OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_ | |
6 #define SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_ | |
7 | |
8 #include <windows.h> | |
9 #include <stddef.h> | |
10 | |
11 #include "sandbox/win/src/security_level.h" | |
12 | |
13 namespace sandbox { | |
14 | |
15 // Sets the mitigation policy for the current process, ignoring any settings | |
16 // that are invalid for the current version of Windows. | |
17 bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags); | |
18 | |
19 // Returns the flags that must be enforced after startup for the current OS | |
20 // version. | |
21 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags); | |
22 | |
23 // Converts sandbox flags to the PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES | |
24 // policy flags used by UpdateProcThreadAttribute(). The size field varies | |
25 // between a 32-bit and a 64-bit type based on the exact build and version of | |
26 // Windows, so the returned size must be passed to UpdateProcThreadAttribute(). | |
27 void ConvertProcessMitigationsToPolicy(MitigationFlags flags, | |
28 DWORD64* policy_flags, | |
29 size_t* size); | |
30 | |
31 // Adds mitigations that need to be performed on the suspended target process | |
32 // before execution begins. | |
33 bool ApplyProcessMitigationsToSuspendedProcess(HANDLE process, | |
34 MitigationFlags flags); | |
35 | |
36 // Returns true if all the supplied flags can be set after a process starts. | |
37 bool CanSetProcessMitigationsPostStartup(MitigationFlags flags); | |
38 | |
39 // Returns true if all the supplied flags can be set before a process starts. | |
40 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags); | |
41 | |
42 } // namespace sandbox | |
43 | |
44 #endif // SANDBOX_SRC_WIN_PROCESS_MITIGATIONS_H_ | |
45 | |
OLD | NEW |