The Tor Browser / file revision

security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp@6474c204b198

security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */

     2 /* vim: set ts=2 et sw=2 tw=80: */

     3 /* This Source Code Form is subject to the terms of the Mozilla Public

     4  * License, v. 2.0. If a copy of the MPL was not distributed with this

     5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     6 

     7 #include "sandboxBroker.h"

     8 #include "sandbox/win/src/sandbox.h"

     9 #include "sandbox/win/src/sandbox_factory.h"

    10 

    11 namespace mozilla

    12 {

    13 

    14 sandbox::BrokerServices *SandboxBroker::sBrokerService = nullptr;

    15 

    16 SandboxBroker::SandboxBroker()

    17 {

    18   if (!sBrokerService) {

    19     sBrokerService = sandbox::SandboxFactory::GetBrokerServices();

    20     if (sBrokerService) {

    21       sandbox::ResultCode result = sBrokerService->Init();

    22       if (result != sandbox::SBOX_ALL_OK) {

    23         sBrokerService = nullptr;

    24       }

    25     }

    26   }

    27 

    28   // We'll start to increase the restrictions over time.

    29   mPolicy = sBrokerService->CreatePolicy();

    30 }

    31 

    32 bool

    33 SandboxBroker::AllowPipe(const wchar_t *aPath)

    34 {

    35   return mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,

    36                           sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, aPath);

    37 }

    38 

    39 bool

    40 SandboxBroker::LaunchApp(const wchar_t *aPath,

    41                            const wchar_t *aArguments,

    42                            void **aProcessHandle)

    43 {

    44   // If the broker service isn't already initialized, do it now

    45   if (!sBrokerService || !mPolicy) {

    46     return false;

    47   }

    48 

    49   // Setup the sandbox policy, this is initially:

    50   // Low integrity, unrestricted, in the same window station, within the

    51   // same desktop, and has no job object.

    52   // We'll start to increase the restrictions over time.

    53   mPolicy->SetJobLevel(sandbox::JOB_NONE, 0);

    54   mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,

    55                          sandbox::USER_RESTRICTED_SAME_ACCESS);

    56   mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);

    57 

    58   // Set an alternate Desktop within a new window station

    59   mPolicy->SetAlternateDesktop(false);

    60 

    61   // Ceate the sandboxed process

    62   PROCESS_INFORMATION targetInfo;

    63   sandbox::ResultCode result;

    64   result = sBrokerService->SpawnTarget(aPath, aArguments, mPolicy, &targetInfo);

    65 

    66   // The sandboxed process is started in a suspended state, resumeit now that

    67   // we'eve set things up.

    68   ResumeThread(targetInfo.hThread);

    69   CloseHandle(targetInfo.hThread);

    70 

    71   // Return the process handle to the caller

    72   *aProcessHandle = targetInfo.hProcess;

    73 

    74   return true;

    75 }

    76 

    77 SandboxBroker::~SandboxBroker()

    78 {

    79   if (mPolicy) {

    80     mPolicy->Release();

    81     mPolicy = nullptr;

    82   }

    83 }

    84 

    85 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial