| Index: sandbox/src/security_level.h
|
| diff --git a/sandbox/src/security_level.h b/sandbox/src/security_level.h
|
| deleted file mode 100644
|
| index 467f96f94215cc05f0b18e3c46aad2146882f323..0000000000000000000000000000000000000000
|
| --- a/sandbox/src/security_level.h
|
| +++ /dev/null
|
| @@ -1,127 +0,0 @@
|
| -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#ifndef SANDBOX_SRC_SECURITY_LEVEL_H_
|
| -#define SANDBOX_SRC_SECURITY_LEVEL_H_
|
| -
|
| -namespace sandbox {
|
| -
|
| -// List of all the integrity levels supported in the sandbox. This is used
|
| -// only on Windows Vista. You can't set the integrity level of the process
|
| -// in the sandbox to a level higher than yours.
|
| -enum IntegrityLevel {
|
| - INTEGRITY_LEVEL_SYSTEM,
|
| - INTEGRITY_LEVEL_HIGH,
|
| - INTEGRITY_LEVEL_MEDIUM,
|
| - INTEGRITY_LEVEL_MEDIUM_LOW,
|
| - INTEGRITY_LEVEL_LOW,
|
| - INTEGRITY_LEVEL_BELOW_LOW,
|
| - INTEGRITY_LEVEL_UNTRUSTED,
|
| - INTEGRITY_LEVEL_LAST
|
| -};
|
| -
|
| -// The Token level specifies a set of security profiles designed to
|
| -// provide the bulk of the security of sandbox.
|
| -//
|
| -// TokenLevel |Restricting |Deny Only |Privileges|
|
| -// |Sids |Sids | |
|
| -// ----------------------------|--------------|----------------|----------|
|
| -// USER_LOCKDOWN | Null Sid | All | None |
|
| -// ----------------------------|--------------|----------------|----------|
|
| -// USER_RESTRICTED | RESTRICTED | All | Traverse |
|
| -// ----------------------------|--------------|----------------|----------|
|
| -// USER_LIMITED | Users | All except: | Traverse |
|
| -// | Everyone | Users | |
|
| -// | RESTRICTED | Everyone | |
|
| -// | | Interactive | |
|
| -// ----------------------------|--------------|----------------|----------|
|
| -// USER_INTERACTIVE | Users | All except: | Traverse |
|
| -// | Everyone | Users | |
|
| -// | RESTRICTED | Everyone | |
|
| -// | Owner | Interactive | |
|
| -// | | Local | |
|
| -// | | Authent-users | |
|
| -// | | User | |
|
| -// ----------------------------|--------------|----------------|----------|
|
| -// USER_NON_ADMIN | None | All except: | Traverse |
|
| -// | | Users | |
|
| -// | | Everyone | |
|
| -// | | Interactive | |
|
| -// | | Local | |
|
| -// | | Authent-users | |
|
| -// | | User | |
|
| -// ----------------------------|--------------|----------------|----------|
|
| -// USER_RESTRICTED_SAME_ACCESS | All | None | All |
|
| -// ----------------------------|--------------|----------------|----------|
|
| -// USER_UNPROTECTED | None | None | All |
|
| -// ----------------------------|--------------|----------------|----------|
|
| -//
|
| -// The above restrictions are actually a transformation that is applied to
|
| -// the existing broker process token. The resulting token that will be
|
| -// applied to the target process depends both on the token level selected
|
| -// and on the broker token itself.
|
| -//
|
| -// The LOCKDOWN and RESTRICTED are designed to allow access to almost
|
| -// nothing that has security associated with and they are the recommended
|
| -// levels to run sandboxed code specially if there is a chance that the
|
| -// broker is process might be started by a user that belongs to the Admins
|
| -// or power users groups.
|
| -enum TokenLevel {
|
| - USER_LOCKDOWN = 0,
|
| - USER_RESTRICTED,
|
| - USER_LIMITED,
|
| - USER_INTERACTIVE,
|
| - USER_NON_ADMIN,
|
| - USER_RESTRICTED_SAME_ACCESS,
|
| - USER_UNPROTECTED
|
| -};
|
| -
|
| -// The Job level specifies a set of decreasing security profiles for the
|
| -// Job object that the target process will be placed into.
|
| -// This table summarizes the security associated with each level:
|
| -//
|
| -// JobLevel |General |Quota |
|
| -// |restrictions |restrictions |
|
| -// -----------------|---------------------------------- |--------------------|
|
| -// JOB_UNPROTECTED | None | *Kill on Job close.|
|
| -// -----------------|---------------------------------- |--------------------|
|
| -// JOB_INTERACTIVE | *Forbid system-wide changes using | |
|
| -// | SystemParametersInfo(). | *Kill on Job close.|
|
| -// | *Forbid the creation/switch of | |
|
| -// | Desktops. | |
|
| -// | *Forbids calls to ExitWindows(). | |
|
| -// -----------------|---------------------------------- |--------------------|
|
| -// JOB_LIMITED_USER | Same as INTERACTIVE_USER plus: | *One active process|
|
| -// | *Forbid changes to the display | limit. |
|
| -// | settings. | *Kill on Job close.|
|
| -// -----------------|---------------------------------- |--------------------|
|
| -// JOB_RESTRICTED | Same as LIMITED_USER plus: | *One active process|
|
| -// | * No read/write to the clipboard. | limit. |
|
| -// | * No access to User Handles that | *Kill on Job close.|
|
| -// | belong to other processes. | |
|
| -// | * Forbid message broadcasts. | |
|
| -// | * Forbid setting global hooks. | |
|
| -// | * No access to the global atoms | |
|
| -// | table. | |
|
| -// -----------------|-----------------------------------|--------------------|
|
| -// JOB_LOCKDOWN | Same as RESTRICTED | *One active process|
|
| -// | | limit. |
|
| -// | | *Kill on Job close.|
|
| -// | | *Kill on unhandled |
|
| -// | | exception. |
|
| -// | | |
|
| -// In the context of the above table, 'user handles' refers to the handles of
|
| -// windows, bitmaps, menus, etc. Files, treads and registry handles are kernel
|
| -// handles and are not affected by the job level settings.
|
| -enum JobLevel {
|
| - JOB_LOCKDOWN = 0,
|
| - JOB_RESTRICTED,
|
| - JOB_LIMITED_USER,
|
| - JOB_INTERACTIVE,
|
| - JOB_UNPROTECTED
|
| -};
|
| -
|
| -} // namespace sandbox
|
| -
|
| -#endif // SANDBOX_SRC_SECURITY_LEVEL_H_
|
|
|
Chromium Code Reviews
Issue 10783004:
Move Windows Sandbox, trybots version (don't commit me!) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src