Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(243)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_win.cc

Issue 330853002: Add UIPI support for sandbox alternate desktop (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: for commit Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | sandbox/win/src/integrity_level_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_win.h" 5 #include "content/common/sandbox_win.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/base_switches.h" 9 #include "base/base_switches.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after
352 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; 352 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
353 if (base::win::GetVersion() > base::win::VERSION_XP) { 353 if (base::win::GetVersion() > base::win::VERSION_XP) {
354 // On 2003/Vista the initial token has to be restricted if the main 354 // On 2003/Vista the initial token has to be restricted if the main
355 // token is restricted. 355 // token is restricted.
356 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; 356 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS;
357 } 357 }
358 358
359 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN); 359 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN);
360 // Prevents the renderers from manipulating low-integrity processes. 360 // Prevents the renderers from manipulating low-integrity processes.
361 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED); 361 policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
362 policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
362 363
363 if (sandbox::SBOX_ALL_OK != policy->SetAlternateDesktop(true)) { 364 if (sandbox::SBOX_ALL_OK != policy->SetAlternateDesktop(true)) {
364 DLOG(WARNING) << "Failed to apply desktop security to the renderer"; 365 DLOG(WARNING) << "Failed to apply desktop security to the renderer";
365 } 366 }
366 367
367 return true; 368 return true;
368 } 369 }
369 370
370 // Updates the command line arguments with debug-related flags. If debug flags 371 // Updates the command line arguments with debug-related flags. If debug flags
371 // have been used with this process, they will be filtered and added to 372 // have been used with this process, they will be filtered and added to
(...skipping 377 matching lines...) Expand 10 before | Expand all | Expand 10 after
749 } 750 }
750 751
751 return false; 752 return false;
752 } 753 }
753 754
754 bool BrokerAddTargetPeer(HANDLE peer_process) { 755 bool BrokerAddTargetPeer(HANDLE peer_process) {
755 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; 756 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
756 } 757 }
757 758
758 } // namespace content 759 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | sandbox/win/src/integrity_level_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698