security/sandbox/win/src/job.cc@6474c204b198 (annotated)
security/sandbox/win/src/job.cc
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| michael@0 | 2 | // Use of this source code is governed by a BSD-style license that can be |
| michael@0 | 3 | // found in the LICENSE file. |
| michael@0 | 4 | |
| michael@0 | 5 | #include "sandbox/win/src/job.h" |
| michael@0 | 6 | |
| michael@0 | 7 | #include "base/win/windows_version.h" |
| michael@0 | 8 | #include "sandbox/win/src/restricted_token.h" |
| michael@0 | 9 | |
| michael@0 | 10 | namespace sandbox { |
| michael@0 | 11 | |
| michael@0 | 12 | Job::~Job() { |
| michael@0 | 13 | if (job_handle_) |
| michael@0 | 14 | ::CloseHandle(job_handle_); |
| michael@0 | 15 | }; |
| michael@0 | 16 | |
| michael@0 | 17 | DWORD Job::Init(JobLevel security_level, wchar_t *job_name, |
| michael@0 | 18 | DWORD ui_exceptions) { |
| michael@0 | 19 | if (job_handle_) |
| michael@0 | 20 | return ERROR_ALREADY_INITIALIZED; |
| michael@0 | 21 | |
| michael@0 | 22 | job_handle_ = ::CreateJobObject(NULL, // No security attribute |
| michael@0 | 23 | job_name); |
| michael@0 | 24 | if (!job_handle_) |
| michael@0 | 25 | return ::GetLastError(); |
| michael@0 | 26 | |
| michael@0 | 27 | JOBOBJECT_EXTENDED_LIMIT_INFORMATION jeli = {0}; |
| michael@0 | 28 | JOBOBJECT_BASIC_UI_RESTRICTIONS jbur = {0}; |
| michael@0 | 29 | |
| michael@0 | 30 | // Set the settings for the different security levels. Note: The higher levels |
| michael@0 | 31 | // inherit from the lower levels. |
| michael@0 | 32 | switch (security_level) { |
| michael@0 | 33 | case JOB_LOCKDOWN: { |
| michael@0 | 34 | jeli.BasicLimitInformation.LimitFlags |= |
| michael@0 | 35 | JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION; |
| michael@0 | 36 | } |
| michael@0 | 37 | case JOB_RESTRICTED: { |
| michael@0 | 38 | jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_WRITECLIPBOARD; |
| michael@0 | 39 | jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_READCLIPBOARD; |
| michael@0 | 40 | jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_HANDLES; |
| michael@0 | 41 | jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_GLOBALATOMS; |
| michael@0 | 42 | } |
| michael@0 | 43 | case JOB_LIMITED_USER: { |
| michael@0 | 44 | jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DISPLAYSETTINGS; |
| michael@0 | 45 | jeli.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_ACTIVE_PROCESS; |
| michael@0 | 46 | jeli.BasicLimitInformation.ActiveProcessLimit = 1; |
| michael@0 | 47 | } |
| michael@0 | 48 | case JOB_INTERACTIVE: { |
| michael@0 | 49 | jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS; |
| michael@0 | 50 | jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_DESKTOP; |
| michael@0 | 51 | jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_EXITWINDOWS; |
| michael@0 | 52 | } |
| michael@0 | 53 | case JOB_UNPROTECTED: { |
| michael@0 | 54 | // The JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE flag is not supported on |
| michael@0 | 55 | // Windows 2000. We need a mechanism on Windows 2000 to ensure |
| michael@0 | 56 | // that processes in the job are terminated when the job is closed |
| michael@0 | 57 | if (base::win::GetVersion() == base::win::VERSION_PRE_XP) |
| michael@0 | 58 | break; |
| michael@0 | 59 | |
| michael@0 | 60 | jeli.BasicLimitInformation.LimitFlags |= |
| michael@0 | 61 | JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE; |
| michael@0 | 62 | break; |
| michael@0 | 63 | } |
| michael@0 | 64 | default: { |
| michael@0 | 65 | return ERROR_BAD_ARGUMENTS; |
| michael@0 | 66 | } |
| michael@0 | 67 | } |
| michael@0 | 68 | |
| michael@0 | 69 | if (FALSE == ::SetInformationJobObject(job_handle_, |
| michael@0 | 70 | JobObjectExtendedLimitInformation, |
| michael@0 | 71 | &jeli, |
| michael@0 | 72 | sizeof(jeli))) { |
| michael@0 | 73 | return ::GetLastError(); |
| michael@0 | 74 | } |
| michael@0 | 75 | |
| michael@0 | 76 | jbur.UIRestrictionsClass = jbur.UIRestrictionsClass & (~ui_exceptions); |
| michael@0 | 77 | if (FALSE == ::SetInformationJobObject(job_handle_, |
| michael@0 | 78 | JobObjectBasicUIRestrictions, |
| michael@0 | 79 | &jbur, |
| michael@0 | 80 | sizeof(jbur))) { |
| michael@0 | 81 | return ::GetLastError(); |
| michael@0 | 82 | } |
| michael@0 | 83 | |
| michael@0 | 84 | return ERROR_SUCCESS; |
| michael@0 | 85 | } |
| michael@0 | 86 | |
| michael@0 | 87 | DWORD Job::UserHandleGrantAccess(HANDLE handle) { |
| michael@0 | 88 | if (!job_handle_) |
| michael@0 | 89 | return ERROR_NO_DATA; |
| michael@0 | 90 | |
| michael@0 | 91 | if (!::UserHandleGrantAccess(handle, |
| michael@0 | 92 | job_handle_, |
| michael@0 | 93 | TRUE)) { // Access allowed. |
| michael@0 | 94 | return ::GetLastError(); |
| michael@0 | 95 | } |
| michael@0 | 96 | |
| michael@0 | 97 | return ERROR_SUCCESS; |
| michael@0 | 98 | } |
| michael@0 | 99 | |
| michael@0 | 100 | HANDLE Job::Detach() { |
| michael@0 | 101 | HANDLE handle_temp = job_handle_; |
| michael@0 | 102 | job_handle_ = NULL; |
| michael@0 | 103 | return handle_temp; |
| michael@0 | 104 | } |
| michael@0 | 105 | |
| michael@0 | 106 | DWORD Job::AssignProcessToJob(HANDLE process_handle) { |
| michael@0 | 107 | if (!job_handle_) |
| michael@0 | 108 | return ERROR_NO_DATA; |
| michael@0 | 109 | |
| michael@0 | 110 | if (FALSE == ::AssignProcessToJobObject(job_handle_, process_handle)) |
| michael@0 | 111 | return ::GetLastError(); |
| michael@0 | 112 | |
| michael@0 | 113 | return ERROR_SUCCESS; |
| michael@0 | 114 | } |
| michael@0 | 115 | |
| michael@0 | 116 | } // namespace sandbox |
