2023-05-30 10:55:32 +02:00
|
|
|
diff --git sandbox/win/src/sandbox_policy.h sandbox/win/src/sandbox_policy.h
|
2024-11-14 23:07:03 +01:00
|
|
|
index 17699e60e60be..53658b54f4fa7 100644
|
2023-05-30 10:55:32 +02:00
|
|
|
--- sandbox/win/src/sandbox_policy.h
|
|
|
|
+++ sandbox/win/src/sandbox_policy.h
|
2024-09-27 16:15:44 +02:00
|
|
|
@@ -282,7 +282,7 @@ class [[clang::lto_visibility_public]] TargetPolicy {
|
2023-05-30 10:55:32 +02:00
|
|
|
// Adds a blob of data that will be made available in the child early in
|
|
|
|
// startup via sandbox::GetDelegateData(). The contents of this data should
|
|
|
|
// not vary between children with the same TargetConfig().
|
|
|
|
- virtual void AddDelegateData(base::span<const uint8_t> data) = 0;
|
|
|
|
+ virtual void AddDelegateData(base::span<uint8_t> data) = 0;
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace sandbox
|
|
|
|
diff --git sandbox/win/src/sandbox_policy_base.cc sandbox/win/src/sandbox_policy_base.cc
|
2024-11-14 23:07:03 +01:00
|
|
|
index bb144af1a7e12..2a05c5a62c941 100644
|
2023-05-30 10:55:32 +02:00
|
|
|
--- sandbox/win/src/sandbox_policy_base.cc
|
|
|
|
+++ sandbox/win/src/sandbox_policy_base.cc
|
2024-10-24 17:05:31 +02:00
|
|
|
@@ -194,12 +194,12 @@ PolicyGlobal* ConfigBase::policy() {
|
2023-05-30 10:55:32 +02:00
|
|
|
return policy_;
|
|
|
|
}
|
|
|
|
|
2023-12-06 21:16:15 +01:00
|
|
|
-std::optional<base::span<const uint8_t>> ConfigBase::policy_span() {
|
|
|
|
+std::optional<base::span<uint8_t>> ConfigBase::policy_span() {
|
2023-05-30 10:55:32 +02:00
|
|
|
if (policy_) {
|
|
|
|
// Note: this is not policy().data_size as that relates to internal data,
|
|
|
|
// not the entire allocated policy area.
|
|
|
|
- return base::span<const uint8_t>(reinterpret_cast<uint8_t*>(policy_.get()),
|
|
|
|
- kPolMemSize);
|
|
|
|
+ return base::span<uint8_t>(reinterpret_cast<uint8_t*>(policy_.get()),
|
|
|
|
+ kPolMemSize);
|
|
|
|
}
|
2023-12-06 21:16:15 +01:00
|
|
|
return std::nullopt;
|
2023-05-30 10:55:32 +02:00
|
|
|
}
|
2024-10-24 17:05:31 +02:00
|
|
|
@@ -785,14 +785,14 @@ bool PolicyBase::SetupHandleCloser(TargetProcess& target) {
|
2024-02-22 19:36:15 +01:00
|
|
|
return (SBOX_ALL_OK == rc);
|
2023-05-30 10:55:32 +02:00
|
|
|
}
|
|
|
|
|
2023-12-06 21:16:15 +01:00
|
|
|
-std::optional<base::span<const uint8_t>> PolicyBase::delegate_data_span() {
|
|
|
|
+std::optional<base::span<uint8_t>> PolicyBase::delegate_data_span() {
|
2023-05-30 10:55:32 +02:00
|
|
|
if (delegate_data_) {
|
|
|
|
return base::make_span(*delegate_data_);
|
|
|
|
}
|
2023-12-06 21:16:15 +01:00
|
|
|
return std::nullopt;
|
2023-05-30 10:55:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
-void PolicyBase::AddDelegateData(base::span<const uint8_t> data) {
|
|
|
|
+void PolicyBase::AddDelegateData(base::span<uint8_t> data) {
|
|
|
|
CHECK(data.size() > 0u);
|
|
|
|
// Can only set this once - as there is only one region sent to the child.
|
|
|
|
CHECK(!delegate_data_);
|
|
|
|
diff --git sandbox/win/src/sandbox_policy_base.h sandbox/win/src/sandbox_policy_base.h
|
2024-11-14 23:07:03 +01:00
|
|
|
index af905fba23ac1..cba2426b098a8 100644
|
2023-05-30 10:55:32 +02:00
|
|
|
--- sandbox/win/src/sandbox_policy_base.h
|
|
|
|
+++ sandbox/win/src/sandbox_policy_base.h
|
2024-11-14 23:07:03 +01:00
|
|
|
@@ -117,7 +117,7 @@ class ConfigBase final : public TargetConfig {
|
2023-05-30 10:55:32 +02:00
|
|
|
|
|
|
|
// Should only be called once the object is configured.
|
|
|
|
PolicyGlobal* policy();
|
2023-12-06 21:16:15 +01:00
|
|
|
- std::optional<base::span<const uint8_t>> policy_span();
|
|
|
|
+ std::optional<base::span<uint8_t>> policy_span();
|
2023-05-30 10:55:32 +02:00
|
|
|
std::vector<std::wstring>& blocklisted_dlls();
|
|
|
|
AppContainerBase* app_container();
|
|
|
|
IntegrityLevel integrity_level() { return integrity_level_; }
|
2024-11-14 23:07:03 +01:00
|
|
|
@@ -172,7 +172,7 @@ class PolicyBase final : public TargetPolicy {
|
2023-05-30 10:55:32 +02:00
|
|
|
ResultCode SetStdoutHandle(HANDLE handle) override;
|
|
|
|
ResultCode SetStderrHandle(HANDLE handle) override;
|
|
|
|
void AddHandleToShare(HANDLE handle) override;
|
|
|
|
- void AddDelegateData(base::span<const uint8_t> data) override;
|
|
|
|
+ void AddDelegateData(base::span<uint8_t> data) override;
|
|
|
|
|
|
|
|
// Creates a Job object with the level specified in a previous call to
|
|
|
|
// SetJobLevel().
|
2024-11-14 23:07:03 +01:00
|
|
|
@@ -236,13 +236,13 @@ class PolicyBase final : public TargetPolicy {
|
2023-05-30 10:55:32 +02:00
|
|
|
// time.
|
|
|
|
|
|
|
|
// Returns nullopt if no data has been set, or a view into the data.
|
2023-12-06 21:16:15 +01:00
|
|
|
- std::optional<base::span<const uint8_t>> delegate_data_span();
|
|
|
|
+ std::optional<base::span<uint8_t>> delegate_data_span();
|
2023-05-30 10:55:32 +02:00
|
|
|
|
|
|
|
// The user-defined global policy settings.
|
|
|
|
HANDLE stdout_handle_;
|
|
|
|
HANDLE stderr_handle_;
|
|
|
|
// An opaque blob of data the delegate uses to prime any pre-sandbox hooks.
|
2024-02-22 19:36:15 +01:00
|
|
|
- std::unique_ptr<const std::vector<uint8_t>> delegate_data_;
|
2023-05-30 10:55:32 +02:00
|
|
|
+ std::unique_ptr<std::vector<uint8_t>> delegate_data_;
|
|
|
|
|
|
|
|
std::unique_ptr<Dispatcher> dispatcher_;
|
|
|
|
|