OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
352 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; | 352 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; |
353 if (base::win::GetVersion() > base::win::VERSION_XP) { | 353 if (base::win::GetVersion() > base::win::VERSION_XP) { |
354 // On 2003/Vista the initial token has to be restricted if the main | 354 // On 2003/Vista the initial token has to be restricted if the main |
355 // token is restricted. | 355 // token is restricted. |
356 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; | 356 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; |
357 } | 357 } |
358 | 358 |
359 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN); | 359 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN); |
360 // Prevents the renderers from manipulating low-integrity processes. | 360 // Prevents the renderers from manipulating low-integrity processes. |
361 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED); | 361 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED); |
| 362 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); |
362 | 363 |
363 if (sandbox::SBOX_ALL_OK != policy->SetAlternateDesktop(true)) { | 364 if (sandbox::SBOX_ALL_OK != policy->SetAlternateDesktop(true)) { |
364 DLOG(WARNING) << "Failed to apply desktop security to the renderer"; | 365 DLOG(WARNING) << "Failed to apply desktop security to the renderer"; |
365 } | 366 } |
366 | 367 |
367 return true; | 368 return true; |
368 } | 369 } |
369 | 370 |
370 // Updates the command line arguments with debug-related flags. If debug flags | 371 // Updates the command line arguments with debug-related flags. If debug flags |
371 // have been used with this process, they will be filtered and added to | 372 // have been used with this process, they will be filtered and added to |
(...skipping 377 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
749 } | 750 } |
750 | 751 |
751 return false; | 752 return false; |
752 } | 753 } |
753 | 754 |
754 bool BrokerAddTargetPeer(HANDLE peer_process) { | 755 bool BrokerAddTargetPeer(HANDLE peer_process) { |
755 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 756 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
756 } | 757 } |
757 | 758 |
758 } // namespace content | 759 } // namespace content |
OLD | NEW |