Revert 93308 - Add a sandbox API to allow closing open handles at loc…

…kdown.

BUG=58069
BUG=74242
TEST=sbox_integration_tests --gtest_filter=HandleCloserTests.* 
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=93274
Review URL: http://codereview.chromium.org/7253054

TBR=jschuh@chromium.org
Review URL: http://codereview.chromium.org/7473022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93315 0039d316-1c4b-4281-b951-d872f2087c98

content/common/sandbox_policy.cc

@@ -194,41 +194,6 @@ void AddDllEvictionPolicy(sandbox::TargetPolicy* policy) {
     BlacklistAddOneDll(kTroublesomeDlls[ix], policy);
 }
 
-// Returns the object path prepended with the current logon session.
-string16 PrependWindowsSessionPath(const char16* object) {
-  // Cache this because it can't change after process creation.
-  static string16* session_prefix = NULL;
-  if (!session_prefix) {
-    HANDLE token;
-    DWORD session_id;
-    DWORD session_id_length;
-
-    CHECK(::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &token));
-    CHECK(::GetTokenInformation(token, TokenSessionId, &session_id,
-        sizeof(session_id), &session_id_length));
-    CloseHandle(token);
-
-    session_prefix = new string16(base::StringPrintf(L"\\Sessions\\%d",
-        session_id));
-  }
-
-  return *session_prefix + object;
-}
-
-// Closes handles that are opened at process creation and initialization.
-void AddBaseHandleClosePolicy(sandbox::TargetPolicy* policy) {
-  // Being able to manipulate anything BaseNamedObjects is bad.
-  policy->AddKernelObjectToClose(L"Directory", PrependWindowsSessionPath(
-      L"\\BaseNamedObjects").data());
-  policy->AddKernelObjectToClose(L"Section", PrependWindowsSessionPath(
-      L"\\BaseNamedObjects\\windows_shell_global_counters").data());
-}
-
-void AddStrictHandleClosePolicy(sandbox::TargetPolicy* policy) {
-  // This is loaded when rand_s is seeded, but not needed again.
-  policy->AddKernelObjectToClose(L"File", L"\\Device\\KsecDD");
-}
-
 // Adds the generic policy rules to a sandbox TargetPolicy.
 bool AddGenericPolicy(sandbox::TargetPolicy* policy) {
   sandbox::ResultCode result;
@@ -314,7 +279,6 @@ void AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
   }
 
   AddDllEvictionPolicy(policy);
-  AddBaseHandleClosePolicy(policy);
 }
 
 // The Pepper process as locked-down as a renderer execpt that it can
@@ -450,8 +414,6 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
       return 0;
   } else {
     AddPolicyForRenderer(policy);
-    if (type == ChildProcessInfo::RENDER_PROCESS)
-      AddStrictHandleClosePolicy(policy);
 
     if (type_str != switches::kRendererProcess) {
       // Hack for Google Desktop crash. Trick GD into not injecting its DLL into

sandbox/sandbox.gyp

@@ -33,10 +33,6 @@
             'src/filesystem_interception.h',
             'src/filesystem_policy.cc',
             'src/filesystem_policy.h',
-            'src/handle_closer.cc',
-            'src/handle_closer.h',
-            'src/handle_closer_agent.cc',
-            'src/handle_closer_agent.h',
             'src/handle_table.cc',
             'src/handle_table.h',
             'src/interception.cc',
@@ -287,7 +283,6 @@
             'src/dep_test.cc',
             'src/file_policy_test.cc',
             'tests/integration_tests/integration_tests_test.cc',
-            'src/handle_closer_test.cc',
             'src/integrity_level_test.cc',
             'src/ipc_ping_test.cc',
             'src/named_pipe_policy_test.cc',