Chrome Frame: Add explicit object security attributes to the Chrome Frame version beacon. This will allow low integrity processes to access shared memory segment and lock and make shared memory segment read only after creation.

Also use lock names that include the hosting process.

BUG=61609
TEST=Start medium integrity Chrome Frame host running CF version X. Update CF to version Y > X. Start low integrity Chrome Frame host, observe that version X is loaded. 

Review URL: http://codereview.chromium.org/5012001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66270 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 5 deletions

diff --git a/base/shared_memory_win.cc b/base/shared_memory_win.cc
index 5f293fc..15c61dd 100644
--- a/base/shared_memory_win.cc
+++ b/base/shared_memory_win.cc
@@ -197,17 +197,16 @@ void SharedMemory::Close() {
 }
 
 void SharedMemory::Lock() {
-  Lock(INFINITE);
+  Lock(INFINITE, NULL);
 }
 
-bool SharedMemory::Lock(uint32 timeout_ms) {
+bool SharedMemory::Lock(uint32 timeout_ms, SECURITY_ATTRIBUTES* sec_attr) {
   if (lock_ == NULL) {
     std::wstring name = name_;
     name.append(L"lock");
-    lock_ = CreateMutex(NULL, FALSE, name.c_str());
-    DCHECK(lock_ != NULL);
+    lock_ = CreateMutex(sec_attr, FALSE, name.c_str());
     if (lock_ == NULL) {
-      DLOG(ERROR) << "Could not create mutex" << GetLastError();
+      PLOG(ERROR) << "Could not create mutex.";
       return false;  // there is nothing good we can do here.
     }
   }