Chrome Frame: Add explicit object security attributes to the Chrome Frame version beacon. This will allow low integrity processes to access shared memory segment and lock and make shared memory segment read only after creation.

Also use lock names that include the hosting process.

BUG=61609
TEST=Start medium integrity Chrome Frame host running CF version X. Update CF to version Y > X. Start low integrity Chrome Frame host, observe that version X is loaded. 

Review URL: http://codereview.chromium.org/5012001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66270 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 12 insertions, 0 deletions

diff --git a/chrome_frame/module_utils.h b/chrome_frame/module_utils.h
index 0da5472..be8a89b 100644
--- a/chrome_frame/module_utils.h
+++ b/chrome_frame/module_utils.h
@@ -14,6 +14,9 @@
 #include "base/singleton.h"
 
 // Forward
+namespace ATL {
+class CSecurityAttributes;
+}
 class Version;
 
 // A singleton class that provides a facility to register the version of the
@@ -67,6 +70,15 @@ class DllRedirector {
   // actually have a valid version and not e.g. ..\..\..\..\MyEvilFolder\.
   virtual HMODULE LoadVersionedModule(Version* version);
 
+  // Builds the necessary SECURITY_ATTRIBUTES to allow low integrity access
+  // to an object. Returns true on success, false otherwise.
+  virtual bool BuildSecurityAttributesForLock(
+      ATL::CSecurityAttributes* sec_attr);
+
+  // Attempts to change the permissions on the given file mapping to read only.
+  // Returns true on success, false otherwise.
+  virtual bool SetFileMappingToReadOnly(base::SharedMemoryHandle mapping);
+
   // Shared memory segment that contains the version beacon.
   scoped_ptr<base::SharedMemory> shared_memory_;