From 914bc73938a428fb7315643277068056fc723fae Mon Sep 17 00:00:00 2001 From: "jschuh@chromium.org" Date: Wed, 12 Sep 2012 17:46:10 +0000 Subject: Revert 156315 - Add sandbox support for Windows process mitigations BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10690058 TBR=jschuh@chromium.org Review URL: https://chromiumcodereview.appspot.com/10918197 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156322 0039d316-1c4b-4281-b951-d872f2087c98 --- sandbox/win/src/sandbox_policy_base.cc | 46 ---------------------------------- 1 file changed, 46 deletions(-) (limited to 'sandbox/win/src/sandbox_policy_base.cc') diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc index f942ff5a..3950a0c 100644 --- a/sandbox/win/src/sandbox_policy_base.cc +++ b/sandbox/win/src/sandbox_policy_base.cc @@ -15,7 +15,6 @@ #include "sandbox/win/src/handle_policy.h" #include "sandbox/win/src/job.h" #include "sandbox/win/src/interception.h" -#include "sandbox/win/src/process_mitigations.h" #include "sandbox/win/src/named_pipe_dispatcher.h" #include "sandbox/win/src/named_pipe_policy.h" #include "sandbox/win/src/policy_broker.h" @@ -54,7 +53,6 @@ sandbox::PolicyGlobal* MakeBrokerPolicyMemory() { namespace sandbox { SANDBOX_INTERCEPT IntegrityLevel g_shared_delayed_integrity_level; -SANDBOX_INTERCEPT MitigationFlags g_shared_delayed_mitigations; // Initializes static members. HWINSTA PolicyBase::alternate_winstation_handle_ = NULL; @@ -72,8 +70,6 @@ PolicyBase::PolicyBase() relaxed_interceptions_(true), integrity_level_(INTEGRITY_LEVEL_LAST), delayed_integrity_level_(INTEGRITY_LEVEL_LAST), - mitigations_(0), - delayed_mitigations_(0), policy_maker_(NULL), policy_(NULL) { ::InitializeCriticalSection(&lock_); @@ -280,30 +276,6 @@ ResultCode PolicyBase::SetCapability(const wchar_t* sid) { return SBOX_ALL_OK; } -ResultCode PolicyBase::SetProcessMitigations( - MitigationFlags flags) { - if (!CanSetProcessMitigationsPreStartup(flags)) - return SBOX_ERROR_BAD_PARAMS; - mitigations_ = flags; - return SBOX_ALL_OK; -} - -MitigationFlags PolicyBase::GetProcessMitigations() { - return mitigations_; -} - -ResultCode PolicyBase::SetDelayedProcessMitigations( - MitigationFlags flags) { - if (!CanSetProcessMitigationsPostStartup(flags)) - return SBOX_ERROR_BAD_PARAMS; - delayed_mitigations_ = flags; - return SBOX_ALL_OK; -} - -MitigationFlags PolicyBase::GetDelayedProcessMitigations() { - return delayed_mitigations_; -} - void PolicyBase::SetStrictInterceptions() { relaxed_interceptions_ = false; } @@ -478,11 +450,6 @@ bool PolicyBase::AddTarget(TargetProcess* target) { if (NULL != policy_) policy_maker_->Done(); - if (!ApplyProcessMitigationsToSuspendedProcess(target->Process(), - mitigations_)) { - return false; - } - if (!SetupAllInterceptions(target)) return false; @@ -502,19 +469,6 @@ bool PolicyBase::AddTarget(TargetProcess* target) { if (SBOX_ALL_OK != ret) return false; - // Add in delayed mitigations and pseudo-mitigations enforced at startup. - g_shared_delayed_mitigations = delayed_mitigations_ | - FilterPostStartupProcessMitigations(mitigations_); - if (!CanSetProcessMitigationsPostStartup(g_shared_delayed_mitigations)) - return false; - - ret = target->TransferVariable("g_shared_delayed_mitigations", - &g_shared_delayed_mitigations, - sizeof(g_shared_delayed_mitigations)); - g_shared_delayed_mitigations = 0; - if (SBOX_ALL_OK != ret) - return false; - AutoLock lock(&lock_); targets_.push_back(target); return true; -- cgit v1.1