summaryrefslogtreecommitdiff
path: root/chromium/sandbox/win
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/sandbox/win')
-rw-r--r--chromium/sandbox/win/src/ipc_leak_test.cc3
-rw-r--r--chromium/sandbox/win/src/policy_engine_opcodes.h2
-rw-r--r--chromium/sandbox/win/src/policy_low_level.cc10
-rw-r--r--chromium/sandbox/win/src/policy_low_level.h5
-rw-r--r--chromium/sandbox/win/src/sandbox_policy.h5
-rw-r--r--chromium/sandbox/win/src/sandbox_policy_base.cc15
-rw-r--r--chromium/sandbox/win/src/sandbox_policy_base.h3
-rw-r--r--chromium/sandbox/win/src/target_services.cc1
8 files changed, 16 insertions, 28 deletions
diff --git a/chromium/sandbox/win/src/ipc_leak_test.cc b/chromium/sandbox/win/src/ipc_leak_test.cc
index a2ab9c40b9b..3dd1c1d67e7 100644
--- a/chromium/sandbox/win/src/ipc_leak_test.cc
+++ b/chromium/sandbox/win/src/ipc_leak_test.cc
@@ -46,7 +46,8 @@ enum TestId {
// Helper function to allocate space (on the heap) for policy.
PolicyGlobal* MakePolicyMemory() {
- const size_t kTotalPolicySz = 4096 * 8;
+ // Should not exceed kPolMemSize from |sandbox_policy_base.cc|.
+ const size_t kTotalPolicySz = 4096 * 6;
char* mem = new char[kTotalPolicySz];
memset(mem, 0, kTotalPolicySz);
PolicyGlobal* policy = reinterpret_cast<PolicyGlobal*>(mem);
diff --git a/chromium/sandbox/win/src/policy_engine_opcodes.h b/chromium/sandbox/win/src/policy_engine_opcodes.h
index 8e8816df1cb..88a703c1297 100644
--- a/chromium/sandbox/win/src/policy_engine_opcodes.h
+++ b/chromium/sandbox/win/src/policy_engine_opcodes.h
@@ -8,7 +8,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "base/logging.h"
+#include "base/check_op.h"
#include "base/macros.h"
#include "base/numerics/safe_conversions.h"
#include "sandbox/win/src/policy_engine_params.h"
diff --git a/chromium/sandbox/win/src/policy_low_level.cc b/chromium/sandbox/win/src/policy_low_level.cc
index b07677ec7da..d987211c8b5 100644
--- a/chromium/sandbox/win/src/policy_low_level.cc
+++ b/chromium/sandbox/win/src/policy_low_level.cc
@@ -59,10 +59,6 @@ LowLevelPolicy::~LowLevelPolicy() {
}
}
-size_t LowLevelPolicy::GetPolicyGlobalSize() {
- return policy_global_size_;
-}
-
// Here is where the heavy byte shuffling is done. We take all the rules and
// 'compile' them into a single memory region. Now, the rules are in random
// order so the first step is to reorganize them into a stl map that is keyed
@@ -76,8 +72,6 @@ bool LowLevelPolicy::Done() {
typedef std::map<IpcTag, RuleList> Mmap;
Mmap mmap;
- policy_global_size_ = 0;
-
for (RuleNodes::iterator it = rules_.begin(); it != rules_.end(); ++it) {
mmap[it->service].push_back(it->rule);
}
@@ -125,10 +119,6 @@ bool LowLevelPolicy::Done() {
current_buffer = &current_buffer[policy_buffers_occupied + 1];
}
- // The size used to store policy rules. Must be >=0 if we got here
- // or we would have bailed out for lack of space earlier.
- policy_global_size_ = policy_store_->data_size - avail_size;
-
return true;
}
diff --git a/chromium/sandbox/win/src/policy_low_level.h b/chromium/sandbox/win/src/policy_low_level.h
index da6410a4a6a..1586f96af90 100644
--- a/chromium/sandbox/win/src/policy_low_level.h
+++ b/chromium/sandbox/win/src/policy_low_level.h
@@ -96,10 +96,6 @@ class LowLevelPolicy {
// passed on the constructor. Returns false on error.
bool Done();
- // Returns the size that could hold all rules, valid after Done() has
- // packed them.
- size_t GetPolicyGlobalSize();
-
private:
struct RuleNode {
const PolicyRule* rule;
@@ -107,7 +103,6 @@ class LowLevelPolicy {
};
std::list<RuleNode> rules_;
PolicyGlobal* policy_store_;
- size_t policy_global_size_;
DISALLOW_IMPLICIT_CONSTRUCTORS(LowLevelPolicy);
};
diff --git a/chromium/sandbox/win/src/sandbox_policy.h b/chromium/sandbox/win/src/sandbox_policy.h
index 279e5024124..57a12d77aa2 100644
--- a/chromium/sandbox/win/src/sandbox_policy.h
+++ b/chromium/sandbox/win/src/sandbox_policy.h
@@ -17,6 +17,7 @@
namespace sandbox {
class AppContainerProfile;
+class PolicyInfo;
class TargetPolicy {
public:
@@ -276,8 +277,8 @@ class TargetPolicy {
// lifetime of the policy object.
virtual void SetEffectiveToken(HANDLE token) = 0;
- // Returns the size of policy memory used at process start.
- virtual size_t GetPolicyGlobalSize() const = 0;
+ // Returns a snapshot of the policy configuration.
+ virtual std::unique_ptr<PolicyInfo> GetPolicyInfo() = 0;
protected:
~TargetPolicy() {}
diff --git a/chromium/sandbox/win/src/sandbox_policy_base.cc b/chromium/sandbox/win/src/sandbox_policy_base.cc
index fdf63d9c774..3d055248c01 100644
--- a/chromium/sandbox/win/src/sandbox_policy_base.cc
+++ b/chromium/sandbox/win/src/sandbox_policy_base.cc
@@ -29,6 +29,7 @@
#include "sandbox/win/src/registry_policy.h"
#include "sandbox/win/src/restricted_token_utils.h"
#include "sandbox/win/src/sandbox_policy.h"
+#include "sandbox/win/src/sandbox_policy_diagnostic.h"
#include "sandbox/win/src/sandbox_utils.h"
#include "sandbox/win/src/security_capabilities.h"
#include "sandbox/win/src/signed_policy.h"
@@ -43,7 +44,7 @@ namespace {
constexpr size_t kOneMemPage = 4096;
// The IPC and Policy shared memory sizes.
constexpr size_t kIPCMemSize = kOneMemPage * 2;
-constexpr size_t kPolMemSize = kOneMemPage * 14;
+constexpr size_t kPolMemSize = kOneMemPage * 6;
// Helper function to allocate space (on the heap) for policy.
sandbox::PolicyGlobal* MakeBrokerPolicyMemory() {
@@ -507,13 +508,6 @@ PSID PolicyBase::GetLowBoxSid() const {
return lowbox_sid_;
}
-size_t PolicyBase::GetPolicyGlobalSize() const {
- // TODO(1059129) remove when Process.Sandbox.PolicyGlobalSize expires.
- if (policy_maker_)
- return policy_maker_->GetPolicyGlobalSize();
- return 0;
-}
-
ResultCode PolicyBase::AddTarget(TargetProcess* target) {
if (policy_) {
if (!policy_maker_->Done())
@@ -817,4 +811,9 @@ ResultCode PolicyBase::AddRuleInternal(SubSystem subsystem,
return SBOX_ALL_OK;
}
+std::unique_ptr<PolicyInfo> PolicyBase::GetPolicyInfo() {
+ auto diagnostic = std::make_unique<PolicyDiagnostic>(this);
+ return diagnostic;
+}
+
} // namespace sandbox
diff --git a/chromium/sandbox/win/src/sandbox_policy_base.h b/chromium/sandbox/win/src/sandbox_policy_base.h
index 9763311479c..233e4d83c17 100644
--- a/chromium/sandbox/win/src/sandbox_policy_base.h
+++ b/chromium/sandbox/win/src/sandbox_policy_base.h
@@ -33,6 +33,7 @@ namespace sandbox {
class LowLevelPolicy;
class PolicyDiagnostic;
+class PolicyInfo;
class TargetProcess;
struct PolicyGlobal;
@@ -80,7 +81,7 @@ class PolicyBase final : public TargetPolicy {
bool create_profile) override;
scoped_refptr<AppContainerProfile> GetAppContainerProfile() override;
void SetEffectiveToken(HANDLE token) override;
- size_t GetPolicyGlobalSize() const override;
+ std::unique_ptr<PolicyInfo> GetPolicyInfo() override;
// Get the AppContainer profile as its internal type.
scoped_refptr<AppContainerProfileBase> GetAppContainerProfileBase();
diff --git a/chromium/sandbox/win/src/target_services.cc b/chromium/sandbox/win/src/target_services.cc
index b6b03b34809..52f61d7102a 100644
--- a/chromium/sandbox/win/src/target_services.cc
+++ b/chromium/sandbox/win/src/target_services.cc
@@ -9,6 +9,7 @@
#include <process.h>
#include <stdint.h>
+#include "base/logging.h"
#include "base/win/windows_version.h"
#include "sandbox/win/src/crosscall_client.h"
#include "sandbox/win/src/handle_closer_agent.h"
View Lorry Controller Status