diff options
Diffstat (limited to 'sandbox/src/restricted_token_utils.cc')
| -rw-r--r-- | sandbox/src/restricted_token_utils.cc | 38 |
1 files changed, 1 insertions, 37 deletions
diff --git a/sandbox/src/restricted_token_utils.cc b/sandbox/src/restricted_token_utils.cc index c789471..b036e51 100644 --- a/sandbox/src/restricted_token_utils.cc +++ b/sandbox/src/restricted_token_utils.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -340,40 +340,4 @@ DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level) { return SetTokenIntegrityLevel(token.Get(), integrity_level); } -DWORD SetObjectDenyRestrictedAndNull(HANDLE handle, SE_OBJECT_TYPE type) { - PSECURITY_DESCRIPTOR sec_desc = NULL; - PACL old_dacl = NULL; - - DWORD error = ::GetSecurityInfo(handle, type, DACL_SECURITY_INFORMATION, - NULL, NULL, &old_dacl, NULL, &sec_desc); - if (!error) { - Sid deny_sids[] = { Sid(WinNullSid), Sid(WinRestrictedCodeSid) }; - const int kDenySidsCount = sizeof(deny_sids) / sizeof(deny_sids[0]); - EXPLICIT_ACCESS deny_aces[kDenySidsCount]; - ::ZeroMemory(deny_aces, sizeof(deny_aces)); - - for (int i = 0; i < kDenySidsCount; ++i) { - deny_aces[i].grfAccessMode = DENY_ACCESS; - deny_aces[i].grfAccessPermissions = GENERIC_ALL; - deny_aces[i].grfInheritance = NO_INHERITANCE; - deny_aces[i].Trustee.TrusteeForm = TRUSTEE_IS_SID; - deny_aces[i].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; - deny_aces[i].Trustee.ptstrName = - reinterpret_cast<LPWSTR>(const_cast<SID*>(deny_sids[i].GetPSID())); - } - - PACL new_dacl = NULL; - error = ::SetEntriesInAcl(kDenySidsCount, deny_aces, old_dacl, &new_dacl); - if (!error) { - error = ::SetSecurityInfo(handle, type, DACL_SECURITY_INFORMATION, - NULL, NULL, new_dacl, NULL); - ::LocalFree(new_dacl); - } - - ::LocalFree(sec_desc); - } - - return error; -} - } // namespace sandbox |