Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(196)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/broker_services.cc

Issue 937353002: Adding method to create process using LowBox token in sandbox code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Sync to TOT to see if ios_dbg_simulator_ninja errors go away. Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/app_container_test.cc ('k') | sandbox/win/src/nt_internals.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/broker_services.h" 5 #include "sandbox/win/src/broker_services.h"
6 6
7 #include <AclAPI.h> 7 #include <AclAPI.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after
342 // 1 thread. This is to protect the global variables used while setting up 342 // 1 thread. This is to protect the global variables used while setting up
343 // the child process. 343 // the child process.
344 static DWORD thread_id = ::GetCurrentThreadId(); 344 static DWORD thread_id = ::GetCurrentThreadId();
345 DCHECK(thread_id == ::GetCurrentThreadId()); 345 DCHECK(thread_id == ::GetCurrentThreadId());
346 346
347 AutoLock lock(&lock_); 347 AutoLock lock(&lock_);
348 348
349 // This downcast is safe as long as we control CreatePolicy() 349 // This downcast is safe as long as we control CreatePolicy()
350 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); 350 PolicyBase* policy_base = static_cast<PolicyBase*>(policy);
351 351
352 if (policy_base->GetAppContainer() && policy_base->GetLowBoxSid())
353 return SBOX_ERROR_BAD_PARAMS;
354
352 // Construct the tokens and the job object that we are going to associate 355 // Construct the tokens and the job object that we are going to associate
353 // with the soon to be created target process. 356 // with the soon to be created target process.
354 HANDLE initial_token_temp; 357 HANDLE initial_token_temp;
355 HANDLE lockdown_token_temp; 358 HANDLE lockdown_token_temp;
356 ResultCode result = SBOX_ALL_OK; 359 ResultCode result = SBOX_ALL_OK;
357 360
358 if (IsTokenCacheable(policy_base)) { 361 if (IsTokenCacheable(policy_base)) {
359 // Create the master tokens only once and save them in a cache. That way 362 // Create the master tokens only once and save them in a cache. That way
360 // can just duplicate them to avoid hammering LSASS on every sandboxed 363 // can just duplicate them to avoid hammering LSASS on every sandboxed
361 // process launch. 364 // process launch.
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after
475 478
476 // Create the TargetProces object and spawn the target suspended. Note that 479 // Create the TargetProces object and spawn the target suspended. Note that
477 // Brokerservices does not own the target object. It is owned by the Policy. 480 // Brokerservices does not own the target object. It is owned by the Policy.
478 base::win::ScopedProcessInformation process_info; 481 base::win::ScopedProcessInformation process_info;
479 TargetProcess* target = new TargetProcess(initial_token.Take(), 482 TargetProcess* target = new TargetProcess(initial_token.Take(),
480 lockdown_token.Take(), 483 lockdown_token.Take(),
481 job.Get(), 484 job.Get(),
482 thread_pool_); 485 thread_pool_);
483 486
484 DWORD win_result = target->Create(exe_path, command_line, inherit_handles, 487 DWORD win_result = target->Create(exe_path, command_line, inherit_handles,
488 policy_base->GetLowBoxSid() ? true : false,
485 startup_info, &process_info); 489 startup_info, &process_info);
486 if (ERROR_SUCCESS != win_result) 490 if (ERROR_SUCCESS != win_result)
487 return SpawnCleanup(target, win_result); 491 return SpawnCleanup(target, win_result);
488 492
489 // Now the policy is the owner of the target. 493 // Now the policy is the owner of the target.
490 if (!policy_base->AddTarget(target)) { 494 if (!policy_base->AddTarget(target)) {
491 return SpawnCleanup(target, 0); 495 return SpawnCleanup(target, 0);
492 } 496 }
493 497
494 // We are going to keep a pointer to the policy because we'll call it when 498 // We are going to keep a pointer to the policy because we'll call it when
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
586 return SBOX_ERROR_UNSUPPORTED; 590 return SBOX_ERROR_UNSUPPORTED;
587 591
588 base::string16 name = LookupAppContainer(sid); 592 base::string16 name = LookupAppContainer(sid);
589 if (name.empty()) 593 if (name.empty())
590 return SBOX_ERROR_INVALID_APP_CONTAINER; 594 return SBOX_ERROR_INVALID_APP_CONTAINER;
591 595
592 return DeleteAppContainer(sid); 596 return DeleteAppContainer(sid);
593 } 597 }
594 598
595 } // namespace sandbox 599 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/app_container_test.cc ('k') | sandbox/win/src/nt_internals.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698