Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(47)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/sandbox_policy.h

Issue 1419483002: Windows sbox: Warmup locales before sandbox lockdown (and tests) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: use dynamically loaded function (2) Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« sandbox/win/src/lpc_policy_test.cc ('K') | « sandbox/win/src/lpc_policy_test.cc ('k') | sandbox/win/src/sandbox_types.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
73 // This setting is permanent and cannot be changed once the target process is 73 // This setting is permanent and cannot be changed once the target process is
74 // spawned. 74 // spawned.
75 // initial: the security level for the initial token. This is the token that 75 // initial: the security level for the initial token. This is the token that
76 // is used by the process from the creation of the process until the moment 76 // is used by the process from the creation of the process until the moment
77 // the process calls TargetServices::LowerToken() or the process calls 77 // the process calls TargetServices::LowerToken() or the process calls
78 // win32's RevertToSelf(). Once this happens the initial token is no longer 78 // win32's RevertToSelf(). Once this happens the initial token is no longer
79 // available and the lockdown token is in effect. Using an initial token is 79 // available and the lockdown token is in effect. Using an initial token is
80 // not compatible with AppContainer, see SetAppContainer. 80 // not compatible with AppContainer, see SetAppContainer.
81 // lockdown: the security level for the token that comes into force after the 81 // lockdown: the security level for the token that comes into force after the
82 // process calls TargetServices::LowerToken() or the process calls 82 // process calls TargetServices::LowerToken() or the process calls
83 // ReverToSelf(). See the explanation of each level in the TokenLevel 83 // RevertToSelf(). See the explanation of each level in the TokenLevel
84 // definition. 84 // definition.
85 // Return value: SBOX_ALL_OK if the setting succeeds and false otherwise. 85 // Return value: SBOX_ALL_OK if the setting succeeds and false otherwise.
86 // Returns false if the lockdown value is more permissive than the initial 86 // Returns false if the lockdown value is more permissive than the initial
87 // value. 87 // value.
88 // 88 //
89 // Important: most of the sandbox-provided security relies on this single 89 // Important: most of the sandbox-provided security relies on this single
90 // setting. The caller should strive to set the lockdown level as restricted 90 // setting. The caller should strive to set the lockdown level as restricted
91 // as possible. 91 // as possible.
92 virtual ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) = 0; 92 virtual ResultCode SetTokenLevel(TokenLevel initial, TokenLevel lockdown) = 0;
93 93
(...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after
247 // Returns the handle which was actually shared with the target. This is 247 // Returns the handle which was actually shared with the target. This is
248 // achieved by duplicating the handle to ensure that it is inheritable by 248 // achieved by duplicating the handle to ensure that it is inheritable by
249 // the target. The caller should treat this as an opaque value. 249 // the target. The caller should treat this as an opaque value.
250 virtual void* AddHandleToShare(HANDLE handle) = 0; 250 virtual void* AddHandleToShare(HANDLE handle) = 0;
251 }; 251 };
252 252
253 } // namespace sandbox 253 } // namespace sandbox
254 254
255 255
256 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 256 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
OLDNEW
« sandbox/win/src/lpc_policy_test.cc ('K') | « sandbox/win/src/lpc_policy_test.cc ('k') | sandbox/win/src/sandbox_types.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698