diff options
author | rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-05 18:14:22 +0000 |
---|---|---|
committer | rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-05 18:14:22 +0000 |
commit | ef159f884e077a13cd142bccd9b8ae7bf1ad49cd (patch) | |
tree | 3c4f8887c1bb6aab3a90f34637dfc58c92b3c358 /sandbox/win/src/target_process.cc | |
parent | 762c75eda5f802b528fbb0da09d1ee053e07409d (diff) | |
download | chromium_src-ef159f884e077a13cd142bccd9b8ae7bf1ad49cd.zip chromium_src-ef159f884e077a13cd142bccd9b8ae7bf1ad49cd.tar.gz chromium_src-ef159f884e077a13cd142bccd9b8ae7bf1ad49cd.tar.bz2 |
Sandbox: Add support for Windows 8' AppContainer.
Both sandboxes are not fully compatible yet; it is not
possible to enable the AppContainer if the process is to be
fully sandboxed (USER_LOCKDOWN), but the sandbox is user
configurable anyway.
BUG=none
TEST=sbox_unittests, sbox_integration_tests
Review URL: https://chromiumcodereview.appspot.com/10825425
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@154986 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/win/src/target_process.cc')
-rw-r--r-- | sandbox/win/src/target_process.cc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sandbox/win/src/target_process.cc b/sandbox/win/src/target_process.cc index 7d75fd6..164b2a9 100644 --- a/sandbox/win/src/target_process.cc +++ b/sandbox/win/src/target_process.cc @@ -172,19 +172,19 @@ DWORD TargetProcess::Create(const wchar_t* exe_path, DWORD win_result = ERROR_SUCCESS; - // Assign the suspended target to the windows job object + // Assign the suspended target to the windows job object. if (!::AssignProcessToJobObject(job_, process_info.process_handle())) { win_result = ::GetLastError(); // It might be a security breach if we let the target run outside the job - // so kill it before it causes damage + // so kill it before it causes damage. ::TerminateProcess(process_info.process_handle(), 0); return win_result; } - // Change the token of the main thread of the new process for the - // impersonation token with more rights. This allows the target to start; - // otherwise it will crash too early for us to help. - { + if (initial_token_.IsValid()) { + // Change the token of the main thread of the new process for the + // impersonation token with more rights. This allows the target to start; + // otherwise it will crash too early for us to help. HANDLE temp_thread = process_info.thread_handle(); if (!::SetThreadToken(&temp_thread, initial_token_)) { win_result = ::GetLastError(); |