| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 449 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 460 // We're not worried about broker handles or not crossing process boundaries. | 460 // We're not worried about broker handles or not crossing process boundaries. |
| 461 if (source_process_handle == target_process_handle || | 461 if (source_process_handle == target_process_handle || |
| 462 target_process_handle == ::GetCurrentProcess()) | 462 target_process_handle == ::GetCurrentProcess()) |
| 463 return TRUE; | 463 return TRUE; |
| 464 | 464 |
| 465 // Only sandboxed children are placed in jobs, so just check them. | 465 // Only sandboxed children are placed in jobs, so just check them. |
| 466 BOOL is_in_job = FALSE; | 466 BOOL is_in_job = FALSE; |
| 467 if (!::IsProcessInJob(target_process_handle, NULL, &is_in_job)) { | 467 if (!::IsProcessInJob(target_process_handle, NULL, &is_in_job)) { |
| 468 // We need a handle with permission to check the job object. | 468 // We need a handle with permission to check the job object. |
| 469 if (ERROR_ACCESS_DENIED == ::GetLastError()) { | 469 if (ERROR_ACCESS_DENIED == ::GetLastError()) { |
| 470 base::win::ScopedHandle process; | 470 HANDLE temp_handle; |
| 471 CHECK(g_iat_orig_duplicate_handle(::GetCurrentProcess(), | 471 CHECK(g_iat_orig_duplicate_handle(::GetCurrentProcess(), |
| 472 target_process_handle, | 472 target_process_handle, |
| 473 ::GetCurrentProcess(), | 473 ::GetCurrentProcess(), |
| 474 process.Receive(), | 474 &temp_handle, |
| 475 PROCESS_QUERY_INFORMATION, | 475 PROCESS_QUERY_INFORMATION, |
| 476 FALSE, 0)); | 476 FALSE, 0)); |
| 477 base::win::ScopedHandle process(temp_handle); |
| 477 CHECK(::IsProcessInJob(process, NULL, &is_in_job)); | 478 CHECK(::IsProcessInJob(process, NULL, &is_in_job)); |
| 478 } | 479 } |
| 479 } | 480 } |
| 480 | 481 |
| 481 if (is_in_job) { | 482 if (is_in_job) { |
| 482 // We never allow inheritable child handles. | 483 // We never allow inheritable child handles. |
| 483 CHECK(!inherit_handle) << kDuplicateHandleWarning; | 484 CHECK(!inherit_handle) << kDuplicateHandleWarning; |
| 484 | 485 |
| 485 // Duplicate the handle again, to get the final permissions. | 486 // Duplicate the handle again, to get the final permissions. |
| 486 base::win::ScopedHandle handle; | 487 HANDLE temp_handle; |
| 487 CHECK(g_iat_orig_duplicate_handle(target_process_handle, *target_handle, | 488 CHECK(g_iat_orig_duplicate_handle(target_process_handle, *target_handle, |
| 488 ::GetCurrentProcess(), handle.Receive(), | 489 ::GetCurrentProcess(), &temp_handle, |
| 489 0, FALSE, DUPLICATE_SAME_ACCESS)); | 490 0, FALSE, DUPLICATE_SAME_ACCESS)); |
| 491 base::win::ScopedHandle handle(temp_handle); |
| 490 | 492 |
| 491 // Callers use CHECK macro to make sure we get the right stack. | 493 // Callers use CHECK macro to make sure we get the right stack. |
| 492 CheckDuplicateHandle(handle); | 494 CheckDuplicateHandle(handle); |
| 493 } | 495 } |
| 494 | 496 |
| 495 return TRUE; | 497 return TRUE; |
| 496 } | 498 } |
| 497 #endif | 499 #endif |
| 498 | 500 |
| 499 } // namespace | 501 } // namespace |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 593 // to create separate pretetch settings for browser, renderer etc. | 595 // to create separate pretetch settings for browser, renderer etc. |
| 594 cmd_line->AppendArg(base::StringPrintf("/prefetch:%d", base::Hash(type_str))); | 596 cmd_line->AppendArg(base::StringPrintf("/prefetch:%d", base::Hash(type_str))); |
| 595 | 597 |
| 596 if (!in_sandbox) { | 598 if (!in_sandbox) { |
| 597 base::ProcessHandle process = 0; | 599 base::ProcessHandle process = 0; |
| 598 base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process); | 600 base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process); |
| 599 g_broker_services->AddTargetPeer(process); | 601 g_broker_services->AddTargetPeer(process); |
| 600 return process; | 602 return process; |
| 601 } | 603 } |
| 602 | 604 |
| 603 base::win::ScopedProcessInformation target; | |
| 604 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); | 605 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); |
| 605 | 606 |
| 606 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | | 607 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | |
| 607 sandbox::MITIGATION_BOTTOM_UP_ASLR | | 608 sandbox::MITIGATION_BOTTOM_UP_ASLR | |
| 608 sandbox::MITIGATION_DEP | | 609 sandbox::MITIGATION_DEP | |
| 609 sandbox::MITIGATION_DEP_NO_ATL_THUNK | | 610 sandbox::MITIGATION_DEP_NO_ATL_THUNK | |
| 610 sandbox::MITIGATION_SEHOP; | 611 sandbox::MITIGATION_SEHOP; |
| 611 | 612 |
| 612 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) | 613 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) |
| 613 return 0; | 614 return 0; |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 665 | 666 |
| 666 if (delegate) { | 667 if (delegate) { |
| 667 bool success = true; | 668 bool success = true; |
| 668 delegate->PreSpawnTarget(policy, &success); | 669 delegate->PreSpawnTarget(policy, &success); |
| 669 if (!success) | 670 if (!success) |
| 670 return 0; | 671 return 0; |
| 671 } | 672 } |
| 672 | 673 |
| 673 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); | 674 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); |
| 674 | 675 |
| 676 PROCESS_INFORMATION temp_process_info = {}; |
| 675 result = g_broker_services->SpawnTarget( | 677 result = g_broker_services->SpawnTarget( |
| 676 cmd_line->GetProgram().value().c_str(), | 678 cmd_line->GetProgram().value().c_str(), |
| 677 cmd_line->GetCommandLineString().c_str(), | 679 cmd_line->GetCommandLineString().c_str(), |
| 678 policy, target.Receive()); | 680 policy, &temp_process_info); |
| 679 policy->Release(); | 681 policy->Release(); |
| 682 base::win::ScopedProcessInformation target(temp_process_info); |
| 680 | 683 |
| 681 TRACE_EVENT_END_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); | 684 TRACE_EVENT_END_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); |
| 682 | 685 |
| 683 if (sandbox::SBOX_ALL_OK != result) { | 686 if (sandbox::SBOX_ALL_OK != result) { |
| 684 if (result == sandbox::SBOX_ERROR_GENERIC) | 687 if (result == sandbox::SBOX_ERROR_GENERIC) |
| 685 DPLOG(ERROR) << "Failed to launch process"; | 688 DPLOG(ERROR) << "Failed to launch process"; |
| 686 else | 689 else |
| 687 DLOG(ERROR) << "Failed to launch process. Error: " << result; | 690 DLOG(ERROR) << "Failed to launch process. Error: " << result; |
| 688 return 0; | 691 return 0; |
| 689 } | 692 } |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 733 } | 736 } |
| 734 | 737 |
| 735 return false; | 738 return false; |
| 736 } | 739 } |
| 737 | 740 |
| 738 bool BrokerAddTargetPeer(HANDLE peer_process) { | 741 bool BrokerAddTargetPeer(HANDLE peer_process) { |
| 739 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 742 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
| 740 } | 743 } |
| 741 | 744 |
| 742 } // namespace content | 745 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 71013004:
Base: Remove Receive() from ScopedHandle. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src