content/common/sandbox_win.cc - Issue 937353002: Adding method to create process using LowBox token in sandbox code.

Side by Side Diff: content/common/sandbox_win.cc

Issue 937353002: Adding method to create process using LowBox token in sandbox code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Added platform checking Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/common/sandbox_win.h"	5 #include "content/common/sandbox_win.h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "base/base_switches.h"	9 #include "base/base_switches.h"

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 515 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
526	526

527 // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.	527 // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.

528 // Just have to figure out what needs to be warmed up first.	528 // Just have to figure out what needs to be warmed up first.

529 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) {	529 void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) {

530 // TODO(cpu): Add back the BaseNamedObjects policy.	530 // TODO(cpu): Add back the BaseNamedObjects policy.

531 base::string16 object_path = PrependWindowsSessionPath(	531 base::string16 object_path = PrependWindowsSessionPath(

532 L"\\BaseNamedObjects\\windows_shell_global_counters");	532 L"\\BaseNamedObjects\\windows_shell_global_counters");

533 policy->AddKernelObjectToClose(L"Section", object_path.data());	533 policy->AddKernelObjectToClose(L"Section", object_path.data());

534 }	534 }

535	535

	536 void AddAppContainerPolicy(sandbox::TargetPolicy* policy) {

	537 if (base::win::GetVersion() < base::win::VERSION_WIN8)

	538 return;

	539 DCHECK(g_broker_services);

	540 // Reviewers: This doesn't seem to be right place for installing
	forshaw 2015/02/20 11:38:02 Based on my original testing I don't believe you n Based on my original testing I don't believe you need to install the appcontainer sid on the system for it to work (at least when using NtCreateLowBoxToken). We should be able to generate a per-process appcontainer SID using a simple incrementing counter. For example something like this seems to work: static unsigned int per_process_rid = 0; std::wstring app_container_sid = base::StringPrintf( L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-" L"924012148-%u", per_process_rid++); policy->SetAppContainer(app_container_sid.c_str()); Also how was the original appcontainer sid generated? We want to ensure it isn't likely to conflict with anything in use. Shrikant Kelkar 2015/02/21 02:32:40 Appended GUID, ptal. Show quoted text On 2015/02/20 11:38:02, forshaw wrote: > Based on my original testing I don't believe you need to install the > appcontainer sid on the system for it to work (at least when using > NtCreateLowBoxToken). We should be able to generate a per-process appcontainer > SID using a simple incrementing counter. For example something like this seems > to work: > > static unsigned int per_process_rid = 0; > > std::wstring app_container_sid = base::StringPrintf( > L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-" > L"924012148-%u", per_process_rid++); > > policy->SetAppContainer(app_container_sid.c_str()); > > Also how was the original appcontainer sid generated? We want to ensure it isn't > likely to conflict with anything in use. Appended GUID, ptal.
	541 // an appcontainer please suggest one. Ideally we may want to create

	542 // appcontainer per site

	543 const wchar_t kAppContainerName[] = L"sbox_chromium";

	544 const wchar_t kAppContainerSid[] =

	545 L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"

	546 L"924012148-2839372144";

	547 // Install will only register if appcontainer is not already there.

	548 g_broker_services->InstallAppContainer(kAppContainerSid, kAppContainerName);

	549

	550 policy->SetAppContainer(kAppContainerSid);

	551 }

	552

536 bool InitBrokerServices(sandbox::BrokerServices* broker_services) {	553 bool InitBrokerServices(sandbox::BrokerServices* broker_services) {

537 // TODO(abarth): DCHECK(CalledOnValidThread());	554 // TODO(abarth): DCHECK(CalledOnValidThread());

538 // See <http://b/1287166>.	555 // See <http://b/1287166>.

539 DCHECK(broker_services);	556 DCHECK(broker_services);

540 DCHECK(!g_broker_services);	557 DCHECK(!g_broker_services);

541 sandbox::ResultCode result = broker_services->Init();	558 sandbox::ResultCode result = broker_services->Init();

542 g_broker_services = broker_services;	559 g_broker_services = broker_services;

543	560

544 // In non-official builds warn about dangerous uses of DuplicateHandle.	561 // In non-official builds warn about dangerous uses of DuplicateHandle.

545 #ifndef OFFICIAL_BUILD	562 #ifndef OFFICIAL_BUILD

(...skipping 216 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
762 }	779 }

763	780

764 return false;	781 return false;

765 }	782 }

766	783

767 bool BrokerAddTargetPeer(HANDLE peer_process) {	784 bool BrokerAddTargetPeer(HANDLE peer_process) {

768 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;	785 return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;

769 }	786 }

770	787

771 } // namespace content	788 } // namespace content

OLD	NEW

« base/win/object_watcher.cc ('K') | « content/common/sandbox_win.h ('k') | sandbox/win/src/app_container.h » ('j') | sandbox/win/src/app_container.h » ('J')