Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(256)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/process_mitigations.h

Issue 10690058: Add sandbox support for Windows process mitigations (Closed) Base URL: https://src.chromium.org/svn/trunk/src/
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/win/src/nt_internals.h ('K') | « sandbox/win/src/nt_internals.h ('k') | sandbox/win/src/process_mitigations.cc » ('j') | sandbox/win/src/process_mitigations.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/process_mitigations.h
===================================================================
--- sandbox/win/src/process_mitigations.h (revision 0)
+++ sandbox/win/src/process_mitigations.h (revision 0)
@@ -0,0 +1,38 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
+#define SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
+
+#include <windows.h>
+
+#include "base/basictypes.h"
+
+namespace sandbox {
+
+// Returns the flags that must be enforced after startup.
+uint64 GetPostStartupProcessMitigations(uint64 flags);
rvargas (doing something else) 2012/09/08 02:23:32 It is not clear, from reading this file, what are
rvargas (doing something else) 2012/09/08 02:23:32 btw, make sure the order on the header matches the
+
+// Converts sandbox flags to the PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES
+// flags used by UpdateProcThreadAttribute().
+DWORD64 GetProcessMitigationPolicyFlags(uint64 flags);
rvargas (doing something else) 2012/09/08 02:23:32 This looks really weird... convert from uint64 to
jschuh 2012/09/10 23:58:48 I need windows.h for the HANDLE regardless. Howeve
+
+// Sets the mitigation policy for the current process, ignoring any settings
+// that are invalid for the current version of Windows.
+bool SetProcessMitigationsForCurrentProcess(uint64 flags);
+
+// Adds mitigations that need to be performed on the suspended target process
+// before execution begins.
+bool SetProcessMitigationsForSuspendedProcess(HANDLE process, uint64 flags);
+
+// Returns true if all the supplied flags can be set after a process starts.
+bool CanSetProcessMitigationsPostStartup(uint64 flags);
+
+// Returns true if all the supplied flags can be set before a process starts.
+bool CanSetProcessMitigationsPreStartup(uint64 flags);
+
+} // namespace sandbox
+
+#endif // SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_
+
« sandbox/win/src/nt_internals.h ('K') | « sandbox/win/src/nt_internals.h ('k') | sandbox/win/src/process_mitigations.cc » ('j') | sandbox/win/src/process_mitigations.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698