Bug 928062 - Set Windows sandbox delayed integrity level to INTEGRITY_LEVEL_LOW. r=aklotz
authorBob Owen <bobowencode@gmail.com>
Tue, 08 Apr 2014 16:25:18 +0100
changeset 196411 af5b63ae25d6ef00364e02686f77fac7223f7bc3
parent 196410 78578b6e682192799af47bd59cd60cb3a28f1e32
child 196412 5dbda270ef931aa33ad20078f306de64c8cdb3a1
push id3624
push userasasaki@mozilla.com
push dateMon, 09 Jun 2014 21:49:01 +0000
treeherdermozilla-beta@b1a5da15899a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz
bugs928062
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 928062 - Set Windows sandbox delayed integrity level to INTEGRITY_LEVEL_LOW. r=aklotz
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -42,23 +42,23 @@ SandboxBroker::LaunchApp(const wchar_t *
                            void **aProcessHandle)
 {
   // If the broker service isn't already initialized, do it now
   if (!sBrokerService || !mPolicy) {
     return false;
   }
 
   // Setup the sandbox policy, this is initially:
-  // Medium integrity, unrestricted, in the same window station, within the
+  // Low integrity, unrestricted, in the same window station, within the
   // same desktop, and has no job object.
   // We'll start to increase the restrictions over time.
   mPolicy->SetJobLevel(sandbox::JOB_NONE, 0);
   mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                          sandbox::USER_RESTRICTED_SAME_ACCESS);
-  mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
+  mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
 
   // Set an alternate Desktop within a new window station
   mPolicy->SetAlternateDesktop(false);
 
   // Ceate the sandboxed process
   PROCESS_INFORMATION targetInfo;
   sandbox::ResultCode result;
   result = sBrokerService->SpawnTarget(aPath, aArguments, mPolicy, &targetInfo);