Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(20)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/registry_policy.cc

Issue 13912024: Fix small race in the sandbox (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/win/src/named_pipe_policy.cc ('k') | sandbox/win/src/sync_policy.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <string> 5 #include <string>
6 6
7 #include "sandbox/win/src/registry_policy.h" 7 #include "sandbox/win/src/registry_policy.h"
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "sandbox/win/src/ipc_tags.h" 10 #include "sandbox/win/src/ipc_tags.h"
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
71 HANDLE local_handle = INVALID_HANDLE_VALUE; 71 HANDLE local_handle = INVALID_HANDLE_VALUE;
72 NTSTATUS status = NtCreateKey(&local_handle, desired_access, obj_attributes, 72 NTSTATUS status = NtCreateKey(&local_handle, desired_access, obj_attributes,
73 title_index, class_name, create_options, 73 title_index, class_name, create_options,
74 disposition); 74 disposition);
75 if (!NT_SUCCESS(status)) 75 if (!NT_SUCCESS(status))
76 return status; 76 return status;
77 77
78 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, 78 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
79 target_process, target_key_handle, 0, FALSE, 79 target_process, target_key_handle, 0, FALSE,
80 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { 80 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
81 ::CloseHandle(local_handle);
82 return STATUS_ACCESS_DENIED; 81 return STATUS_ACCESS_DENIED;
83 } 82 }
84 return STATUS_SUCCESS; 83 return STATUS_SUCCESS;
85 } 84 }
86 85
87 NTSTATUS NtOpenKeyInTarget(HANDLE* target_key_handle, 86 NTSTATUS NtOpenKeyInTarget(HANDLE* target_key_handle,
88 ACCESS_MASK desired_access, 87 ACCESS_MASK desired_access,
89 OBJECT_ATTRIBUTES* obj_attributes, 88 OBJECT_ATTRIBUTES* obj_attributes,
90 HANDLE target_process) { 89 HANDLE target_process) {
91 NtOpenKeyFunction NtOpenKey = NULL; 90 NtOpenKeyFunction NtOpenKey = NULL;
92 ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey); 91 ResolveNTFunctionPtr("NtOpenKey", &NtOpenKey);
93 92
94 if (MAXIMUM_ALLOWED & desired_access) { 93 if (MAXIMUM_ALLOWED & desired_access) {
95 NTSTATUS status = TranslateMaximumAllowed(obj_attributes, &desired_access); 94 NTSTATUS status = TranslateMaximumAllowed(obj_attributes, &desired_access);
96 if (!NT_SUCCESS(status)) 95 if (!NT_SUCCESS(status))
97 return STATUS_ACCESS_DENIED; 96 return STATUS_ACCESS_DENIED;
98 } 97 }
99 98
100 HANDLE local_handle = INVALID_HANDLE_VALUE; 99 HANDLE local_handle = INVALID_HANDLE_VALUE;
101 NTSTATUS status = NtOpenKey(&local_handle, desired_access, obj_attributes); 100 NTSTATUS status = NtOpenKey(&local_handle, desired_access, obj_attributes);
102 101
103 if (!NT_SUCCESS(status)) 102 if (!NT_SUCCESS(status))
104 return status; 103 return status;
105 104
106 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, 105 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
107 target_process, target_key_handle, 0, FALSE, 106 target_process, target_key_handle, 0, FALSE,
108 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { 107 DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
109 ::CloseHandle(local_handle);
110 return STATUS_ACCESS_DENIED; 108 return STATUS_ACCESS_DENIED;
111 } 109 }
112 return STATUS_SUCCESS; 110 return STATUS_SUCCESS;
113 } 111 }
114 112
115 } 113 }
116 114
117 namespace sandbox { 115 namespace sandbox {
118 116
119 bool RegistryPolicy::GenerateRules(const wchar_t* name, 117 bool RegistryPolicy::GenerateRules(const wchar_t* name,
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
218 UNICODE_STRING uni_name = {0}; 216 UNICODE_STRING uni_name = {0};
219 OBJECT_ATTRIBUTES obj_attributes = {0}; 217 OBJECT_ATTRIBUTES obj_attributes = {0};
220 InitObjectAttribs(key, attributes, root_directory, &obj_attributes, 218 InitObjectAttribs(key, attributes, root_directory, &obj_attributes,
221 &uni_name); 219 &uni_name);
222 *nt_status = NtOpenKeyInTarget(handle, desired_access, &obj_attributes, 220 *nt_status = NtOpenKeyInTarget(handle, desired_access, &obj_attributes,
223 client_info.process); 221 client_info.process);
224 return true; 222 return true;
225 } 223 }
226 224
227 } // namespace sandbox 225 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/named_pipe_policy.cc ('k') | sandbox/win/src/sync_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698