1 // Copyright 2018 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "services/network/network_sandbox_win.h" 6 7 #include "sandbox/win/src/sandbox_types.h" 8 #include "services/service_manager/sandbox/win/sandbox_win.h" 9 10 // NOTE: changes to this code need to be reviewed by the security team. 11 namespace network { 12 13 // Right now, this policy is essentially unsandboxed, but with default process 14 // mitigations applied. This will be tighted up in future releases. NetworkPreSpawnTarget(sandbox::TargetPolicy * policy,const base::CommandLine & cmd_line)15bool NetworkPreSpawnTarget(sandbox::TargetPolicy* policy, 16 const base::CommandLine& cmd_line) { 17 sandbox::ResultCode result = policy->SetTokenLevel(sandbox::USER_UNPROTECTED, 18 sandbox::USER_UNPROTECTED); 19 if (result != sandbox::ResultCode::SBOX_ALL_OK) 20 return false; 21 result = service_manager::SandboxWin::SetJobLevel( 22 cmd_line, sandbox::JOB_UNPROTECTED, 0, policy); 23 if (result != sandbox::ResultCode::SBOX_ALL_OK) 24 return false; 25 return true; 26 } 27 28 } // namespace network 29