| Index: sandbox/src/restricted_token_utils.h
|
| ===================================================================
|
| --- sandbox/src/restricted_token_utils.h (revision 127834)
|
| +++ sandbox/src/restricted_token_utils.h (working copy)
|
| @@ -1,4 +1,4 @@
|
| -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
|
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| @@ -78,6 +78,12 @@
|
| // current integrity level, the function will fail.
|
| DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level);
|
|
|
| +// Adds deny ACEs on the supplied object for WinRestrictedCodeSid and
|
| +// WinNullSid. This prevents the object from being accessible to sandboxed
|
| +// processes. This prevents the object from being accessed by a sandboxed
|
| +// process at USER_INTERACTIVE through USER_LOCKDOWN;
|
| +DWORD SetObjectDenyRestrictedAndNull(HANDLE handle, SE_OBJECT_TYPE type);
|
| +
|
| } // namespace sandbox
|
|
|
| #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__
|
|
|
Chromium Code Reviews
Issue 9801003:
Revert 127820 - Revert 127795 - Make sandbox explicitly block opening broker and sandboxed processes (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/