Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(944)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_win.cc

Issue 937353002: Adding method to create process using LowBox token in sandbox code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Added platform checking Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« base/win/object_watcher.cc ('K') | « content/common/sandbox_win.h ('k') | sandbox/win/src/app_container.h » ('j') | sandbox/win/src/app_container.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_win.cc
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index a3882d0d1dd709d581f695f2c990e6ee18ab0bbb..041d1b53edf92c5b991326a5dc0c667e4941a4a6 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -533,6 +533,23 @@ void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) {
policy->AddKernelObjectToClose(L"Section", object_path.data());
}
+void AddAppContainerPolicy(sandbox::TargetPolicy* policy) {
+ if (base::win::GetVersion() < base::win::VERSION_WIN8)
+ return;
+ DCHECK(g_broker_services);
+ // Reviewers: This doesn't seem to be right place for installing
forshaw 2015/02/20 11:38:02 Based on my original testing I don't believe you n
Shrikant Kelkar 2015/02/21 02:32:40 Appended GUID, ptal.
+ // an appcontainer please suggest one. Ideally we may want to create
+ // appcontainer per site
+ const wchar_t kAppContainerName[] = L"sbox_chromium";
+ const wchar_t kAppContainerSid[] =
+ L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+ L"924012148-2839372144";
+ // Install will only register if appcontainer is not already there.
+ g_broker_services->InstallAppContainer(kAppContainerSid, kAppContainerName);
+
+ policy->SetAppContainer(kAppContainerSid);
+}
+
bool InitBrokerServices(sandbox::BrokerServices* broker_services) {
// TODO(abarth): DCHECK(CalledOnValidThread());
// See <http://b/1287166>.
« base/win/object_watcher.cc ('K') | « content/common/sandbox_win.h ('k') | sandbox/win/src/app_container.h » ('j') | sandbox/win/src/app_container.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698