| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/process_thread_policy.h" | 5 #include "sandbox/win/src/process_thread_policy.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "sandbox/win/src/ipc_tags.h" | 10 #include "sandbox/win/src/ipc_tags.h" |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 117 client_id.UniqueThread = | 117 client_id.UniqueThread = |
| 118 reinterpret_cast<PVOID>(static_cast<ULONG_PTR>(thread_id)); | 118 reinterpret_cast<PVOID>(static_cast<ULONG_PTR>(thread_id)); |
| 119 | 119 |
| 120 HANDLE local_handle; | 120 HANDLE local_handle; |
| 121 NTSTATUS status = NtOpenThread(&local_handle, desired_access, &attributes, | 121 NTSTATUS status = NtOpenThread(&local_handle, desired_access, &attributes, |
| 122 &client_id); | 122 &client_id); |
| 123 if (NT_SUCCESS(status)) { | 123 if (NT_SUCCESS(status)) { |
| 124 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 124 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 125 client_info.process, handle, 0, FALSE, | 125 client_info.process, handle, 0, FALSE, |
| 126 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 126 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 127 ::CloseHandle(local_handle); | |
| 128 return STATUS_ACCESS_DENIED; | 127 return STATUS_ACCESS_DENIED; |
| 129 } | 128 } |
| 130 } | 129 } |
| 131 | 130 |
| 132 return status; | 131 return status; |
| 133 } | 132 } |
| 134 | 133 |
| 135 NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info, | 134 NTSTATUS ProcessPolicy::OpenProcessAction(const ClientInfo& client_info, |
| 136 uint32 desired_access, | 135 uint32 desired_access, |
| 137 uint32 process_id, | 136 uint32 process_id, |
| (...skipping 11 matching lines...) Expand all Loading... |
| 149 CLIENT_ID client_id = {0}; | 148 CLIENT_ID client_id = {0}; |
| 150 client_id.UniqueProcess = reinterpret_cast<PVOID>( | 149 client_id.UniqueProcess = reinterpret_cast<PVOID>( |
| 151 static_cast<ULONG_PTR>(client_info.process_id)); | 150 static_cast<ULONG_PTR>(client_info.process_id)); |
| 152 HANDLE local_handle; | 151 HANDLE local_handle; |
| 153 NTSTATUS status = NtOpenProcess(&local_handle, desired_access, &attributes, | 152 NTSTATUS status = NtOpenProcess(&local_handle, desired_access, &attributes, |
| 154 &client_id); | 153 &client_id); |
| 155 if (NT_SUCCESS(status)) { | 154 if (NT_SUCCESS(status)) { |
| 156 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 155 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 157 client_info.process, handle, 0, FALSE, | 156 client_info.process, handle, 0, FALSE, |
| 158 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 157 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 159 ::CloseHandle(local_handle); | |
| 160 return STATUS_ACCESS_DENIED; | 158 return STATUS_ACCESS_DENIED; |
| 161 } | 159 } |
| 162 } | 160 } |
| 163 | 161 |
| 164 return status; | 162 return status; |
| 165 } | 163 } |
| 166 | 164 |
| 167 NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info, | 165 NTSTATUS ProcessPolicy::OpenProcessTokenAction(const ClientInfo& client_info, |
| 168 HANDLE process, | 166 HANDLE process, |
| 169 uint32 desired_access, | 167 uint32 desired_access, |
| 170 HANDLE* handle) { | 168 HANDLE* handle) { |
| 171 *handle = NULL; | 169 *handle = NULL; |
| 172 NtOpenProcessTokenFunction NtOpenProcessToken = NULL; | 170 NtOpenProcessTokenFunction NtOpenProcessToken = NULL; |
| 173 ResolveNTFunctionPtr("NtOpenProcessToken", &NtOpenProcessToken); | 171 ResolveNTFunctionPtr("NtOpenProcessToken", &NtOpenProcessToken); |
| 174 | 172 |
| 175 if (CURRENT_PROCESS != process) | 173 if (CURRENT_PROCESS != process) |
| 176 return STATUS_ACCESS_DENIED; | 174 return STATUS_ACCESS_DENIED; |
| 177 | 175 |
| 178 HANDLE local_handle; | 176 HANDLE local_handle; |
| 179 NTSTATUS status = NtOpenProcessToken(client_info.process, desired_access, | 177 NTSTATUS status = NtOpenProcessToken(client_info.process, desired_access, |
| 180 &local_handle); | 178 &local_handle); |
| 181 if (NT_SUCCESS(status)) { | 179 if (NT_SUCCESS(status)) { |
| 182 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 180 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 183 client_info.process, handle, 0, FALSE, | 181 client_info.process, handle, 0, FALSE, |
| 184 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 182 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 185 ::CloseHandle(local_handle); | |
| 186 return STATUS_ACCESS_DENIED; | 183 return STATUS_ACCESS_DENIED; |
| 187 } | 184 } |
| 188 } | 185 } |
| 189 return status; | 186 return status; |
| 190 } | 187 } |
| 191 | 188 |
| 192 NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info, | 189 NTSTATUS ProcessPolicy::OpenProcessTokenExAction(const ClientInfo& client_info, |
| 193 HANDLE process, | 190 HANDLE process, |
| 194 uint32 desired_access, | 191 uint32 desired_access, |
| 195 uint32 attributes, | 192 uint32 attributes, |
| 196 HANDLE* handle) { | 193 HANDLE* handle) { |
| 197 *handle = NULL; | 194 *handle = NULL; |
| 198 NtOpenProcessTokenExFunction NtOpenProcessTokenEx = NULL; | 195 NtOpenProcessTokenExFunction NtOpenProcessTokenEx = NULL; |
| 199 ResolveNTFunctionPtr("NtOpenProcessTokenEx", &NtOpenProcessTokenEx); | 196 ResolveNTFunctionPtr("NtOpenProcessTokenEx", &NtOpenProcessTokenEx); |
| 200 | 197 |
| 201 if (CURRENT_PROCESS != process) | 198 if (CURRENT_PROCESS != process) |
| 202 return STATUS_ACCESS_DENIED; | 199 return STATUS_ACCESS_DENIED; |
| 203 | 200 |
| 204 HANDLE local_handle; | 201 HANDLE local_handle; |
| 205 NTSTATUS status = NtOpenProcessTokenEx(client_info.process, desired_access, | 202 NTSTATUS status = NtOpenProcessTokenEx(client_info.process, desired_access, |
| 206 attributes, &local_handle); | 203 attributes, &local_handle); |
| 207 if (NT_SUCCESS(status)) { | 204 if (NT_SUCCESS(status)) { |
| 208 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, | 205 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, |
| 209 client_info.process, handle, 0, FALSE, | 206 client_info.process, handle, 0, FALSE, |
| 210 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { | 207 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { |
| 211 ::CloseHandle(local_handle); | |
| 212 return STATUS_ACCESS_DENIED; | 208 return STATUS_ACCESS_DENIED; |
| 213 } | 209 } |
| 214 } | 210 } |
| 215 return status; | 211 return status; |
| 216 } | 212 } |
| 217 | 213 |
| 218 DWORD ProcessPolicy::CreateProcessWAction(EvalResult eval_result, | 214 DWORD ProcessPolicy::CreateProcessWAction(EvalResult eval_result, |
| 219 const ClientInfo& client_info, | 215 const ClientInfo& client_info, |
| 220 const base::string16 &app_name, | 216 const base::string16 &app_name, |
| 221 const base::string16 &command_line, | 217 const base::string16 &command_line, |
| (...skipping 12 matching lines...) Expand all Loading... |
| 234 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, | 230 if (!CreateProcessExWHelper(client_info.process, should_give_full_access, |
| 235 app_name.c_str(), cmd_line.get(), NULL, NULL, | 231 app_name.c_str(), cmd_line.get(), NULL, NULL, |
| 236 FALSE, 0, NULL, NULL, &startup_info, | 232 FALSE, 0, NULL, NULL, &startup_info, |
| 237 process_info)) { | 233 process_info)) { |
| 238 return ERROR_ACCESS_DENIED; | 234 return ERROR_ACCESS_DENIED; |
| 239 } | 235 } |
| 240 return ERROR_SUCCESS; | 236 return ERROR_SUCCESS; |
| 241 } | 237 } |
| 242 | 238 |
| 243 } // namespace sandbox | 239 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 554163002:
Sandbox: Don't CloseHandle after calling DuplicateHandle (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master