OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/app_container.h" | 5 #include "sandbox/win/src/app_container.h" |
6 | 6 |
7 #include <Sddl.h> | 7 #include <Sddl.h> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
67 attributes_.push_back(sid_and_attributes); | 67 attributes_.push_back(sid_and_attributes); |
68 } | 68 } |
69 | 69 |
70 if (capabilities.size()) { | 70 if (capabilities.size()) { |
71 capabilities_.CapabilityCount = static_cast<DWORD>(capabilities.size()); | 71 capabilities_.CapabilityCount = static_cast<DWORD>(capabilities.size()); |
72 capabilities_.Capabilities = &attributes_[0]; | 72 capabilities_.Capabilities = &attributes_[0]; |
73 } | 73 } |
74 return SBOX_ALL_OK; | 74 return SBOX_ALL_OK; |
75 } | 75 } |
76 | 76 |
77 ResultCode AppContainerAttributes::ShareForStartup( | |
78 base::win::StartupInformation* startup_information) const { | |
79 // The only thing we support so far is an AppContainer. | |
80 if (!capabilities_.AppContainerSid) | |
81 return SBOX_ERROR_INVALID_APP_CONTAINER; | |
82 | |
83 if (!startup_information->UpdateProcThreadAttribute( | |
84 PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES, | |
85 const_cast<SECURITY_CAPABILITIES*>(&capabilities_), | |
86 sizeof(capabilities_))) { | |
87 DPLOG(ERROR) << "Failed UpdateProcThreadAttribute"; | |
88 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | |
89 } | |
90 return SBOX_ALL_OK; | |
91 } | |
92 | |
93 bool AppContainerAttributes::HasAppContainer() const { | 77 bool AppContainerAttributes::HasAppContainer() const { |
94 return (capabilities_.AppContainerSid != NULL); | 78 return (capabilities_.AppContainerSid != NULL); |
95 } | 79 } |
96 | 80 |
| 81 const SECURITY_CAPABILITIES& AppContainerAttributes::GetCapabilities() const { |
| 82 return capabilities_; |
| 83 } |
| 84 |
97 ResultCode CreateAppContainer(const base::string16& sid, | 85 ResultCode CreateAppContainer(const base::string16& sid, |
98 const base::string16& name) { | 86 const base::string16& name) { |
99 PSID local_sid; | 87 PSID local_sid; |
100 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) | 88 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) |
101 return SBOX_ERROR_INVALID_APP_CONTAINER; | 89 return SBOX_ERROR_INVALID_APP_CONTAINER; |
102 | 90 |
103 typedef HRESULT (WINAPI* AppContainerRegisterSidPtr)(PSID sid, | 91 typedef HRESULT (WINAPI* AppContainerRegisterSidPtr)(PSID sid, |
104 LPCWSTR moniker, | 92 LPCWSTR moniker, |
105 LPCWSTR display_name); | 93 LPCWSTR display_name); |
106 static AppContainerRegisterSidPtr AppContainerRegisterSid = NULL; | 94 static AppContainerRegisterSidPtr AppContainerRegisterSid = NULL; |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
174 if (FAILED(rv)) | 162 if (FAILED(rv)) |
175 return base::string16(); | 163 return base::string16(); |
176 | 164 |
177 base::string16 name(buffer); | 165 base::string16 name(buffer); |
178 if (!AppContainerFreeMemory(buffer)) | 166 if (!AppContainerFreeMemory(buffer)) |
179 NOTREACHED(); | 167 NOTREACHED(); |
180 return name; | 168 return name; |
181 } | 169 } |
182 | 170 |
183 } // namespace sandbox | 171 } // namespace sandbox |
OLD | NEW |