Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(451)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/restricted_token_utils.cc

Issue 71013004: Base: Remove Receive() from ScopedHandle. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ScopedProcessInfo Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« base/process/launch_win.cc ('K') | « sandbox/win/src/process_policy_test.cc ('k') | sandbox/win/src/target_process.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <aclapi.h> 5 #include <aclapi.h>
6 #include <sddl.h> 6 #include <sddl.h>
7 #include <vector> 7 #include <vector>
8 8
9 #include "sandbox/win/src/restricted_token_utils.h" 9 #include "sandbox/win/src/restricted_token_utils.h"
10 10
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after
176 impersonation_level, 176 impersonation_level,
177 INTEGRITY_LEVEL_LAST, 177 INTEGRITY_LEVEL_LAST,
178 IMPERSONATION); 178 IMPERSONATION);
179 if (ERROR_SUCCESS != err_code) { 179 if (ERROR_SUCCESS != err_code) {
180 return err_code; 180 return err_code;
181 } 181 }
182 base::win::ScopedHandle impersonation_token(impersonation_token_handle); 182 base::win::ScopedHandle impersonation_token(impersonation_token_handle);
183 183
184 // Start the process 184 // Start the process
185 STARTUPINFO startup_info = {0}; 185 STARTUPINFO startup_info = {0};
186 base::win::ScopedProcessInformation process_info; 186 PROCESS_INFORMATION temp_process_info = {};
187 DWORD flags = CREATE_SUSPENDED; 187 DWORD flags = CREATE_SUSPENDED;
188 188
189 if (base::win::GetVersion() < base::win::VERSION_WIN8) { 189 if (base::win::GetVersion() < base::win::VERSION_WIN8) {
190 // Windows 8 implements nested jobs, but for older systems we need to 190 // Windows 8 implements nested jobs, but for older systems we need to
191 // break out of any job we're in to enforce our restrictions. 191 // break out of any job we're in to enforce our restrictions.
192 flags |= CREATE_BREAKAWAY_FROM_JOB; 192 flags |= CREATE_BREAKAWAY_FROM_JOB;
193 } 193 }
194 194
195 if (!::CreateProcessAsUser(primary_token.Get(), 195 if (!::CreateProcessAsUser(primary_token.Get(),
196 NULL, // No application name. 196 NULL, // No application name.
197 command_line, 197 command_line,
198 NULL, // No security attribute. 198 NULL, // No security attribute.
199 NULL, // No thread attribute. 199 NULL, // No thread attribute.
200 FALSE, // Do not inherit handles. 200 FALSE, // Do not inherit handles.
201 flags, 201 flags,
202 NULL, // Use the environment of the caller. 202 NULL, // Use the environment of the caller.
203 NULL, // Use current directory of the caller. 203 NULL, // Use current directory of the caller.
204 &startup_info, 204 &startup_info,
205 process_info.Receive())) { 205 &temp_process_info)) {
206 return ::GetLastError(); 206 return ::GetLastError();
207 } 207 }
208 base::win::ScopedProcessInformation process_info;
209 process_info.Set(temp_process_info);
210
208 211
209 // Change the token of the main thread of the new process for the 212 // Change the token of the main thread of the new process for the
210 // impersonation token with more rights. 213 // impersonation token with more rights.
211 { 214 {
212 HANDLE temp_thread = process_info.thread_handle(); 215 HANDLE temp_thread = process_info.thread_handle();
213 if (!::SetThreadToken(&temp_thread, impersonation_token.Get())) { 216 if (!::SetThreadToken(&temp_thread, impersonation_token.Get())) {
214 ::TerminateProcess(process_info.process_handle(), 217 ::TerminateProcess(process_info.process_handle(),
215 0); // exit code 218 0); // exit code
216 return ::GetLastError(); 219 return ::GetLastError();
217 } 220 }
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after
335 if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT, 338 if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT,
336 &token_handle)) 339 &token_handle))
337 return ::GetLastError(); 340 return ::GetLastError();
338 341
339 base::win::ScopedHandle token(token_handle); 342 base::win::ScopedHandle token(token_handle);
340 343
341 return SetTokenIntegrityLevel(token.Get(), integrity_level); 344 return SetTokenIntegrityLevel(token.Get(), integrity_level);
342 } 345 }
343 346
344 } // namespace sandbox 347 } // namespace sandbox
OLDNEW
« base/process/launch_win.cc ('K') | « sandbox/win/src/process_policy_test.cc ('k') | sandbox/win/src/target_process.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698