wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1172388: Use a USER_RESTRICTED access level token on Windows 10. r=cpearce

Browse Source
This commit is contained in:
Bob Owen 2015-06-19 23:35:43 +01:00
parent 128d605a1b
commit 791d7b4fed
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
View File

@ -5,6 +5,8 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "sandboxBroker.h"
#include "base/win/windows_version.h"
#include "sandbox/win/src/sandbox.h"
#include "sandbox/win/src/sandbox_factory.h"
#include "sandbox/win/src/security_level.h"
@ -293,9 +295,13 @@ SandboxBroker::SetSecurityLevelForGMPlugin()
auto result = mPolicy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0);
bool ret = (sandbox::SBOX_ALL_OK == result);
result =
mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
sandbox::USER_LOCKDOWN);
if (base::win::GetVersion() > base::win::VERSION_WIN8_1) {
result = mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
sandbox::USER_RESTRICTED);
} else {
result = mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
sandbox::USER_LOCKDOWN);
}
ret = ret && (sandbox::SBOX_ALL_OK == result);
result = mPolicy->SetAlternateDesktop(true);