OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
6 | 6 |
7 #include <sddl.h> | |
8 | |
7 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
8 #include "base/callback.h" | 10 #include "base/callback.h" |
9 #include "base/logging.h" | 11 #include "base/logging.h" |
10 #include "base/win/windows_version.h" | 12 #include "base/win/windows_version.h" |
11 #include "sandbox/win/src/app_container.h" | 13 #include "sandbox/win/src/app_container.h" |
12 #include "sandbox/win/src/filesystem_dispatcher.h" | 14 #include "sandbox/win/src/filesystem_dispatcher.h" |
13 #include "sandbox/win/src/filesystem_policy.h" | 15 #include "sandbox/win/src/filesystem_policy.h" |
14 #include "sandbox/win/src/handle_dispatcher.h" | 16 #include "sandbox/win/src/handle_dispatcher.h" |
15 #include "sandbox/win/src/handle_policy.h" | 17 #include "sandbox/win/src/handle_policy.h" |
16 #include "sandbox/win/src/job.h" | 18 #include "sandbox/win/src/job.h" |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
68 } | 70 } |
69 | 71 |
70 namespace sandbox { | 72 namespace sandbox { |
71 | 73 |
72 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; | 74 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; |
73 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; | 75 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; |
74 | 76 |
75 // Initializes static members. | 77 // Initializes static members. |
76 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; | 78 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; |
77 HDESK PolicyBase::alternate_desktop_handle_ = NULL; | 79 HDESK PolicyBase::alternate_desktop_handle_ = NULL; |
80 IntegrityLevel PolicyBase::alternate_desktop_integrity_level_label_ = | |
81 INTEGRITY_LEVEL_LAST; | |
rvargas (doing something else)
2014/06/20 23:13:08
At this point I would be OK if you want to set thi
jschuh
2014/06/20 23:21:04
Done.
| |
78 | 82 |
79 PolicyBase::PolicyBase() | 83 PolicyBase::PolicyBase() |
80 : ref_count(1), | 84 : ref_count(1), |
81 lockdown_level_(USER_LOCKDOWN), | 85 lockdown_level_(USER_LOCKDOWN), |
82 initial_level_(USER_LOCKDOWN), | 86 initial_level_(USER_LOCKDOWN), |
83 job_level_(JOB_LOCKDOWN), | 87 job_level_(JOB_LOCKDOWN), |
84 ui_exceptions_(0), | 88 ui_exceptions_(0), |
85 memory_limit_(0), | 89 memory_limit_(0), |
86 use_alternate_desktop_(false), | 90 use_alternate_desktop_(false), |
87 use_alternate_winstation_(false), | 91 use_alternate_winstation_(false), |
(...skipping 422 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
510 *job = NULL; | 514 *job = NULL; |
511 } | 515 } |
512 return SBOX_ALL_OK; | 516 return SBOX_ALL_OK; |
513 } | 517 } |
514 | 518 |
515 ResultCode PolicyBase::MakeTokens(HANDLE* initial, HANDLE* lockdown) { | 519 ResultCode PolicyBase::MakeTokens(HANDLE* initial, HANDLE* lockdown) { |
516 // Create the 'naked' token. This will be the permanent token associated | 520 // Create the 'naked' token. This will be the permanent token associated |
517 // with the process and therefore with any thread that is not impersonating. | 521 // with the process and therefore with any thread that is not impersonating. |
518 DWORD result = CreateRestrictedToken(lockdown, lockdown_level_, | 522 DWORD result = CreateRestrictedToken(lockdown, lockdown_level_, |
519 integrity_level_, PRIMARY); | 523 integrity_level_, PRIMARY); |
520 if (ERROR_SUCCESS != result) { | 524 if (ERROR_SUCCESS != result) { |
rvargas (doing something else)
2014/06/20 23:13:08
nit: Could you remove these {}
jschuh
2014/06/20 23:21:04
Done.
| |
521 return SBOX_ERROR_GENERIC; | 525 return SBOX_ERROR_GENERIC; |
522 } | 526 } |
523 | 527 |
528 // If we're launching on the alternate desktop we need to make sure the | |
529 // integrity label on the object is no higher than the sandboxed process's | |
530 // integrity level. So, we lower the label on the desktop process if it's | |
531 // not already low enough for our process. | |
532 if (use_alternate_desktop_ && | |
533 integrity_level_ != INTEGRITY_LEVEL_LAST && | |
534 (alternate_desktop_integrity_level_label_ == INTEGRITY_LEVEL_LAST || | |
535 alternate_desktop_integrity_level_label_ < integrity_level_) && | |
536 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { | |
537 // Integrity label enum is reversed (higher level is a lower value). | |
538 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, | |
539 "Integrity level ordering reversed."); | |
540 result = SetObjectIntegrityLabel(alternate_desktop_handle_, | |
541 SE_WINDOW_OBJECT, | |
542 L"", | |
543 GetIntegrityLevelString(integrity_level_)); | |
544 if (ERROR_SUCCESS != result) | |
545 return SBOX_ERROR_GENERIC; | |
546 | |
547 alternate_desktop_integrity_level_label_ = integrity_level_; | |
548 } | |
549 | |
524 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { | 550 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { |
525 // Windows refuses to work with an impersonation token. See SetAppContainer | 551 // Windows refuses to work with an impersonation token. See SetAppContainer |
526 // implementation for more details. | 552 // implementation for more details. |
527 if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) | 553 if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) |
528 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | 554 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; |
529 | 555 |
530 *initial = INVALID_HANDLE_VALUE; | 556 *initial = INVALID_HANDLE_VALUE; |
531 return SBOX_ALL_OK; | 557 return SBOX_ALL_OK; |
532 } | 558 } |
533 | 559 |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
705 | 731 |
706 // Finally, setup imports on the target so the interceptions can work. | 732 // Finally, setup imports on the target so the interceptions can work. |
707 return SetupNtdllImports(target); | 733 return SetupNtdllImports(target); |
708 } | 734 } |
709 | 735 |
710 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 736 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
711 return handle_closer_.InitializeTargetHandles(target); | 737 return handle_closer_.InitializeTargetHandles(target); |
712 } | 738 } |
713 | 739 |
714 } // namespace sandbox | 740 } // namespace sandbox |
OLD | NEW |