OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Sandbox is a sandbox library for windows processes. Use when you want a | 5 // Sandbox is a sandbox library for windows processes. Use when you want a |
6 // 'privileged' process and a 'locked down process' to interact with. | 6 // 'privileged' process and a 'locked down process' to interact with. |
7 // The privileged process is called the broker and it is started by external | 7 // The privileged process is called the broker and it is started by external |
8 // means (such as the user starting it). The 'sandboxed' process is called the | 8 // means (such as the user starting it). The 'sandboxed' process is called the |
9 // target and it is started by the broker. There can be many target processes | 9 // target and it is started by the broker. There can be many target processes |
10 // started by a single broker process. This library provides facilities | 10 // started by a single broker process. This library provides facilities |
11 // for both the broker and the target. | 11 // for both the broker and the target. |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
77 const wchar_t* command_line, | 77 const wchar_t* command_line, |
78 TargetPolicy* policy, | 78 TargetPolicy* policy, |
79 PROCESS_INFORMATION* target) = 0; | 79 PROCESS_INFORMATION* target) = 0; |
80 | 80 |
81 // This call blocks (waits) for all the targets to terminate. | 81 // This call blocks (waits) for all the targets to terminate. |
82 // Returns: | 82 // Returns: |
83 // ALL_OK if successful. All other return values imply failure. | 83 // ALL_OK if successful. All other return values imply failure. |
84 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get | 84 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get |
85 // more information. | 85 // more information. |
86 virtual ResultCode WaitForAllTargets() = 0; | 86 virtual ResultCode WaitForAllTargets() = 0; |
87 | |
88 // Checks if the supplied process ID matches one of the broker's active | |
89 // target processes | |
90 // Returns: | |
91 // true if there is an active target process for this ID, otherwise false. | |
92 virtual bool IsActiveTarget(DWORD process_id) = 0; | |
rvargas (doing something else)
2012/03/27 00:35:33
In general, this interface is intended for the use
jschuh
2012/03/27 01:36:19
I exposed it because it seemed generally useful. F
| |
87 }; | 93 }; |
88 | 94 |
89 // TargetServices models the current process from the perspective | 95 // TargetServices models the current process from the perspective |
90 // of a target process. To obtain a pointer to it use | 96 // of a target process. To obtain a pointer to it use |
91 // Sandbox::GetTargetServices(). Note that this call returns a non-null | 97 // Sandbox::GetTargetServices(). Note that this call returns a non-null |
92 // pointer only if this process is in fact a target. A process is a target | 98 // pointer only if this process is in fact a target. A process is a target |
93 // only if the process was spawned by a call to BrokerServices::SpawnTarget(). | 99 // only if the process was spawned by a call to BrokerServices::SpawnTarget(). |
94 // | 100 // |
95 // This API allows the target to gain access to resources with a high | 101 // This API allows the target to gain access to resources with a high |
96 // privilege token and then when it is ready to perform dangerous activities | 102 // privilege token and then when it is ready to perform dangerous activities |
(...skipping 22 matching lines...) Expand all Loading... | |
119 | 125 |
120 // Discards the impersonation token and uses the lower token, call before | 126 // Discards the impersonation token and uses the lower token, call before |
121 // processing any untrusted data or running third-party code. If this call | 127 // processing any untrusted data or running third-party code. If this call |
122 // fails the current process could be terminated immediately. | 128 // fails the current process could be terminated immediately. |
123 virtual void LowerToken() = 0; | 129 virtual void LowerToken() = 0; |
124 | 130 |
125 // Returns the ProcessState object. Through that object it's possible to have | 131 // Returns the ProcessState object. Through that object it's possible to have |
126 // information about the current state of the process, such as whether | 132 // information about the current state of the process, such as whether |
127 // LowerToken has been called or not. | 133 // LowerToken has been called or not. |
128 virtual ProcessState* GetState() = 0; | 134 virtual ProcessState* GetState() = 0; |
135 | |
136 // Requests the broker to duplicate the supplied handle into the target | |
137 // process. The target process must be an active sandbox child process | |
138 // and the source process must have a corresponding policy allowing | |
139 // handle duplication for this object type. | |
140 // Returns: | |
141 // ALL_OK if successful. All other return values imply failure. | |
142 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get | |
143 // more information. | |
144 virtual ResultCode DuplicateHandle(HANDLE source_handle, | |
145 DWORD target_process_id, | |
146 HANDLE* target_handle, | |
147 DWORD desired_access, | |
148 BOOL inherit_handle, | |
149 DWORD options) = 0; | |
129 }; | 150 }; |
130 | 151 |
131 } // namespace sandbox | 152 } // namespace sandbox |
132 | 153 |
133 | 154 |
134 #endif // SANDBOX_SRC_SANDBOX_H__ | 155 #endif // SANDBOX_SRC_SANDBOX_H__ |
OLD | NEW |