OLD | NEW |
| (Empty) |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef SANDBOX_SRC_JOB_H_ | |
6 #define SANDBOX_SRC_JOB_H_ | |
7 | |
8 #include <stddef.h> | |
9 | |
10 #include "base/macros.h" | |
11 #include "base/win/scoped_handle.h" | |
12 #include "sandbox/win/src/restricted_token_utils.h" | |
13 | |
14 namespace sandbox { | |
15 | |
16 // Handles the creation of job objects based on a security profile. | |
17 // Sample usage: | |
18 // Job job; | |
19 // job.Init(JOB_LOCKDOWN, NULL); //no job name | |
20 // job.AssignProcessToJob(process_handle); | |
21 class Job { | |
22 public: | |
23 Job(); | |
24 | |
25 ~Job(); | |
26 | |
27 // Initializes and creates the job object. The security of the job is based | |
28 // on the security_level parameter. | |
29 // job_name can be NULL if the job is unnamed. | |
30 // If the chosen profile has too many ui restrictions, you can disable some | |
31 // by specifying them in the ui_exceptions parameters. | |
32 // If the function succeeds, the return value is ERROR_SUCCESS. If the | |
33 // function fails, the return value is the win32 error code corresponding to | |
34 // the error. | |
35 DWORD Init(JobLevel security_level, | |
36 const wchar_t* job_name, | |
37 DWORD ui_exceptions, | |
38 size_t memory_limit); | |
39 | |
40 // Assigns the process referenced by process_handle to the job. | |
41 // If the function succeeds, the return value is ERROR_SUCCESS. If the | |
42 // function fails, the return value is the win32 error code corresponding to | |
43 // the error. | |
44 DWORD AssignProcessToJob(HANDLE process_handle); | |
45 | |
46 // Grants access to "handle" to the job. All processes in the job can | |
47 // subsequently recognize and use the handle. | |
48 // If the function succeeds, the return value is ERROR_SUCCESS. If the | |
49 // function fails, the return value is the win32 error code corresponding to | |
50 // the error. | |
51 DWORD UserHandleGrantAccess(HANDLE handle); | |
52 | |
53 // Revokes ownership to the job handle and returns it. | |
54 // If the object is not yet initialized, it returns an invalid handle. | |
55 base::win::ScopedHandle Take(); | |
56 | |
57 private: | |
58 // Handle to the job referenced by the object. | |
59 base::win::ScopedHandle job_handle_; | |
60 | |
61 DISALLOW_COPY_AND_ASSIGN(Job); | |
62 }; | |
63 | |
64 } // namespace sandbox | |
65 | |
66 | |
67 #endif // SANDBOX_SRC_JOB_H_ | |
OLD | NEW |