| Index: content/common/sandbox_policy.cc
|
| ===================================================================
|
| --- content/common/sandbox_policy.cc (revision 129865)
|
| +++ content/common/sandbox_policy.cc (working copy)
|
| @@ -15,6 +15,7 @@
|
| #include "base/process_util.h"
|
| #include "base/stringprintf.h"
|
| #include "base/string_util.h"
|
| +#include "base/win/scoped_handle.h"
|
| #include "base/win/windows_version.h"
|
| #include "content/common/debug_flags.h"
|
| #include "content/public/common/content_client.h"
|
| @@ -24,6 +25,7 @@
|
| #include "ui/gfx/gl/gl_switches.h"
|
|
|
| static sandbox::BrokerServices* g_broker_services = NULL;
|
| +static sandbox::TargetServices* g_target_services = NULL;
|
|
|
| namespace {
|
|
|
| @@ -365,7 +367,17 @@
|
| return true;
|
| }
|
|
|
| -void AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
|
| +bool AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
|
| + // Renderers need to copy sections for plugin DIBs.
|
| + sandbox::ResultCode result;
|
| + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
|
| + sandbox::TargetPolicy::HANDLES_DUP_ANY,
|
| + L"Section");
|
| + if (result != sandbox::SBOX_ALL_OK) {
|
| + NOTREACHED();
|
| + return false;
|
| + }
|
| +
|
| policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0);
|
|
|
| sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
|
| @@ -386,6 +398,8 @@
|
| }
|
|
|
| AddGenericDllEvictionPolicy(policy);
|
| +
|
| + return true;
|
| }
|
|
|
| // The Pepper process as locked-down as a renderer execpt that it can
|
| @@ -399,23 +413,63 @@
|
| NOTREACHED();
|
| return false;
|
| }
|
| - AddPolicyForRenderer(policy);
|
| - return true;
|
| + return AddPolicyForRenderer(policy);
|
| }
|
|
|
| } // namespace
|
|
|
| namespace sandbox {
|
|
|
| -void InitBrokerServices(sandbox::BrokerServices* broker_services) {
|
| +bool InitBrokerServices(sandbox::BrokerServices* broker_services) {
|
| // TODO(abarth): DCHECK(CalledOnValidThread());
|
| // See <http://b/1287166>.
|
| DCHECK(broker_services);
|
| DCHECK(!g_broker_services);
|
| - broker_services->Init();
|
| + sandbox::ResultCode result = broker_services->Init();
|
| g_broker_services = broker_services;
|
| + return SBOX_ALL_OK == result;
|
| }
|
|
|
| +bool InitTargetServices(sandbox::TargetServices* target_services) {
|
| + DCHECK(target_services);
|
| + DCHECK(!g_target_services);
|
| + sandbox::ResultCode result = target_services->Init();
|
| + g_target_services = target_services;
|
| + return SBOX_ALL_OK == result;
|
| +}
|
| +
|
| +bool BrokerDuplicateHandle(HANDLE source_handle,
|
| + DWORD target_process_id,
|
| + HANDLE* target_handle,
|
| + DWORD desired_access,
|
| + DWORD options) {
|
| + // Just use DuplicateHandle() if we aren't in the sandbox.
|
| + if (!g_target_services) {
|
| + base::win::ScopedHandle target_process(::OpenProcess(PROCESS_DUP_HANDLE,
|
| + FALSE,
|
| + target_process_id));
|
| + if (!target_process.IsValid())
|
| + return false;
|
| +
|
| + if (!::DuplicateHandle(::GetCurrentProcess(), source_handle,
|
| + target_process, target_handle,
|
| + desired_access, FALSE,
|
| + options)) {
|
| + return false;
|
| + }
|
| +
|
| + return true;
|
| + }
|
| +
|
| + ResultCode result = g_target_services->DuplicateHandle(source_handle,
|
| + target_process_id,
|
| + target_handle,
|
| + desired_access,
|
| + options);
|
| + return SBOX_ALL_OK == result;
|
| +}
|
| +
|
| +
|
| base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
|
| const FilePath& exposed_dir) {
|
| base::ProcessHandle process = 0;
|
| @@ -524,7 +578,8 @@
|
| if (!AddPolicyForPepperPlugin(policy))
|
| return 0;
|
| } else {
|
| - AddPolicyForRenderer(policy);
|
| + if (!AddPolicyForRenderer(policy))
|
| + return 0;
|
| // TODO(jschuh): Need get these restrictions applied to NaCl and Pepper.
|
| // Just have to figure out what needs to be warmed up first.
|
| if (type == content::PROCESS_TYPE_RENDERER ||
|
|
|
Chromium Code Reviews
Issue 9838083:
Add a sandbox API for broker handle duplication (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/