sandbox/win/src/sandbox_policy.h - Issue 1225183003: CreateThread interception, to use CreateRemoteThread

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/win/src/sandbox_policy.h

Issue 1225183003: CreateThread interception, to use CreateRemoteThread (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: small tweaks Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/win/src/sandbox_policy.h

diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h

index 43b272b640e720cd3670fe8bc93b7c97ec797e0a..f86cc22973a0eace6fcb719b8c5437e551f4b447 100644

--- a/sandbox/win/src/sandbox_policy.h

+++ b/sandbox/win/src/sandbox_policy.h

@@ -48,17 +48,21 @@ class TargetPolicy {

// over the resulting process and thread handles.

// No other parameters besides the command line are

// passed to the child process.

- PROCESS_ALL_EXEC, // Allows the creation of a process and return fill

+ // Also allows the creation of a thread and return

+ // full access on the returned handles.

+ PROCESS_ALL_EXEC, // Allows the creation of a process and return full

// access on the returned handles.

// This flag can be used only when the main token of

// the sandboxed application is at least INTERACTIVE.

+ // Also allows the creation of a thread and return

+ // full access on the returned handles.

EVENTS_ALLOW_ANY, // Allows the creation of an event with full access.

- EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access.

- REG_ALLOW_READONLY, // Allows readonly access to a registry key.

- REG_ALLOW_ANY, // Allows read and write access to a registry key.

- FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can

- // be used to allow the DLLs to load and initialize

- // even if the process cannot access that subsystem.

+ EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access.

+ REG_ALLOW_READONLY, // Allows readonly access to a registry key.

+ REG_ALLOW_ANY, // Allows read and write access to a registry key.

+ FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can

+ // be used to allow the DLLs to load and initialize

+ // even if the process cannot access that subsystem.

};

// Increments the reference count of this object. The reference count must

« sandbox/win/src/process_thread_interception.cc ('K') | « sandbox/win/src/process_thread_policy.cc ('k') | sandbox/win/src/top_level_dispatcher.cc » ('j') | no next file with comments »