OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <stdint.h> | 9 #include <stdint.h> |
10 | 10 |
(...skipping 30 matching lines...) Expand all Loading... |
41 FILES_ALLOW_DIR_ANY, // Allows open or create with directory semantics | 41 FILES_ALLOW_DIR_ANY, // Allows open or create with directory semantics |
42 // only. | 42 // only. |
43 HANDLES_DUP_ANY, // Allows duplicating handles opened with any | 43 HANDLES_DUP_ANY, // Allows duplicating handles opened with any |
44 // access permissions. | 44 // access permissions. |
45 HANDLES_DUP_BROKER, // Allows duplicating handles to the broker process. | 45 HANDLES_DUP_BROKER, // Allows duplicating handles to the broker process. |
46 NAMEDPIPES_ALLOW_ANY, // Allows creation of a named pipe. | 46 NAMEDPIPES_ALLOW_ANY, // Allows creation of a named pipe. |
47 PROCESS_MIN_EXEC, // Allows to create a process with minimal rights | 47 PROCESS_MIN_EXEC, // Allows to create a process with minimal rights |
48 // over the resulting process and thread handles. | 48 // over the resulting process and thread handles. |
49 // No other parameters besides the command line are | 49 // No other parameters besides the command line are |
50 // passed to the child process. | 50 // passed to the child process. |
51 PROCESS_ALL_EXEC, // Allows the creation of a process and return fill | 51 PROCESS_ALL_EXEC, // Allows the creation of a process and return full |
52 // access on the returned handles. | 52 // access on the returned handles. |
53 // This flag can be used only when the main token of | 53 // This flag can be used only when the main token of |
54 // the sandboxed application is at least INTERACTIVE. | 54 // the sandboxed application is at least INTERACTIVE. |
55 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. | 55 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. |
56 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. | 56 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
57 REG_ALLOW_READONLY, // Allows readonly access to a registry key. | 57 REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
58 REG_ALLOW_ANY, // Allows read and write access to a registry key. | 58 REG_ALLOW_ANY, // Allows read and write access to a registry key. |
59 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can | 59 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can |
60 // be used to allow the DLLs to load and initialize | 60 // be used to allow the DLLs to load and initialize |
61 // even if the process cannot access that subsystem. | 61 // even if the process cannot access that subsystem. |
62 }; | 62 }; |
63 | 63 |
64 // Increments the reference count of this object. The reference count must | 64 // Increments the reference count of this object. The reference count must |
65 // be incremented if this interface is given to another component. | 65 // be incremented if this interface is given to another component. |
66 virtual void AddRef() = 0; | 66 virtual void AddRef() = 0; |
67 | 67 |
68 // Decrements the reference count of this object. When the reference count | 68 // Decrements the reference count of this object. When the reference count |
69 // is zero the object is automatically destroyed. | 69 // is zero the object is automatically destroyed. |
70 // Indicates that the caller is done with this interface. After calling | 70 // Indicates that the caller is done with this interface. After calling |
71 // release no other method should be called. | 71 // release no other method should be called. |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
202 // Returns the currently set mitigation flags. | 202 // Returns the currently set mitigation flags. |
203 virtual MitigationFlags GetProcessMitigations() = 0; | 203 virtual MitigationFlags GetProcessMitigations() = 0; |
204 | 204 |
205 // Sets process mitigation flags that don't take effect before the call to | 205 // Sets process mitigation flags that don't take effect before the call to |
206 // LowerToken(). | 206 // LowerToken(). |
207 virtual ResultCode SetDelayedProcessMitigations(MitigationFlags flags) = 0; | 207 virtual ResultCode SetDelayedProcessMitigations(MitigationFlags flags) = 0; |
208 | 208 |
209 // Returns the currently set delayed mitigation flags. | 209 // Returns the currently set delayed mitigation flags. |
210 virtual MitigationFlags GetDelayedProcessMitigations() const = 0; | 210 virtual MitigationFlags GetDelayedProcessMitigations() const = 0; |
211 | 211 |
| 212 // Disconnect the target from CSRSS when TargetServices::LowerToken() is |
| 213 // called inside the target. |
| 214 virtual void SetDisconnectCsrss() = 0; |
| 215 |
212 // Sets the interceptions to operate in strict mode. By default, interceptions | 216 // Sets the interceptions to operate in strict mode. By default, interceptions |
213 // are performed in "relaxed" mode, where if something inside NTDLL.DLL is | 217 // are performed in "relaxed" mode, where if something inside NTDLL.DLL is |
214 // already patched we attempt to intercept it anyway. Setting interceptions | 218 // already patched we attempt to intercept it anyway. Setting interceptions |
215 // to strict mode means that when we detect that the function is patched we'll | 219 // to strict mode means that when we detect that the function is patched we'll |
216 // refuse to perform the interception. | 220 // refuse to perform the interception. |
217 virtual void SetStrictInterceptions() = 0; | 221 virtual void SetStrictInterceptions() = 0; |
218 | 222 |
219 // Set the handles the target process should inherit for stdout and | 223 // Set the handles the target process should inherit for stdout and |
220 // stderr. The handles the caller passes must remain valid for the | 224 // stderr. The handles the caller passes must remain valid for the |
221 // lifetime of the policy object. This only has an effect on | 225 // lifetime of the policy object. This only has an effect on |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
253 // Returns the handle which was actually shared with the target. This is | 257 // Returns the handle which was actually shared with the target. This is |
254 // achieved by duplicating the handle to ensure that it is inheritable by | 258 // achieved by duplicating the handle to ensure that it is inheritable by |
255 // the target. The caller should treat this as an opaque value. | 259 // the target. The caller should treat this as an opaque value. |
256 virtual void* AddHandleToShare(HANDLE handle) = 0; | 260 virtual void* AddHandleToShare(HANDLE handle) = 0; |
257 }; | 261 }; |
258 | 262 |
259 } // namespace sandbox | 263 } // namespace sandbox |
260 | 264 |
261 | 265 |
262 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 266 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
OLD | NEW |