The Tor Browser / file comparison
comparison: security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:5fa113b2903e |
|---|---|
| 1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ | |
| 2 /* vim: set ts=2 et sw=2 tw=80: */ | |
| 3 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 4 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 6 | |
| 7 #include "sandboxBroker.h" | |
| 8 #include "sandbox/win/src/sandbox.h" | |
| 9 #include "sandbox/win/src/sandbox_factory.h" | |
| 10 | |
| 11 namespace mozilla | |
| 12 { | |
| 13 | |
| 14 sandbox::BrokerServices *SandboxBroker::sBrokerService = nullptr; | |
| 15 | |
| 16 SandboxBroker::SandboxBroker() | |
| 17 { | |
| 18 if (!sBrokerService) { | |
| 19 sBrokerService = sandbox::SandboxFactory::GetBrokerServices(); | |
| 20 if (sBrokerService) { | |
| 21 sandbox::ResultCode result = sBrokerService->Init(); | |
| 22 if (result != sandbox::SBOX_ALL_OK) { | |
| 23 sBrokerService = nullptr; | |
| 24 } | |
| 25 } | |
| 26 } | |
| 27 | |
| 28 // We'll start to increase the restrictions over time. | |
| 29 mPolicy = sBrokerService->CreatePolicy(); | |
| 30 } | |
| 31 | |
| 32 bool | |
| 33 SandboxBroker::AllowPipe(const wchar_t *aPath) | |
| 34 { | |
| 35 return mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
| 36 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, aPath); | |
| 37 } | |
| 38 | |
| 39 bool | |
| 40 SandboxBroker::LaunchApp(const wchar_t *aPath, | |
| 41 const wchar_t *aArguments, | |
| 42 void **aProcessHandle) | |
| 43 { | |
| 44 // If the broker service isn't already initialized, do it now | |
| 45 if (!sBrokerService || !mPolicy) { | |
| 46 return false; | |
| 47 } | |
| 48 | |
| 49 // Setup the sandbox policy, this is initially: | |
| 50 // Low integrity, unrestricted, in the same window station, within the | |
| 51 // same desktop, and has no job object. | |
| 52 // We'll start to increase the restrictions over time. | |
| 53 mPolicy->SetJobLevel(sandbox::JOB_NONE, 0); | |
| 54 mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS, | |
| 55 sandbox::USER_RESTRICTED_SAME_ACCESS); | |
| 56 mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW); | |
| 57 | |
| 58 // Set an alternate Desktop within a new window station | |
| 59 mPolicy->SetAlternateDesktop(false); | |
| 60 | |
| 61 // Ceate the sandboxed process | |
| 62 PROCESS_INFORMATION targetInfo; | |
| 63 sandbox::ResultCode result; | |
| 64 result = sBrokerService->SpawnTarget(aPath, aArguments, mPolicy, &targetInfo); | |
| 65 | |
| 66 // The sandboxed process is started in a suspended state, resumeit now that | |
| 67 // we'eve set things up. | |
| 68 ResumeThread(targetInfo.hThread); | |
| 69 CloseHandle(targetInfo.hThread); | |
| 70 | |
| 71 // Return the process handle to the caller | |
| 72 *aProcessHandle = targetInfo.hProcess; | |
| 73 | |
| 74 return true; | |
| 75 } | |
| 76 | |
| 77 SandboxBroker::~SandboxBroker() | |
| 78 { | |
| 79 if (mPolicy) { | |
| 80 mPolicy->Release(); | |
| 81 mPolicy = nullptr; | |
| 82 } | |
| 83 } | |
| 84 | |
| 85 } |
