Chromium Code Reviews Chromium Code Reviews
Issue 319573006:
Add sandbox support for process memory limits (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 73 // Initializes static members. | 73 // Initializes static members. |
| 74 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; | 74 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; |
| 75 HDESK PolicyBase::alternate_desktop_handle_ = NULL; | 75 HDESK PolicyBase::alternate_desktop_handle_ = NULL; |
| 76 | 76 |
| 77 PolicyBase::PolicyBase() | 77 PolicyBase::PolicyBase() |
| 78 : ref_count(1), | 78 : ref_count(1), |
| 79 lockdown_level_(USER_LOCKDOWN), | 79 lockdown_level_(USER_LOCKDOWN), |
| 80 initial_level_(USER_LOCKDOWN), | 80 initial_level_(USER_LOCKDOWN), |
| 81 job_level_(JOB_LOCKDOWN), | 81 job_level_(JOB_LOCKDOWN), |
| 82 ui_exceptions_(0), | 82 ui_exceptions_(0), |
| 83 process_memory_limit_(0), | |
|
cpu_(ooo_6.6-7.5)
2014/06/06 19:44:05
maybe rename to memory_limit_ ?
jschuh
2014/06/06 20:13:14
Sure.
| |
| 84 terminate_on_memory_limit_(false), | |
| 83 use_alternate_desktop_(false), | 85 use_alternate_desktop_(false), |
| 84 use_alternate_winstation_(false), | 86 use_alternate_winstation_(false), |
| 85 file_system_init_(false), | 87 file_system_init_(false), |
| 86 relaxed_interceptions_(true), | 88 relaxed_interceptions_(true), |
| 87 stdout_handle_(INVALID_HANDLE_VALUE), | 89 stdout_handle_(INVALID_HANDLE_VALUE), |
| 88 stderr_handle_(INVALID_HANDLE_VALUE), | 90 stderr_handle_(INVALID_HANDLE_VALUE), |
| 89 integrity_level_(INTEGRITY_LEVEL_LAST), | 91 integrity_level_(INTEGRITY_LEVEL_LAST), |
| 90 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), | 92 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), |
| 91 mitigations_(0), | 93 mitigations_(0), |
| 92 delayed_mitigations_(0), | 94 delayed_mitigations_(0), |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 160 lockdown_level_ = lockdown; | 162 lockdown_level_ = lockdown; |
| 161 return SBOX_ALL_OK; | 163 return SBOX_ALL_OK; |
| 162 } | 164 } |
| 163 | 165 |
| 164 ResultCode PolicyBase::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { | 166 ResultCode PolicyBase::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { |
| 165 job_level_ = job_level; | 167 job_level_ = job_level; |
| 166 ui_exceptions_ = ui_exceptions; | 168 ui_exceptions_ = ui_exceptions; |
| 167 return SBOX_ALL_OK; | 169 return SBOX_ALL_OK; |
| 168 } | 170 } |
| 169 | 171 |
| 172 ResultCode PolicyBase::SetJobMemoryLimit(size_t limit, bool terminate) { | |
| 173 if (limit && job_level_ == JOB_NONE) { | |
| 174 return SBOX_ERROR_BAD_PARAMS; | |
| 175 } | |
| 176 process_memory_limit_ = limit; | |
| 177 terminate_on_memory_limit_ = terminate; | |
| 178 return SBOX_ALL_OK; | |
| 179 } | |
| 180 | |
| 181 bool PolicyBase::WillTerminateOnJobMemoryLimit() const { | |
| 182 return terminate_on_memory_limit_; | |
| 183 } | |
| 184 | |
| 170 ResultCode PolicyBase::SetAlternateDesktop(bool alternate_winstation) { | 185 ResultCode PolicyBase::SetAlternateDesktop(bool alternate_winstation) { |
| 171 use_alternate_desktop_ = true; | 186 use_alternate_desktop_ = true; |
| 172 use_alternate_winstation_ = alternate_winstation; | 187 use_alternate_winstation_ = alternate_winstation; |
| 173 return CreateAlternateDesktop(alternate_winstation); | 188 return CreateAlternateDesktop(alternate_winstation); |
| 174 } | 189 } |
| 175 | 190 |
| 176 base::string16 PolicyBase::GetAlternateDesktop() const { | 191 base::string16 PolicyBase::GetAlternateDesktop() const { |
| 177 // No alternate desktop or winstation. Return an empty string. | 192 // No alternate desktop or winstation. Return an empty string. |
| 178 if (!use_alternate_desktop_ && !use_alternate_winstation_) { | 193 if (!use_alternate_desktop_ && !use_alternate_winstation_) { |
| 179 return base::string16(); | 194 return base::string16(); |
| (...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 452 NOTREACHED(); | 467 NOTREACHED(); |
| 453 return false; | 468 return false; |
| 454 } | 469 } |
| 455 return dispatch->SetupService(manager, service); | 470 return dispatch->SetupService(manager, service); |
| 456 } | 471 } |
| 457 | 472 |
| 458 ResultCode PolicyBase::MakeJobObject(HANDLE* job) { | 473 ResultCode PolicyBase::MakeJobObject(HANDLE* job) { |
| 459 if (job_level_ != JOB_NONE) { | 474 if (job_level_ != JOB_NONE) { |
| 460 // Create the windows job object. | 475 // Create the windows job object. |
| 461 Job job_obj; | 476 Job job_obj; |
| 477 job_obj.SetProcessMemoryLimit(process_memory_limit_); | |
| 462 DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_); | 478 DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_); |
|
cpu_(ooo_6.6-7.5)
2014/06/06 19:44:05
seems best to move to job_obj.Init(..., memory_lim
jschuh
2014/06/06 20:13:14
Sure.
| |
| 463 if (ERROR_SUCCESS != result) { | 479 if (ERROR_SUCCESS != result) { |
| 464 return SBOX_ERROR_GENERIC; | 480 return SBOX_ERROR_GENERIC; |
| 465 } | 481 } |
| 466 *job = job_obj.Detach(); | 482 *job = job_obj.Detach(); |
| 467 } else { | 483 } else { |
| 468 *job = NULL; | 484 *job = NULL; |
| 469 } | 485 } |
| 470 return SBOX_ALL_OK; | 486 return SBOX_ALL_OK; |
| 471 } | 487 } |
| 472 | 488 |
| (...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 666 | 682 |
| 667 // Finally, setup imports on the target so the interceptions can work. | 683 // Finally, setup imports on the target so the interceptions can work. |
| 668 return SetupNtdllImports(target); | 684 return SetupNtdllImports(target); |
| 669 } | 685 } |
| 670 | 686 |
| 671 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 687 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
| 672 return handle_closer_.InitializeTargetHandles(target); | 688 return handle_closer_.InitializeTargetHandles(target); |
| 673 } | 689 } |
| 674 | 690 |
| 675 } // namespace sandbox | 691 } // namespace sandbox |
| OLD | NEW |
