Bug 1321256: Use a USER_UNPROTECTED initial token when the delayed token is not restricted. r=jimm
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -138,18 +138,24 @@ SandboxBroker::SetSecurityLevelForConten
}
}
sandbox::ResultCode result = mPolicy->SetJobLevel(jobLevel,
0 /* ui_exceptions */);
MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
"Setting job level failed, have you set memory limit when jobLevel == JOB_NONE?");
- result = mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
- accessTokenLevel);
+ // If the delayed access token is not restricted we don't want the initial one
+ // to be either, because it can interfere with running from a network drive.
+ sandbox::TokenLevel initialAccessTokenLevel =
+ (accessTokenLevel == sandbox::USER_UNPROTECTED ||
+ accessTokenLevel == sandbox::USER_NON_ADMIN)
+ ? sandbox::USER_UNPROTECTED : sandbox::USER_RESTRICTED_SAME_ACCESS;
+
+ result = mPolicy->SetTokenLevel(initialAccessTokenLevel, accessTokenLevel);
MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
"Lockdown level cannot be USER_UNPROTECTED or USER_LAST if initial level was USER_RESTRICTED_SAME_ACCESS");
result = mPolicy->SetIntegrityLevel(initialIntegrityLevel);
MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
"SetIntegrityLevel should never fail, what happened?");
result = mPolicy->SetDelayedIntegrityLevel(delayedIntegrityLevel);
MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,