OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_win.h" | 5 #include "content/common/sandbox_win.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 515 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
526 | 526 |
527 // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper. | 527 // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper. |
528 // Just have to figure out what needs to be warmed up first. | 528 // Just have to figure out what needs to be warmed up first. |
529 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) { | 529 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) { |
530 // TODO(cpu): Add back the BaseNamedObjects policy. | 530 // TODO(cpu): Add back the BaseNamedObjects policy. |
531 base::string16 object_path = PrependWindowsSessionPath( | 531 base::string16 object_path = PrependWindowsSessionPath( |
532 L"\\BaseNamedObjects\\windows_shell_global_counters"); | 532 L"\\BaseNamedObjects\\windows_shell_global_counters"); |
533 policy->AddKernelObjectToClose(L"Section", object_path.data()); | 533 policy->AddKernelObjectToClose(L"Section", object_path.data()); |
534 } | 534 } |
535 | 535 |
536 void AddAppContainerPolicy(sandbox::TargetPolicy* policy) { | |
537 if (base::win::GetVersion() < base::win::VERSION_WIN8) | |
538 return; | |
539 DCHECK(g_broker_services); | |
540 // Reviewers: This doesn't seem to be right place for installing | |
forshaw
2015/02/20 11:38:02
Based on my original testing I don't believe you n
Shrikant Kelkar
2015/02/21 02:32:40
Appended GUID, ptal.
| |
541 // an appcontainer please suggest one. Ideally we may want to create | |
542 // appcontainer per site | |
543 const wchar_t kAppContainerName[] = L"sbox_chromium"; | |
544 const wchar_t kAppContainerSid[] = | |
545 L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-" | |
546 L"924012148-2839372144"; | |
547 // Install will only register if appcontainer is not already there. | |
548 g_broker_services->InstallAppContainer(kAppContainerSid, kAppContainerName); | |
549 | |
550 policy->SetAppContainer(kAppContainerSid); | |
551 } | |
552 | |
536 bool InitBrokerServices(sandbox::BrokerServices* broker_services) { | 553 bool InitBrokerServices(sandbox::BrokerServices* broker_services) { |
537 // TODO(abarth): DCHECK(CalledOnValidThread()); | 554 // TODO(abarth): DCHECK(CalledOnValidThread()); |
538 // See <http://b/1287166>. | 555 // See <http://b/1287166>. |
539 DCHECK(broker_services); | 556 DCHECK(broker_services); |
540 DCHECK(!g_broker_services); | 557 DCHECK(!g_broker_services); |
541 sandbox::ResultCode result = broker_services->Init(); | 558 sandbox::ResultCode result = broker_services->Init(); |
542 g_broker_services = broker_services; | 559 g_broker_services = broker_services; |
543 | 560 |
544 // In non-official builds warn about dangerous uses of DuplicateHandle. | 561 // In non-official builds warn about dangerous uses of DuplicateHandle. |
545 #ifndef OFFICIAL_BUILD | 562 #ifndef OFFICIAL_BUILD |
(...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
762 } | 779 } |
763 | 780 |
764 return false; | 781 return false; |
765 } | 782 } |
766 | 783 |
767 bool BrokerAddTargetPeer(HANDLE peer_process) { | 784 bool BrokerAddTargetPeer(HANDLE peer_process) { |
768 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; | 785 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK; |
769 } | 786 } |
770 | 787 |
771 } // namespace content | 788 } // namespace content |
OLD | NEW |