Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/sandbox_policy_base.h

Issue 10907217: Revert 156550 - Add sandbox support for Windows process mitigations (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/win/src/sandbox_policy.h ('k') | sandbox/win/src/sandbox_policy_base.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
7 7
8 #include <windows.h> 8 #include <windows.h>
9 9
10 #include <list> 10 #include <list>
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
45 uint32 ui_exceptions) OVERRIDE; 45 uint32 ui_exceptions) OVERRIDE;
46 virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE; 46 virtual ResultCode SetAlternateDesktop(bool alternate_winstation) OVERRIDE;
47 virtual string16 GetAlternateDesktop() const OVERRIDE; 47 virtual string16 GetAlternateDesktop() const OVERRIDE;
48 virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE; 48 virtual ResultCode CreateAlternateDesktop(bool alternate_winstation) OVERRIDE;
49 virtual void DestroyAlternateDesktop() OVERRIDE; 49 virtual void DestroyAlternateDesktop() OVERRIDE;
50 virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE; 50 virtual ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) OVERRIDE;
51 virtual ResultCode SetDelayedIntegrityLevel( 51 virtual ResultCode SetDelayedIntegrityLevel(
52 IntegrityLevel integrity_level) OVERRIDE; 52 IntegrityLevel integrity_level) OVERRIDE;
53 virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE; 53 virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE;
54 virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE; 54 virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE;
55 virtual ResultCode SetProcessMitigations(MitigationFlags flags) OVERRIDE;
56 virtual MitigationFlags GetProcessMitigations() OVERRIDE;
57 virtual ResultCode SetDelayedProcessMitigations(
58 MitigationFlags flags) OVERRIDE;
59 virtual MitigationFlags GetDelayedProcessMitigations() OVERRIDE;
60 virtual void SetStrictInterceptions() OVERRIDE; 55 virtual void SetStrictInterceptions() OVERRIDE;
61 virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics, 56 virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
62 const wchar_t* pattern) OVERRIDE; 57 const wchar_t* pattern) OVERRIDE;
63 virtual ResultCode AddDllToUnload(const wchar_t* dll_name); 58 virtual ResultCode AddDllToUnload(const wchar_t* dll_name);
64 virtual ResultCode AddKernelObjectToClose(const char16* handle_type, 59 virtual ResultCode AddKernelObjectToClose(const char16* handle_type,
65 const char16* handle_name) OVERRIDE; 60 const char16* handle_name) OVERRIDE;
66 61
67 // Dispatcher: 62 // Dispatcher:
68 virtual Dispatcher* OnMessageReady(IPCParams* ipc, 63 virtual Dispatcher* OnMessageReady(IPCParams* ipc,
69 CallbackGeneric* callback) OVERRIDE; 64 CallbackGeneric* callback) OVERRIDE;
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
118 TokenLevel initial_level_; 113 TokenLevel initial_level_;
119 JobLevel job_level_; 114 JobLevel job_level_;
120 uint32 ui_exceptions_; 115 uint32 ui_exceptions_;
121 bool use_alternate_desktop_; 116 bool use_alternate_desktop_;
122 bool use_alternate_winstation_; 117 bool use_alternate_winstation_;
123 // Helps the file system policy initialization. 118 // Helps the file system policy initialization.
124 bool file_system_init_; 119 bool file_system_init_;
125 bool relaxed_interceptions_; 120 bool relaxed_interceptions_;
126 IntegrityLevel integrity_level_; 121 IntegrityLevel integrity_level_;
127 IntegrityLevel delayed_integrity_level_; 122 IntegrityLevel delayed_integrity_level_;
128 MitigationFlags mitigations_;
129 MitigationFlags delayed_mitigations_;
130 // The array of objects that will answer IPC calls. 123 // The array of objects that will answer IPC calls.
131 Dispatcher* ipc_targets_[IPC_LAST_TAG]; 124 Dispatcher* ipc_targets_[IPC_LAST_TAG];
132 // Object in charge of generating the low level policy. 125 // Object in charge of generating the low level policy.
133 LowLevelPolicy* policy_maker_; 126 LowLevelPolicy* policy_maker_;
134 // Memory structure that stores the low level policy. 127 // Memory structure that stores the low level policy.
135 PolicyGlobal* policy_; 128 PolicyGlobal* policy_;
136 // The list of dlls to unload in the target process. 129 // The list of dlls to unload in the target process.
137 std::vector<string16> blacklisted_dlls_; 130 std::vector<string16> blacklisted_dlls_;
138 // This is a map of handle-types to names that we need to close in the 131 // This is a map of handle-types to names that we need to close in the
139 // target process. A null set means we need to close all handles of the 132 // target process. A null set means we need to close all handles of the
140 // given type. 133 // given type.
141 HandleCloser handle_closer_; 134 HandleCloser handle_closer_;
142 std::vector<string16> capabilities_; 135 std::vector<string16> capabilities_;
143 scoped_ptr<AppContainerAttributes> appcontainer_list_; 136 scoped_ptr<AppContainerAttributes> appcontainer_list_;
144 137
145 static HDESK alternate_desktop_handle_; 138 static HDESK alternate_desktop_handle_;
146 static HWINSTA alternate_winstation_handle_; 139 static HWINSTA alternate_winstation_handle_;
147 140
148 DISALLOW_COPY_AND_ASSIGN(PolicyBase); 141 DISALLOW_COPY_AND_ASSIGN(PolicyBase);
149 }; 142 };
150 143
151 } // namespace sandbox 144 } // namespace sandbox
152 145
153 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ 146 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_
OLDNEW
« no previous file with comments | « sandbox/win/src/sandbox_policy.h ('k') | sandbox/win/src/sandbox_policy_base.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698