace sandbox { | 10 namespace sandbox { |
11 | 11 |
12 Job::~Job() { | 12 Job::~Job() { |
13 if (job_handle_) | 13 if (job_handle_) |
14 ::CloseHandle(job_handle_); | 14 ::CloseHandle(job_handle_); |
15 }; | 15 }; |
16 | 16 |
17 DWORD Job::Init(JobLevel security_level, | 17 DWORD Job::Init(JobLevel security_level, |
18 const wchar_t* job_name, | 18 const wchar_t* job_name, |
19 DWORD ui_exceptions) { | 19 DWORD ui_exceptions, |
| 20 size_t memory_limit) { |
20 if (job_handle_) | 21 if (job_handle_) |
21 return ERROR_ALREADY_INITIALIZED; | 22 return ERROR_ALREADY_INITIALIZED; |
22 | 23 |
23 job_handle_ = ::CreateJobObject(NULL, // No security attribute | 24 job_handle_ = ::CreateJobObject(NULL, // No security attribute |
24 job_name); | 25 job_name); |
25 if (!job_handle_) | 26 if (!job_handle_) |
26 return ::GetLastError(); | 27 return ::GetLastError(); |
27 | 28 |
28 JOBOBJECT_EXTENDED_LIMIT_INFORMATION jeli = {0}; | 29 JOBOBJECT_EXTENDED_LIMIT_INFORMATION jeli = {0}; |
29 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0}; | 30 JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0}; |
(...skipping 15 matching lines...) Expand all Loading... |
45 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DISPLAYSETTINGS; | 46 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DISPLAYSETTINGS; |
46 jeli.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_ACTIVE_PROCESS; | 47 jeli.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_ACTIVE_PROCESS; |
47 jeli.BasicLimitInformation.ActiveProcessLimit = 1; | 48 jeli.BasicLimitInformation.ActiveProcessLimit = 1; |
48 } | 49 } |
49 case JOB_INTERACTIVE: { | 50 case JOB_INTERACTIVE: { |
50 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS; | 51 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS; |
51 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DESKTOP; | 52 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DESKTOP; |
52 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_EXITWINDOWS; | 53 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_EXITWINDOWS; |
53 } | 54 } |
54 case JOB_UNPROTECTED: { | 55 case JOB_UNPROTECTED: { |
55 // The JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE flag is not supported on | 56 if (memory_limit) { |
56 // Windows 2000. We need a mechanism on Windows 2000 to ensure | 57 jeli.BasicLimitInformation.LimitFlags |= |
57 // that processes in the job are terminated when the job is closed | 58 JOB_OBJECT_LIMIT_PROCESS_MEMORY; |
58 if (base::win::GetVersion() == base::win::VERSION_PRE_XP) | 59 jeli.ProcessMemoryLimit = memory_limit; |
59 break; | 60 } |
60 | 61 |
61 jeli.BasicLimitInformation.LimitFlags |= | 62 jeli.BasicLimitInformation.LimitFlags |= |
62 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE; | 63 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE; |
63 break; | 64 break; |
64 } | 65 } |
65 default: { | 66 default: { |
66 return ERROR_BAD_ARGUMENTS; | 67 return ERROR_BAD_ARGUMENTS; |
67 } | 68 } |
68 } | 69 } |
69 | 70 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 if (!job_handle_) | 109 if (!job_handle_) |
109 return ERROR_NO_DATA; | 110 return ERROR_NO_DATA; |
110 | 111 |
111 if (FALSE == ::AssignProcessToJobObject(job_handle_, process_handle)) | 112 if (FALSE == ::AssignProcessToJobObject(job_handle_, process_handle)) |
112 return ::GetLastError(); | 113 return ::GetLastError(); |
113 | 114 |
114 return ERROR_SUCCESS; | 115 return ERROR_SUCCESS; |
115 } | 116 } |
116 | 117 |
117 } // namespace sandbox | 118 } // namespace sandbox |
OLD | NEW |