diff options
Diffstat (limited to 'security/sandbox/win/SandboxInitialization.cpp')
| -rw-r--r-- | security/sandbox/win/SandboxInitialization.cpp | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/security/sandbox/win/SandboxInitialization.cpp b/security/sandbox/win/SandboxInitialization.cpp new file mode 100644 index 000000000..e587c2598 --- /dev/null +++ b/security/sandbox/win/SandboxInitialization.cpp @@ -0,0 +1,81 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "SandboxInitialization.h" + +#include "sandbox/win/src/sandbox_factory.h" + +namespace mozilla { +namespace sandboxing { + +static sandbox::TargetServices* +InitializeTargetServices() +{ + sandbox::TargetServices* targetServices = + sandbox::SandboxFactory::GetTargetServices(); + if (!targetServices) { + return nullptr; + } + + if (targetServices->Init() != sandbox::SBOX_ALL_OK) { + return nullptr; + } + + return targetServices; +} + +sandbox::TargetServices* +GetInitializedTargetServices() +{ + static sandbox::TargetServices* sInitializedTargetServices = + InitializeTargetServices(); + + return sInitializedTargetServices; +} + +void +LowerSandbox() +{ + GetInitializedTargetServices()->LowerToken(); +} + +static sandbox::BrokerServices* +InitializeBrokerServices() +{ + sandbox::BrokerServices* brokerServices = + sandbox::SandboxFactory::GetBrokerServices(); + if (!brokerServices) { + return nullptr; + } + + if (brokerServices->Init() != sandbox::SBOX_ALL_OK) { + return nullptr; + } + + // Comment below copied from Chromium code. + // Precreate the desktop and window station used by the renderers. + // IMPORTANT: This piece of code needs to run as early as possible in the + // process because it will initialize the sandbox broker, which requires + // the process to swap its window station. During this time all the UI + // will be broken. This has to run before threads and windows are created. + sandbox::TargetPolicy* policy = brokerServices->CreatePolicy(); + sandbox::ResultCode result = policy->CreateAlternateDesktop(true); + policy->Release(); + + return brokerServices; +} + +sandbox::BrokerServices* +GetInitializedBrokerServices() +{ + static sandbox::BrokerServices* sInitializedBrokerServices = + InitializeBrokerServices(); + + return sInitializedBrokerServices; +} + +} // sandboxing +} // mozilla |