Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1106)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/sandbox_policy.h

Issue 1225183003: CreateThread interception, to use CreateRemoteThread (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: default to csrss not being disconnected Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/process_thread_policy.cc ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | sandbox/win/src/sandbox_policy_base.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/sandbox_policy.h
diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h
index 43b272b640e720cd3670fe8bc93b7c97ec797e0a..f72acc77590e4c12bbb20c42d19157c4ee57ad89 100644
--- a/sandbox/win/src/sandbox_policy.h
+++ b/sandbox/win/src/sandbox_policy.h
@@ -48,17 +48,17 @@ class TargetPolicy {
// over the resulting process and thread handles.
// No other parameters besides the command line are
// passed to the child process.
- PROCESS_ALL_EXEC, // Allows the creation of a process and return fill
+ PROCESS_ALL_EXEC, // Allows the creation of a process and return full
// access on the returned handles.
// This flag can be used only when the main token of
// the sandboxed application is at least INTERACTIVE.
EVENTS_ALLOW_ANY, // Allows the creation of an event with full access.
- EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access.
- REG_ALLOW_READONLY, // Allows readonly access to a registry key.
- REG_ALLOW_ANY, // Allows read and write access to a registry key.
- FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can
- // be used to allow the DLLs to load and initialize
- // even if the process cannot access that subsystem.
+ EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access.
+ REG_ALLOW_READONLY, // Allows readonly access to a registry key.
+ REG_ALLOW_ANY, // Allows read and write access to a registry key.
+ FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can
+ // be used to allow the DLLs to load and initialize
+ // even if the process cannot access that subsystem.
};
// Increments the reference count of this object. The reference count must
@@ -209,6 +209,9 @@ class TargetPolicy {
// Returns the currently set delayed mitigation flags.
virtual MitigationFlags GetDelayedProcessMitigations() const = 0;
+ // Disconnect the target from CSRSS.
Will Harris 2016/02/05 23:27:00 // Disconnect the target from CSRSS when TargetSer
liamjm (20p) 2016/02/05 23:51:21 Done.
+ virtual void DisconnectCsrss() = 0;
Will Harris 2016/02/05 23:27:00 nit: I think using SetDisconnectCsrss() more fits
liamjm (20p) 2016/02/05 23:51:21 Done.
+
// Sets the interceptions to operate in strict mode. By default, interceptions
// are performed in "relaxed" mode, where if something inside NTDLL.DLL is
// already patched we attempt to intercept it anyway. Setting interceptions
« no previous file with comments | « sandbox/win/src/process_thread_policy.cc ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | sandbox/win/src/sandbox_policy_base.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698