51_add_USER_LOCKDOWN_WITH_TRAVERSE.patch (3522B)
1 Author: Bob Owen <bobowencode@gmail.com> 2 3 Add USER_LOCKDOWN_WITH_TRAVERSE access token level. 4 5 diff --git a/sandbox/win/src/restricted_token_utils.cc b/sandbox/win/src/restricted_token_utils.cc 6 index cb8d18a1a832..1dc7fd219f88 100644 7 --- a/sandbox/win/src/restricted_token_utils.cc 8 +++ b/sandbox/win/src/restricted_token_utils.cc 9 @@ -137,16 +137,26 @@ absl::optional<base::win::AccessToken> CreateRestrictedToken( 10 restricted_token.AddRestrictingSid(base::win::WellKnownSid::kRestricted); 11 if (unique_restricted_sid) { 12 restricted_token.AddRestrictingSid(*unique_restricted_sid); 13 } 14 } else { 15 restricted_token.AddUserSidForDenyOnly(); 16 } 17 break; 18 + case USER_LOCKDOWN_WITH_TRAVERSE: 19 + if (use_restricting_sids) { 20 + restricted_token.AddRestrictingSid(base::win::WellKnownSid::kNull); 21 + if (unique_restricted_sid) { 22 + restricted_token.AddRestrictingSid(*unique_restricted_sid); 23 + } 24 + } else { 25 + restricted_token.AddUserSidForDenyOnly(); 26 + } 27 + break; 28 case USER_LOCKDOWN: 29 remove_traverse_privilege = true; 30 if (use_restricting_sids) { 31 restricted_token.AddRestrictingSid(base::win::WellKnownSid::kNull); 32 if (unique_restricted_sid) { 33 restricted_token.AddRestrictingSid(*unique_restricted_sid); 34 } 35 } else { 36 diff --git a/sandbox/win/src/security_level.h b/sandbox/win/src/security_level.h 37 index f9110600a11a..a86c4576f6e8 100644 38 --- a/sandbox/win/src/security_level.h 39 +++ b/sandbox/win/src/security_level.h 40 @@ -38,16 +38,18 @@ enum IntegrityLevel { 41 // The Token level specifies a set of security profiles designed to 42 // provide the bulk of the security of sandbox. 43 // 44 // TokenLevel |Restricting |Deny Only |Privileges| 45 // |Sids |Sids | | 46 // ----------------------------|--------------|----------------|----------| 47 // USER_LOCKDOWN | Null Sid | All | None | 48 // ----------------------------|--------------|----------------|----------| 49 +// USER_LOCKDOWN_WITH_TRAVERSE | Null Sid | All | Traverse | 50 +// ----------------------------|--------------|----------------|----------| 51 // USER_RESTRICTED | RESTRICTED | All | Traverse | 52 // ----------------------------|--------------|----------------|----------| 53 // USER_LIMITED | Users | All except: | Traverse | 54 // | Everyone | Users | | 55 // | RESTRICTED | Everyone | | 56 // | | Interactive | | 57 // ----------------------------|--------------|----------------|----------| 58 // USER_INTERACTIVE | Users | All except: | Traverse | 59 @@ -77,16 +79,17 @@ enum IntegrityLevel { 60 // and on the broker token itself. 61 // 62 // The LOCKDOWN level is designed to allow access to almost nothing that has 63 // security associated with and they are the recommended levels to run sandboxed 64 // code specially if there is a chance that the broker is process might be 65 // started by a user that belongs to the Admins or power users groups. 66 enum TokenLevel { 67 USER_LOCKDOWN = 0, 68 + USER_LOCKDOWN_WITH_TRAVERSE, 69 USER_RESTRICTED, 70 USER_LIMITED, 71 USER_INTERACTIVE, 72 USER_RESTRICTED_NON_ADMIN, 73 USER_RESTRICTED_SAME_ACCESS, 74 USER_UNPROTECTED, 75 USER_LAST 76 };