sandbox/win/src/sandbox_policy_base.cc - Issue 937353002: Adding method to create process using LowBox token in sandbox code.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/win/src/sandbox_policy_base.cc

Issue 937353002: Adding method to create process using LowBox token in sandbox code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressing comments on earlier patch. Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/win/src/sandbox_policy_base.cc

diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc

index d3c920e6429c0e7119a34d423747ec921113603e..b8661921521eb6c40d6dc864328666fb3d5e0054 100644

--- a/sandbox/win/src/sandbox_policy_base.cc

+++ b/sandbox/win/src/sandbox_policy_base.cc

@@ -4,8 +4,6 @@

#include "sandbox/win/src/sandbox_policy_base.h"

-#include <sddl.h>

#include "base/basictypes.h"

#include "base/callback.h"

#include "base/logging.h"

@@ -310,13 +308,6 @@ ResultCode PolicyBase::SetAppContainer(const wchar_t* sid) {

if (base::win::OSInfo::GetInstance()->version() < base::win::VERSION_WIN8)

return SBOX_ALL_OK;

- // Windows refuses to work with an impersonation token for a process inside

- // an AppContainer. If the caller wants to use a more privileged initial

- // token, or if the lockdown level will prevent the process from starting,

- // we have to fail the operation.

- if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_)

- return SBOX_ERROR_CANNOT_INIT_APPCONTAINER;

DCHECK(!appcontainer_list_.get());

appcontainer_list_.reset(new AppContainerAttributes);

ResultCode rv = appcontainer_list_->SetAppContainer(sid, capabilities_);

@@ -477,13 +468,31 @@ ResultCode PolicyBase::MakeTokens(HANDLE* initial, HANDLE* lockdown) {

}

if (appcontainer_list_.get() && appcontainer_list_->HasAppContainer()) {

- // Windows refuses to work with an impersonation token. See SetAppContainer

- // implementation for more details.

- if (lockdown_level_ < USER_LIMITED || lockdown_level_ != initial_level_)

- return SBOX_ERROR_CANNOT_INIT_APPCONTAINER;

- *initial = INVALID_HANDLE_VALUE;

- return SBOX_ALL_OK;

+ NtCreateLowBoxToken CreateLowBox = NULL;

+ ResolveNTFunctionPtr("NtCreateLowBoxToken", &CreateLowBox);

+ HANDLE token_lowbox = NULL;

+ const SECURITY_CAPABILITIES& capabilities =

+ appcontainer_list_->GetCapabilities();

+ OBJECT_ATTRIBUTES obj_attr;

+ InitializeObjectAttributes(&obj_attr, NULL, 0, NULL, NULL);

+ NTSTATUS status = CreateLowBox(&token_lowbox,

+ *lockdown,

+ TOKEN_ALL_ACCESS,

+ &obj_attr,

+ capabilities.AppContainerSid,

+ capabilities.CapabilityCount,

+ capabilities.Capabilities,

+ 0,

+ NULL);

+ if (!NT_SUCCESS(status)) {

rvargas (doing something else) 2015/02/24 01:01:49 nit: no {}

+ return SBOX_ERROR_GENERIC;

+ }

+ DCHECK(token_lowbox);

+ ::CloseHandle(*lockdown);

+ *lockdown = token_lowbox;

}

// Create the 'better' token. We use this token as the one that the main

« no previous file with comments | « sandbox/win/src/policy_target.cc ('k') | sandbox/win/src/sid.h » ('j') | sandbox/win/src/sid.cc » ('J')