Index: sandbox/win/src/policy_broker.cc |
diff --git a/sandbox/win/src/policy_broker.cc b/sandbox/win/src/policy_broker.cc |
index dc5e18c28b9eb45c089ecdef68c1b0aaad154d28..03ff091b905de55fd968638b92d0df6ecd8b6b1c 100644 |
--- a/sandbox/win/src/policy_broker.cc |
+++ b/sandbox/win/src/policy_broker.cc |
@@ -89,14 +89,15 @@ bool SetupNtdllImports(TargetProcess *child) { |
bool SetupBasicInterceptions(InterceptionManager* manager) { |
// Interceptions provided by process_thread_policy, without actual policy. |
rvargas (doing something else)
2015/02/27 20:16:34
What's the change here? The first three intercepti
rvargas (doing something else)
2015/02/28 01:10:05
Looks like you missed these comments.
Shrikant Kelkar
2015/02/28 01:55:41
Done.
|
if (!INTERCEPT_NT(manager, NtOpenThread, OPEN_TREAD_ID, 20) || |
- !INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20) || |
- !INTERCEPT_NT(manager, NtOpenProcessToken, OPEN_PROCESS_TOKEN_ID, 16)) |
+ !INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20)) |
rvargas (doing something else)
2015/02/27 20:16:34
Nit: this requires {} (and below)
|
+ return false; |
+ |
+ if(!INTERCEPT_NT(manager, NtOpenProcessToken, OPEN_PROCESS_TOKEN_ID, 16) || |
+ !INTERCEPT_NT(manager, NtOpenThreadToken, OPEN_THREAD_TOKEN_ID, 20)) |
return false; |
- // Interceptions with neither policy nor IPC. |
if (!INTERCEPT_NT(manager, NtSetInformationThread, SET_INFORMATION_THREAD_ID, |
- 20) || |
- !INTERCEPT_NT(manager, NtOpenThreadToken, OPEN_THREAD_TOKEN_ID, 20)) |
+ 20)) |
return false; |
if (base::win::GetVersion() >= base::win::VERSION_XP) { |