Move Windows Sandbox, trybots version (don't commit me!)

sandbox/src/security_level.h

-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_SRC_SECURITY_LEVEL_H_
-#define SANDBOX_SRC_SECURITY_LEVEL_H_
-
-namespace sandbox {
-
-// List of all the integrity levels supported in the sandbox. This is used
-// only on Windows Vista. You can't set the integrity level of the process
-// in the sandbox to a level higher than yours.
-enum IntegrityLevel {
-  INTEGRITY_LEVEL_SYSTEM,
-  INTEGRITY_LEVEL_HIGH,
-  INTEGRITY_LEVEL_MEDIUM,
-  INTEGRITY_LEVEL_MEDIUM_LOW,
-  INTEGRITY_LEVEL_LOW,
-  INTEGRITY_LEVEL_BELOW_LOW,
-  INTEGRITY_LEVEL_UNTRUSTED,
-  INTEGRITY_LEVEL_LAST
-};
-
-// The Token level specifies a set of  security profiles designed to
-// provide the bulk of the security of sandbox.
-//
-//  TokenLevel                 |Restricting   |Deny Only       |Privileges|
-//                             |Sids          |Sids            |          |
-// ----------------------------|--------------|----------------|----------|
-// USER_LOCKDOWN               | Null Sid     | All            | None     |
-// ----------------------------|--------------|----------------|----------|
-// USER_RESTRICTED             | RESTRICTED   | All            | Traverse |
-// ----------------------------|--------------|----------------|----------|
-// USER_LIMITED                | Users        | All except:    | Traverse |
-//                             | Everyone     | Users          |          |
-//                             | RESTRICTED   | Everyone       |          |
-//                             |              | Interactive    |          |
-// ----------------------------|--------------|----------------|----------|
-// USER_INTERACTIVE            | Users        | All except:    | Traverse |
-//                             | Everyone     | Users          |          |
-//                             | RESTRICTED   | Everyone       |          |
-//                             | Owner        | Interactive    |          |
-//                             |              | Local          |          |
-//                             |              | Authent-users  |          |
-//                             |              | User           |          |
-// ----------------------------|--------------|----------------|----------|
-// USER_NON_ADMIN              | None         | All except:    | Traverse |
-//                             |              | Users          |          |
-//                             |              | Everyone       |          |
-//                             |              | Interactive    |          |
-//                             |              | Local          |          |
-//                             |              | Authent-users  |          |
-//                             |              | User           |          |
-// ----------------------------|--------------|----------------|----------|
-// USER_RESTRICTED_SAME_ACCESS | All          | None           | All      |
-// ----------------------------|--------------|----------------|----------|
-// USER_UNPROTECTED            | None         | None           | All      |
-// ----------------------------|--------------|----------------|----------|
-//
-// The above restrictions are actually a transformation that is applied to
-// the existing broker process token. The resulting token that will be
-// applied to the target process depends both on the token level selected
-// and on the broker token itself.
-//
-//  The LOCKDOWN and RESTRICTED are designed to allow access to almost
-//  nothing that has security associated with and they are the recommended
-//  levels to run sandboxed code specially if there is a chance that the
-//  broker is process might be started by a user that belongs to the Admins
-//  or power users groups.
-enum TokenLevel {
-   USER_LOCKDOWN = 0,
-   USER_RESTRICTED,
-   USER_LIMITED,
-   USER_INTERACTIVE,
-   USER_NON_ADMIN,
-   USER_RESTRICTED_SAME_ACCESS,
-   USER_UNPROTECTED
-};
-
-// The Job level specifies a set of decreasing security profiles for the
-// Job object that the target process will be placed into.
-// This table summarizes the security associated with each level:
-//
-//  JobLevel        |General                            |Quota               |
-//                  |restrictions                       |restrictions        |
-// -----------------|---------------------------------- |--------------------|
-// JOB_UNPROTECTED  | None                              | *Kill on Job close.|
-// -----------------|---------------------------------- |--------------------|
-// JOB_INTERACTIVE  | *Forbid system-wide changes using |                    |
-//                  |  SystemParametersInfo().          | *Kill on Job close.|
-//                  | *Forbid the creation/switch of    |                    |
-//                  |  Desktops.                        |                    |
-//                  | *Forbids calls to ExitWindows().  |                    |
-// -----------------|---------------------------------- |--------------------|
-// JOB_LIMITED_USER | Same as INTERACTIVE_USER plus:    | *One active process|
-//                  | *Forbid changes to the display    |  limit.            |
-//                  |  settings.                        | *Kill on Job close.|
-// -----------------|---------------------------------- |--------------------|
-// JOB_RESTRICTED   | Same as LIMITED_USER plus:        | *One active process|
-//                  | * No read/write to the clipboard. |  limit.            |
-//                  | * No access to User Handles that  | *Kill on Job close.|
-//                  |   belong to other processes.      |                    |
-//                  | * Forbid message broadcasts.      |                    |
-//                  | * Forbid setting global hooks.    |                    |
-//                  | * No access to the global atoms   |                    |
-//                  |   table.                          |                    |
-// -----------------|-----------------------------------|--------------------|
-// JOB_LOCKDOWN     | Same as RESTRICTED                | *One active process|
-//                  |                                   |  limit.            |
-//                  |                                   | *Kill on Job close.|
-//                  |                                   | *Kill on unhandled |
-//                  |                                   |  exception.        |
-//                  |                                   |                    |
-// In the context of the above table, 'user handles' refers to the handles of
-// windows, bitmaps, menus, etc. Files, treads and registry handles are kernel
-// handles and are not affected by the job level settings.
-enum JobLevel {
-  JOB_LOCKDOWN = 0,
-  JOB_RESTRICTED,
-  JOB_LIMITED_USER,
-  JOB_INTERACTIVE,
-  JOB_UNPROTECTED
-};
-
-}  // namespace sandbox
-
-#endif  // SANDBOX_SRC_SECURITY_LEVEL_H_