| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
| 6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
| 7 | 7 |
| 8 #include <accctrl.h> | 8 #include <accctrl.h> |
| 9 #include <windows.h> | 9 #include <windows.h> |
| 10 | 10 |
| 11 #include "base/win/scoped_handle.h" |
| 11 #include "sandbox/win/src/restricted_token.h" | 12 #include "sandbox/win/src/restricted_token.h" |
| 12 #include "sandbox/win/src/security_level.h" | 13 #include "sandbox/win/src/security_level.h" |
| 13 | 14 |
| 14 // Contains the utility functions to be able to create restricted tokens based | 15 // Contains the utility functions to be able to create restricted tokens based |
| 15 // on a security profiles. | 16 // on a security profiles. |
| 16 | 17 |
| 17 namespace sandbox { | 18 namespace sandbox { |
| 18 | 19 |
| 19 // The type of the token returned by the CreateNakedToken. | 20 // The type of the token returned by the CreateNakedToken. |
| 20 enum TokenType { | 21 enum TokenType { |
| 21 IMPERSONATION = 0, | 22 IMPERSONATION = 0, |
| 22 PRIMARY | 23 PRIMARY |
| 23 }; | 24 }; |
| 24 | 25 |
| 25 // Creates a restricted token based on the effective token of the current | 26 // Creates a restricted token based on the effective token of the current |
| 26 // process. The parameter security_level determines how much the token is | 27 // process. The parameter security_level determines how much the token is |
| 27 // restricted. The token_type determines if the token will be used as a primary | 28 // restricted. The token_type determines if the token will be used as a primary |
| 28 // token or impersonation token. The integrity level of the token is set to | 29 // token or impersonation token. The integrity level of the token is set to |
| 29 // |integrity level| on Vista only. | 30 // |integrity level| on Vista only. |
| 30 // token_handle is the output value containing the handle of the | 31 // |token| is the output value containing the handle of the newly created |
| 31 // newly created restricted token. | 32 // restricted token. |
| 32 // If the function succeeds, the return value is ERROR_SUCCESS. If the | 33 // If the function succeeds, the return value is ERROR_SUCCESS. If the |
| 33 // function fails, the return value is the win32 error code corresponding to | 34 // function fails, the return value is the win32 error code corresponding to |
| 34 // the error. | 35 // the error. |
| 35 DWORD CreateRestrictedToken(HANDLE *token_handle, | 36 DWORD CreateRestrictedToken(TokenLevel security_level, |
| 36 TokenLevel security_level, | |
| 37 IntegrityLevel integrity_level, | 37 IntegrityLevel integrity_level, |
| 38 TokenType token_type); | 38 TokenType token_type, |
| 39 base::win::ScopedHandle* token); |
| 39 | 40 |
| 40 // Starts the process described by the input parameter command_line in a job | 41 // Starts the process described by the input parameter command_line in a job |
| 41 // with a restricted token. Also set the main thread of this newly created | 42 // with a restricted token. Also set the main thread of this newly created |
| 42 // process to impersonate a user with more rights so it can initialize | 43 // process to impersonate a user with more rights so it can initialize |
| 43 // correctly. | 44 // correctly. |
| 44 // | 45 // |
| 45 // Parameters: primary_level is the security level of the primary token. | 46 // Parameters: primary_level is the security level of the primary token. |
| 46 // impersonation_level is the security level of the impersonation token used | 47 // impersonation_level is the security level of the impersonation token used |
| 47 // to initialize the process. job_level is the security level of the job | 48 // to initialize the process. job_level is the security level of the job |
| 48 // object used to encapsulate the process. | 49 // object used to encapsulate the process. |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 91 // Hardens the integrity level policy on the current process. This is only | 92 // Hardens the integrity level policy on the current process. This is only |
| 92 // valid on Win 7 and above. Specifically it sets the policy to block read | 93 // valid on Win 7 and above. Specifically it sets the policy to block read |
| 93 // and execute so that a lower privileged process cannot open the token for | 94 // and execute so that a lower privileged process cannot open the token for |
| 94 // impersonate or duplicate permissions. This should limit potential security | 95 // impersonate or duplicate permissions. This should limit potential security |
| 95 // holes. | 96 // holes. |
| 96 DWORD HardenProcessIntegrityLevelPolicy(); | 97 DWORD HardenProcessIntegrityLevelPolicy(); |
| 97 | 98 |
| 98 } // namespace sandbox | 99 } // namespace sandbox |
| 99 | 100 |
| 100 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 101 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1232963002:
Sandbox: Make CreateRestrictedToken return a ScopedHandle. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master