| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/app_container.h" | 5 #include "sandbox/win/src/app_container.h" |
| 6 | 6 |
| 7 #include <Sddl.h> | 7 #include <Sddl.h> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/win/startup_information.h" | 12 #include "base/win/startup_information.h" |
| 13 #include "sandbox/win/src/internal_types.h" | 13 #include "sandbox/win/src/internal_types.h" |
| 14 | 14 |
| 15 namespace { | 15 namespace { |
| 16 | 16 |
| 17 // Converts the passed in sid string to a PSID that must be relased with | 17 // Converts the passed in sid string to a PSID that must be relased with |
| 18 // LocalFree. | 18 // LocalFree. |
| 19 PSID ConvertSid(const string16& sid) { | 19 PSID ConvertSid(const base::string16& sid) { |
| 20 PSID local_sid; | 20 PSID local_sid; |
| 21 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) | 21 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) |
| 22 return NULL; | 22 return NULL; |
| 23 return local_sid; | 23 return local_sid; |
| 24 } | 24 } |
| 25 | 25 |
| 26 template <typename T> | 26 template <typename T> |
| 27 T BindFunction(const char* name) { | 27 T BindFunction(const char* name) { |
| 28 HMODULE module = GetModuleHandle(sandbox::kKerneldllName); | 28 HMODULE module = GetModuleHandle(sandbox::kKerneldllName); |
| 29 void* function = GetProcAddress(module, name); | 29 void* function = GetProcAddress(module, name); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 42 memset(&capabilities_, 0, sizeof(capabilities_)); | 42 memset(&capabilities_, 0, sizeof(capabilities_)); |
| 43 } | 43 } |
| 44 | 44 |
| 45 AppContainerAttributes::~AppContainerAttributes() { | 45 AppContainerAttributes::~AppContainerAttributes() { |
| 46 for (size_t i = 0; i < attributes_.size(); i++) | 46 for (size_t i = 0; i < attributes_.size(); i++) |
| 47 LocalFree(attributes_[i].Sid); | 47 LocalFree(attributes_[i].Sid); |
| 48 LocalFree(capabilities_.AppContainerSid); | 48 LocalFree(capabilities_.AppContainerSid); |
| 49 } | 49 } |
| 50 | 50 |
| 51 ResultCode AppContainerAttributes::SetAppContainer( | 51 ResultCode AppContainerAttributes::SetAppContainer( |
| 52 const string16& app_container_sid, | 52 const base::string16& app_container_sid, |
| 53 const std::vector<string16>& capabilities) { | 53 const std::vector<base::string16>& capabilities) { |
| 54 DCHECK(!capabilities_.AppContainerSid); | 54 DCHECK(!capabilities_.AppContainerSid); |
| 55 DCHECK(attributes_.empty()); | 55 DCHECK(attributes_.empty()); |
| 56 capabilities_.AppContainerSid = ConvertSid(app_container_sid); | 56 capabilities_.AppContainerSid = ConvertSid(app_container_sid); |
| 57 if (!capabilities_.AppContainerSid) | 57 if (!capabilities_.AppContainerSid) |
| 58 return SBOX_ERROR_INVALID_APP_CONTAINER; | 58 return SBOX_ERROR_INVALID_APP_CONTAINER; |
| 59 | 59 |
| 60 for (size_t i = 0; i < capabilities.size(); i++) { | 60 for (size_t i = 0; i < capabilities.size(); i++) { |
| 61 SID_AND_ATTRIBUTES sid_and_attributes; | 61 SID_AND_ATTRIBUTES sid_and_attributes; |
| 62 sid_and_attributes.Sid = ConvertSid(capabilities[i]); | 62 sid_and_attributes.Sid = ConvertSid(capabilities[i]); |
| 63 if (!sid_and_attributes.Sid) | 63 if (!sid_and_attributes.Sid) |
| (...skipping 23 matching lines...) Expand all Loading... |
| 87 DPLOG(ERROR) << "Failed UpdateProcThreadAttribute"; | 87 DPLOG(ERROR) << "Failed UpdateProcThreadAttribute"; |
| 88 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; | 88 return SBOX_ERROR_CANNOT_INIT_APPCONTAINER; |
| 89 } | 89 } |
| 90 return SBOX_ALL_OK; | 90 return SBOX_ALL_OK; |
| 91 } | 91 } |
| 92 | 92 |
| 93 bool AppContainerAttributes::HasAppContainer() const { | 93 bool AppContainerAttributes::HasAppContainer() const { |
| 94 return (capabilities_.AppContainerSid != NULL); | 94 return (capabilities_.AppContainerSid != NULL); |
| 95 } | 95 } |
| 96 | 96 |
| 97 ResultCode CreateAppContainer(const string16& sid, const string16& name) { | 97 ResultCode CreateAppContainer(const base::string16& sid, |
| 98 const base::string16& name) { |
| 98 PSID local_sid; | 99 PSID local_sid; |
| 99 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) | 100 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) |
| 100 return SBOX_ERROR_INVALID_APP_CONTAINER; | 101 return SBOX_ERROR_INVALID_APP_CONTAINER; |
| 101 | 102 |
| 102 typedef HRESULT (WINAPI* AppContainerRegisterSidPtr)(PSID sid, | 103 typedef HRESULT (WINAPI* AppContainerRegisterSidPtr)(PSID sid, |
| 103 LPCWSTR moniker, | 104 LPCWSTR moniker, |
| 104 LPCWSTR display_name); | 105 LPCWSTR display_name); |
| 105 static AppContainerRegisterSidPtr AppContainerRegisterSid = NULL; | 106 static AppContainerRegisterSidPtr AppContainerRegisterSid = NULL; |
| 106 | 107 |
| 107 if (!AppContainerRegisterSid) { | 108 if (!AppContainerRegisterSid) { |
| 108 AppContainerRegisterSid = | 109 AppContainerRegisterSid = |
| 109 BindFunction<AppContainerRegisterSidPtr>("AppContainerRegisterSid"); | 110 BindFunction<AppContainerRegisterSidPtr>("AppContainerRegisterSid"); |
| 110 } | 111 } |
| 111 | 112 |
| 112 ResultCode operation_result = SBOX_ERROR_GENERIC; | 113 ResultCode operation_result = SBOX_ERROR_GENERIC; |
| 113 if (AppContainerRegisterSid) { | 114 if (AppContainerRegisterSid) { |
| 114 HRESULT rv = AppContainerRegisterSid(local_sid, name.c_str(), name.c_str()); | 115 HRESULT rv = AppContainerRegisterSid(local_sid, name.c_str(), name.c_str()); |
| 115 if (SUCCEEDED(rv)) | 116 if (SUCCEEDED(rv)) |
| 116 operation_result = SBOX_ALL_OK; | 117 operation_result = SBOX_ALL_OK; |
| 117 else | 118 else |
| 118 DLOG(ERROR) << "AppContainerRegisterSid error:" << std::hex << rv; | 119 DLOG(ERROR) << "AppContainerRegisterSid error:" << std::hex << rv; |
| 119 } | 120 } |
| 120 LocalFree(local_sid); | 121 LocalFree(local_sid); |
| 121 return operation_result; | 122 return operation_result; |
| 122 } | 123 } |
| 123 | 124 |
| 124 ResultCode DeleteAppContainer(const string16& sid) { | 125 ResultCode DeleteAppContainer(const base::string16& sid) { |
| 125 PSID local_sid; | 126 PSID local_sid; |
| 126 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) | 127 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) |
| 127 return SBOX_ERROR_INVALID_APP_CONTAINER; | 128 return SBOX_ERROR_INVALID_APP_CONTAINER; |
| 128 | 129 |
| 129 typedef HRESULT (WINAPI* AppContainerUnregisterSidPtr)(PSID sid); | 130 typedef HRESULT (WINAPI* AppContainerUnregisterSidPtr)(PSID sid); |
| 130 static AppContainerUnregisterSidPtr AppContainerUnregisterSid = NULL; | 131 static AppContainerUnregisterSidPtr AppContainerUnregisterSid = NULL; |
| 131 | 132 |
| 132 if (!AppContainerUnregisterSid) { | 133 if (!AppContainerUnregisterSid) { |
| 133 AppContainerUnregisterSid = | 134 AppContainerUnregisterSid = |
| 134 BindFunction<AppContainerUnregisterSidPtr>("AppContainerUnregisterSid"); | 135 BindFunction<AppContainerUnregisterSidPtr>("AppContainerUnregisterSid"); |
| 135 } | 136 } |
| 136 | 137 |
| 137 ResultCode operation_result = SBOX_ERROR_GENERIC; | 138 ResultCode operation_result = SBOX_ERROR_GENERIC; |
| 138 if (AppContainerUnregisterSid) { | 139 if (AppContainerUnregisterSid) { |
| 139 HRESULT rv = AppContainerUnregisterSid(local_sid); | 140 HRESULT rv = AppContainerUnregisterSid(local_sid); |
| 140 if (SUCCEEDED(rv)) | 141 if (SUCCEEDED(rv)) |
| 141 operation_result = SBOX_ALL_OK; | 142 operation_result = SBOX_ALL_OK; |
| 142 else | 143 else |
| 143 DLOG(ERROR) << "AppContainerUnregisterSid error:" << std::hex << rv; | 144 DLOG(ERROR) << "AppContainerUnregisterSid error:" << std::hex << rv; |
| 144 } | 145 } |
| 145 LocalFree(local_sid); | 146 LocalFree(local_sid); |
| 146 return operation_result; | 147 return operation_result; |
| 147 } | 148 } |
| 148 | 149 |
| 149 string16 LookupAppContainer(const string16& sid) { | 150 base::string16 LookupAppContainer(const base::string16& sid) { |
| 150 PSID local_sid; | 151 PSID local_sid; |
| 151 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) | 152 if (!ConvertStringSidToSid(sid.c_str(), &local_sid)) |
| 152 return string16(); | 153 return base::string16(); |
| 153 | 154 |
| 154 typedef HRESULT (WINAPI* AppContainerLookupMonikerPtr)(PSID sid, | 155 typedef HRESULT (WINAPI* AppContainerLookupMonikerPtr)(PSID sid, |
| 155 LPWSTR* moniker); | 156 LPWSTR* moniker); |
| 156 typedef BOOLEAN (WINAPI* AppContainerFreeMemoryPtr)(void* ptr); | 157 typedef BOOLEAN (WINAPI* AppContainerFreeMemoryPtr)(void* ptr); |
| 157 | 158 |
| 158 static AppContainerLookupMonikerPtr AppContainerLookupMoniker = NULL; | 159 static AppContainerLookupMonikerPtr AppContainerLookupMoniker = NULL; |
| 159 static AppContainerFreeMemoryPtr AppContainerFreeMemory = NULL; | 160 static AppContainerFreeMemoryPtr AppContainerFreeMemory = NULL; |
| 160 | 161 |
| 161 if (!AppContainerLookupMoniker || !AppContainerFreeMemory) { | 162 if (!AppContainerLookupMoniker || !AppContainerFreeMemory) { |
| 162 AppContainerLookupMoniker = | 163 AppContainerLookupMoniker = |
| 163 BindFunction<AppContainerLookupMonikerPtr>("AppContainerLookupMoniker"); | 164 BindFunction<AppContainerLookupMonikerPtr>("AppContainerLookupMoniker"); |
| 164 AppContainerFreeMemory = | 165 AppContainerFreeMemory = |
| 165 BindFunction<AppContainerFreeMemoryPtr>("AppContainerFreeMemory"); | 166 BindFunction<AppContainerFreeMemoryPtr>("AppContainerFreeMemory"); |
| 166 } | 167 } |
| 167 | 168 |
| 168 if (!AppContainerLookupMoniker || !AppContainerFreeMemory) | 169 if (!AppContainerLookupMoniker || !AppContainerFreeMemory) |
| 169 return string16(); | 170 return base::string16(); |
| 170 | 171 |
| 171 wchar_t* buffer = NULL; | 172 wchar_t* buffer = NULL; |
| 172 HRESULT rv = AppContainerLookupMoniker(local_sid, &buffer); | 173 HRESULT rv = AppContainerLookupMoniker(local_sid, &buffer); |
| 173 if (FAILED(rv)) | 174 if (FAILED(rv)) |
| 174 return string16(); | 175 return base::string16(); |
| 175 | 176 |
| 176 string16 name(buffer); | 177 base::string16 name(buffer); |
| 177 if (!AppContainerFreeMemory(buffer)) | 178 if (!AppContainerFreeMemory(buffer)) |
| 178 NOTREACHED(); | 179 NOTREACHED(); |
| 179 return name; | 180 return name; |
| 180 } | 181 } |
| 181 | 182 |
| 182 } // namespace sandbox | 183 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 119713003:
Add base:: to string16s in sandbox/. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src