diff options
author | rvargas <rvargas@chromium.org> | 2015-07-10 13:42:39 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-07-10 20:44:10 +0000 |
commit | dc89772f119d0043fd30f93789e81c0a59f8ab9a (patch) | |
tree | 3c0e48c0ce595c98fa40f9dd65f8577cfef6a11d /sandbox | |
parent | 79191844c9fed08df7a274d8935e1a0fd9c57e53 (diff) | |
download | chromium_src-dc89772f119d0043fd30f93789e81c0a59f8ab9a.zip chromium_src-dc89772f119d0043fd30f93789e81c0a59f8ab9a.tar.gz chromium_src-dc89772f119d0043fd30f93789e81c0a59f8ab9a.tar.bz2 |
Sandbox: Remove raw handles from PolicyBase.
Use ScopedHandle instead for owned HANDLEs.
BUG=426577
Review URL: https://codereview.chromium.org/1229163002
Cr-Commit-Position: refs/heads/master@{#338349}
Diffstat (limited to 'sandbox')
-rw-r--r-- | sandbox/win/src/broker_services.cc | 4 | ||||
-rw-r--r-- | sandbox/win/src/sandbox_policy_base.cc | 28 | ||||
-rw-r--r-- | sandbox/win/src/sandbox_policy_base.h | 6 |
3 files changed, 16 insertions, 22 deletions
diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc index a239a3b..15cfb65 100644 --- a/sandbox/win/src/broker_services.cc +++ b/sandbox/win/src/broker_services.cc @@ -446,10 +446,10 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, if (stderr_handle != stdout_handle && stderr_handle != INVALID_HANDLE_VALUE) inherited_handle_list.push_back(stderr_handle); - HandleList policy_handle_list = policy_base->GetHandlesBeingShared(); + const HandleList& policy_handle_list = policy_base->GetHandlesBeingShared(); for (auto handle : policy_handle_list) - inherited_handle_list.push_back(handle); + inherited_handle_list.push_back(handle->Get()); if (inherited_handle_list.size()) ++attribute_count; diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc index 6df2cb3..482172c 100644 --- a/sandbox/win/src/sandbox_policy_base.cc +++ b/sandbox/win/src/sandbox_policy_base.cc @@ -9,6 +9,7 @@ #include "base/basictypes.h" #include "base/callback.h" #include "base/logging.h" +#include "base/stl_util.h" #include "base/strings/stringprintf.h" #include "base/win/windows_version.h" #include "sandbox/win/src/app_container.h" @@ -466,33 +467,26 @@ ResultCode PolicyBase::AddKernelObjectToClose(const base::char16* handle_type, void* PolicyBase::AddHandleToShare(HANDLE handle) { if (base::win::GetVersion() < base::win::VERSION_VISTA) - return NULL; + return nullptr; if (!handle) - return NULL; + return nullptr; - HANDLE duped_handle = NULL; - ::DuplicateHandle(::GetCurrentProcess(), - handle, - ::GetCurrentProcess(), - &duped_handle, - 0, - TRUE, - DUPLICATE_SAME_ACCESS); - DCHECK(duped_handle); - handles_to_share_.push_back(duped_handle); + HANDLE duped_handle = nullptr; + if (!::DuplicateHandle(::GetCurrentProcess(), handle, ::GetCurrentProcess(), + &duped_handle, 0, TRUE, DUPLICATE_SAME_ACCESS)) { + return nullptr; + } + handles_to_share_.push_back(new base::win::ScopedHandle(duped_handle)); return duped_handle; } -HandleList PolicyBase::GetHandlesBeingShared() { +const HandleList& PolicyBase::GetHandlesBeingShared() { return handles_to_share_; } void PolicyBase::ClearSharedHandles() { - for (auto handle : handles_to_share_) { - ::CloseHandle(handle); - } - handles_to_share_.clear(); + STLDeleteElements(&handles_to_share_); } // When an IPC is ready in any of the targets we get called. We manage an array diff --git a/sandbox/win/src/sandbox_policy_base.h b/sandbox/win/src/sandbox_policy_base.h index 1de5cf8..0024ba8 100644 --- a/sandbox/win/src/sandbox_policy_base.h +++ b/sandbox/win/src/sandbox_policy_base.h @@ -29,7 +29,7 @@ class LowLevelPolicy; class TargetProcess; struct PolicyGlobal; -typedef std::vector<HANDLE> HandleList; +typedef std::vector<base::win::ScopedHandle*> HandleList; // We act as a policy dispatcher, implementing the handler for the "ping" IPC, // so we have to provide the appropriate handler on the OnMessageReady method. @@ -104,7 +104,7 @@ class PolicyBase : public Dispatcher, public TargetPolicy { HANDLE GetStderrHandle(); // Returns the list of handles being shared with the target process. - HandleList GetHandlesBeingShared(); + const HandleList& GetHandlesBeingShared(); // Closes the handles being shared with the target and clears out the list. void ClearSharedHandles(); @@ -177,7 +177,7 @@ class PolicyBase : public Dispatcher, public TargetPolicy { // Contains the list of handles being shared with the target process. // This list contains handles other than the stderr/stdout handles which are // shared with the target at times. - std::vector<HANDLE> handles_to_share_; + HandleList handles_to_share_; DISALLOW_COPY_AND_ASSIGN(PolicyBase); }; |