The Tor Browser / file comparison
comparison: security/sandbox/win/src/window.cc
security/sandbox/win/src/window.cc
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:0b0d77d358b2 |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "sandbox/win/src/window.h" | |
| 6 | |
| 7 #include <aclapi.h> | |
| 8 | |
| 9 #include "base/logging.h" | |
| 10 #include "base/memory/scoped_ptr.h" | |
| 11 | |
| 12 namespace { | |
| 13 | |
| 14 // Gets the security attributes of a window object referenced by |handle|. The | |
| 15 // lpSecurityDescriptor member of the SECURITY_ATTRIBUTES parameter returned | |
| 16 // must be freed using LocalFree by the caller. | |
| 17 bool GetSecurityAttributes(HANDLE handle, SECURITY_ATTRIBUTES* attributes) { | |
| 18 attributes->bInheritHandle = FALSE; | |
| 19 attributes->nLength = sizeof(SECURITY_ATTRIBUTES); | |
| 20 | |
| 21 PACL dacl = NULL; | |
| 22 DWORD result = ::GetSecurityInfo(handle, SE_WINDOW_OBJECT, | |
| 23 DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, | |
| 24 NULL, &attributes->lpSecurityDescriptor); | |
| 25 if (ERROR_SUCCESS == result) | |
| 26 return true; | |
| 27 | |
| 28 return false; | |
| 29 } | |
| 30 | |
| 31 } | |
| 32 | |
| 33 namespace sandbox { | |
| 34 | |
| 35 ResultCode CreateAltWindowStation(HWINSTA* winsta) { | |
| 36 // Get the security attributes from the current window station; we will | |
| 37 // use this as the base security attributes for the new window station. | |
| 38 SECURITY_ATTRIBUTES attributes = {0}; | |
| 39 if (!GetSecurityAttributes(::GetProcessWindowStation(), &attributes)) { | |
| 40 return SBOX_ERROR_CANNOT_CREATE_WINSTATION; | |
| 41 } | |
| 42 | |
| 43 // Create the window station using NULL for the name to ask the os to | |
| 44 // generate it. | |
| 45 // TODO(nsylvain): don't ask for WINSTA_ALL_ACCESS if we don't need to. | |
| 46 *winsta = ::CreateWindowStationW(NULL, 0, WINSTA_ALL_ACCESS, &attributes); | |
| 47 LocalFree(attributes.lpSecurityDescriptor); | |
| 48 | |
| 49 if (*winsta) | |
| 50 return SBOX_ALL_OK; | |
| 51 | |
| 52 return SBOX_ERROR_CANNOT_CREATE_WINSTATION; | |
| 53 } | |
| 54 | |
| 55 ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop) { | |
| 56 std::wstring desktop_name = L"sbox_alternate_desktop_"; | |
| 57 | |
| 58 // Append the current PID to the desktop name. | |
| 59 wchar_t buffer[16]; | |
| 60 _snwprintf_s(buffer, sizeof(buffer) / sizeof(wchar_t), L"0x%X", | |
| 61 ::GetCurrentProcessId()); | |
| 62 desktop_name += buffer; | |
| 63 | |
| 64 // Get the security attributes from the current desktop, we will use this as | |
| 65 // the base security attributes for the new desktop. | |
| 66 SECURITY_ATTRIBUTES attributes = {0}; | |
| 67 if (!GetSecurityAttributes(GetThreadDesktop(GetCurrentThreadId()), | |
| 68 &attributes)) { | |
| 69 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; | |
| 70 } | |
| 71 | |
| 72 // Back up the current window station, in case we need to switch it. | |
| 73 HWINSTA current_winsta = ::GetProcessWindowStation(); | |
| 74 | |
| 75 if (winsta) { | |
| 76 // We need to switch to the alternate window station before creating the | |
| 77 // desktop. | |
| 78 if (!::SetProcessWindowStation(winsta)) { | |
| 79 ::LocalFree(attributes.lpSecurityDescriptor); | |
| 80 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; | |
| 81 } | |
| 82 } | |
| 83 | |
| 84 // Create the destkop. | |
| 85 // TODO(nsylvain): don't ask for GENERIC_ALL if we don't need to. | |
| 86 *desktop = ::CreateDesktop(desktop_name.c_str(), NULL, NULL, 0, GENERIC_ALL, | |
| 87 &attributes); | |
| 88 ::LocalFree(attributes.lpSecurityDescriptor); | |
| 89 | |
| 90 if (winsta) { | |
| 91 // Revert to the right window station. | |
| 92 if (!::SetProcessWindowStation(current_winsta)) { | |
| 93 return SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION; | |
| 94 } | |
| 95 } | |
| 96 | |
| 97 if (*desktop) | |
| 98 return SBOX_ALL_OK; | |
| 99 | |
| 100 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; | |
| 101 } | |
| 102 | |
| 103 std::wstring GetWindowObjectName(HANDLE handle) { | |
| 104 // Get the size of the name. | |
| 105 DWORD size = 0; | |
| 106 ::GetUserObjectInformation(handle, UOI_NAME, NULL, 0, &size); | |
| 107 | |
| 108 if (!size) { | |
| 109 NOTREACHED(); | |
| 110 return std::wstring(); | |
| 111 } | |
| 112 | |
| 113 // Create the buffer that will hold the name. | |
| 114 scoped_ptr<wchar_t[]> name_buffer(new wchar_t[size]); | |
| 115 | |
| 116 // Query the name of the object. | |
| 117 if (!::GetUserObjectInformation(handle, UOI_NAME, name_buffer.get(), size, | |
| 118 &size)) { | |
| 119 NOTREACHED(); | |
| 120 return std::wstring(); | |
| 121 } | |
| 122 | |
| 123 return std::wstring(name_buffer.get()); | |
| 124 } | |
| 125 | |
| 126 std::wstring GetFullDesktopName(HWINSTA winsta, HDESK desktop) { | |
| 127 if (!desktop) { | |
| 128 NOTREACHED(); | |
| 129 return std::wstring(); | |
| 130 } | |
| 131 | |
| 132 std::wstring name; | |
| 133 if (winsta) { | |
| 134 name = GetWindowObjectName(winsta); | |
| 135 name += L'\\'; | |
| 136 } | |
| 137 | |
| 138 name += GetWindowObjectName(desktop); | |
| 139 return name; | |
| 140 } | |
| 141 | |
| 142 } // namespace sandbox |
