OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
7 | 7 |
8 #include <windows.h> | 8 #include <windows.h> |
9 #include <stddef.h> | 9 #include <stddef.h> |
10 #include <stdint.h> | 10 #include <stdint.h> |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
54 ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override; | 54 ResultCode SetIntegrityLevel(IntegrityLevel integrity_level) override; |
55 IntegrityLevel GetIntegrityLevel() const override; | 55 IntegrityLevel GetIntegrityLevel() const override; |
56 ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) override; | 56 ResultCode SetDelayedIntegrityLevel(IntegrityLevel integrity_level) override; |
57 ResultCode SetAppContainer(const wchar_t* sid) override; | 57 ResultCode SetAppContainer(const wchar_t* sid) override; |
58 ResultCode SetCapability(const wchar_t* sid) override; | 58 ResultCode SetCapability(const wchar_t* sid) override; |
59 ResultCode SetLowBox(const wchar_t* sid) override; | 59 ResultCode SetLowBox(const wchar_t* sid) override; |
60 ResultCode SetProcessMitigations(MitigationFlags flags) override; | 60 ResultCode SetProcessMitigations(MitigationFlags flags) override; |
61 MitigationFlags GetProcessMitigations() override; | 61 MitigationFlags GetProcessMitigations() override; |
62 ResultCode SetDelayedProcessMitigations(MitigationFlags flags) override; | 62 ResultCode SetDelayedProcessMitigations(MitigationFlags flags) override; |
63 MitigationFlags GetDelayedProcessMitigations() const override; | 63 MitigationFlags GetDelayedProcessMitigations() const override; |
| 64 void SetDisconnectCsrss() override; |
64 void SetStrictInterceptions() override; | 65 void SetStrictInterceptions() override; |
65 ResultCode SetStdoutHandle(HANDLE handle) override; | 66 ResultCode SetStdoutHandle(HANDLE handle) override; |
66 ResultCode SetStderrHandle(HANDLE handle) override; | 67 ResultCode SetStderrHandle(HANDLE handle) override; |
67 ResultCode AddRule(SubSystem subsystem, | 68 ResultCode AddRule(SubSystem subsystem, |
68 Semantics semantics, | 69 Semantics semantics, |
69 const wchar_t* pattern) override; | 70 const wchar_t* pattern) override; |
70 ResultCode AddDllToUnload(const wchar_t* dll_name) override; | 71 ResultCode AddDllToUnload(const wchar_t* dll_name) override; |
71 ResultCode AddKernelObjectToClose(const base::char16* handle_type, | 72 ResultCode AddKernelObjectToClose(const base::char16* handle_type, |
72 const base::char16* handle_name) override; | 73 const base::char16* handle_name) override; |
73 void* AddHandleToShare(HANDLE handle) override; | 74 void* AddHandleToShare(HANDLE handle) override; |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
138 bool use_alternate_winstation_; | 139 bool use_alternate_winstation_; |
139 // Helps the file system policy initialization. | 140 // Helps the file system policy initialization. |
140 bool file_system_init_; | 141 bool file_system_init_; |
141 bool relaxed_interceptions_; | 142 bool relaxed_interceptions_; |
142 HANDLE stdout_handle_; | 143 HANDLE stdout_handle_; |
143 HANDLE stderr_handle_; | 144 HANDLE stderr_handle_; |
144 IntegrityLevel integrity_level_; | 145 IntegrityLevel integrity_level_; |
145 IntegrityLevel delayed_integrity_level_; | 146 IntegrityLevel delayed_integrity_level_; |
146 MitigationFlags mitigations_; | 147 MitigationFlags mitigations_; |
147 MitigationFlags delayed_mitigations_; | 148 MitigationFlags delayed_mitigations_; |
| 149 bool is_csrss_connected_; |
148 // Object in charge of generating the low level policy. | 150 // Object in charge of generating the low level policy. |
149 LowLevelPolicy* policy_maker_; | 151 LowLevelPolicy* policy_maker_; |
150 // Memory structure that stores the low level policy. | 152 // Memory structure that stores the low level policy. |
151 PolicyGlobal* policy_; | 153 PolicyGlobal* policy_; |
152 // The list of dlls to unload in the target process. | 154 // The list of dlls to unload in the target process. |
153 std::vector<base::string16> blacklisted_dlls_; | 155 std::vector<base::string16> blacklisted_dlls_; |
154 // This is a map of handle-types to names that we need to close in the | 156 // This is a map of handle-types to names that we need to close in the |
155 // target process. A null set means we need to close all handles of the | 157 // target process. A null set means we need to close all handles of the |
156 // given type. | 158 // given type. |
157 HandleCloser handle_closer_; | 159 HandleCloser handle_closer_; |
(...skipping 11 matching lines...) Expand all Loading... |
169 // This list contains handles other than the stderr/stdout handles which are | 171 // This list contains handles other than the stderr/stdout handles which are |
170 // shared with the target at times. | 172 // shared with the target at times. |
171 HandleList handles_to_share_; | 173 HandleList handles_to_share_; |
172 | 174 |
173 DISALLOW_COPY_AND_ASSIGN(PolicyBase); | 175 DISALLOW_COPY_AND_ASSIGN(PolicyBase); |
174 }; | 176 }; |
175 | 177 |
176 } // namespace sandbox | 178 } // namespace sandbox |
177 | 179 |
178 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ | 180 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_BASE_H_ |
OLD | NEW |