diff options
author | rockot <rockot@chromium.org> | 2016-02-26 14:43:28 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-02-26 22:44:54 +0000 |
commit | b3b0dfa0838cdf3549602e247580d6bfdc6120ef (patch) | |
tree | c0b3dcdcfaa78e6886ed4343aa64ec1357569a08 /sandbox/win/src/sandbox_policy_base.cc | |
parent | c458bc48d891506d8faa3e4e8469c835137b7266 (diff) | |
download | chromium_src-b3b0dfa0838cdf3549602e247580d6bfdc6120ef.zip chromium_src-b3b0dfa0838cdf3549602e247580d6bfdc6120ef.tar.gz chromium_src-b3b0dfa0838cdf3549602e247580d6bfdc6120ef.tar.bz2 |
Windows: Expose handle inheritance to the sandboxed launcher
Handles to be inherited by a child process can now be set in a delegate
passed to StartSandboxedProcess(), and/or through the TargetPolicy API.
TEST=sbox_integration_tests, content_unittests
BUG=588190
Review URL: https://codereview.chromium.org/1703953002
Cr-Commit-Position: refs/heads/master@{#378007}
Diffstat (limited to 'sandbox/win/src/sandbox_policy_base.cc')
-rw-r--r-- | sandbox/win/src/sandbox_policy_base.cc | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc index f7002bf..99e5b74 100644 --- a/sandbox/win/src/sandbox_policy_base.cc +++ b/sandbox/win/src/sandbox_policy_base.cc @@ -142,8 +142,6 @@ PolicyBase::PolicyBase() } PolicyBase::~PolicyBase() { - ClearSharedHandles(); - TargetSet::iterator it; for (it = targets_.begin(); it != targets_.end(); ++it) { TargetProcess* target = (*it); @@ -425,30 +423,21 @@ ResultCode PolicyBase::AddKernelObjectToClose(const base::char16* handle_type, return handle_closer_.AddHandle(handle_type, handle_name); } -void* PolicyBase::AddHandleToShare(HANDLE handle) { - if (base::win::GetVersion() < base::win::VERSION_VISTA) - return nullptr; +void PolicyBase::AddHandleToShare(HANDLE handle) { + CHECK(handle && handle != INVALID_HANDLE_VALUE); - if (!handle) - return nullptr; + // Ensure the handle can be inherited. + BOOL result = SetHandleInformation(handle, HANDLE_FLAG_INHERIT, + HANDLE_FLAG_INHERIT); + PCHECK(result); - HANDLE duped_handle = nullptr; - if (!::DuplicateHandle(::GetCurrentProcess(), handle, ::GetCurrentProcess(), - &duped_handle, 0, TRUE, DUPLICATE_SAME_ACCESS)) { - return nullptr; - } - handles_to_share_.push_back(new base::win::ScopedHandle(duped_handle)); - return duped_handle; + handles_to_share_.push_back(handle); } -const HandleList& PolicyBase::GetHandlesBeingShared() { +const base::HandlesToInheritVector& PolicyBase::GetHandlesBeingShared() { return handles_to_share_; } -void PolicyBase::ClearSharedHandles() { - STLDeleteElements(&handles_to_share_); -} - ResultCode PolicyBase::MakeJobObject(base::win::ScopedHandle* job) { if (job_level_ != JOB_NONE) { // Create the windows job object. |