OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
6 | 6 |
7 #include <sddl.h> | |
8 | |
7 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
8 #include "base/callback.h" | 10 #include "base/callback.h" |
9 #include "base/logging.h" | 11 #include "base/logging.h" |
10 #include "base/win/windows_version.h" | 12 #include "base/win/windows_version.h" |
11 #include "sandbox/win/src/app_container.h" | 13 #include "sandbox/win/src/app_container.h" |
12 #include "sandbox/win/src/filesystem_dispatcher.h" | 14 #include "sandbox/win/src/filesystem_dispatcher.h" |
13 #include "sandbox/win/src/filesystem_policy.h" | 15 #include "sandbox/win/src/filesystem_policy.h" |
14 #include "sandbox/win/src/handle_dispatcher.h" | 16 #include "sandbox/win/src/handle_dispatcher.h" |
15 #include "sandbox/win/src/handle_policy.h" | 17 #include "sandbox/win/src/handle_policy.h" |
16 #include "sandbox/win/src/job.h" | 18 #include "sandbox/win/src/job.h" |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
68 } | 70 } |
69 | 71 |
70 namespace sandbox { | 72 namespace sandbox { |
71 | 73 |
72 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; | 74 SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; |
73 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; | 75 SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; |
74 | 76 |
75 // Initializes static members. | 77 // Initializes static members. |
76 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; | 78 HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; |
77 HDESK PolicyBase::alternate_desktop_handle_ = NULL; | 79 HDESK PolicyBase::alternate_desktop_handle_ = NULL; |
80 IntegrityLevel PolicyBase::alternate_desktop_integrity_label_ = | |
81 INTEGRITY_LEVEL_SYSTEM; | |
rvargas (doing something else)
2014/06/13 19:46:11
nit: Shouldn't we use _LEVEL_LAST here? It shouldn
jschuh
2014/06/13 22:29:36
Done, but it makes the conditional below a bit mor
| |
78 | 82 |
79 PolicyBase::PolicyBase() | 83 PolicyBase::PolicyBase() |
80 : ref_count(1), | 84 : ref_count(1), |
81 lockdown_level_(USER_LOCKDOWN), | 85 lockdown_level_(USER_LOCKDOWN), |
82 initial_level_(USER_LOCKDOWN), | 86 initial_level_(USER_LOCKDOWN), |
83 job_level_(JOB_LOCKDOWN), | 87 job_level_(JOB_LOCKDOWN), |
84 ui_exceptions_(0), | 88 ui_exceptions_(0), |
85 memory_limit_(0), | 89 memory_limit_(0), |
86 use_alternate_desktop_(false), | 90 use_alternate_desktop_(false), |
87 use_alternate_winstation_(false), | 91 use_alternate_winstation_(false), |
(...skipping 426 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
514 | 518 |
515 ResultCode PolicyBase::MakeTokens(HANDLE* initial, HANDLE* lockdown) { | 519 ResultCode PolicyBase::MakeTokens(HANDLE* initial, HANDLE* lockdown) { |
516 // Create the 'naked' token. This will be the permanent token associated | 520 // Create the 'naked' token. This will be the permanent token associated |
517 // with the process and therefore with any thread that is not impersonating. | 521 // with the process and therefore with any thread that is not impersonating. |
518 DWORD result = CreateRestrictedToken(lockdown, lockdown_level_, | 522 DWORD result = CreateRestrictedToken(lockdown, lockdown_level_, |
519 integrity_level_, PRIMARY); | 523 integrity_level_, PRIMARY); |
520 if (ERROR_SUCCESS != result) { | 524 if (ERROR_SUCCESS != result) { |
521 return SBOX_ERROR_GENERIC; | 525 return SBOX_ERROR_GENERIC; |
522 } | 526 } |
523 | 527 |
528 // If we're launching on the alternate desktop we need to make sure our | |
529 // process has an integrity label that can access it. So, we lower the label | |
rvargas (doing something else)
2014/06/13 19:46:11
label -> level
jschuh
2014/06/13 22:29:36
Fine, but you have to deal with the ire of Bell an
rvargas (doing something else)
2014/06/13 23:18:47
no me asusta el acertijo!
| |
530 // on the desktop if needed. | |
531 if (alternate_desktop_handle_ && | |
532 integrity_level_ != INTEGRITY_LEVEL_LAST && | |
533 alternate_desktop_integrity_label_ < integrity_level_ && | |
rvargas (doing something else)
2014/06/13 19:46:11
_label_ -> level
rvargas (doing something else)
2014/06/13 19:46:11
... then this would be
alternate_desktop_integrit
jschuh
2014/06/13 22:29:36
Done, but that's not quite how it works due to the
rvargas (doing something else)
2014/06/13 23:18:47
Yeah, I got that... the way I was reading this con
| |
534 base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) { | |
535 static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED, | |
536 "Integrity level ordering reversed."); | |
537 result = SetObjectIntegrityLabel(alternate_desktop_handle_, | |
538 SE_WINDOW_OBJECT, | |
539 L"", | |
540 GetIntegrityLevelString(integrity_level_)); | |
541 if (ERROR_SUCCESS != result) { | |
542 ::SetLastError(result); | |
rvargas (doing something else)
2014/06/13 19:46:11
nit: I don't think we promise a last error.
jschuh
2014/06/13 22:29:36
Done.
| |
543 return SBOX_ERROR_GENERIC; | |
544 } | |
545 alternate_desktop_integrity_label_ = integrity_level_; | |
546 } | |
547 | |
524 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { | 548 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { |
525 // Windows refuses to work with an impersonation token. See SetAppContainer | 549 // Windows refuses to work with an impersonation token. See SetAppContainer |
526 // implementation for more details. | 550 // implementation for more details. |
527 if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) | 551 if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) |
528 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | 552 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; |
529 | 553 |
530 *initial = INVALID_HANDLE_VALUE; | 554 *initial = INVALID_HANDLE_VALUE; |
531 return SBOX_ALL_OK; | 555 return SBOX_ALL_OK; |
532 } | 556 } |
533 | 557 |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
705 | 729 |
706 // Finally, setup imports on the target so the interceptions can work. | 730 // Finally, setup imports on the target so the interceptions can work. |
707 return SetupNtdllImports(target); | 731 return SetupNtdllImports(target); |
708 } | 732 } |
709 | 733 |
710 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { | 734 bool PolicyBase::SetupHandleCloser(TargetProcess* target) { |
711 return handle_closer_.InitializeTargetHandles(target); | 735 return handle_closer_.InitializeTargetHandles(target); |
712 } | 736 } |
713 | 737 |
714 } // namespace sandbox | 738 } // namespace sandbox |
OLD | NEW |