Revert 128016 - Make sandbox explicitly block opening broker and sandboxed processes

sandbox/src/broker_services.cc

Index: sandbox/src/broker_services.cc
===================================================================
--- sandbox/src/broker_services.cc	(revision 128568)
+++ sandbox/src/broker_services.cc	(working copy)
@@ -1,11 +1,9 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/src/broker_services.h"
 
-#include <AclAPI.h>
-
 #include "base/logging.h"
 #include "base/threading/platform_thread.h"
 #include "sandbox/src/sandbox_policy_base.h"
@@ -44,53 +42,20 @@
   THREAD_CTRL_LAST
 };
 
-// Adds deny ACEs to broker and returns the security descriptor so it can
-// be applied to target processes. The returned descriptor must be freed by
-// calling LocalFree.
-PSECURITY_DESCRIPTOR SetSecurityDescriptorForBroker() {
-  static bool is_initialized = false;
-  DWORD error = ERROR_SUCCESS;
-  PSECURITY_DESCRIPTOR security_descriptor = NULL;
-
-  if (!is_initialized) {
-    error = sandbox::SetObjectDenyRestrictedAndNull(GetCurrentProcess(),
-                                                    SE_KERNEL_OBJECT);
-    if (error) {
-      ::SetLastError(error);
-      return NULL;
-    }
-
-    is_initialized = true;
-  }
-
-  // Save off resulting security descriptor for spawning the targets.
-  error = ::GetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT,
-                            DACL_SECURITY_INFORMATION, NULL, NULL,
-                            NULL, NULL, &security_descriptor);
-  if (error) {
-    ::SetLastError(error);
-    return NULL;
-  }
-
-  return security_descriptor;
 }
 
-}
-
 namespace sandbox {
 
 BrokerServicesBase::BrokerServicesBase()
     : thread_pool_(NULL), job_port_(NULL), no_targets_(NULL),
-      security_descriptor_(NULL), job_thread_(NULL) {
+      job_thread_(NULL) {
 }
 
 // The broker uses a dedicated worker thread that services the job completion
 // port to perform policy notifications and associated cleanup tasks.
 ResultCode BrokerServicesBase::Init() {
-  if ((NULL != job_port_) || (NULL != thread_pool_) ||
-      (NULL != security_descriptor_)) {
+  if ((NULL != job_port_) || (NULL != thread_pool_))
     return SBOX_ERROR_UNEXPECTED_CALL;
-  }
 
   ::InitializeCriticalSection(&lock_);
 
@@ -98,10 +63,6 @@
   if (NULL == job_port_)
     return SBOX_ERROR_GENERIC;
 
-  security_descriptor_ = SetSecurityDescriptorForBroker();
-  if (NULL == security_descriptor_)
-    return SBOX_ERROR_GENERIC;
-
   no_targets_ = ::CreateEventW(NULL, TRUE, FALSE, NULL);
 
   job_thread_ = ::CreateThread(NULL, 0,  // Default security and stack.
@@ -143,10 +104,6 @@
   ::CloseHandle(job_thread_);
   delete thread_pool_;
   ::CloseHandle(no_targets_);
-
-  if (security_descriptor_)
-    ::LocalFree(security_descriptor_);
-
   // If job_port_ isn't NULL, assumes that the lock has been initialized.
   if (job_port_)
     ::DeleteCriticalSection(&lock_);
@@ -306,20 +263,13 @@
   // Create the TargetProces object and spawn the target suspended. Note that
   // Brokerservices does not own the target object. It is owned by the Policy.
   PROCESS_INFORMATION process_info = {0};
-
   TargetProcess* target = new TargetProcess(initial_token, lockdown_token,
                                             job, thread_pool_);
 
   std::wstring desktop = policy_base->GetAlternateDesktop();
 
-  // Set the security descriptor so the target picks up deny ACEs.
-  SECURITY_ATTRIBUTES security_attributes = {sizeof(security_attributes),
-                                             security_descriptor_,
-                                             FALSE};
-
   win_result = target->Create(exe_path, command_line,
                               desktop.empty() ? NULL : desktop.c_str(),
-                              &security_attributes,
                               &process_info);
   if (ERROR_SUCCESS != win_result)
     return SpawnCleanup(target, win_result);