diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-20 23:03:41 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-20 23:03:41 +0000 |
| commit | e4876b29d769e62971fc67fe0ab0efab7512e3d1 (patch) | |
| tree | 786b019c83b25a1eb481d6d2f46bce0d4cb8e283 /sandbox/src/target_services.cc | |
| parent | d1f594543972abf64a46bf32c23a924301ccb11e (diff) | |
| download | chromium_src-e4876b29d769e62971fc67fe0ab0efab7512e3d1.zip chromium_src-e4876b29d769e62971fc67fe0ab0efab7512e3d1.tar.gz chromium_src-e4876b29d769e62971fc67fe0ab0efab7512e3d1.tar.bz2 | |
Add a sandbox API to allow closing open handles at lockdown.
BUG=58069
BUG=74242
TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.*
Review URL: http://codereview.chromium.org/7253054
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93274 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/src/target_services.cc')
| -rw-r--r-- | sandbox/src/target_services.cc | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/sandbox/src/target_services.cc b/sandbox/src/target_services.cc index 72f6d4c..9b91a1c 100644 --- a/sandbox/src/target_services.cc +++ b/sandbox/src/target_services.cc @@ -1,11 +1,14 @@ -// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sandbox/src/target_services.h" +#include <process.h> + #include "base/basictypes.h" #include "sandbox/src/crosscall_client.h" +#include "sandbox/src/handle_closer_agent.h" #include "sandbox/src/ipc_tags.h" #include "sandbox/src/restricted_token_utils.h" #include "sandbox/src/sandbox.h" @@ -38,6 +41,19 @@ bool FlushCachedRegHandles() { FlushRegKey(HKEY_USERS)); } +// Checks if we have handle entries pending and runs the closer. +bool CloseOpenHandles() { + if (sandbox::HandleCloserAgent::NeedsHandlesClosed()) { + sandbox::HandleCloserAgent handle_closer; + + handle_closer.InitializeHandlesToClose(); + if (!handle_closer.CloseHandles()) + return false; + } + + return true; +} + } // namespace namespace sandbox { @@ -67,6 +83,8 @@ void TargetServicesBase::LowerToken() { ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_FLUSHANDLES); if (ERROR_SUCCESS != ::RegDisablePredefinedCache()) ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CACHEDISABLE); + if (!CloseOpenHandles()) + ::TerminateProcess(::GetCurrentProcess(), SBOX_FATAL_CLOSEHANDLES); } ProcessState* TargetServicesBase::GetState() { |