| Index: content/common/sandbox_win.cc
|
| diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
|
| index a3882d0d1dd709d581f695f2c990e6ee18ab0bbb..e4e853bbff627c37791ae176825fe8486fe1d4c6 100644
|
| --- a/content/common/sandbox_win.cc
|
| +++ b/content/common/sandbox_win.cc
|
| @@ -27,6 +27,7 @@
|
| #include "sandbox/win/src/process_mitigations.h"
|
| #include "sandbox/win/src/sandbox.h"
|
| #include "sandbox/win/src/sandbox_nt_util.h"
|
| +#include "sandbox/win/src/sid.h"
|
| #include "sandbox/win/src/win_utils.h"
|
| #include "ui/gfx/win/direct_write.h"
|
|
|
| @@ -533,6 +534,16 @@ void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) {
|
| policy->AddKernelObjectToClose(L"Section", object_path.data());
|
| }
|
|
|
| +void AddAppContainerPolicy(sandbox::TargetPolicy* policy) {
|
| + if (base::win::GetVersion() < base::win::VERSION_WIN8)
|
| + return;
|
| +
|
| + std::wstring unique_sid;
|
| + sandbox::Sid sid(::WinBuiltinAnyPackageSid);
|
| + unique_sid = sid.GenerateUniqueSubAuthoritySid();
|
| + policy->SetAppContainer(unique_sid.c_str());
|
| +}
|
| +
|
| bool InitBrokerServices(sandbox::BrokerServices* broker_services) {
|
| // TODO(abarth): DCHECK(CalledOnValidThread());
|
| // See <http://b/1287166>.
|
|
|
Chromium Code Reviews
Issue 937353002:
Adding method to create process using LowBox token in sandbox code. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master