diff options
| author | siggi@chromium.org <siggi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-14 21:19:43 +0000 |
|---|---|---|
| committer | siggi@chromium.org <siggi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-14 21:19:43 +0000 |
| commit | 6c2da2d8d951628ee24432ae83058745d5307574 (patch) | |
| tree | f5a28fb93d132f732d973700946019590f744483 /sandbox | |
| parent | 3a4294a044b1f4f587243d398f64bb93e2864ec5 (diff) | |
| download | chromium_src-6c2da2d8d951628ee24432ae83058745d5307574.zip chromium_src-6c2da2d8d951628ee24432ae83058745d5307574.tar.gz chromium_src-6c2da2d8d951628ee24432ae83058745d5307574.tar.bz2 | |
Don't break sandboxed sub-processes out of jobs on Win8.
It's not necessary to break out of the parent process' job on Windows 8, as nested jobs are supported.
Under Metro, breaking sub-processes out of the parent process' job prevents them from being suspended with the application.
R=rvargas@chromium.org
BUG=129697
TEST=Sub-processes are suspended with browser on Metro.
Review URL: https://chromiumcodereview.appspot.com/10535167
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142237 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/src/restricted_token_utils.cc | 11 | ||||
| -rw-r--r-- | sandbox/src/target_process.cc | 11 |
2 files changed, 18 insertions, 4 deletions
diff --git a/sandbox/src/restricted_token_utils.cc b/sandbox/src/restricted_token_utils.cc index ca3942e..3aaccb2 100644 --- a/sandbox/src/restricted_token_utils.cc +++ b/sandbox/src/restricted_token_utils.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -183,6 +183,13 @@ DWORD StartRestrictedProcessInJob(wchar_t *command_line, // Start the process STARTUPINFO startup_info = {0}; PROCESS_INFORMATION process_info = {0}; + DWORD flags = CREATE_SUSPENDED; + + if (base::win::GetVersion() < base::win::VERSION_WIN8) { + // Windows 8 implements nested jobs, but for older systems we need to + // break out of any job we're in to enforce our restrictions. + flags |= CREATE_BREAKAWAY_FROM_JOB; + } if (!::CreateProcessAsUser(primary_token.Get(), NULL, // No application name. @@ -190,7 +197,7 @@ DWORD StartRestrictedProcessInJob(wchar_t *command_line, NULL, // No security attribute. NULL, // No thread attribute. FALSE, // Do not inherit handles. - CREATE_SUSPENDED | CREATE_BREAKAWAY_FROM_JOB, + flags, NULL, // Use the environment of the caller. NULL, // Use current directory of the caller. &startup_info, diff --git a/sandbox/src/target_process.cc b/sandbox/src/target_process.cc index 6381777..b8ed1d5 100644 --- a/sandbox/src/target_process.cc +++ b/sandbox/src/target_process.cc @@ -7,6 +7,7 @@ #include "base/basictypes.h" #include "base/memory/scoped_ptr.h" #include "base/win/pe_image.h" +#include "base/win/windows_version.h" #include "sandbox/src/crosscall_server.h" #include "sandbox/src/crosscall_client.h" #include "sandbox/src/policy_low_level.h" @@ -149,8 +150,14 @@ DWORD TargetProcess::Create(const wchar_t* exe_path, scoped_ptr_malloc<wchar_t> desktop_name(desktop ? _wcsdup(desktop) : NULL); // Start the target process suspended. - const DWORD flags = CREATE_SUSPENDED | CREATE_BREAKAWAY_FROM_JOB | - CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS; + DWORD flags = + CREATE_SUSPENDED | CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS; + + if (base::win::GetVersion() < base::win::VERSION_WIN8) { + // Windows 8 implements nested jobs, but for older systems we need to + // break out of any job we're in to enforce our restrictions. + flags |= CREATE_BREAKAWAY_FROM_JOB; + } STARTUPINFO startup_info = {sizeof(STARTUPINFO)}; if (desktop) { |