Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(189)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_win.cc

Issue 606463002: Remove implicit HANDLE conversions from content. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/renderer_host/pepper/pepper_truetype_font_win.cc ('k') | content/ppapi_plugin/ppapi_thread.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_win.h" 5 #include "content/common/sandbox_win.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/base_switches.h" 9 #include "base/base_switches.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 463 matching lines...) Expand 10 before | Expand all | Expand 10 after
474 // We need a handle with permission to check the job object. 474 // We need a handle with permission to check the job object.
475 if (ERROR_ACCESS_DENIED == ::GetLastError()) { 475 if (ERROR_ACCESS_DENIED == ::GetLastError()) {
476 HANDLE temp_handle; 476 HANDLE temp_handle;
477 CHECK(g_iat_orig_duplicate_handle(::GetCurrentProcess(), 477 CHECK(g_iat_orig_duplicate_handle(::GetCurrentProcess(),
478 target_process_handle, 478 target_process_handle,
479 ::GetCurrentProcess(), 479 ::GetCurrentProcess(),
480 &temp_handle, 480 &temp_handle,
481 PROCESS_QUERY_INFORMATION, 481 PROCESS_QUERY_INFORMATION,
482 FALSE, 0)); 482 FALSE, 0));
483 base::win::ScopedHandle process(temp_handle); 483 base::win::ScopedHandle process(temp_handle);
484 CHECK(::IsProcessInJob(process, NULL, &is_in_job)); 484 CHECK(::IsProcessInJob(process.Get(), NULL, &is_in_job));
485 } 485 }
486 } 486 }
487 487
488 if (is_in_job) { 488 if (is_in_job) {
489 // We never allow inheritable child handles. 489 // We never allow inheritable child handles.
490 CHECK(!inherit_handle) << kDuplicateHandleWarning; 490 CHECK(!inherit_handle) << kDuplicateHandleWarning;
491 491
492 // Duplicate the handle again, to get the final permissions. 492 // Duplicate the handle again, to get the final permissions.
493 HANDLE temp_handle; 493 HANDLE temp_handle;
494 CHECK(g_iat_orig_duplicate_handle(target_process_handle, *target_handle, 494 CHECK(g_iat_orig_duplicate_handle(target_process_handle, *target_handle,
495 ::GetCurrentProcess(), &temp_handle, 495 ::GetCurrentProcess(), &temp_handle,
496 0, FALSE, DUPLICATE_SAME_ACCESS)); 496 0, FALSE, DUPLICATE_SAME_ACCESS));
497 base::win::ScopedHandle handle(temp_handle); 497 base::win::ScopedHandle handle(temp_handle);
498 498
499 // Callers use CHECK macro to make sure we get the right stack. 499 // Callers use CHECK macro to make sure we get the right stack.
500 CheckDuplicateHandle(handle); 500 CheckDuplicateHandle(handle.Get());
501 } 501 }
502 502
503 return TRUE; 503 return TRUE;
504 } 504 }
505 #endif 505 #endif
506 506
507 } // namespace 507 } // namespace
508 508
509 void SetJobLevel(const base::CommandLine& cmd_line, 509 void SetJobLevel(const base::CommandLine& cmd_line,
510 sandbox::JobLevel job_level, 510 sandbox::JobLevel job_level,
(...skipping 266 matching lines...) Expand 10 before | Expand all | Expand 10 after
777 options) == sandbox::SBOX_ALL_OK) { 777 options) == sandbox::SBOX_ALL_OK) {
778 return true; 778 return true;
779 } 779 }
780 780
781 // Finally, see if we already have access to the process. 781 // Finally, see if we already have access to the process.
782 base::win::ScopedHandle target_process; 782 base::win::ScopedHandle target_process;
783 target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE, 783 target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
784 target_process_id)); 784 target_process_id));
785 if (target_process.IsValid()) { 785 if (target_process.IsValid()) {
786 return !!::DuplicateHandle(::GetCurrentProcess(), source_handle, 786 return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
787 target_process, target_handle, 787 target_process.Get(), target_handle,
788 desired_access, FALSE, options); 788 desired_access, FALSE, options);
789 } 789 }
790 790
791 return false; 791 return false;
792 } 792 }
793 793
794 bool BrokerAddTargetPeer(HANDLE peer_process) { 794 bool BrokerAddTargetPeer(HANDLE peer_process) {
795 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; 795 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
796 } 796 }
797 797
798 } // namespace content 798 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/renderer_host/pepper/pepper_truetype_font_win.cc ('k') | content/ppapi_plugin/ppapi_thread.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698