Add sandbox support for Windows process mitigations

BUG=147752 Review URL: https://codereview.chromium.org/10690058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156550 0039d316-1c4b-4281-b951-d872f2087c98
author: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-09-13 15:08:36 +0000
committer: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-09-13 15:08:36 +0000
commit: a38d2e10b905b3be8316f235403ac2c49cead029 (patch)
tree: 3744c13489eba26db87e8bc5925f0ec724a751cb /sandbox/win/src/broker_services.cc
parent: a155abbffdce8ecfef657cca7c0b58d092b7e4b8 (diff)
download: chromium_src-a38d2e10b905b3be8316f235403ac2c49cead029.zip
chromium_src-a38d2e10b905b3be8316f235403ac2c49cead029.tar.gz
chromium_src-a38d2e10b905b3be8316f235403ac2c49cead029.tar.bz2
1 files changed, 31 insertions, 6 deletions
diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc
index 497f2f8..0425845 100644
--- a/sandbox/win/src/broker_services.cc
+++ b/sandbox/win/src/broker_services.cc
@@ -12,6 +12,7 @@
 #include "base/win/startup_information.h"
 #include "base/win/windows_version.h"
 #include "sandbox/win/src/app_container.h"
+#include "sandbox/win/src/process_mitigations.h"
 #include "sandbox/win/src/sandbox_policy_base.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/target_process.h"
@@ -320,12 +321,36 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path,
         const_cast<wchar_t*>(desktop.c_str());
   }
 
-  const AppContainerAttributes* app_container = policy_base->GetAppContainer();
-  if (app_container) {
-    startup_info.InitializeProcThreadAttributeList(1);
-    result = app_container->ShareForStartup(&startup_info);
-    if (SBOX_ALL_OK != result)
-      return result;
+  if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
+    int attribute_count = 0;
+    const AppContainerAttributes* app_container =
+        policy_base->GetAppContainer();
+    if (app_container)
+      ++attribute_count;
+
+    DWORD64 mitigations;
+    size_t mitigations_size;
+    ConvertProcessMitigationsToPolicy(policy->GetProcessMitigations(),
+                                      &mitigations, &mitigations_size);
+    if (mitigations)
+      ++attribute_count;
+
+    if (!startup_info.InitializeProcThreadAttributeList(attribute_count))
+      return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
+
+    if (app_container) {
+      result = app_container->ShareForStartup(&startup_info);
+      if (SBOX_ALL_OK != result)
+        return result;
+    }
+
+    if (mitigations) {
+      if (!startup_info.UpdateProcThreadAttribute(
+               PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &mitigations,
+               mitigations_size)) {
+        return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
+      }
+    }
   }
 
   // Construct the thread pool here in case it is expensive.
author	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-09-13 15:08:36 +0000
committer	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-09-13 15:08:36 +0000
commit	a38d2e10b905b3be8316f235403ac2c49cead029 (patch)
tree	3744c13489eba26db87e8bc5925f0ec724a751cb /sandbox/win/src/broker_services.cc
parent	a155abbffdce8ecfef657cca7c0b58d092b7e4b8 (diff)
download	chromium_src-a38d2e10b905b3be8316f235403ac2c49cead029.zip chromium_src-a38d2e10b905b3be8316f235403ac2c49cead029.tar.gz chromium_src-a38d2e10b905b3be8316f235403ac2c49cead029.tar.bz2