| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/app_container.h" | 5 #include "sandbox/win/src/app_container.h" |
| 6 | 6 |
| 7 #include <Sddl.h> | 7 #include <Sddl.h> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 attributes_.push_back(sid_and_attributes); | 67 attributes_.push_back(sid_and_attributes); |
| 68 } | 68 } |
| 69 | 69 |
| 70 if (capabilities.size()) { | 70 if (capabilities.size()) { |
| 71 capabilities_.CapabilityCount = static_cast<DWORD>(capabilities.size()); | 71 capabilities_.CapabilityCount = static_cast<DWORD>(capabilities.size()); |
| 72 capabilities_.Capabilities = &attributes_[0]; | 72 capabilities_.Capabilities = &attributes_[0]; |
| 73 } | 73 } |
| 74 return SBOX_ALL_OK; | 74 return SBOX_ALL_OK; |
| 75 } | 75 } |
| 76 | 76 |
| 77 ResultCode AppContainerAttributes::ShareForStartup( | |
| 78 base::win::StartupInformation* startup_information) const { | |
| 79 // The only thing we support so far is an AppContainer. | |
| 80 if (!capabilities_.AppContainerSid) | |
| 81 return SBOX_ERROR_INVALID_APP_CONTAINER; | |
| 82 | |
| 83 if (!startup_information->UpdateProcThreadAttribute( | |
| 84 PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES, | |
| 85 const_cast<SECURITY_CAPABILITIES*>(&capabilities_), | |
| 86 sizeof(capabilities_))) { | |
| 87 DPLOG(ERROR) << "Failed UpdateProcThreadAttribute"; | |
| 88 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | |
| 89 } | |
| 90 return SBOX_ALL_OK; | |
| 91 } | |
| 92 | |
| 93 bool AppContainerAttributes::HasAppContainer() const { | 77 bool AppContainerAttributes::HasAppContainer() const { |
| 94 return (capabilities_.AppContainerSid != NULL); | 78 return (capabilities_.AppContainerSid != NULL); |
| 95 } | 79 } |
| 96 | 80 |
| 81 const SECURITY_CAPABILITIES& AppContainerAttributes::GetCapabilities() const { |
| 82 return capabilities_; |
| 83 } |
| 84 |
| 97 ResultCode CreateAppContainer(const base::string16& sid, | 85 ResultCode CreateAppContainer(const base::string16& sid, |
| 98 const base::string16& name) { | 86 const base::string16& name) { |
| 99 PSID local_sid; | 87 PSID local_sid; |
| 100 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) | 88 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) |
| 101 return SBOX_ERROR_INVALID_APP_CONTAINER; | 89 return SBOX_ERROR_INVALID_APP_CONTAINER; |
| 102 | 90 |
| 103 typedef HRESULT (WINAPI* AppContainerRegisterSidPtr)(PSID sid, | 91 typedef HRESULT (WINAPI* AppContainerRegisterSidPtr)(PSID sid, |
| 104 LPCWSTR moniker, | 92 LPCWSTR moniker, |
| 105 LPCWSTR display_name); | 93 LPCWSTR display_name); |
| 106 static AppContainerRegisterSidPtr AppContainerRegisterSid = NULL; | 94 static AppContainerRegisterSidPtr AppContainerRegisterSid = NULL; |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 174 if (FAILED(rv)) | 162 if (FAILED(rv)) |
| 175 return base::string16(); | 163 return base::string16(); |
| 176 | 164 |
| 177 base::string16 name(buffer); | 165 base::string16 name(buffer); |
| 178 if (!AppContainerFreeMemory(buffer)) | 166 if (!AppContainerFreeMemory(buffer)) |
| 179 NOTREACHED(); | 167 NOTREACHED(); |
| 180 return name; | 168 return name; |
| 181 } | 169 } |
| 182 | 170 |
| 183 } // namespace sandbox | 171 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 937353002:
Adding method to create process using LowBox token in sandbox code. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master