diff options
| -rw-r--r-- | sandbox/win/src/broker_services.cc | 14 | ||||
| -rw-r--r-- | sandbox/win/src/target_process.cc | 14 | ||||
| -rw-r--r-- | sandbox/win/src/target_process.h | 10 |
3 files changed, 25 insertions, 13 deletions
diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc index 6aca8e5..6cfd5b6 100644 --- a/sandbox/win/src/broker_services.cc +++ b/sandbox/win/src/broker_services.cc @@ -9,6 +9,7 @@ #include "base/threading/platform_thread.h" #include "base/win/scoped_handle.h" #include "base/win/scoped_process_information.h" +#include "base/win/startup_information.h" #include "sandbox/win/src/sandbox_policy_base.h" #include "sandbox/win/src/sandbox.h" #include "sandbox/win/src/target_process.h" @@ -312,6 +313,14 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, if (ERROR_ALREADY_EXISTS == ::GetLastError()) return SBOX_ERROR_GENERIC; + // Initialize the startup information from the policy. + base::win::StartupInformation startup_info; + string16 desktop = policy_base->GetAlternateDesktop(); + if (!desktop.empty()) { + startup_info.startup_info()->lpDesktop = + const_cast<wchar_t*>(desktop.c_str()); + } + // Construct the thread pool here in case it is expensive. // The thread pool is shared by all the targets if (NULL == thread_pool_) @@ -325,11 +334,8 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, job, thread_pool_); - std::wstring desktop = policy_base->GetAlternateDesktop(); - win_result = target->Create(exe_path, command_line, - desktop.empty() ? NULL : desktop.c_str(), - &process_info); + startup_info, &process_info); if (ERROR_SUCCESS != win_result) return SpawnCleanup(target, win_result); diff --git a/sandbox/win/src/target_process.cc b/sandbox/win/src/target_process.cc index 074a483..7d75fd6 100644 --- a/sandbox/win/src/target_process.cc +++ b/sandbox/win/src/target_process.cc @@ -7,6 +7,7 @@ #include "base/basictypes.h" #include "base/memory/scoped_ptr.h" #include "base/win/pe_image.h" +#include "base/win/startup_information.h" #include "base/win/windows_version.h" #include "sandbox/win/src/crosscall_server.h" #include "sandbox/win/src/crosscall_client.h" @@ -130,29 +131,26 @@ TargetProcess::~TargetProcess() { // object. DWORD TargetProcess::Create(const wchar_t* exe_path, const wchar_t* command_line, - const wchar_t* desktop, + const base::win::StartupInformation& startup_info, base::win::ScopedProcessInformation* target_info) { exe_name_.reset(_wcsdup(exe_path)); // the command line needs to be writable by CreateProcess(). scoped_ptr_malloc<wchar_t> cmd_line(_wcsdup(command_line)); - scoped_ptr_malloc<wchar_t> desktop_name(desktop ? _wcsdup(desktop) : NULL); // Start the target process suspended. DWORD flags = CREATE_SUSPENDED | CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS; + if (startup_info.has_extended_startup_info()) + flags |= EXTENDED_STARTUPINFO_PRESENT; + if (base::win::GetVersion() < base::win::VERSION_WIN8) { // Windows 8 implements nested jobs, but for older systems we need to // break out of any job we're in to enforce our restrictions. flags |= CREATE_BREAKAWAY_FROM_JOB; } - STARTUPINFO startup_info = {sizeof(STARTUPINFO)}; - if (desktop) { - startup_info.lpDesktop = desktop_name.get(); - } - base::win::ScopedProcessInformation process_info; if (!::CreateProcessAsUserW(lockdown_token_, @@ -164,7 +162,7 @@ DWORD TargetProcess::Create(const wchar_t* exe_path, flags, NULL, // Use the environment of the caller. NULL, // Use current directory of the caller. - &startup_info, + startup_info.startup_info(), process_info.Receive())) { return ::GetLastError(); } diff --git a/sandbox/win/src/target_process.h b/sandbox/win/src/target_process.h index 311fa84..cffdf9c 100644 --- a/sandbox/win/src/target_process.h +++ b/sandbox/win/src/target_process.h @@ -14,6 +14,14 @@ #include "sandbox/win/src/crosscall_server.h" #include "sandbox/win/src/sandbox_types.h" +namespace base { +namespace win { + +class StartupInformation; + +}; // namespace win +}; // namespace base + namespace sandbox { class SharedMemIPCServer; @@ -38,7 +46,7 @@ class TargetProcess { // Creates the new target process. The process is created suspended. DWORD Create(const wchar_t* exe_path, const wchar_t* command_line, - const wchar_t* desktop, + const base::win::StartupInformation& startup_info, base::win::ScopedProcessInformation* target_info); // Destroys the target process. |