OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | |
9 | 10 |
10 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
11 #include "base/strings/string16.h" | 12 #include "base/strings/string16.h" |
12 #include "sandbox/win/src/sandbox_types.h" | 13 #include "sandbox/win/src/sandbox_types.h" |
13 #include "sandbox/win/src/security_level.h" | 14 #include "sandbox/win/src/security_level.h" |
14 | 15 |
16 typedef std::vector<HANDLE> HandleList; | |
Shrikant Kelkar
2015/05/05 20:43:16
Same raw handles or scoped/refcounted handles?
| |
17 | |
15 namespace sandbox { | 18 namespace sandbox { |
16 | 19 |
17 class TargetPolicy { | 20 class TargetPolicy { |
18 public: | 21 public: |
19 // Windows subsystems that can have specific rules. | 22 // Windows subsystems that can have specific rules. |
20 // Note: The process subsystem(SUBSY_PROCESS) does not evaluate the request | 23 // Note: The process subsystem(SUBSY_PROCESS) does not evaluate the request |
21 // exactly like the CreateProcess API does. See the comment at the top of | 24 // exactly like the CreateProcess API does. See the comment at the top of |
22 // process_thread_dispatcher.cc for more details. | 25 // process_thread_dispatcher.cc for more details. |
23 enum SubSystem { | 26 enum SubSystem { |
24 SUBSYS_FILES, // Creation and opening of files and pipes. | 27 SUBSYS_FILES, // Creation and opening of files and pipes. |
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
235 // Adds a dll that will be unloaded in the target process before it gets | 238 // Adds a dll that will be unloaded in the target process before it gets |
236 // a chance to initialize itself. Typically, dlls that cause the target | 239 // a chance to initialize itself. Typically, dlls that cause the target |
237 // to crash go here. | 240 // to crash go here. |
238 virtual ResultCode AddDllToUnload(const wchar_t* dll_name) = 0; | 241 virtual ResultCode AddDllToUnload(const wchar_t* dll_name) = 0; |
239 | 242 |
240 // Adds a handle that will be closed in the target process after lockdown. | 243 // Adds a handle that will be closed in the target process after lockdown. |
241 // A NULL value for handle_name indicates all handles of the specified type. | 244 // A NULL value for handle_name indicates all handles of the specified type. |
242 // An empty string for handle_name indicates the handle is unnamed. | 245 // An empty string for handle_name indicates the handle is unnamed. |
243 virtual ResultCode AddKernelObjectToClose(const wchar_t* handle_type, | 246 virtual ResultCode AddKernelObjectToClose(const wchar_t* handle_type, |
244 const wchar_t* handle_name) = 0; | 247 const wchar_t* handle_name) = 0; |
248 | |
249 // Adds a handle that will be shared with the target process. | |
250 virtual void AddHandleToShare(HANDLE handle) = 0; | |
251 | |
252 // Returns the list of handles being shared with the target process. Can be | |
253 // empty. | |
254 virtual HandleList GetHandlesBeingShared() = 0; | |
cpu_(ooo_6.6-7.5)
2015/05/05 20:42:39
remove this from the interface and place it only o
| |
245 }; | 255 }; |
246 | 256 |
247 } // namespace sandbox | 257 } // namespace sandbox |
248 | 258 |
249 | 259 |
250 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 260 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
OLD | NEW |