sandbox/win/src/process_mitigations.h - Issue 10690058: Add sandbox support for Windows process mitigations

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/win/src/process_mitigations.h

Issue 10690058: Add sandbox support for Windows process mitigations (Closed) Base URL: https://src.chromium.org/svn/trunk/src/

Patch Set: Created 8 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_

	6 #define SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_

	7

	8 #include <windows.h>

	9

	10 #include "base/basictypes.h"

	11

	12 namespace sandbox {

	13

	14 // Returns the flags that must be enforced after startup.

	15 uint64 GetPostStartupProcessMitigations(uint64 flags);
	rvargas (doing something else) 2012/09/08 02:23:32 It is not clear, from reading this file, what are It is not clear, from reading this file, what are the arguments to these functions. It looks like you mean that uint64 is a sandbox native type for flags, and DWORD64 is an OS flags arrangement, but that is not spelled anywhere... May I suggest a typedef for the sandbox flags so that at least the caller knows what should pass?... or adding comments about the expected arguments. rvargas (doing something else) 2012/09/08 02:23:32 btw, make sure the order on the header matches the btw, make sure the order on the header matches the order on the cc.
	16

	17 // Converts sandbox flags to the PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES

	18 // flags used by UpdateProcThreadAttribute().

	19 DWORD64 GetProcessMitigationPolicyFlags(uint64 flags);
	rvargas (doing something else) 2012/09/08 02:23:32 This looks really weird... convert from uint64 to This looks really weird... convert from uint64 to uint64 but using two names for that. And sadly requires the inclusion of windows.h just for the definition of DWORD64 (not that it really matters). jschuh 2012/09/10 23:58:48 I need windows.h for the HANDLE regardless. Howeve Show quoted text On 2012/09/08 02:23:32, rvargas wrote: > This looks really weird... convert from uint64 to uint64 but using two names for > that. And sadly requires the inclusion of windows.h just for the definition of > DWORD64 (not that it really matters). I need windows.h for the HANDLE regardless. However, the variables are clearer now due to the typedef.
	20

	21 // Sets the mitigation policy for the current process, ignoring any settings

	22 // that are invalid for the current version of Windows.

	23 bool SetProcessMitigationsForCurrentProcess(uint64 flags);

	24

	25 // Adds mitigations that need to be performed on the suspended target process

	26 // before execution begins.

	27 bool SetProcessMitigationsForSuspendedProcess(HANDLE process, uint64 flags);

	28

	29 // Returns true if all the supplied flags can be set after a process starts.

	30 bool CanSetProcessMitigationsPostStartup(uint64 flags);

	31

	32 // Returns true if all the supplied flags can be set before a process starts.

	33 bool CanSetProcessMitigationsPreStartup(uint64 flags);

	34

	35 } // namespace sandbox

	36

	37 #endif // SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_

	38

OLD	NEW

« sandbox/win/src/nt_internals.h ('K') | « sandbox/win/src/nt_internals.h ('k') | sandbox/win/src/process_mitigations.cc » ('j') | sandbox/win/src/process_mitigations.cc » ('J')