Index: sandbox/win/src/sandbox_policy.h |
diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h |
index 43b272b640e720cd3670fe8bc93b7c97ec797e0a..f86cc22973a0eace6fcb719b8c5437e551f4b447 100644 |
--- a/sandbox/win/src/sandbox_policy.h |
+++ b/sandbox/win/src/sandbox_policy.h |
@@ -48,17 +48,21 @@ class TargetPolicy { |
// over the resulting process and thread handles. |
// No other parameters besides the command line are |
// passed to the child process. |
- PROCESS_ALL_EXEC, // Allows the creation of a process and return fill |
+ // Also allows the creation of a thread and return |
+ // full access on the returned handles. |
+ PROCESS_ALL_EXEC, // Allows the creation of a process and return full |
// access on the returned handles. |
// This flag can be used only when the main token of |
// the sandboxed application is at least INTERACTIVE. |
+ // Also allows the creation of a thread and return |
+ // full access on the returned handles. |
EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. |
- EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
- REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
- REG_ALLOW_ANY, // Allows read and write access to a registry key. |
- FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can |
- // be used to allow the DLLs to load and initialize |
- // even if the process cannot access that subsystem. |
+ EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
+ REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
+ REG_ALLOW_ANY, // Allows read and write access to a registry key. |
+ FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can |
+ // be used to allow the DLLs to load and initialize |
+ // even if the process cannot access that subsystem. |
}; |
// Increments the reference count of this object. The reference count must |