summaryrefslogtreecommitdiffstats
path: root/security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc
diff options
context:
space:
mode:
Diffstat (limited to 'security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc')
-rw-r--r--security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc b/security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc
index d93386d646..b4830bd253 100644
--- a/security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc
+++ b/security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc
@@ -307,6 +307,14 @@ DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level) {
return ERROR_SUCCESS;
}
+ // Set integrity level for our process ACL, so we retain access to it.
+ // We ignore failures because this is not a security measure, but some
+ // functionality may fail later in the process.
+ DWORD rv =
+ SetObjectIntegrityLabel(::GetCurrentProcess(), SE_KERNEL_OBJECT, L"",
+ GetIntegrityLevelString(integrity_level));
+ DCHECK(rv == ERROR_SUCCESS);
+
HANDLE token_handle;
if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_DEFAULT,
&token_handle))
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 12:52:21 +0000