OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/broker_services.h" | 5 #include "sandbox/win/src/broker_services.h" |
6 | 6 |
7 #include <AclAPI.h> | 7 #include <AclAPI.h> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
342 // 1 thread. This is to protect the global variables used while setting up | 342 // 1 thread. This is to protect the global variables used while setting up |
343 // the child process. | 343 // the child process. |
344 static DWORD thread_id = ::GetCurrentThreadId(); | 344 static DWORD thread_id = ::GetCurrentThreadId(); |
345 DCHECK(thread_id == ::GetCurrentThreadId()); | 345 DCHECK(thread_id == ::GetCurrentThreadId()); |
346 | 346 |
347 AutoLock lock(&lock_); | 347 AutoLock lock(&lock_); |
348 | 348 |
349 // This downcast is safe as long as we control CreatePolicy() | 349 // This downcast is safe as long as we control CreatePolicy() |
350 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); | 350 PolicyBase* policy_base = static_cast<PolicyBase*>(policy); |
351 | 351 |
| 352 if (policy_base->GetAppContainer() && policy_base->GetLowBoxSid()) |
| 353 return SBOX_ERROR_BAD_PARAMS; |
| 354 |
352 // Construct the tokens and the job object that we are going to associate | 355 // Construct the tokens and the job object that we are going to associate |
353 // with the soon to be created target process. | 356 // with the soon to be created target process. |
354 HANDLE initial_token_temp; | 357 HANDLE initial_token_temp; |
355 HANDLE lockdown_token_temp; | 358 HANDLE lockdown_token_temp; |
356 ResultCode result = SBOX_ALL_OK; | 359 ResultCode result = SBOX_ALL_OK; |
357 | 360 |
358 if (IsTokenCacheable(policy_base)) { | 361 if (IsTokenCacheable(policy_base)) { |
359 // Create the master tokens only once and save them in a cache. That way | 362 // Create the master tokens only once and save them in a cache. That way |
360 // can just duplicate them to avoid hammering LSASS on every sandboxed | 363 // can just duplicate them to avoid hammering LSASS on every sandboxed |
361 // process launch. | 364 // process launch. |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
475 | 478 |
476 // Create the TargetProces object and spawn the target suspended. Note that | 479 // Create the TargetProces object and spawn the target suspended. Note that |
477 // Brokerservices does not own the target object. It is owned by the Policy. | 480 // Brokerservices does not own the target object. It is owned by the Policy. |
478 base::win::ScopedProcessInformation process_info; | 481 base::win::ScopedProcessInformation process_info; |
479 TargetProcess* target = new TargetProcess(initial_token.Take(), | 482 TargetProcess* target = new TargetProcess(initial_token.Take(), |
480 lockdown_token.Take(), | 483 lockdown_token.Take(), |
481 job.Get(), | 484 job.Get(), |
482 thread_pool_); | 485 thread_pool_); |
483 | 486 |
484 DWORD win_result = target->Create(exe_path, command_line, inherit_handles, | 487 DWORD win_result = target->Create(exe_path, command_line, inherit_handles, |
| 488 policy_base->GetLowBoxSid() ? true : false, |
485 startup_info, &process_info); | 489 startup_info, &process_info); |
486 if (ERROR_SUCCESS != win_result) | 490 if (ERROR_SUCCESS != win_result) |
487 return SpawnCleanup(target, win_result); | 491 return SpawnCleanup(target, win_result); |
488 | 492 |
489 // Now the policy is the owner of the target. | 493 // Now the policy is the owner of the target. |
490 if (!policy_base->AddTarget(target)) { | 494 if (!policy_base->AddTarget(target)) { |
491 return SpawnCleanup(target, 0); | 495 return SpawnCleanup(target, 0); |
492 } | 496 } |
493 | 497 |
494 // We are going to keep a pointer to the policy because we'll call it when | 498 // We are going to keep a pointer to the policy because we'll call it when |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
586 return SBOX_ERROR_UNSUPPORTED; | 590 return SBOX_ERROR_UNSUPPORTED; |
587 | 591 |
588 base::string16 name = LookupAppContainer(sid); | 592 base::string16 name = LookupAppContainer(sid); |
589 if (name.empty()) | 593 if (name.empty()) |
590 return SBOX_ERROR_INVALID_APP_CONTAINER; | 594 return SBOX_ERROR_INVALID_APP_CONTAINER; |
591 | 595 |
592 return DeleteAppContainer(sid); | 596 return DeleteAppContainer(sid); |
593 } | 597 } |
594 | 598 |
595 } // namespace sandbox | 599 } // namespace sandbox |
OLD | NEW |