Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/broker_services.cc

Issue 937353002: Adding method to create process using LowBox token in sandbox code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Removed sid.h/.cc Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« sandbox/win/src/app_container_test.cc ('K') | « sandbox/win/src/app_container_test.cc ('k') | sandbox/win/src/nt_internals.h » ('j') | sandbox/win/src/policy_broker.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/broker_services.h" 5 #include "sandbox/win/src/broker_services.h"
6 6
7 #include <AclAPI.h> 7 #include <AclAPI.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
(...skipping 392 matching lines...) Expand 10 before | Expand all | Expand 10 after
403 base::win::StartupInformation startup_info; 403 base::win::StartupInformation startup_info;
404 base::string16 desktop = policy_base->GetAlternateDesktop(); 404 base::string16 desktop = policy_base->GetAlternateDesktop();
405 if (!desktop.empty()) { 405 if (!desktop.empty()) {
406 startup_info.startup_info()->lpDesktop = 406 startup_info.startup_info()->lpDesktop =
407 const_cast<wchar_t*>(desktop.c_str()); 407 const_cast<wchar_t*>(desktop.c_str());
408 } 408 }
409 409
410 bool inherit_handles = false; 410 bool inherit_handles = false;
411 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { 411 if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
412 int attribute_count = 0; 412 int attribute_count = 0;
413 const AppContainerAttributes* app_container =
414 policy_base->GetAppContainer();
415 if (app_container)
416 ++attribute_count;
417
418 DWORD64 mitigations; 413 DWORD64 mitigations;
419 size_t mitigations_size; 414 size_t mitigations_size;
420 ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(), 415 ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(),
421 &mitigations, &mitigations_size); 416 &mitigations, &mitigations_size);
422 if (mitigations) 417 if (mitigations)
423 ++attribute_count; 418 ++attribute_count;
424 419
425 HANDLE stdout_handle = policy_base->GetStdoutHandle(); 420 HANDLE stdout_handle = policy_base->GetStdoutHandle();
426 HANDLE stderr_handle = policy_base->GetStderrHandle(); 421 HANDLE stderr_handle = policy_base->GetStderrHandle();
427 HANDLE inherit_handle_list[2]; 422 HANDLE inherit_handle_list[2];
428 int inherit_handle_count = 0; 423 int inherit_handle_count = 0;
429 if (stdout_handle != INVALID_HANDLE_VALUE) 424 if (stdout_handle != INVALID_HANDLE_VALUE)
430 inherit_handle_list[inherit_handle_count++] = stdout_handle; 425 inherit_handle_list[inherit_handle_count++] = stdout_handle;
431 // Handles in the list must be unique. 426 // Handles in the list must be unique.
432 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) 427 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE)
433 inherit_handle_list[inherit_handle_count++] = stderr_handle; 428 inherit_handle_list[inherit_handle_count++] = stderr_handle;
434 if (inherit_handle_count) 429 if (inherit_handle_count)
435 ++attribute_count; 430 ++attribute_count;
436 431
437 if (!startup_info.InitializeProcThreadAttributeList(attribute_count)) 432 if (!startup_info.InitializeProcThreadAttributeList(attribute_count))
438 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; 433 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
439 434
440 if (app_container) {
441 result = app_container->ShareForStartup(&startup_info);
442 if (SBOX_ALL_OK != result)
443 return result;
444 }
445
446 if (mitigations) { 435 if (mitigations) {
447 if (!startup_info.UpdateProcThreadAttribute( 436 if (!startup_info.UpdateProcThreadAttribute(
448 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations, 437 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations,
449 mitigations_size)) { 438 mitigations_size)) {
450 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; 439 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
451 } 440 }
452 } 441 }
453 442
454 if (inherit_handle_count) { 443 if (inherit_handle_count) {
455 if (!startup_info.UpdateProcThreadAttribute( 444 if (!startup_info.UpdateProcThreadAttribute(
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after
586 return SBOX_ERROR_UNSUPPORTED; 575 return SBOX_ERROR_UNSUPPORTED;
587 576
588 base::string16 name = LookupAppContainer(sid); 577 base::string16 name = LookupAppContainer(sid);
589 if (name.empty()) 578 if (name.empty())
590 return SBOX_ERROR_INVALID_APP_CONTAINER; 579 return SBOX_ERROR_INVALID_APP_CONTAINER;
591 580
592 return DeleteAppContainer(sid); 581 return DeleteAppContainer(sid);
593 } 582 }
594 583
595 } // namespace sandbox 584 } // namespace sandbox
OLDNEW
« sandbox/win/src/app_container_test.cc ('K') | « sandbox/win/src/app_container_test.cc ('k') | sandbox/win/src/nt_internals.h » ('j') | sandbox/win/src/policy_broker.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698