Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(454)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_win.cc

Issue 430753002: Resolve registry root paths in HandleCloser (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | sandbox/win/src/handle_closer.cc » ('j') | sandbox/win/src/handle_closer.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_win.h" 5 #include "content/common/sandbox_win.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/base_switches.h" 9 #include "base/base_switches.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after
342 sandbox::ResultCode result; 342 sandbox::ResultCode result;
343 // Renderers need to share events with plugins. 343 // Renderers need to share events with plugins.
344 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES, 344 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
345 sandbox::TargetPolicy::HANDLES_DUP_ANY, 345 sandbox::TargetPolicy::HANDLES_DUP_ANY,
346 L"Event"); 346 L"Event");
347 if (result != sandbox::SBOX_ALL_OK) 347 if (result != sandbox::SBOX_ALL_OK)
348 return false; 348 return false;
349 349
350 // Win8+ adds a device DeviceApi that we don't need. 350 // Win8+ adds a device DeviceApi that we don't need.
351 if (base::win::GetVersion() > base::win::VERSION_WIN7) 351 if (base::win::GetVersion() > base::win::VERSION_WIN7)
352 policy->AddKernelObjectToClose(L"File", L"\\Device\\DeviceApi"); 352 result = policy->AddKernelObjectToClose(L"File", L"\\Device\\DeviceApi");
353 if (result != sandbox::SBOX_ALL_OK)
354 return false;
353 355
354 // Close the proxy settings on XP. 356 // Close the proxy settings on XP.
355 if (base::win::GetVersion() <= base::win::VERSION_SERVER_2003) 357 if (base::win::GetVersion() <= base::win::VERSION_SERVER_2003)
356 policy->AddKernelObjectToClose(L"Key", 358 result = policy->AddKernelObjectToClose(L"Key",
357 L"HKCU\\Software\\Microsoft\\Windows\\" \ 359 L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\" \
358 L"CurrentVersion\\Internet Settings"); 360 L"CurrentVersion\\Internet Settings");
361 if (result != sandbox::SBOX_ALL_OK)
362 return false;
363
359 364
360 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED; 365 sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
361 if (base::win::GetVersion() > base::win::VERSION_XP) { 366 if (base::win::GetVersion() > base::win::VERSION_XP) {
362 // On 2003/Vista the initial token has to be restricted if the main 367 // On 2003/Vista the initial token has to be restricted if the main
363 // token is restricted. 368 // token is restricted.
364 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS; 369 initial_token = sandbox::USER_RESTRICTED_SAME_ACCESS;
365 } 370 }
366 371
367 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN); 372 policy->SetTokenLevel(initial_token, sandbox::USER_LOCKDOWN);
368 // Prevents the renderers from manipulating low-integrity processes. 373 // Prevents the renderers from manipulating low-integrity processes.
(...skipping 412 matching lines...) Expand 10 before | Expand all | Expand 10 after
781 } 786 }
782 787
783 return false; 788 return false;
784 } 789 }
785 790
786 bool BrokerAddTargetPeer(HANDLE peer_process) { 791 bool BrokerAddTargetPeer(HANDLE peer_process) {
787 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; 792 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
788 } 793 }
789 794
790 } // namespace content 795 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | sandbox/win/src/handle_closer.cc » ('j') | sandbox/win/src/handle_closer.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698