Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/sandbox_policy.h

Issue 1856993003: Implement sandbox hooks to forward OPM related GDI system calls. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Removed header Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/process_mitigations_win32k_policy.cc ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <stdint.h> 9 #include <stdint.h>
10 10
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
43 // No other parameters besides the command line are 43 // No other parameters besides the command line are
44 // passed to the child process. 44 // passed to the child process.
45 PROCESS_ALL_EXEC, // Allows the creation of a process and return full 45 PROCESS_ALL_EXEC, // Allows the creation of a process and return full
46 // access on the returned handles. 46 // access on the returned handles.
47 // This flag can be used only when the main token of 47 // This flag can be used only when the main token of
48 // the sandboxed application is at least INTERACTIVE. 48 // the sandboxed application is at least INTERACTIVE.
49 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. 49 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access.
50 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. 50 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access.
51 REG_ALLOW_READONLY, // Allows readonly access to a registry key. 51 REG_ALLOW_READONLY, // Allows readonly access to a registry key.
52 REG_ALLOW_ANY, // Allows read and write access to a registry key. 52 REG_ALLOW_ANY, // Allows read and write access to a registry key.
53 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can 53 FAKE_USER_GDI_INIT, // Fakes user32 and gdi32 initialization. This can
54 // be used to allow the DLLs to load and initialize 54 // be used to allow the DLLs to load and initialize
55 // even if the process cannot access that subsystem. 55 // even if the process cannot access that subsystem.
56 IMPLEMENT_OPM_APIS // Implements FAKE_USER_GDI_INIT and also exposes
57 // IPC calls to handle Output Protection Manager
58 // APIs.
56 }; 59 };
57 60
58 // Increments the reference count of this object. The reference count must 61 // Increments the reference count of this object. The reference count must
59 // be incremented if this interface is given to another component. 62 // be incremented if this interface is given to another component.
60 virtual void AddRef() = 0; 63 virtual void AddRef() = 0;
61 64
62 // Decrements the reference count of this object. When the reference count 65 // Decrements the reference count of this object. When the reference count
63 // is zero the object is automatically destroyed. 66 // is zero the object is automatically destroyed.
64 // Indicates that the caller is done with this interface. After calling 67 // Indicates that the caller is done with this interface. After calling
65 // release no other method should be called. 68 // release no other method should be called.
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after
237 const wchar_t* handle_name) = 0; 240 const wchar_t* handle_name) = 0;
238 241
239 // Adds a handle that will be shared with the target process. Does not take 242 // Adds a handle that will be shared with the target process. Does not take
240 // ownership of the handle. 243 // ownership of the handle.
241 virtual void AddHandleToShare(HANDLE handle) = 0; 244 virtual void AddHandleToShare(HANDLE handle) = 0;
242 245
243 // Locks down the default DACL of the created lockdown and initial tokens 246 // Locks down the default DACL of the created lockdown and initial tokens
244 // to restrict what other processes are allowed to access a process' kernel 247 // to restrict what other processes are allowed to access a process' kernel
245 // resources. 248 // resources.
246 virtual void SetLockdownDefaultDacl() = 0; 249 virtual void SetLockdownDefaultDacl() = 0;
250
251 // Enable OPM API redirection when in Win32k lockdown.
252 virtual void SetEnableOPMRedirection() = 0;
253 // Enable OPM API emulation when in Win32k lockdown.
254 virtual bool GetEnableOPMRedirection() = 0;
247 }; 255 };
248 256
249 } // namespace sandbox 257 } // namespace sandbox
250 258
251 259
252 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 260 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
OLDNEW
« no previous file with comments | « sandbox/win/src/process_mitigations_win32k_policy.cc ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698