| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
| 6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
| 7 | 7 |
| 8 #include <accctrl.h> | 8 #include <accctrl.h> |
| 9 #include <windows.h> | 9 #include <windows.h> |
| 10 | 10 |
| 11 #include "base/win/scoped_handle.h" | |
| 12 #include "sandbox/win/src/restricted_token.h" | 11 #include "sandbox/win/src/restricted_token.h" |
| 13 #include "sandbox/win/src/security_level.h" | 12 #include "sandbox/win/src/security_level.h" |
| 14 | 13 |
| 15 // Contains the utility functions to be able to create restricted tokens based | 14 // Contains the utility functions to be able to create restricted tokens based |
| 16 // on a security profiles. | 15 // on a security profiles. |
| 17 | 16 |
| 18 namespace sandbox { | 17 namespace sandbox { |
| 19 | 18 |
| 20 // The type of the token returned by the CreateNakedToken. | 19 // The type of the token returned by the CreateNakedToken. |
| 21 enum TokenType { | 20 enum TokenType { |
| 22 IMPERSONATION = 0, | 21 IMPERSONATION = 0, |
| 23 PRIMARY | 22 PRIMARY |
| 24 }; | 23 }; |
| 25 | 24 |
| 26 // Creates a restricted token based on the effective token of the current | 25 // Creates a restricted token based on the effective token of the current |
| 27 // process. The parameter security_level determines how much the token is | 26 // process. The parameter security_level determines how much the token is |
| 28 // restricted. The token_type determines if the token will be used as a primary | 27 // restricted. The token_type determines if the token will be used as a primary |
| 29 // token or impersonation token. The integrity level of the token is set to | 28 // token or impersonation token. The integrity level of the token is set to |
| 30 // |integrity level| on Vista only. | 29 // |integrity level| on Vista only. |
| 31 // |token| is the output value containing the handle of the newly created | 30 // token_handle is the output value containing the handle of the |
| 32 // restricted token. | 31 // newly created restricted token. |
| 33 // If the function succeeds, the return value is ERROR_SUCCESS. If the | 32 // If the function succeeds, the return value is ERROR_SUCCESS. If the |
| 34 // function fails, the return value is the win32 error code corresponding to | 33 // function fails, the return value is the win32 error code corresponding to |
| 35 // the error. | 34 // the error. |
| 36 DWORD CreateRestrictedToken(TokenLevel security_level, | 35 DWORD CreateRestrictedToken(HANDLE *token_handle, |
| 36 TokenLevel security_level, |
| 37 IntegrityLevel integrity_level, | 37 IntegrityLevel integrity_level, |
| 38 TokenType token_type, | 38 TokenType token_type); |
| 39 base::win::ScopedHandle* token); | |
| 40 | 39 |
| 41 // Starts the process described by the input parameter command_line in a job | 40 // Starts the process described by the input parameter command_line in a job |
| 42 // with a restricted token. Also set the main thread of this newly created | 41 // with a restricted token. Also set the main thread of this newly created |
| 43 // process to impersonate a user with more rights so it can initialize | 42 // process to impersonate a user with more rights so it can initialize |
| 44 // correctly. | 43 // correctly. |
| 45 // | 44 // |
| 46 // Parameters: primary_level is the security level of the primary token. | 45 // Parameters: primary_level is the security level of the primary token. |
| 47 // impersonation_level is the security level of the impersonation token used | 46 // impersonation_level is the security level of the impersonation token used |
| 48 // to initialize the process. job_level is the security level of the job | 47 // to initialize the process. job_level is the security level of the job |
| 49 // object used to encapsulate the process. | 48 // object used to encapsulate the process. |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 92 // Hardens the integrity level policy on the current process. This is only | 91 // Hardens the integrity level policy on the current process. This is only |
| 93 // valid on Win 7 and above. Specifically it sets the policy to block read | 92 // valid on Win 7 and above. Specifically it sets the policy to block read |
| 94 // and execute so that a lower privileged process cannot open the token for | 93 // and execute so that a lower privileged process cannot open the token for |
| 95 // impersonate or duplicate permissions. This should limit potential security | 94 // impersonate or duplicate permissions. This should limit potential security |
| 96 // holes. | 95 // holes. |
| 97 DWORD HardenProcessIntegrityLevelPolicy(); | 96 DWORD HardenProcessIntegrityLevelPolicy(); |
| 98 | 97 |
| 99 } // namespace sandbox | 98 } // namespace sandbox |
| 100 | 99 |
| 101 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 100 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1231853005:
Revert of Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master