OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
73 // Initializes static members. | 73 // Initializes static members. |
74 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; | 74 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; |
75 HDESK PolicyBase::alternate_desktop_handle_ = NULL; | 75 HDESK PolicyBase::alternate_desktop_handle_ = NULL; |
76 | 76 |
77 PolicyBase::PolicyBase() | 77 PolicyBase::PolicyBase() |
78 : ref_count(1), | 78 : ref_count(1), |
79 lockdown_level_(USER_LOCKDOWN), | 79 lockdown_level_(USER_LOCKDOWN), |
80 initial_level_(USER_LOCKDOWN), | 80 initial_level_(USER_LOCKDOWN), |
81 job_level_(JOB_LOCKDOWN), | 81 job_level_(JOB_LOCKDOWN), |
82 ui_exceptions_(0), | 82 ui_exceptions_(0), |
83 process_memory_limit_(0), | |
cpu_(ooo_6.6-7.5)
2014/06/06 19:44:05
maybe rename to memory_limit_ ?
jschuh
2014/06/06 20:13:14
Sure.
| |
84 terminate_on_memory_limit_(false), | |
83 use_alternate_desktop_(false), | 85 use_alternate_desktop_(false), |
84 use_alternate_winstation_(false), | 86 use_alternate_winstation_(false), |
85 file_system_init_(false), | 87 file_system_init_(false), |
86 relaxed_interceptions_(true), | 88 relaxed_interceptions_(true), |
87 stdout_handle_(INVALID_HANDLE_VALUE), | 89 stdout_handle_(INVALID_HANDLE_VALUE), |
88 stderr_handle_(INVALID_HANDLE_VALUE), | 90 stderr_handle_(INVALID_HANDLE_VALUE), |
89 integrity_level_(INTEGRITY_LEVEL_LAST), | 91 integrity_level_(INTEGRITY_LEVEL_LAST), |
90 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), | 92 delayed_integrity_level_(INTEGRITY_LEVEL_LAST), |
91 mitigations_(0), | 93 mitigations_(0), |
92 delayed_mitigations_(0), | 94 delayed_mitigations_(0), |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
160 lockdown_level_ = lockdown; | 162 lockdown_level_ = lockdown; |
161 return SBOX_ALL_OK; | 163 return SBOX_ALL_OK; |
162 } | 164 } |
163 | 165 |
164 ResultCode PolicyBase::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { | 166 ResultCode PolicyBase::SetJobLevel(JobLevel job_level, uint32 ui_exceptions) { |
165 job_level_ = job_level; | 167 job_level_ = job_level; |
166 ui_exceptions_ = ui_exceptions; | 168 ui_exceptions_ = ui_exceptions; |
167 return SBOX_ALL_OK; | 169 return SBOX_ALL_OK; |
168 } | 170 } |
169 | 171 |
172 ResultCode PolicyBase::SetJobMemoryLimit(size_t limit, bool terminate) { | |
173 if (limit && job_level_ == JOB_NONE) { | |
174 return SBOX_ERROR_BAD_PARAMS; | |
175 } | |
176 process_memory_limit_ = limit; | |
177 terminate_on_memory_limit_ = terminate; | |
178 return SBOX_ALL_OK; | |
179 } | |
180 | |
181 bool PolicyBase::WillTerminateOnJobMemoryLimit() const { | |
182 return terminate_on_memory_limit_; | |
183 } | |
184 | |
170 ResultCode PolicyBase::SetAlternateDesktop(bool alternate_winstation) { | 185 ResultCode PolicyBase::SetAlternateDesktop(bool alternate_winstation) { |
171 use_alternate_desktop_ = true; | 186 use_alternate_desktop_ = true; |
172 use_alternate_winstation_ = alternate_winstation; | 187 use_alternate_winstation_ = alternate_winstation; |
173 return CreateAlternateDesktop(alternate_winstation); | 188 return CreateAlternateDesktop(alternate_winstation); |
174 } | 189 } |
175 | 190 |
176 base::string16 PolicyBase::GetAlternateDesktop() const { | 191 base::string16 PolicyBase::GetAlternateDesktop() const { |
177 // No alternate desktop or winstation. Return an empty string. | 192 // No alternate desktop or winstation. Return an empty string. |
178 if (!use_alternate_desktop_ && !use_alternate_winstation_) { | 193 if (!use_alternate_desktop_ && !use_alternate_winstation_) { |
179 return base::string16(); | 194 return base::string16(); |
(...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
452 NOTREACHED(); | 467 NOTREACHED(); |
453 return false; | 468 return false; |
454 } | 469 } |
455 return dispatch->SetupService(manager, service); | 470 return dispatch->SetupService(manager, service); |
456 } | 471 } |
457 | 472 |
458 ResultCode PolicyBase::MakeJobObject(HANDLE* job) { | 473 ResultCode PolicyBase::MakeJobObject(HANDLE* job) { |
459 if (job_level_ != JOB_NONE) { | 474 if (job_level_ != JOB_NONE) { |
460 // Create the windows job object. | 475 // Create the windows job object. |
461 Job job_obj; | 476 Job job_obj; |
477 job_obj.SetProcessMemoryLimit(process_memory_limit_); | |
462 DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_); | 478 DWORD result = job_obj.Init(job_level_, NULL, ui_exceptions_); |
cpu_(ooo_6.6-7.5)
2014/06/06 19:44:05
seems best to move to job_obj.Init(..., memory_lim
jschuh
2014/06/06 20:13:14
Sure.
| |
463 if (ERROR_SUCCESS != result) { | 479 if (ERROR_SUCCESS != result) { |
464 return SBOX_ERROR_GENERIC; | 480 return SBOX_ERROR_GENERIC; |
465 } | 481 } |
466 *job = job_obj.Detach(); | 482 *job = job_obj.Detach(); |
467 } else { | 483 } else { |
468 *job = NULL; | 484 *job = NULL; |
469 } | 485 } |
470 return SBOX_ALL_OK; | 486 return SBOX_ALL_OK; |
471 } | 487 } |
472 | 488 |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
666 | 682 |
667 // Finally, setup imports on the target so the interceptions can work. | 683 // Finally, setup imports on the target so the interceptions can work. |
668 return SetupNtdllImports(target); | 684 return SetupNtdllImports(target); |
669 } | 685 } |
670 | 686 |
671 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 687 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
672 return handle_closer_.InitializeTargetHandles(target); | 688 return handle_closer_.InitializeTargetHandles(target); |
673 } | 689 } |
674 | 690 |
675 } // namespace sandbox | 691 } // namespace sandbox |
OLD | NEW |