Index: sandbox/win/src/sandbox_policy_base.cc |
diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc |
index d3c920e6429c0e7119a34d423747ec921113603e..b8661921521eb6c40d6dc864328666fb3d5e0054 100644 |
--- a/sandbox/win/src/sandbox_policy_base.cc |
+++ b/sandbox/win/src/sandbox_policy_base.cc |
@@ -4,8 +4,6 @@ |
#include "sandbox/win/src/sandbox_policy_base.h" |
-#include <sddl.h> |
- |
#include "base/basictypes.h" |
#include "base/callback.h" |
#include "base/logging.h" |
@@ -310,13 +308,6 @@ ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) { |
if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8) |
return SBOX_ALL_OK; |
- // Windows refuses to work with an impersonation token for a process inside |
- // an AppContainer. If the caller wants to use a more privileged initial |
- // token, or if the lockdown level will prevent the process from starting, |
- // we have to fail the operation. |
- if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) |
- return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; |
- |
DCHECK(!appcontainer_list_.get()); |
appcontainer_list_.reset(new AppContainerAttributes); |
ResultCode rv = appcontainer_list_->SetAppContainer(sid, capabilities_); |
@@ -477,13 +468,31 @@ ResultCode PolicyBase::MakeTokens(HANDLE* initial, HANDLE* lockdown) { |
} |
if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) { |
- // Windows refuses to work with an impersonation token. See SetAppContainer |
- // implementation for more details. |
- if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_) |
- return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; |
- |
- *initial = INVALID_HANDLE_VALUE; |
- return SBOX_ALL_OK; |
+ NtCreateLowBoxToken CreateLowBox = NULL; |
+ ResolveNTFunctionPtr("NtCreateLowBoxToken", &CreateLowBox); |
+ |
+ HANDLE token_lowbox = NULL; |
+ const SECURITY_CAPABILITIES& capabilities = |
+ appcontainer_list_->GetCapabilities(); |
+ |
+ OBJECT_ATTRIBUTES obj_attr; |
+ InitializeObjectAttributes(&obj_attr, NULL, 0, NULL, NULL); |
+ |
+ NTSTATUS status = CreateLowBox(&token_lowbox, |
+ *lockdown, |
+ TOKEN_ALL_ACCESS, |
+ &obj_attr, |
+ capabilities.AppContainerSid, |
+ capabilities.CapabilityCount, |
+ capabilities.Capabilities, |
+ 0, |
+ NULL); |
+ if (!NT_SUCCESS(status)) { |
rvargas (doing something else)
2015/02/24 01:01:49
nit: no {}
|
+ return SBOX_ERROR_GENERIC; |
+ } |
+ DCHECK(token_lowbox); |
+ ::CloseHandle(*lockdown); |
+ *lockdown = token_lowbox; |
} |
// Create the 'better' token. We use this token as the one that the main |