Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(83)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/src/sandbox.h

Issue 9960045: Add sandbox support for associating peer processes (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/src/handle_policy_test.cc ('k') | sandbox/tests/common/controller.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Sandbox is a sandbox library for windows processes. Use when you want a 5 // Sandbox is a sandbox library for windows processes. Use when you want a
6 // 'privileged' process and a 'locked down process' to interact with. 6 // 'privileged' process and a 'locked down process' to interact with.
7 // The privileged process is called the broker and it is started by external 7 // The privileged process is called the broker and it is started by external
8 // means (such as the user starting it). The 'sandboxed' process is called the 8 // means (such as the user starting it). The 'sandboxed' process is called the
9 // target and it is started by the broker. There can be many target processes 9 // target and it is started by the broker. There can be many target processes
10 // started by a single broker process. This library provides facilities 10 // started by a single broker process. This library provides facilities
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
77 const wchar_t* command_line, 77 const wchar_t* command_line,
78 TargetPolicy* policy, 78 TargetPolicy* policy,
79 PROCESS_INFORMATION* target) = 0; 79 PROCESS_INFORMATION* target) = 0;
80 80
81 // This call blocks (waits) for all the targets to terminate. 81 // This call blocks (waits) for all the targets to terminate.
82 // Returns: 82 // Returns:
83 // ALL_OK if successful. All other return values imply failure. 83 // ALL_OK if successful. All other return values imply failure.
84 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get 84 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get
85 // more information. 85 // more information.
86 virtual ResultCode WaitForAllTargets() = 0; 86 virtual ResultCode WaitForAllTargets() = 0;
87
88 // Adds an unsandboxed process as a peer for policy decisions (e.g.
89 // HANDLES_DUP_ANY policy).
90 // Returns:
91 // ALL_OK if successful. All other return values imply failure.
92 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get
93 // more information.
94 virtual ResultCode AddTargetPeer(HANDLE peer_process) = 0;
87 }; 95 };
88 96
89 // TargetServices models the current process from the perspective 97 // TargetServices models the current process from the perspective
90 // of a target process. To obtain a pointer to it use 98 // of a target process. To obtain a pointer to it use
91 // Sandbox::GetTargetServices(). Note that this call returns a non-null 99 // Sandbox::GetTargetServices(). Note that this call returns a non-null
92 // pointer only if this process is in fact a target. A process is a target 100 // pointer only if this process is in fact a target. A process is a target
93 // only if the process was spawned by a call to BrokerServices::SpawnTarget(). 101 // only if the process was spawned by a call to BrokerServices::SpawnTarget().
94 // 102 //
95 // This API allows the target to gain access to resources with a high 103 // This API allows the target to gain access to resources with a high
96 // privilege token and then when it is ready to perform dangerous activities 104 // privilege token and then when it is ready to perform dangerous activities
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
139 DWORD target_process_id, 147 DWORD target_process_id,
140 HANDLE* target_handle, 148 HANDLE* target_handle,
141 DWORD desired_access, 149 DWORD desired_access,
142 DWORD options) = 0; 150 DWORD options) = 0;
143 }; 151 };
144 152
145 } // namespace sandbox 153 } // namespace sandbox
146 154
147 155
148 #endif // SANDBOX_SRC_SANDBOX_H__ 156 #endif // SANDBOX_SRC_SANDBOX_H__
OLDNEW
« no previous file with comments | « sandbox/src/handle_policy_test.cc ('k') | sandbox/tests/common/controller.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698