Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(714)

Side by Side Diff: sandbox/win/src/process_mitigations.h

Issue 10690058: Add sandbox support for Windows process mitigations (Closed) Base URL: https://src.chromium.org/svn/trunk/src/
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
6 #define SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
7
8 #include <windows.h>
9
10 #include "base/basictypes.h"
11
12 namespace sandbox {
13
14 // Standard Windows mitigations
cpu_(ooo_6.6-7.5) 2012/09/06 19:46:15 So I like the idea of having our own flags but tha
jschuh 2012/09/07 01:14:22 Done.
15 const uint64 MITIGATION_DEP = 0x00000001;
16 const uint64 MITIGATION_DEP_NO_ATL_THUNK = 0x00000002;
17
18 const uint64 MITIGATION_SEHOP = 0x00000004;
19
20 const uint64 MITIGATION_RELOCATE_IMAGE = 0x00000008;
21 const uint64 MITIGATION_RELOCATE_IMAGE_REQUIRED = 0x00000010;
22
23 const uint64 MITIGATION_HEAP_TERMINATE = 0x00000020;
24 const uint64 MITIGATION_BOTTOM_UP_ASLR = 0x00000040;
25 const uint64 MITIGATION_HIGH_ENTROPY_ASLR = 0x00000080;
26 const uint64 MITIGATION_STRICT_HANDLE_CHECKS = 0x00000100;
27 const uint64 MITIGATION_WIN32K_DISABLE = 0x00000200;
28 const uint64 MITIGATION_EXTENSION_DLL_DISABLE = 0x00000400;
29
30
31 // Additional mitigations implemented by the sandbox (top 32 bits).
32
33 // Sets the DLL search order to LOAD_LIBRARY_SEARCH_DEFAULT_DIRS
34 const uint64 MITIGATION_DLL_SEARCH = 0x00000001ULL << 32;
cpu_(ooo_6.6-7.5) 2012/09/06 19:46:15 dll_search_order ? or restricted_dll_search ?
jschuh 2012/09/07 01:14:22 Done.
35
36
cpu_(ooo_6.6-7.5) 2012/09/06 19:46:15 nuke extra space
jschuh 2012/09/07 01:14:22 Done.
37 // Returns the flags that must be enforced after startup.
38 uint64 GetPostStartupProcessMitigations(uint64 flags);
39
40 // Converts sandbox flags to the PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES
41 // flags used by UpdateProcThreadAttribute().
42 DWORD64 GetProcessMitigationPolicyFlags(uint64 flags);
43
44 // Sets the mitigation policy for the current process, ignoring any settings
45 // that are invalid for the current version of Windows.
46 bool SetProcessMitigationsForCurrentProcess(uint64 flags);
47
48 // Adds mitigations that need to be performed on the suspended target process
49 // before execution begins.
50 bool SetProcessMitigationsForSuspendedProcess(HANDLE process, uint64 flags);
51
52 // Returns true if all the supplied flags can be set after a process starts.
53 bool CanSetProcessMitigationsPostStartup(uint64 flags);
54
55 // Returns true if all the supplied flags can be set before a process starts.
56 bool CanSetProcessMitigationsPreStartup(uint64 flags);
57
58 } // namespace sandbox
59
60 #endif // SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
61
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698