OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | |
6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | |
7 | |
8 #include <accctrl.h> | |
9 #include <windows.h> | |
10 | |
11 #include "base/win/scoped_handle.h" | |
12 #include "sandbox/win/src/restricted_token.h" | |
13 #include "sandbox/win/src/security_level.h" | |
14 | |
15 // Contains the utility functions to be able to create restricted tokens based | |
16 // on a security profiles. | |
17 | |
18 namespace sandbox { | |
19 | |
20 // The type of the token returned by the CreateNakedToken. | |
21 enum TokenType { | |
22 IMPERSONATION = 0, | |
23 PRIMARY | |
24 }; | |
25 | |
26 // Creates a restricted token based on the effective token of the current | |
27 // process. The parameter security_level determines how much the token is | |
28 // restricted. The token_type determines if the token will be used as a primary | |
29 // token or impersonation token. The integrity level of the token is set to | |
30 // |integrity level| on Vista only. | |
31 // |token| is the output value containing the handle of the newly created | |
32 // restricted token. | |
33 // |lockdown_default_dacl| indicates the token's default DACL should be locked | |
34 // down to restrict what other process can open kernel resources created while | |
35 // running under the token. | |
36 // If the function succeeds, the return value is ERROR_SUCCESS. If the | |
37 // function fails, the return value is the win32 error code corresponding to | |
38 // the error. | |
39 DWORD CreateRestrictedToken(TokenLevel security_level, | |
40 IntegrityLevel integrity_level, | |
41 TokenType token_type, | |
42 bool lockdown_default_dacl, | |
43 base::win::ScopedHandle* token); | |
44 | |
45 // Sets the integrity label on a object handle. | |
46 DWORD SetObjectIntegrityLabel(HANDLE handle, SE_OBJECT_TYPE type, | |
47 const wchar_t* ace_access, | |
48 const wchar_t* integrity_level_sid); | |
49 | |
50 // Sets the integrity level on a token. This is only valid on Vista. It returns | |
51 // without failing on XP. If the integrity level that you specify is greater | |
52 // than the current integrity level, the function will fail. | |
53 DWORD SetTokenIntegrityLevel(HANDLE token, IntegrityLevel integrity_level); | |
54 | |
55 // Returns the integrity level SDDL string associated with a given | |
56 // IntegrityLevel value. | |
57 const wchar_t* GetIntegrityLevelString(IntegrityLevel integrity_level); | |
58 | |
59 // Sets the integrity level on the current process on Vista. It returns without | |
60 // failing on XP. If the integrity level that you specify is greater than the | |
61 // current integrity level, the function will fail. | |
62 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); | |
63 | |
64 // Hardens the integrity level policy on a token. This is only valid on Win 7 | |
65 // and above. Specifically it sets the policy to block read and execute so | |
66 // that a lower privileged process cannot open the token for impersonate or | |
67 // duplicate permissions. This should limit potential security holes. | |
68 DWORD HardenTokenIntegrityLevelPolicy(HANDLE token); | |
69 | |
70 // Hardens the integrity level policy on the current process. This is only | |
71 // valid on Win 7 and above. Specifically it sets the policy to block read | |
72 // and execute so that a lower privileged process cannot open the token for | |
73 // impersonate or duplicate permissions. This should limit potential security | |
74 // holes. | |
75 DWORD HardenProcessIntegrityLevelPolicy(); | |
76 | |
77 } // namespace sandbox | |
78 | |
79 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | |
OLD | NEW |