| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef SANDBOX_SRC_SECURITY_LEVEL_H_ | |
| 6 #define SANDBOX_SRC_SECURITY_LEVEL_H_ | |
| 7 | |
| 8 namespace sandbox { | |
| 9 | |
| 10 // List of all the integrity levels supported in the sandbox. This is used | |
| 11 // only on Windows Vista. You can't set the integrity level of the process | |
| 12 // in the sandbox to a level higher than yours. | |
| 13 enum IntegrityLevel { | |
| 14 INTEGRITY_LEVEL_SYSTEM, | |
| 15 INTEGRITY_LEVEL_HIGH, | |
| 16 INTEGRITY_LEVEL_MEDIUM, | |
| 17 INTEGRITY_LEVEL_MEDIUM_LOW, | |
| 18 INTEGRITY_LEVEL_LOW, | |
| 19 INTEGRITY_LEVEL_BELOW_LOW, | |
| 20 INTEGRITY_LEVEL_UNTRUSTED, | |
| 21 INTEGRITY_LEVEL_LAST | |
| 22 }; | |
| 23 | |
| 24 // The Token level specifies a set of security profiles designed to | |
| 25 // provide the bulk of the security of sandbox. | |
| 26 // | |
| 27 // TokenLevel |Restricting |Deny Only |Privileges| | |
| 28 // |Sids |Sids | | | |
| 29 // ----------------------------|--------------|----------------|----------| | |
| 30 // USER_LOCKDOWN | Null Sid | All | None | | |
| 31 // ----------------------------|--------------|----------------|----------| | |
| 32 // USER_RESTRICTED | RESTRICTED | All | Traverse | | |
| 33 // ----------------------------|--------------|----------------|----------| | |
| 34 // USER_LIMITED | Users | All except: | Traverse | | |
| 35 // | Everyone | Users | | | |
| 36 // | RESTRICTED | Everyone | | | |
| 37 // | | Interactive | | | |
| 38 // ----------------------------|--------------|----------------|----------| | |
| 39 // USER_INTERACTIVE | Users | All except: | Traverse | | |
| 40 // | Everyone | Users | | | |
| 41 // | RESTRICTED | Everyone | | | |
| 42 // | Owner | Interactive | | | |
| 43 // | | Local | | | |
| 44 // | | Authent-users | | | |
| 45 // | | User | | | |
| 46 // ----------------------------|--------------|----------------|----------| | |
| 47 // USER_NON_ADMIN | None | All except: | Traverse | | |
| 48 // | | Users | | | |
| 49 // | | Everyone | | | |
| 50 // | | Interactive | | | |
| 51 // | | Local | | | |
| 52 // | | Authent-users | | | |
| 53 // | | User | | | |
| 54 // ----------------------------|--------------|----------------|----------| | |
| 55 // USER_RESTRICTED_SAME_ACCESS | All | None | All | | |
| 56 // ----------------------------|--------------|----------------|----------| | |
| 57 // USER_UNPROTECTED | None | None | All | | |
| 58 // ----------------------------|--------------|----------------|----------| | |
| 59 // | |
| 60 // The above restrictions are actually a transformation that is applied to | |
| 61 // the existing broker process token. The resulting token that will be | |
| 62 // applied to the target process depends both on the token level selected | |
| 63 // and on the broker token itself. | |
| 64 // | |
| 65 // The LOCKDOWN and RESTRICTED are designed to allow access to almost | |
| 66 // nothing that has security associated with and they are the recommended | |
| 67 // levels to run sandboxed code specially if there is a chance that the | |
| 68 // broker is process might be started by a user that belongs to the Admins | |
| 69 // or power users groups. | |
| 70 enum TokenLevel { | |
| 71 USER_LOCKDOWN = 0, | |
| 72 USER_RESTRICTED, | |
| 73 USER_LIMITED, | |
| 74 USER_INTERACTIVE, | |
| 75 USER_NON_ADMIN, | |
| 76 USER_RESTRICTED_SAME_ACCESS, | |
| 77 USER_UNPROTECTED | |
| 78 }; | |
| 79 | |
| 80 // The Job level specifies a set of decreasing security profiles for the | |
| 81 // Job object that the target process will be placed into. | |
| 82 // This table summarizes the security associated with each level: | |
| 83 // | |
| 84 // JobLevel |General |Quota | | |
| 85 // |restrictions |restrictions | | |
| 86 // -----------------|---------------------------------- |--------------------| | |
| 87 // JOB_UNPROTECTED | None | *Kill on Job close.| | |
| 88 // -----------------|---------------------------------- |--------------------| | |
| 89 // JOB_INTERACTIVE | *Forbid system-wide changes using | | | |
| 90 // | SystemParametersInfo(). | *Kill on Job close.| | |
| 91 // | *Forbid the creation/switch of | | | |
| 92 // | Desktops. | | | |
| 93 // | *Forbids calls to ExitWindows(). | | | |
| 94 // -----------------|---------------------------------- |--------------------| | |
| 95 // JOB_LIMITED_USER | Same as INTERACTIVE_USER plus: | *One active process| | |
| 96 // | *Forbid changes to the display | limit. | | |
| 97 // | settings. | *Kill on Job close.| | |
| 98 // -----------------|---------------------------------- |--------------------| | |
| 99 // JOB_RESTRICTED | Same as LIMITED_USER plus: | *One active process| | |
| 100 // | * No read/write to the clipboard. | limit. | | |
| 101 // | * No access to User Handles that | *Kill on Job close.| | |
| 102 // | belong to other processes. | | | |
| 103 // | * Forbid message broadcasts. | | | |
| 104 // | * Forbid setting global hooks. | | | |
| 105 // | * No access to the global atoms | | | |
| 106 // | table. | | | |
| 107 // -----------------|-----------------------------------|--------------------| | |
| 108 // JOB_LOCKDOWN | Same as RESTRICTED | *One active process| | |
| 109 // | | limit. | | |
| 110 // | | *Kill on Job close.| | |
| 111 // | | *Kill on unhandled | | |
| 112 // | | exception. | | |
| 113 // | | | | |
| 114 // In the context of the above table, 'user handles' refers to the handles of | |
| 115 // windows, bitmaps, menus, etc. Files, treads and registry handles are kernel | |
| 116 // handles and are not affected by the job level settings. | |
| 117 enum JobLevel { | |
| 118 JOB_LOCKDOWN = 0, | |
| 119 JOB_RESTRICTED, | |
| 120 JOB_LIMITED_USER, | |
| 121 JOB_INTERACTIVE, | |
| 122 JOB_UNPROTECTED | |
| 123 }; | |
| 124 | |
| 125 } // namespace sandbox | |
| 126 | |
| 127 #endif // SANDBOX_SRC_SECURITY_LEVEL_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10689170:
Move the Windows sandbox to sandbox/win (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src