Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(56)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/sandbox_policy.h

Issue 10907217: Revert 156550 - Add sandbox support for Windows process mitigations (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/win/src/process_mitigations_test.cc ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after
157 // launching the sandboxed process will fail. See BrokerServices for details 157 // launching the sandboxed process will fail. See BrokerServices for details
158 // about installing an AppContainer. 158 // about installing an AppContainer.
159 // Note that currently Windows restricts the use of impersonation within 159 // Note that currently Windows restricts the use of impersonation within
160 // AppContainers, so this function is incompatible with the use of an initial 160 // AppContainers, so this function is incompatible with the use of an initial
161 // token. 161 // token.
162 virtual ResultCode SetAppContainer(const wchar_t* sid) = 0; 162 virtual ResultCode SetAppContainer(const wchar_t* sid) = 0;
163 163
164 // Sets a capability to be enabled for the sandboxed process' AppContainer. 164 // Sets a capability to be enabled for the sandboxed process' AppContainer.
165 virtual ResultCode SetCapability(const wchar_t* sid) = 0; 165 virtual ResultCode SetCapability(const wchar_t* sid) = 0;
166 166
167 // Sets the mitigations enabled when the process is created. Most of these
168 // are implemented as attributes passed via STARTUPINFOEX. So they take
169 // effect before any thread in the target executes. The declaration of
170 // MitigationFlags is followed by a detailed description of each flag.
171 virtual ResultCode SetProcessMitigations(MitigationFlags flags) = 0;
172
173 // Returns the currently set mitigation flags.
174 virtual MitigationFlags GetProcessMitigations() = 0;
175
176 // Sets process mitigation flags that don't take effect before the call to
177 // LowerToken().
178 virtual ResultCode SetDelayedProcessMitigations(MitigationFlags flags) = 0;
179
180 // Returns the currently set delayed mitigation flags.
181 virtual MitigationFlags GetDelayedProcessMitigations() = 0;
182
183 // Sets the interceptions to operate in strict mode. By default, interceptions 167 // Sets the interceptions to operate in strict mode. By default, interceptions
184 // are performed in "relaxed" mode, where if something inside NTDLL.DLL is 168 // are performed in "relaxed" mode, where if something inside NTDLL.DLL is
185 // already patched we attempt to intercept it anyway. Setting interceptions 169 // already patched we attempt to intercept it anyway. Setting interceptions
186 // to strict mode means that when we detect that the function is patched we'll 170 // to strict mode means that when we detect that the function is patched we'll
187 // refuse to perform the interception. 171 // refuse to perform the interception.
188 virtual void SetStrictInterceptions() = 0; 172 virtual void SetStrictInterceptions() = 0;
189 173
190 // Adds a policy rule effective for processes spawned using this policy. 174 // Adds a policy rule effective for processes spawned using this policy.
191 // subsystem: One of the above enumerated windows subsystems. 175 // subsystem: One of the above enumerated windows subsystems.
192 // semantics: One of the above enumerated FileSemantics. 176 // semantics: One of the above enumerated FileSemantics.
(...skipping 17 matching lines...) Expand all
210 // A NULL value for handle_name indicates all handles of the specified type. 194 // A NULL value for handle_name indicates all handles of the specified type.
211 // An empty string for handle_name indicates the handle is unnamed. 195 // An empty string for handle_name indicates the handle is unnamed.
212 virtual ResultCode AddKernelObjectToClose(const wchar_t* handle_type, 196 virtual ResultCode AddKernelObjectToClose(const wchar_t* handle_type,
213 const wchar_t* handle_name) = 0; 197 const wchar_t* handle_name) = 0;
214 }; 198 };
215 199
216 } // namespace sandbox 200 } // namespace sandbox
217 201
218 202
219 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 203 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
OLDNEW
« no previous file with comments | « sandbox/win/src/process_mitigations_test.cc ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698