Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1814)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/sandbox_policy_base.cc

Issue 330853002: Add UIPI support for sandbox alternate desktop (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: feedback Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/sandbox_policy_base.h ('k') | sandbox/win/tests/validation_tests/suite.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/sandbox_policy_base.cc
diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc
index 711fafc006acd0c2462b05b65e215983aa40556b..318dd2756fab9f265b0f67eac14c3c9454e0a2a4 100644
--- a/sandbox/win/src/sandbox_policy_base.cc
+++ b/sandbox/win/src/sandbox_policy_base.cc
@@ -4,6 +4,8 @@
#include "sandbox/win/src/sandbox_policy_base.h"
+#include <sddl.h>
+
#include "base/basictypes.h"
#include "base/callback.h"
#include "base/logging.h"
@@ -75,6 +77,8 @@ SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations;
// Initializes static members.
HWINSTA PolicyBase::alternate_winstation_handle_ = NULL;
HDESK PolicyBase::alternate_desktop_handle_ = NULL;
+IntegrityLevel PolicyBase::alternate_desktop_integrity_level_label_ =
+ INTEGRITY_LEVEL_LAST;
rvargas (doing something else) 2014/06/20 23:13:08 At this point I would be OK if you want to set thi
jschuh 2014/06/20 23:21:04 Done.
PolicyBase::PolicyBase()
: ref_count(1),
@@ -521,6 +525,28 @@ ResultCode PolicyBase::MakeTokens(HANDLE* initial, HANDLE* lockdown) {
return SBOX_ERROR_GENERIC;
}
+ // If we're launching on the alternate desktop we need to make sure the
+ // integrity label on the object is no higher than the sandboxed process's
+ // integrity level. So, we lower the label on the desktop process if it's
+ // not already low enough for our process.
+ if (use_alternate_desktop_ &&
+ integrity_level_ != INTEGRITY_LEVEL_LAST &&
+ (alternate_desktop_integrity_level_label_ == INTEGRITY_LEVEL_LAST ||
+ alternate_desktop_integrity_level_label_ < integrity_level_) &&
+ base::win::OSInfo::GetInstance()->version() >= base::win::VERSION_VISTA) {
+ // Integrity label enum is reversed (higher level is a lower value).
+ static_assert(INTEGRITY_LEVEL_SYSTEM < INTEGRITY_LEVEL_UNTRUSTED,
+ "Integrity level ordering reversed.");
+ result = SetObjectIntegrityLabel(alternate_desktop_handle_,
+ SE_WINDOW_OBJECT,
+ L"",
+ GetIntegrityLevelString(integrity_level_));
+ if (ERROR_SUCCESS != result)
+ return SBOX_ERROR_GENERIC;
+
+ alternate_desktop_integrity_level_label_ = integrity_level_;
+ }
+
if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) {
// Windows refuses to work with an impersonation token. See SetAppContainer
// implementation for more details.
« no previous file with comments | « sandbox/win/src/sandbox_policy_base.h ('k') | sandbox/win/tests/validation_tests/suite.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698