• file
• revisions
• annotate
• diff
• comparison
• raw

security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp@6474c204b198 (annotated)

security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp

Wed, 31 Dec 2014 06:09:35 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Wed, 31 Dec 2014 06:09:35 +0100

changeset 0

6474c204b198

permissions

-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0	1	/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
michael@0	2	/* vim: set ts=2 et sw=2 tw=80: */
michael@0	3	/* This Source Code Form is subject to the terms of the Mozilla Public
michael@0	4	* License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0	5	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0	6
michael@0	7	#include "sandboxBroker.h"
michael@0	8	#include "sandbox/win/src/sandbox.h"
michael@0	9	#include "sandbox/win/src/sandbox_factory.h"
michael@0	10
michael@0	11	namespace mozilla
michael@0	12	{
michael@0	13
michael@0	14	sandbox::BrokerServices *SandboxBroker::sBrokerService = nullptr;
michael@0	15
michael@0	16	SandboxBroker::SandboxBroker()
michael@0	17	{
michael@0	18	if (!sBrokerService) {
michael@0	19	sBrokerService = sandbox::SandboxFactory::GetBrokerServices();
michael@0	20	if (sBrokerService) {
michael@0	21	sandbox::ResultCode result = sBrokerService->Init();
michael@0	22	if (result != sandbox::SBOX_ALL_OK) {
michael@0	23	sBrokerService = nullptr;
michael@0	24	}
michael@0	25	}
michael@0	26	}
michael@0	27
michael@0	28	// We'll start to increase the restrictions over time.
michael@0	29	mPolicy = sBrokerService->CreatePolicy();
michael@0	30	}
michael@0	31
michael@0	32	bool
michael@0	33	SandboxBroker::AllowPipe(const wchar_t *aPath)
michael@0	34	{
michael@0	35	return mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
michael@0	36	sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, aPath);
michael@0	37	}
michael@0	38
michael@0	39	bool
michael@0	40	SandboxBroker::LaunchApp(const wchar_t *aPath,
michael@0	41	const wchar_t *aArguments,
michael@0	42	void **aProcessHandle)
michael@0	43	{
michael@0	44	// If the broker service isn't already initialized, do it now
michael@0	45	if (!sBrokerService || !mPolicy) {
michael@0	46	return false;
michael@0	47	}
michael@0	48
michael@0	49	// Setup the sandbox policy, this is initially:
michael@0	50	// Low integrity, unrestricted, in the same window station, within the
michael@0	51	// same desktop, and has no job object.
michael@0	52	// We'll start to increase the restrictions over time.
michael@0	53	mPolicy->SetJobLevel(sandbox::JOB_NONE, 0);
michael@0	54	mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
michael@0	55	sandbox::USER_RESTRICTED_SAME_ACCESS);
michael@0	56	mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
michael@0	57
michael@0	58	// Set an alternate Desktop within a new window station
michael@0	59	mPolicy->SetAlternateDesktop(false);
michael@0	60
michael@0	61	// Ceate the sandboxed process
michael@0	62	PROCESS_INFORMATION targetInfo;
michael@0	63	sandbox::ResultCode result;
michael@0	64	result = sBrokerService->SpawnTarget(aPath, aArguments, mPolicy, &targetInfo);
michael@0	65
michael@0	66	// The sandboxed process is started in a suspended state, resumeit now that
michael@0	67	// we'eve set things up.
michael@0	68	ResumeThread(targetInfo.hThread);
michael@0	69	CloseHandle(targetInfo.hThread);
michael@0	70
michael@0	71	// Return the process handle to the caller
michael@0	72	*aProcessHandle = targetInfo.hProcess;
michael@0	73
michael@0	74	return true;
michael@0	75	}
michael@0	76
michael@0	77	SandboxBroker::~SandboxBroker()
michael@0	78	{
michael@0	79	if (mPolicy) {
michael@0	80	mPolicy->Release();
michael@0	81	mPolicy = nullptr;
michael@0	82	}
michael@0	83	}
michael@0	84
michael@0	85	}