OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/broker_services.h" | 5 #include "sandbox/win/src/broker_services.h" |
6 | 6 |
7 #include <AclAPI.h> | 7 #include <AclAPI.h> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
(...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
401 | 401 |
402 // Initialize the startup information from the policy. | 402 // Initialize the startup information from the policy. |
403 base::win::StartupInformation startup_info; | 403 base::win::StartupInformation startup_info; |
404 base::string16 desktop = policy_base->GetAlternateDesktop(); | 404 base::string16 desktop = policy_base->GetAlternateDesktop(); |
405 if (!desktop.empty()) { | 405 if (!desktop.empty()) { |
406 startup_info.startup_info()->lpDesktop = | 406 startup_info.startup_info()->lpDesktop = |
407 const_cast<wchar_t*>(desktop.c_str()); | 407 const_cast<wchar_t*>(desktop.c_str()); |
408 } | 408 } |
409 | 409 |
410 bool inherit_handles = false; | 410 bool inherit_handles = false; |
411 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { | 411 if (base::win::GetVersion() >= base::win::VERSION_VISTA) { |
rvargas (doing something else)
2015/02/21 01:01:22
This is preventing the use of any appcontainer rel
Shrikant Kelkar
2015/02/21 02:32:40
removed
rvargas (doing something else)
2015/02/24 01:01:49
?
To rephrase, I don't think the behavior regardi
| |
412 int attribute_count = 0; | 412 int attribute_count = 0; |
413 const AppContainerAttributes* app_container = | 413 const AppContainerAttributes* app_container = |
rvargas (doing something else)
2015/02/21 01:01:22
Remove this
Shrikant Kelkar
2015/02/21 02:32:40
Done.
| |
414 policy_base->GetAppContainer(); | 414 policy_base->GetAppContainer(); |
415 if (app_container) | 415 if (app_container) |
416 ++attribute_count; | 416 ++attribute_count; |
417 | 417 |
418 DWORD64 mitigations; | 418 DWORD64 mitigations; |
419 size_t mitigations_size; | 419 size_t mitigations_size; |
420 ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(), | 420 ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(), |
421 &mitigations, &mitigations_size); | 421 &mitigations, &mitigations_size); |
422 if (mitigations) | 422 if (mitigations) |
423 ++attribute_count; | 423 ++attribute_count; |
424 | 424 |
425 HANDLE stdout_handle = policy_base->GetStdoutHandle(); | 425 HANDLE stdout_handle = policy_base->GetStdoutHandle(); |
426 HANDLE stderr_handle = policy_base->GetStderrHandle(); | 426 HANDLE stderr_handle = policy_base->GetStderrHandle(); |
427 HANDLE inherit_handle_list[2]; | 427 HANDLE inherit_handle_list[2]; |
428 int inherit_handle_count = 0; | 428 int inherit_handle_count = 0; |
429 if (stdout_handle != INVALID_HANDLE_VALUE) | 429 if (stdout_handle != INVALID_HANDLE_VALUE) |
430 inherit_handle_list[inherit_handle_count++] = stdout_handle; | 430 inherit_handle_list[inherit_handle_count++] = stdout_handle; |
431 // Handles in the list must be unique. | 431 // Handles in the list must be unique. |
432 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) | 432 if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) |
433 inherit_handle_list[inherit_handle_count++] = stderr_handle; | 433 inherit_handle_list[inherit_handle_count++] = stderr_handle; |
434 if (inherit_handle_count) | 434 if (inherit_handle_count) |
435 ++attribute_count; | 435 ++attribute_count; |
436 | 436 |
437 if (!startup_info.InitializeProcThreadAttributeList(attribute_count)) | 437 if (!startup_info.InitializeProcThreadAttributeList(attribute_count)) |
438 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | 438 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
439 | 439 |
440 if (app_container) { | |
441 result = app_container->ShareForStartup(&startup_info); | |
442 if (SBOX_ALL_OK != result) | |
443 return result; | |
444 } | |
445 | |
446 if (mitigations) { | 440 if (mitigations) { |
447 if (!startup_info.UpdateProcThreadAttribute( | 441 if (!startup_info.UpdateProcThreadAttribute( |
448 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations, | 442 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations, |
449 mitigations_size)) { | 443 mitigations_size)) { |
450 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; | 444 return SBOX_ERROR_PROC_THREAD_ATTRIBUTES; |
451 } | 445 } |
452 } | 446 } |
453 | 447 |
454 if (inherit_handle_count) { | 448 if (inherit_handle_count) { |
455 if (!startup_info.UpdateProcThreadAttribute( | 449 if (!startup_info.UpdateProcThreadAttribute( |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
586 return SBOX_ERROR_UNSUPPORTED; | 580 return SBOX_ERROR_UNSUPPORTED; |
587 | 581 |
588 base::string16 name = LookupAppContainer(sid); | 582 base::string16 name = LookupAppContainer(sid); |
589 if (name.empty()) | 583 if (name.empty()) |
590 return SBOX_ERROR_INVALID_APP_CONTAINER; | 584 return SBOX_ERROR_INVALID_APP_CONTAINER; |
591 | 585 |
592 return DeleteAppContainer(sid); | 586 return DeleteAppContainer(sid); |
593 } | 587 } |
594 | 588 |
595 } // namespace sandbox | 589 } // namespace sandbox |
OLD | NEW |