Chromium Code Reviews Chromium Code Reviews
Issue 10690058:
Add sandbox support for Windows process mitigations (Closed)
Base URL: https://src.chromium.org/svn/trunk/src/| Index: sandbox/win/src/sandbox_policy.h |
| =================================================================== |
| --- sandbox/win/src/sandbox_policy.h (revision 154997) |
| +++ sandbox/win/src/sandbox_policy.h (working copy) |
| @@ -164,6 +164,26 @@ |
| // Sets a capability to be enabled for the sandboxed process' AppContainer. |
| virtual ResultCode SetCapability(const wchar_t* sid) = 0; |
| + // Sets the mitigation flags used when starting the process. These flags are |
| + // defined in the PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY attribute for the |
| + // UpdateProcThreadAttribute function. Flags that are invalid for the |
| + // target OS will be silently ignored. |
| + virtual ResultCode SetProcessMitigations(uint64 flags) = 0; |
| + |
|
cpu_(ooo_6.6-7.5)
2012/09/06 19:46:15
The flags are our flags but the comment can take
jschuh
2012/09/07 01:14:22
Done.
|
| + // Returns the currently set mitigation policy. |
| + virtual uint64 GetProcessMitigations() = 0; |
| + |
| + // Sets the process mitigation flags. These flags will not take effect |
| + // before you call LowerToken. These flags are are defined in the |
| + // PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY attribute for the |
| + // UpdateProcThreadAttribute function. Flags that are invalid for the |
| + // target OS will be silently ignored. Flags that are invalid after process |
| + // startup will return SBOX_ERROR_BAD_PARAMS. |
| + virtual ResultCode SetDelayedProcessMitigations(uint64 flags) = 0; |
| + |
| + // Returns the currently set delayed mitigation policy. |
| + virtual uint64 GetDelayedProcessMitigations() = 0; |
| + |
| // Sets the interceptions to operate in strict mode. By default, interceptions |
| // are performed in "relaxed" mode, where if something inside NTDLL.DLL is |
| // already patched we attempt to intercept it anyway. Setting interceptions |
