OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
6 | 6 |
7 #include <sddl.h> | |
8 | |
9 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
10 #include "base/callback.h" | 8 #include "base/callback.h" |
11 #include "base/logging.h" | 9 #include "base/logging.h" |
12 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
13 #include "sandbox/win/src/app_container.h" | 11 #include "sandbox/win/src/app_container.h" |
14 #include "sandbox/win/src/filesystem_dispatcher.h" | 12 #include "sandbox/win/src/filesystem_dispatcher.h" |
15 #include "sandbox/win/src/filesystem_policy.h" | 13 #include "sandbox/win/src/filesystem_policy.h" |
16 #include "sandbox/win/src/handle_dispatcher.h" | 14 #include "sandbox/win/src/handle_dispatcher.h" |
17 #include "sandbox/win/src/handle_policy.h" | 15 #include "sandbox/win/src/handle_policy.h" |
18 #include "sandbox/win/src/job.h" | 16 #include "sandbox/win/src/job.h" |
(...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
303 ResultCode PolicyBase::SetDelayedIntegrityLevel( | 301 ResultCode PolicyBase::SetDelayedIntegrityLevel( |
304 IntegrityLevel integrity_level) { | 302 IntegrityLevel integrity_level) { |
305 delayed_integrity_level_ = integrity_level; | 303 delayed_integrity_level_ = integrity_level; |
306 return SBOX_ALL_OK; | 304 return SBOX_ALL_OK; |
307 } | 305 } |
308 | 306 |
309 ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) { | 307 ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) { |
310 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 308 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
311 return SBOX_ALL_OK; | 309 return SBOX_ALL_OK; |
312 | 310 |
313 // Windows refuses to work with an impersonation token for a process inside | |
314 // an AppContainer. If the caller wants to use a more privileged initial | |
315 // token, or if the lockdown level will prevent the process from starting, | |
316 // we have to fail the operation. | |
317 if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) | |
318 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | |
319 | |
320 DCHECK(!appcontainer_list_.get()); | 311 DCHECK(!appcontainer_list_.get()); |
321 appcontainer_list_.reset(new AppContainerAttributes); | 312 appcontainer_list_.reset(new AppContainerAttributes); |
322 ResultCode rv = appcontainer_list_->SetAppContainer(sid, capabilities_); | 313 ResultCode rv = appcontainer_list_->SetAppContainer(sid, capabilities_); |
323 if (rv != SBOX_ALL_OK) | 314 if (rv != SBOX_ALL_OK) |
324 return rv; | 315 return rv; |
325 | 316 |
326 return SBOX_ALL_OK; | 317 return SBOX_ALL_OK; |
327 } | 318 } |
328 | 319 |
329 ResultCode PolicyBase::SetCapability(const wchar_t* sid) { | 320 ResultCode PolicyBase::SetCapability(const wchar_t* sid) { |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
470 SE_WINDOW_OBJECT, | 461 SE_WINDOW_OBJECT, |
471 L"", | 462 L"", |
472 GetIntegrityLevelString(integrity_level_)); | 463 GetIntegrityLevelString(integrity_level_)); |
473 if (ERROR_SUCCESS != result) | 464 if (ERROR_SUCCESS != result) |
474 return SBOX_ERROR_GENERIC; | 465 return SBOX_ERROR_GENERIC; |
475 | 466 |
476 alternate_desktop_integrity_level_label_ = integrity_level_; | 467 alternate_desktop_integrity_level_label_ = integrity_level_; |
477 } | 468 } |
478 | 469 |
479 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { | 470 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { |
480 // Windows refuses to work with an impersonation token. See SetAppContainer | 471 NtCreateLowBoxToken CreateLowBox = NULL; |
481 // implementation for more details. | 472 ResolveNTFunctionPtr("NtCreateLowBoxToken", &CreateLowBox); |
482 if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) | |
483 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | |
484 | 473 |
485 *initial = INVALID_HANDLE_VALUE; | 474 HANDLE token_lowbox = NULL; |
486 return SBOX_ALL_OK; | 475 const SECURITY_CAPABILITIES& capabilities = |
476 appcontainer_list_->GetCapabilities(); | |
477 | |
478 OBJECT_ATTRIBUTES obj_attr; | |
479 InitializeObjectAttributes(&obj_attr, NULL, 0, NULL, NULL); | |
480 | |
481 NTSTATUS status = CreateLowBox(&token_lowbox, | |
482 *lockdown, | |
483 TOKEN_ALL_ACCESS, | |
484 &obj_attr, | |
485 capabilities.AppContainerSid, | |
486 capabilities.CapabilityCount, | |
487 capabilities.Capabilities, | |
488 0, | |
489 NULL); | |
490 if (!NT_SUCCESS(status)) { | |
rvargas (doing something else)
2015/02/24 01:01:49
nit: no {}
| |
491 return SBOX_ERROR_GENERIC; | |
492 } | |
493 DCHECK(token_lowbox); | |
494 ::CloseHandle(*lockdown); | |
495 *lockdown = token_lowbox; | |
487 } | 496 } |
488 | 497 |
489 // Create the 'better' token. We use this token as the one that the main | 498 // Create the 'better' token. We use this token as the one that the main |
490 // thread uses when booting up the process. It should contain most of | 499 // thread uses when booting up the process. It should contain most of |
491 // what we need (before reaching main( )) | 500 // what we need (before reaching main( )) |
492 result = CreateRestrictedToken(initial, initial_level_, | 501 result = CreateRestrictedToken(initial, initial_level_, |
493 integrity_level_, IMPERSONATION); | 502 integrity_level_, IMPERSONATION); |
494 if (ERROR_SUCCESS != result) { | 503 if (ERROR_SUCCESS != result) { |
495 ::CloseHandle(*lockdown); | 504 ::CloseHandle(*lockdown); |
496 return SBOX_ERROR_GENERIC; | 505 return SBOX_ERROR_GENERIC; |
(...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
740 break; | 749 break; |
741 } | 750 } |
742 | 751 |
743 default: { return SBOX_ERROR_UNSUPPORTED; } | 752 default: { return SBOX_ERROR_UNSUPPORTED; } |
744 } | 753 } |
745 | 754 |
746 return SBOX_ALL_OK; | 755 return SBOX_ALL_OK; |
747 } | 756 } |
748 | 757 |
749 } // namespace sandbox | 758 } // namespace sandbox |
OLD | NEW |