OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
7 | 7 |
8 #include <accctrl.h> | 8 #include <accctrl.h> |
9 #include <windows.h> | 9 #include <windows.h> |
10 | 10 |
11 #include "sandbox/src/restricted_token.h" | 11 #include "sandbox/src/restricted_token.h" |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
71 // Sets the integrity level on a token. This is only valid on Vista. It returns | 71 // Sets the integrity level on a token. This is only valid on Vista. It returns |
72 // without failing on XP. If the integrity level that you specify is greater | 72 // without failing on XP. If the integrity level that you specify is greater |
73 // than the current integrity level, the function will fail. | 73 // than the current integrity level, the function will fail. |
74 DWORD SetTokenIntegrityLevel(HANDLE token, IntegrityLevel integrity_level); | 74 DWORD SetTokenIntegrityLevel(HANDLE token, IntegrityLevel integrity_level); |
75 | 75 |
76 // Sets the integrity level on the current process on Vista. It returns without | 76 // Sets the integrity level on the current process on Vista. It returns without |
77 // failing on XP. If the integrity level that you specify is greater than the | 77 // failing on XP. If the integrity level that you specify is greater than the |
78 // current integrity level, the function will fail. | 78 // current integrity level, the function will fail. |
79 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); | 79 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); |
80 | 80 |
81 // Adds deny ACEs on the supplied object for WinRestrictedCodeSid and | |
82 // WinNullSid. This prevents the object from being accessible to sandboxed | |
83 // processes. This prevents the object from being accessed by a sandboxed | |
84 // process at USER_INTERACTIVE through USER_LOCKDOWN; | |
85 DWORD SetObjectDenyRestrictedAndNull(HANDLE handle, SE_OBJECT_TYPE type); | |
86 | |
87 } // namespace sandbox | 81 } // namespace sandbox |
88 | 82 |
89 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 83 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
OLD | NEW |