| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 // Return value: SBOX_ALL_OK if the setting succeeds and false otherwise. | 128 // Return value: SBOX_ALL_OK if the setting succeeds and false otherwise. |
| 129 // | 129 // |
| 130 // Note: JOB_OBJECT_XXXX constants are defined in winnt.h and documented at | 130 // Note: JOB_OBJECT_XXXX constants are defined in winnt.h and documented at |
| 131 // length in: | 131 // length in: |
| 132 // http://msdn2.microsoft.com/en-us/library/ms684152.aspx | 132 // http://msdn2.microsoft.com/en-us/library/ms684152.aspx |
| 133 // | 133 // |
| 134 // Note: the recommended level is JOB_RESTRICTED or JOB_LOCKDOWN. | 134 // Note: the recommended level is JOB_RESTRICTED or JOB_LOCKDOWN. |
| 135 virtual ResultCode SetJobLevel(JobLevel job_level, | 135 virtual ResultCode SetJobLevel(JobLevel job_level, |
| 136 uint32_t ui_exceptions) = 0; | 136 uint32_t ui_exceptions) = 0; |
| 137 | 137 |
| 138 // Returns the job level. |
| 139 virtual JobLevel GetJobLevel() const = 0; |
| 140 |
| 138 // Sets a hard limit on the size of the commit set for the sandboxed process. | 141 // Sets a hard limit on the size of the commit set for the sandboxed process. |
| 139 // If the limit is reached, the process will be terminated with | 142 // If the limit is reached, the process will be terminated with |
| 140 // SBOX_FATAL_MEMORY_EXCEEDED (7012). | 143 // SBOX_FATAL_MEMORY_EXCEEDED (7012). |
| 141 virtual ResultCode SetJobMemoryLimit(size_t memory_limit) = 0; | 144 virtual ResultCode SetJobMemoryLimit(size_t memory_limit) = 0; |
| 142 | 145 |
| 143 // Specifies the desktop on which the application is going to run. If the | 146 // Specifies the desktop on which the application is going to run. If the |
| 144 // desktop does not exist, it will be created. If alternate_winstation is | 147 // desktop does not exist, it will be created. If alternate_winstation is |
| 145 // set to true, the desktop will be created on an alternate window station. | 148 // set to true, the desktop will be created on an alternate window station. |
| 146 virtual ResultCode SetAlternateDesktop(bool alternate_winstation) = 0; | 149 virtual ResultCode SetAlternateDesktop(bool alternate_winstation) = 0; |
| 147 | 150 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 250 // Returns the handle which was actually shared with the target. This is | 253 // Returns the handle which was actually shared with the target. This is |
| 251 // achieved by duplicating the handle to ensure that it is inheritable by | 254 // achieved by duplicating the handle to ensure that it is inheritable by |
| 252 // the target. The caller should treat this as an opaque value. | 255 // the target. The caller should treat this as an opaque value. |
| 253 virtual void* AddHandleToShare(HANDLE handle) = 0; | 256 virtual void* AddHandleToShare(HANDLE handle) = 0; |
| 254 }; | 257 }; |
| 255 | 258 |
| 256 } // namespace sandbox | 259 } // namespace sandbox |
| 257 | 260 |
| 258 | 261 |
| 259 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 262 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1626623003:
[Win10 sandbox mitigations] Four new Win10 mitigations added. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master