sandbox/src/handle_policy.cc - Issue 9924010: Revert 129627 - Add a sandbox API for broker handle duplication

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/src/handle_policy.cc

Issue 9924010: Revert 129627 - Add a sandbox API for broker handle duplication (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "sandbox/src/handle_policy.h"

6

7 #include <string>

8

9 #include "base/win/scoped_handle.h"

10 #include "sandbox/src/broker_services.h"

11 #include "sandbox/src/ipc_tags.h"

12 #include "sandbox/src/policy_engine_opcodes.h"

13 #include "sandbox/src/policy_params.h"

14 #include "sandbox/src/sandbox_types.h"

15 #include "sandbox/src/sandbox_utils.h"

16

17 namespace sandbox {

18

19 bool HandlePolicy::GenerateRules(const wchar_t* type_name,

20 TargetPolicy::Semantics semantics,

21 LowLevelPolicy* policy) {

22 // We don't support any other semantics for handles yet.

23 if (TargetPolicy::HANDLES_DUP_ANY != semantics) {

24 return false;

25 }

26 PolicyRule duplicate_rule(ASK_BROKER);

27 if (!duplicate_rule.AddStringMatch(IF, NameBased::NAME, type_name,

28 CASE_INSENSITIVE)) {

29 return false;

30 }

31 if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &duplicate_rule)) {

32 return false;

33 }

34 return true;

35 }

36

37 DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,

38 const ClientInfo& client_info,

39 HANDLE source_handle,

40 DWORD target_process_id,

41 HANDLE* target_handle,

42 DWORD desired_access,

43 DWORD options) {

44 // The only action supported is ASK_BROKER which means duplicate the handle.

45 if (ASK_BROKER != eval_result) {

46 return ERROR_ACCESS_DENIED;

47 }

48

49 // Make sure the target is one of our sandboxed children.

50 if (!BrokerServicesBase::GetInstance()->IsActiveTarget(target_process_id)) {

51 return ERROR_ACCESS_DENIED;

52 }

53

54 base::win::ScopedHandle target_process(::OpenProcess(PROCESS_DUP_HANDLE,

55 FALSE,

56 target_process_id));

57 if (NULL == target_process)

58 return ::GetLastError();

59

60 DWORD result = ERROR_SUCCESS;

61 if (!::DuplicateHandle(client_info.process, source_handle, target_process,

62 target_handle, desired_access, FALSE,

63 options)) {

64 return ::GetLastError();

65 }

66

67 return ERROR_SUCCESS;

68 }

69

70 } // namespace sandbox

71

OLD	NEW

« no previous file with comments | « sandbox/src/handle_policy.h ('k') | sandbox/src/handle_policy_test.cc » ('j') | no next file with comments »