Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(922)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/job.cc

Issue 319573006: Add sandbox support for process memory limits (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ready for review Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« sandbox/win/src/broker_services.cc ('K') | « sandbox/win/src/job.h ('k') | sandbox/win/src/sandbox_policy.h » ('j') | sandbox/win/src/sandbox_policy.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/job.h" 5 #include "sandbox/win/src/job.h"
6 6
7 #include "base/win/windows_version.h" 7 #include "base/win/windows_version.h"
8 #include "sandbox/win/src/restricted_token.h" 8 #include "sandbox/win/src/restricted_token.h"
9 9
10 namespace sandbox { 10 namespace sandbox {
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
45 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DISPLAYSETTINGS; 45 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DISPLAYSETTINGS;
46 jeli.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_ACTIVE_PROCESS; 46 jeli.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_ACTIVE_PROCESS;
47 jeli.BasicLimitInformation.ActiveProcessLimit = 1; 47 jeli.BasicLimitInformation.ActiveProcessLimit = 1;
48 } 48 }
49 case JOB_INTERACTIVE: { 49 case JOB_INTERACTIVE: {
50 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS; 50 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS;
51 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DESKTOP; 51 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DESKTOP;
52 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_EXITWINDOWS; 52 jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_EXITWINDOWS;
53 } 53 }
54 case JOB_UNPROTECTED: { 54 case JOB_UNPROTECTED: {
55 // The JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE flag is not supported on 55 if (process_memory_limit_) {
56 // Windows 2000. We need a mechanism on Windows 2000 to ensure 56 jeli.BasicLimitInformation.LimitFlags |=
57 // that processes in the job are terminated when the job is closed 57 JOB_OBJECT_LIMIT_PROCESS_MEMORY;
58 if (base::win::GetVersion() == base::win::VERSION_PRE_XP) 58 jeli.ProcessMemoryLimit = process_memory_limit_;
59 break; 59 }
60 60
61 jeli.BasicLimitInformation.LimitFlags |= 61 jeli.BasicLimitInformation.LimitFlags |=
62 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE; 62 JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE;
63 break; 63 break;
64 } 64 }
65 default: { 65 default: {
66 return ERROR_BAD_ARGUMENTS; 66 return ERROR_BAD_ARGUMENTS;
67 } 67 }
68 } 68 }
69 69
70 if (FALSE == ::SetInformationJobObject(job_handle_, 70 if (FALSE == ::SetInformationJobObject(job_handle_,
71 JobObjectExtendedLimitInformation, 71 JobObjectExtendedLimitInformation,
72 &jeli, 72 &jeli,
73 sizeof(jeli))) { 73 sizeof(jeli))) {
74 return ::GetLastError(); 74 return ::GetLastError();
75 } 75 }
76 76
77 jbur.UIRestrictionsClass = jbur.UIRestrictionsClass & (~ui_exceptions); 77 jbur.UIRestrictionsClass = jbur.UIRestrictionsClass & (~ui_exceptions);
78 if (FALSE == ::SetInformationJobObject(job_handle_, 78 if (FALSE == ::SetInformationJobObject(job_handle_,
79 JobObjectBasicUIRestrictions, 79 JobObjectBasicUIRestrictions,
80 &jbur, 80 &jbur,
81 sizeof(jbur))) { 81 sizeof(jbur))) {
82 return ::GetLastError(); 82 return ::GetLastError();
83 } 83 }
84 84
85 return ERROR_SUCCESS; 85 return ERROR_SUCCESS;
86 } 86 }
87 87
88 DWORD Job::SetProcessMemoryLimit(size_t limit) {
89 if (job_handle_)
90 return ERROR_ALREADY_INITIALIZED;
91
92 process_memory_limit_ = limit;
93 return ERROR_SUCCESS;
94 }
95
88 DWORD Job::UserHandleGrantAccess(HANDLE handle) { 96 DWORD Job::UserHandleGrantAccess(HANDLE handle) {
89 if (!job_handle_) 97 if (!job_handle_)
90 return ERROR_NO_DATA; 98 return ERROR_NO_DATA;
91 99
92 if (!::UserHandleGrantAccess(handle, 100 if (!::UserHandleGrantAccess(handle,
93 job_handle_, 101 job_handle_,
94 TRUE)) { // Access allowed. 102 TRUE)) { // Access allowed.
95 return ::GetLastError(); 103 return ::GetLastError();
96 } 104 }
97 105
(...skipping 10 matching lines...) Expand all
108 if (!job_handle_) 116 if (!job_handle_)
109 return ERROR_NO_DATA; 117 return ERROR_NO_DATA;
110 118
111 if (FALSE == ::AssignProcessToJobObject(job_handle_, process_handle)) 119 if (FALSE == ::AssignProcessToJobObject(job_handle_, process_handle))
112 return ::GetLastError(); 120 return ::GetLastError();
113 121
114 return ERROR_SUCCESS; 122 return ERROR_SUCCESS;
115 } 123 }
116 124
117 } // namespace sandbox 125 } // namespace sandbox
OLDNEW
« sandbox/win/src/broker_services.cc ('K') | « sandbox/win/src/job.h ('k') | sandbox/win/src/sandbox_policy.h » ('j') | sandbox/win/src/sandbox_policy.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698