Chromium Code Reviews Chromium Code Reviews
Issue 1626623003:
[Win10 sandbox mitigations] Four new Win10 mitigations added. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_ | 5 #ifndef SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_ |
| 6 #define SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_ | 6 #define SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_ |
| 7 | 7 |
| 8 #include <windows.h> | 8 #include <windows.h> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 98 | 98 |
| 99 // Sets the timeout value for the child to run the command and return. | 99 // Sets the timeout value for the child to run the command and return. |
| 100 void SetTimeout(DWORD timeout_ms); | 100 void SetTimeout(DWORD timeout_ms); |
| 101 | 101 |
| 102 // Sets TestRunner to return without waiting for the process to exit. | 102 // Sets TestRunner to return without waiting for the process to exit. |
| 103 void SetAsynchronous(bool is_async) { is_async_ = is_async; } | 103 void SetAsynchronous(bool is_async) { is_async_ = is_async; } |
| 104 | 104 |
| 105 // Sets TestRunner to return without waiting for the process to exit. | 105 // Sets TestRunner to return without waiting for the process to exit. |
| 106 void SetUnsandboxed(bool is_no_sandbox) { no_sandbox_ = is_no_sandbox; } | 106 void SetUnsandboxed(bool is_no_sandbox) { no_sandbox_ = is_no_sandbox; } |
| 107 | 107 |
| 108 void SetDisableCsrss(bool disable_csrss) { disable_csrss_ = disable_csrss; } | |
|
Will Harris
2016/01/30 00:28:43
add comment
penny
2016/02/01 20:43:21
Done. Thanks.
| |
| 109 | |
| 108 // Sets the desired state for the test to run. | 110 // Sets the desired state for the test to run. |
| 109 void SetTestState(SboxTestsState desired_state); | 111 void SetTestState(SboxTestsState desired_state); |
| 110 | 112 |
| 111 // Sets a flag whether the process should be killed when the TestRunner is | 113 // Sets a flag whether the process should be killed when the TestRunner is |
| 112 // destroyed. | 114 // destroyed. |
| 113 void SetKillOnDestruction(bool value) { kill_on_destruction_ = value; } | 115 void SetKillOnDestruction(bool value) { kill_on_destruction_ = value; } |
| 114 | 116 |
| 115 // Returns the pointers to the policy object. It can be used to modify | 117 // Returns the pointers to the policy object. It can be used to modify |
| 116 // the policy manually. | 118 // the policy manually. |
| 117 TargetPolicy* GetPolicy(); | 119 TargetPolicy* GetPolicy(); |
| 118 | 120 |
| 119 BrokerServices* broker() { return broker_; } | 121 BrokerServices* broker() { return broker_; } |
| 120 | 122 |
| 121 // Returns the process handle for an asynchronous test. | 123 // Returns the process handle for an asynchronous test. |
| 122 HANDLE process() { return target_process_.Get(); } | 124 HANDLE process() { return target_process_.Get(); } |
| 123 | 125 |
| 124 // Returns the process ID for an asynchronous test. | 126 // Returns the process ID for an asynchronous test. |
| 125 DWORD process_id() { return target_process_id_; } | 127 DWORD process_id() { return target_process_id_; } |
| 126 | 128 |
| 127 private: | 129 private: |
| 128 // Initializes the data in the object. Sets is_init_ to tree if the | 130 // Initializes the data in the object. Sets is_init_ to tree if the |
| 129 // function succeeds. This is meant to be called from the constructor. | 131 // function succeeds. This is meant to be called from the constructor. |
| 130 void Init(JobLevel job_level, TokenLevel startup_token, | 132 void Init(JobLevel job_level, |
| 133 TokenLevel startup_token, | |
| 131 TokenLevel main_token); | 134 TokenLevel main_token); |
| 132 | 135 |
| 133 // The actual runner. | 136 // The actual runner. |
| 134 int InternalRunTest(const wchar_t* command); | 137 int InternalRunTest(const wchar_t* command); |
| 135 | 138 |
| 136 BrokerServices* broker_; | 139 BrokerServices* broker_; |
| 137 TargetPolicy* policy_; | 140 TargetPolicy* policy_; |
| 138 DWORD timeout_; | 141 DWORD timeout_; |
| 139 SboxTestsState state_; | 142 SboxTestsState state_; |
| 140 bool is_init_; | 143 bool is_init_; |
| 141 bool is_async_; | 144 bool is_async_; |
| 142 bool no_sandbox_; | 145 bool no_sandbox_; |
| 146 bool disable_csrss_; | |
| 143 bool kill_on_destruction_; | 147 bool kill_on_destruction_; |
| 144 base::win::ScopedHandle target_process_; | 148 base::win::ScopedHandle target_process_; |
| 145 DWORD target_process_id_; | 149 DWORD target_process_id_; |
| 146 }; | 150 }; |
| 147 | 151 |
| 148 // Returns the broker services. | 152 // Returns the broker services. |
| 149 BrokerServices* GetBroker(); | 153 BrokerServices* GetBroker(); |
| 150 | 154 |
| 151 // Constructs a full path to a file inside the system32 (or syswow64) folder. | 155 // Constructs a full path to a file inside the system32 (or syswow64) folder. |
| 152 base::string16 MakePathToSys(const wchar_t* name, bool is_obj_man_path); | 156 base::string16 MakePathToSys(const wchar_t* name, bool is_obj_man_path); |
| 153 | 157 |
| 154 // Runs the given test on the target process. | 158 // Runs the given test on the target process. |
| 155 int DispatchCall(int argc, wchar_t **argv); | 159 int DispatchCall(int argc, wchar_t **argv); |
| 156 | 160 |
| 157 } // namespace sandbox | 161 } // namespace sandbox |
| 158 | 162 |
| 159 #endif // SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_ | 163 #endif // SANDBOX_WIN_TESTS_COMMON_CONTROLLER_H_ |
| OLD | NEW |
