| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 450 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 461 if (source_process_handle == target_process_handle || | 461 if (source_process_handle == target_process_handle || |
| 462 target_process_handle == ::GetCurrentProcess()) | 462 target_process_handle == ::GetCurrentProcess()) |
| 463 return TRUE; | 463 return TRUE; |
| 464 | 464 |
| 465 // Only sandboxed children are placed in jobs, so just check them. | 465 // Only sandboxed children are placed in jobs, so just check them. |
| 466 BOOL is_in_job = FALSE; | 466 BOOL is_in_job = FALSE; |
| 467 if (!::IsProcessInJob(target_process_handle, NULL, &is_in_job)) { | 467 if (!::IsProcessInJob(target_process_handle, NULL, &is_in_job)) { |
| 468 // We need a handle with permission to check the job object. | 468 // We need a handle with permission to check the job object. |
| 469 if (ERROR_ACCESS_DENIED == ::GetLastError()) { | 469 if (ERROR_ACCESS_DENIED == ::GetLastError()) { |
| 470 base::win::ScopedHandle process; | 470 base::win::ScopedHandle process; |
| 471 HANDLE temp_handle; |
| 471 CHECK(g_iat_orig_duplicate_handle(::GetCurrentProcess(), | 472 CHECK(g_iat_orig_duplicate_handle(::GetCurrentProcess(), |
| 472 target_process_handle, | 473 target_process_handle, |
| 473 ::GetCurrentProcess(), | 474 ::GetCurrentProcess(), |
| 474 process.Receive(), | 475 &temp_handle, |
| 475 PROCESS_QUERY_INFORMATION, | 476 PROCESS_QUERY_INFORMATION, |
| 476 FALSE, 0)); | 477 FALSE, 0)); |
| 478 process.Set(temp_handle); |
| 477 CHECK(::IsProcessInJob(process, NULL, &is_in_job)); | 479 CHECK(::IsProcessInJob(process, NULL, &is_in_job)); |
| 478 } | 480 } |
| 479 } | 481 } |
| 480 | 482 |
| 481 if (is_in_job) { | 483 if (is_in_job) { |
| 482 // We never allow inheritable child handles. | 484 // We never allow inheritable child handles. |
| 483 CHECK(!inherit_handle) << kDuplicateHandleWarning; | 485 CHECK(!inherit_handle) << kDuplicateHandleWarning; |
| 484 | 486 |
| 485 // Duplicate the handle again, to get the final permissions. | 487 // Duplicate the handle again, to get the final permissions. |
| 486 base::win::ScopedHandle handle; | 488 base::win::ScopedHandle handle; |
| 489 HANDLE temp_handle; |
| 487 CHECK(g_iat_orig_duplicate_handle(target_process_handle, *target_handle, | 490 CHECK(g_iat_orig_duplicate_handle(target_process_handle, *target_handle, |
| 488 ::GetCurrentProcess(), handle.Receive(), | 491 ::GetCurrentProcess(), &temp_handle, |
| 489 0, FALSE, DUPLICATE_SAME_ACCESS)); | 492 0, FALSE, DUPLICATE_SAME_ACCESS)); |
| 493 handle.Set(temp_handle); |
| 490 | 494 |
| 491 // Callers use CHECK macro to make sure we get the right stack. | 495 // Callers use CHECK macro to make sure we get the right stack. |
| 492 CheckDuplicateHandle(handle); | 496 CheckDuplicateHandle(handle); |
| 493 } | 497 } |
| 494 | 498 |
| 495 return TRUE; | 499 return TRUE; |
| 496 } | 500 } |
| 497 #endif | 501 #endif |
| 498 | 502 |
| 499 } // namespace | 503 } // namespace |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 593 // to create separate pretetch settings for browser, renderer etc. | 597 // to create separate pretetch settings for browser, renderer etc. |
| 594 cmd_line->AppendArg(base::StringPrintf("/prefetch:%d", base::Hash(type_str))); | 598 cmd_line->AppendArg(base::StringPrintf("/prefetch:%d", base::Hash(type_str))); |
| 595 | 599 |
| 596 if (!in_sandbox) { | 600 if (!in_sandbox) { |
| 597 base::ProcessHandle process = 0; | 601 base::ProcessHandle process = 0; |
| 598 base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process); | 602 base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process); |
| 599 g_broker_services->AddTargetPeer(process); | 603 g_broker_services->AddTargetPeer(process); |
| 600 return process; | 604 return process; |
| 601 } | 605 } |
| 602 | 606 |
| 603 base::win::ScopedProcessInformation target; | |
| 604 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); | 607 sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy(); |
| 605 | 608 |
| 606 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | | 609 sandbox::MitigationFlags mitigations = sandbox::MITIGATION_HEAP_TERMINATE | |
| 607 sandbox::MITIGATION_BOTTOM_UP_ASLR | | 610 sandbox::MITIGATION_BOTTOM_UP_ASLR | |
| 608 sandbox::MITIGATION_DEP | | 611 sandbox::MITIGATION_DEP | |
| 609 sandbox::MITIGATION_DEP_NO_ATL_THUNK | | 612 sandbox::MITIGATION_DEP_NO_ATL_THUNK | |
| 610 sandbox::MITIGATION_SEHOP; | 613 sandbox::MITIGATION_SEHOP; |
| 611 | 614 |
| 612 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) | 615 if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) |
| 613 return 0; | 616 return 0; |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 665 | 668 |
| 666 if (delegate) { | 669 if (delegate) { |
| 667 bool success = true; | 670 bool success = true; |
| 668 delegate->PreSpawnTarget(policy, &success); | 671 delegate->PreSpawnTarget(policy, &success); |
| 669 if (!success) | 672 if (!success) |
| 670 return 0; | 673 return 0; |
| 671 } | 674 } |
| 672 | 675 |
| 673 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); | 676 TRACE_EVENT_BEGIN_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); |
| 674 | 677 |
| 678 PROCESS_INFORMATION temp_process_info = {}; |
| 675 result = g_broker_services->SpawnTarget( | 679 result = g_broker_services->SpawnTarget( |
| 676 cmd_line->GetProgram().value().c_str(), | 680 cmd_line->GetProgram().value().c_str(), |
| 677 cmd_line->GetCommandLineString().c_str(), | 681 cmd_line->GetCommandLineString().c_str(), |
| 678 policy, target.Receive()); | 682 policy, &temp_process_info); |
| 679 policy->Release(); | 683 policy->Release(); |
| 684 base::win::ScopedProcessInformation target(temp_process_info); |
| 680 | 685 |
| 681 TRACE_EVENT_END_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); | 686 TRACE_EVENT_END_ETW("StartProcessWithAccess::LAUNCHPROCESS", 0, 0); |
| 682 | 687 |
| 683 if (sandbox::SBOX_ALL_OK != result) { | 688 if (sandbox::SBOX_ALL_OK != result) { |
| 684 if (result == sandbox::SBOX_ERROR_GENERIC) | 689 if (result == sandbox::SBOX_ERROR_GENERIC) |
| 685 DPLOG(ERROR) << "Failed to launch process"; | 690 DPLOG(ERROR) << "Failed to launch process"; |
| 686 else | 691 else |
| 687 DLOG(ERROR) << "Failed to launch process. Error: " << result; | 692 DLOG(ERROR) << "Failed to launch process. Error: " << result; |
| 688 return 0; | 693 return 0; |
| 689 } | 694 } |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 733 } | 738 } |
| 734 | 739 |
| 735 return false; | 740 return false; |
| 736 } | 741 } |
| 737 | 742 |
| 738 bool BrokerAddTargetPeer(HANDLE peer_process) { | 743 bool BrokerAddTargetPeer(HANDLE peer_process) { |
| 739 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 744 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
| 740 } | 745 } |
| 741 | 746 |
| 742 } // namespace content | 747 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 71013004:
Base: Remove Receive() from ScopedHandle. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src