sandbox/src/restricted_token_utils.cc - Issue 9834065: Revert 128016 - Make sandbox explicitly block opening broker and sandboxed processes

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/src/restricted_token_utils.cc

Issue 9834065: Revert 128016 - Make sandbox explicitly block opening broker and sandboxed processes (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/src/restricted_token_utils.cc

===================================================================

--- sandbox/src/restricted_token_utils.cc (revision 128568)

+++ sandbox/src/restricted_token_utils.cc (working copy)

@@ -1,4 +1,4 @@

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.

@@ -340,40 +340,4 @@

return SetTokenIntegrityLevel(token.Get(), integrity_level);

}

-DWORD SetObjectDenyRestrictedAndNull(HANDLE handle, SE_OBJECT_TYPE type) {

- PSECURITY_DESCRIPTOR sec_desc = NULL;

- PACL old_dacl = NULL;

- DWORD error = ::GetSecurityInfo(handle, type, DACL_SECURITY_INFORMATION,

- NULL, NULL, &old_dacl, NULL, &sec_desc);

- if (!error) {

- Sid deny_sids[] = { Sid(WinNullSid), Sid(WinRestrictedCodeSid) };

- const int kDenySidsCount = sizeof(deny_sids) / sizeof(deny_sids[0]);

- EXPLICIT_ACCESS deny_aces[kDenySidsCount];

- ::ZeroMemory(deny_aces, sizeof(deny_aces));

- for (int i = 0; i < kDenySidsCount; ++i) {

- deny_aces[i].grfAccessMode = DENY_ACCESS;

- deny_aces[i].grfAccessPermissions = GENERIC_ALL;

- deny_aces[i].grfInheritance = NO_INHERITANCE;

- deny_aces[i].Trustee.TrusteeForm = TRUSTEE_IS_SID;

- deny_aces[i].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;

- deny_aces[i].Trustee.ptstrName =

- reinterpret_cast<LPWSTR>(const_cast<SID*>(deny_sids[i].GetPSID()));

- }

- PACL new_dacl = NULL;

- error = ::SetEntriesInAcl(kDenySidsCount, deny_aces, old_dacl, &new_dacl);

- if (!error) {

- error = ::SetSecurityInfo(handle, type, DACL_SECURITY_INFORMATION,

- NULL, NULL, new_dacl, NULL);

- ::LocalFree(new_dacl);

- }

- ::LocalFree(sec_desc);

- }

- return error;

} // namespace sandbox

« no previous file with comments | « sandbox/src/restricted_token_utils.h ('k') | sandbox/src/target_process.h » ('j') | no next file with comments »