Index: sandbox/win/src/sandbox_policy.h |
diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h |
index cc39c6283950ebc3ba6d29e38d0fbd1d58a2bed7..478b362b0d0628ce6f95a751a20fdddc6aec8cb0 100644 |
--- a/sandbox/win/src/sandbox_policy.h |
+++ b/sandbox/win/src/sandbox_policy.h |
@@ -48,17 +48,21 @@ class TargetPolicy { |
// over the resulting process and thread handles. |
// No other parameters besides the command line are |
// passed to the child process. |
- PROCESS_ALL_EXEC, // Allows the creation of a process and return fill |
+ // Also allows the creation of a thread and return |
+ // full access on the returned handles. |
+ PROCESS_ALL_EXEC, // Allows the creation of a process and return full |
// access on the returned handles. |
// This flag can be used only when the main token of |
// the sandboxed application is at least INTERACTIVE. |
+ // Also allows the creation of a thread and return |
+ // full access on the returned handles. |
EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. |
- EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
- REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
- REG_ALLOW_ANY, // Allows read and write access to a registry key. |
- FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can |
- // be used to allow the DLLs to load and initialize |
- // even if the process cannot access that subsystem. |
+ EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
+ REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
+ REG_ALLOW_ANY, // Allows read and write access to a registry key. |
+ FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can |
+ // be used to allow the DLLs to load and initialize |
+ // even if the process cannot access that subsystem. |
}; |
// Increments the reference count of this object. The reference count must |