OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/sandbox_policy_base.h" | 5 #include "sandbox/win/src/sandbox_policy_base.h" |
6 | 6 |
7 #include <sddl.h> | 7 #include <sddl.h> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
(...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
303 ResultCode PolicyBase::SetDelayedIntegrityLevel( | 303 ResultCode PolicyBase::SetDelayedIntegrityLevel( |
304 IntegrityLevel integrity_level) { | 304 IntegrityLevel integrity_level) { |
305 delayed_integrity_level_ = integrity_level; | 305 delayed_integrity_level_ = integrity_level; |
306 return SBOX_ALL_OK; | 306 return SBOX_ALL_OK; |
307 } | 307 } |
308 | 308 |
309 ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) { | 309 ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) { |
310 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) | 310 if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
311 return SBOX_ALL_OK; | 311 return SBOX_ALL_OK; |
312 | 312 |
313 // Windows refuses to work with an impersonation token for a process inside | |
314 // an AppContainer. If the caller wants to use a more privileged initial | |
315 // token, or if the lockdown level will prevent the process from starting, | |
316 // we have to fail the operation. | |
317 if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) | |
318 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | |
319 | |
320 DCHECK(!appcontainer_list_.get()); | 313 DCHECK(!appcontainer_list_.get()); |
321 appcontainer_list_.reset(new AppContainerAttributes); | 314 appcontainer_list_.reset(new AppContainerAttributes); |
322 ResultCode rv = appcontainer_list_->SetAppContainer(sid, capabilities_); | 315 ResultCode rv = appcontainer_list_->SetAppContainer(sid, capabilities_); |
323 if (rv != SBOX_ALL_OK) | 316 if (rv != SBOX_ALL_OK) |
324 return rv; | 317 return rv; |
325 | 318 |
326 return SBOX_ALL_OK; | 319 return SBOX_ALL_OK; |
327 } | 320 } |
328 | 321 |
329 ResultCode PolicyBase::SetCapability(const wchar_t* sid) { | 322 ResultCode PolicyBase::SetCapability(const wchar_t* sid) { |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
470 SE_WINDOW_OBJECT, | 463 SE_WINDOW_OBJECT, |
471 L"", | 464 L"", |
472 GetIntegrityLevelString(integrity_level_)); | 465 GetIntegrityLevelString(integrity_level_)); |
473 if (ERROR_SUCCESS != result) | 466 if (ERROR_SUCCESS != result) |
474 return SBOX_ERROR_GENERIC; | 467 return SBOX_ERROR_GENERIC; |
475 | 468 |
476 alternate_desktop_integrity_level_label_ = integrity_level_; | 469 alternate_desktop_integrity_level_label_ = integrity_level_; |
477 } | 470 } |
478 | 471 |
479 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { | 472 if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { |
480 // Windows refuses to work with an impersonation token. See SetAppContainer | 473 NtCreateLowBoxToken CreateLowBox = NULL; |
481 // implementation for more details. | 474 ResolveNTFunctionPtr("NtCreateLowBoxToken", &CreateLowBox); |
482 if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) | |
483 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | |
484 | 475 |
485 *initial = INVALID_HANDLE_VALUE; | 476 HANDLE token_lowbox = NULL; |
486 return SBOX_ALL_OK; | 477 const SECURITY_CAPABILITIES& capabilities = |
478 appcontainer_list_->GetCapabilities(); | |
479 | |
480 OBJECT_ATTRIBUTES obj_attr; | |
481 InitializeObjectAttributes(&obj_attr, NULL, 0, NULL, NULL); | |
482 | |
483 NTSTATUS status = CreateLowBox(&token_lowbox, | |
484 *lockdown, | |
485 TOKEN_ALL_ACCESS, | |
rvargas (doing something else)
2015/02/21 01:01:22
Just curious, any idea what this does?
Shrikant Kelkar
2015/02/21 02:32:41
Not sure, but guess is that it will open and retur
rvargas (doing something else)
2015/02/24 01:01:49
Do we need ALL_ACCESS?
| |
486 &obj_attr, | |
487 capabilities.AppContainerSid, | |
488 capabilities.CapabilityCount, | |
489 capabilities.Capabilities, | |
490 0, | |
491 NULL); | |
492 if (!NT_SUCCESS(status) && token_lowbox == NULL) { | |
rvargas (doing something else)
2015/02/21 01:01:22
|| !token_lowbox?. An && implies that if the funct
Shrikant Kelkar
2015/02/21 02:32:41
Done.
| |
493 return SBOX_ERROR_GENERIC; | |
494 } | |
495 ::CloseHandle(*lockdown); | |
496 *lockdown = token_lowbox; | |
487 } | 497 } |
488 | 498 |
489 // Create the 'better' token. We use this token as the one that the main | 499 // Create the 'better' token. We use this token as the one that the main |
490 // thread uses when booting up the process. It should contain most of | 500 // thread uses when booting up the process. It should contain most of |
491 // what we need (before reaching main( )) | 501 // what we need (before reaching main( )) |
492 result = CreateRestrictedToken(initial, initial_level_, | 502 result = CreateRestrictedToken(initial, initial_level_, |
493 integrity_level_, IMPERSONATION); | 503 integrity_level_, IMPERSONATION); |
494 if (ERROR_SUCCESS != result) { | 504 if (ERROR_SUCCESS != result) { |
495 ::CloseHandle(*lockdown); | 505 ::CloseHandle(*lockdown); |
496 return SBOX_ERROR_GENERIC; | 506 return SBOX_ERROR_GENERIC; |
(...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
740 break; | 750 break; |
741 } | 751 } |
742 | 752 |
743 default: { return SBOX_ERROR_UNSUPPORTED; } | 753 default: { return SBOX_ERROR_UNSUPPORTED; } |
744 } | 754 } |
745 | 755 |
746 return SBOX_ALL_OK; | 756 return SBOX_ALL_OK; |
747 } | 757 } |
748 | 758 |
749 } // namespace sandbox | 759 } // namespace sandbox |
OLD | NEW |