OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_SRC_SECURITY_LEVEL_H_ | 5 #ifndef SANDBOX_SRC_SECURITY_LEVEL_H_ |
6 #define SANDBOX_SRC_SECURITY_LEVEL_H_ | 6 #define SANDBOX_SRC_SECURITY_LEVEL_H_ |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include <stdint.h> |
9 | 9 |
10 namespace sandbox { | 10 namespace sandbox { |
11 | 11 |
12 // List of all the integrity levels supported in the sandbox. This is used | 12 // List of all the integrity levels supported in the sandbox. This is used |
13 // only on Windows Vista. You can't set the integrity level of the process | 13 // only on Windows Vista. You can't set the integrity level of the process |
14 // in the sandbox to a level higher than yours. | 14 // in the sandbox to a level higher than yours. |
15 enum IntegrityLevel { | 15 enum IntegrityLevel { |
16 INTEGRITY_LEVEL_SYSTEM, | 16 INTEGRITY_LEVEL_SYSTEM, |
17 INTEGRITY_LEVEL_HIGH, | 17 INTEGRITY_LEVEL_HIGH, |
18 INTEGRITY_LEVEL_MEDIUM, | 18 INTEGRITY_LEVEL_MEDIUM, |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
131 | 131 |
132 // These flags correspond to various process-level mitigations (eg. ASLR and | 132 // These flags correspond to various process-level mitigations (eg. ASLR and |
133 // DEP). Most are implemented via UpdateProcThreadAttribute() plus flags for | 133 // DEP). Most are implemented via UpdateProcThreadAttribute() plus flags for |
134 // the PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY attribute argument; documented | 134 // the PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY attribute argument; documented |
135 // here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms686880 | 135 // here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms686880 |
136 // Some mitigations are implemented directly by the sandbox or emulated to | 136 // Some mitigations are implemented directly by the sandbox or emulated to |
137 // the greatest extent possible when not directly supported by the OS. | 137 // the greatest extent possible when not directly supported by the OS. |
138 // Flags that are unsupported for the target OS will be silently ignored. | 138 // Flags that are unsupported for the target OS will be silently ignored. |
139 // Flags that are invalid for their application (pre or post startup) will | 139 // Flags that are invalid for their application (pre or post startup) will |
140 // return SBOX_ERROR_BAD_PARAMS. | 140 // return SBOX_ERROR_BAD_PARAMS. |
141 typedef uint64 MitigationFlags; | 141 typedef uint64_t MitigationFlags; |
142 | 142 |
143 // Permanently enables DEP for the target process. Corresponds to | 143 // Permanently enables DEP for the target process. Corresponds to |
144 // PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE. | 144 // PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE. |
145 const MitigationFlags MITIGATION_DEP = 0x00000001; | 145 const MitigationFlags MITIGATION_DEP = 0x00000001; |
146 | 146 |
147 // Permanently Disables ATL thunk emulation when DEP is enabled. Valid | 147 // Permanently Disables ATL thunk emulation when DEP is enabled. Valid |
148 // only when MITIGATION_DEP is passed. Corresponds to not passing | 148 // only when MITIGATION_DEP is passed. Corresponds to not passing |
149 // PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE. | 149 // PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE. |
150 const MitigationFlags MITIGATION_DEP_NO_ATL_THUNK = 0x00000002; | 150 const MitigationFlags MITIGATION_DEP_NO_ATL_THUNK = 0x00000002; |
151 | 151 |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 const MitigationFlags MITIGATION_DLL_SEARCH_ORDER = 0x00000001ULL << 32; | 200 const MitigationFlags MITIGATION_DLL_SEARCH_ORDER = 0x00000001ULL << 32; |
201 | 201 |
202 // Changes the mandatory integrity level policy on the current process' token | 202 // Changes the mandatory integrity level policy on the current process' token |
203 // to enable no-read and no-execute up. This prevents a lower IL process from | 203 // to enable no-read and no-execute up. This prevents a lower IL process from |
204 // opening the process token for impersonate/duplicate/assignment. | 204 // opening the process token for impersonate/duplicate/assignment. |
205 const MitigationFlags MITIGATION_HARDEN_TOKEN_IL_POLICY = 0x00000001ULL << 33; | 205 const MitigationFlags MITIGATION_HARDEN_TOKEN_IL_POLICY = 0x00000001ULL << 33; |
206 | 206 |
207 } // namespace sandbox | 207 } // namespace sandbox |
208 | 208 |
209 #endif // SANDBOX_SRC_SECURITY_LEVEL_H_ | 209 #endif // SANDBOX_SRC_SECURITY_LEVEL_H_ |
OLD | NEW |