Attachment #9131703: Bug 1557282 Part 4: Use USER_LIMITED from the start of the socket process sandbox. r=handyman! for bug #1618911

View | Details | Raw Unified | Return to bug 1618911
Collapse All | Expand All

(-)a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp (-1 / +1 lines)
Line     Link Here 
 Lines 912-928   bool SandboxBroker::SetSecurityLevelForS Link Here 
912 
  }
 912 
  }
913 

          913
          

        

        

          914
          
  auto result =

          914
          
  auto result =

        

        

          915
          
      SetJobLevel(mPolicy, sandbox::JOB_LOCKDOWN, 0 /* ui_exceptions */);

          915
          
      SetJobLevel(mPolicy, sandbox::JOB_LOCKDOWN, 0 /* ui_exceptions */);

        

        

          916
          
  SANDBOX_ENSURE_SUCCESS(

          916
          
  SANDBOX_ENSURE_SUCCESS(

        

        

          917
          
      result,

          917
          
      result,

        

        

          918
          
      "SetJobLevel should never fail with these arguments, what happened?");

          918
          
      "SetJobLevel should never fail with these arguments, what happened?");

        

        

          919
          

          919
          

        

          
            

              920
              
  result = mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,


              920
              
  result = mPolicy->SetTokenLevel(sandbox::USER_LIMITED,

            

        

          921
          
                                  sandbox::USER_LIMITED);

          921
          
                                  sandbox::USER_LIMITED);

        

        

          922
          
  SANDBOX_ENSURE_SUCCESS(

          922
          
  SANDBOX_ENSURE_SUCCESS(

        

        

          923
          
      result,

          923
          
      result,

        

        

          924
          
      "SetTokenLevel should never fail with these arguments, what happened?");

          924
          
      "SetTokenLevel should never fail with these arguments, what happened?");

        

        

          925
          

          925
          

        

        

          926
          
  result = mPolicy->SetAlternateDesktop(true);

          926
          
  result = mPolicy->SetAlternateDesktop(true);

        

        

          927
          
  if (NS_WARN_IF(result != sandbox::SBOX_ALL_OK)) {

          927
          
  if (NS_WARN_IF(result != sandbox::SBOX_ALL_OK)) {

        

        

          928
          
    LOG_W("SetAlternateDesktop failed, result: %i, last error: %x", result,

          928
          
    LOG_W("SetAlternateDesktop failed, result: %i, last error: %x", result,

        







  


  Return to bug 1618911