Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1797)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/restricted_token_utils.cc

Issue 319573006: Add sandbox support for process memory limits (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: build fix Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/win/src/job_unittest.cc ('k') | sandbox/win/src/sandbox_policy.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <aclapi.h> 5 #include <aclapi.h>
6 #include <sddl.h> 6 #include <sddl.h>
7 #include <vector> 7 #include <vector>
8 8
9 #include "sandbox/win/src/restricted_token_utils.h" 9 #include "sandbox/win/src/restricted_token_utils.h"
10 10
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
139 139
140 return err_code; 140 return err_code;
141 } 141 }
142 142
143 DWORD StartRestrictedProcessInJob(wchar_t *command_line, 143 DWORD StartRestrictedProcessInJob(wchar_t *command_line,
144 TokenLevel primary_level, 144 TokenLevel primary_level,
145 TokenLevel impersonation_level, 145 TokenLevel impersonation_level,
146 JobLevel job_level, 146 JobLevel job_level,
147 HANDLE *const job_handle_ret) { 147 HANDLE *const job_handle_ret) {
148 Job job; 148 Job job;
149 DWORD err_code = job.Init(job_level, NULL, 0); 149 DWORD err_code = job.Init(job_level, NULL, 0, 0);
150 if (ERROR_SUCCESS != err_code) 150 if (ERROR_SUCCESS != err_code)
151 return err_code; 151 return err_code;
152 152
153 if (JOB_UNPROTECTED != job_level) { 153 if (JOB_UNPROTECTED != job_level) {
154 // Share the Desktop handle to be able to use MessageBox() in the sandboxed 154 // Share the Desktop handle to be able to use MessageBox() in the sandboxed
155 // application. 155 // application.
156 err_code = job.UserHandleGrantAccess(GetDesktopWindow()); 156 err_code = job.UserHandleGrantAccess(GetDesktopWindow());
157 if (ERROR_SUCCESS != err_code) 157 if (ERROR_SUCCESS != err_code)
158 return err_code; 158 return err_code;
159 } 159 }
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after
336 if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT, 336 if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT,
337 &token_handle)) 337 &token_handle))
338 return ::GetLastError(); 338 return ::GetLastError();
339 339
340 base::win::ScopedHandle token(token_handle); 340 base::win::ScopedHandle token(token_handle);
341 341
342 return SetTokenIntegrityLevel(token.Get(), integrity_level); 342 return SetTokenIntegrityLevel(token.Get(), integrity_level);
343 } 343 }
344 344
345 } // namespace sandbox 345 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/job_unittest.cc ('k') | sandbox/win/src/sandbox_policy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698