OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <stdint.h> | 9 #include <stdint.h> |
10 | 10 |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
43 // No other parameters besides the command line are | 43 // No other parameters besides the command line are |
44 // passed to the child process. | 44 // passed to the child process. |
45 PROCESS_ALL_EXEC, // Allows the creation of a process and return full | 45 PROCESS_ALL_EXEC, // Allows the creation of a process and return full |
46 // access on the returned handles. | 46 // access on the returned handles. |
47 // This flag can be used only when the main token of | 47 // This flag can be used only when the main token of |
48 // the sandboxed application is at least INTERACTIVE. | 48 // the sandboxed application is at least INTERACTIVE. |
49 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. | 49 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. |
50 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. | 50 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
51 REG_ALLOW_READONLY, // Allows readonly access to a registry key. | 51 REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
52 REG_ALLOW_ANY, // Allows read and write access to a registry key. | 52 REG_ALLOW_ANY, // Allows read and write access to a registry key. |
53 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can | 53 FAKE_USER_GDI_INIT, // Fakes user32 and gdi32 initialization. This can |
54 // be used to allow the DLLs to load and initialize | 54 // be used to allow the DLLs to load and initialize |
55 // even if the process cannot access that subsystem. | 55 // even if the process cannot access that subsystem. |
| 56 IMPLEMENT_OPM_APIS // Implements FAKE_USER_GDI_INIT and also exposes |
| 57 // IPC calls to handle Output Protection Manager |
| 58 // APIs. |
56 }; | 59 }; |
57 | 60 |
58 // Increments the reference count of this object. The reference count must | 61 // Increments the reference count of this object. The reference count must |
59 // be incremented if this interface is given to another component. | 62 // be incremented if this interface is given to another component. |
60 virtual void AddRef() = 0; | 63 virtual void AddRef() = 0; |
61 | 64 |
62 // Decrements the reference count of this object. When the reference count | 65 // Decrements the reference count of this object. When the reference count |
63 // is zero the object is automatically destroyed. | 66 // is zero the object is automatically destroyed. |
64 // Indicates that the caller is done with this interface. After calling | 67 // Indicates that the caller is done with this interface. After calling |
65 // release no other method should be called. | 68 // release no other method should be called. |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
237 const wchar_t* handle_name) = 0; | 240 const wchar_t* handle_name) = 0; |
238 | 241 |
239 // Adds a handle that will be shared with the target process. Does not take | 242 // Adds a handle that will be shared with the target process. Does not take |
240 // ownership of the handle. | 243 // ownership of the handle. |
241 virtual void AddHandleToShare(HANDLE handle) = 0; | 244 virtual void AddHandleToShare(HANDLE handle) = 0; |
242 | 245 |
243 // Locks down the default DACL of the created lockdown and initial tokens | 246 // Locks down the default DACL of the created lockdown and initial tokens |
244 // to restrict what other processes are allowed to access a process' kernel | 247 // to restrict what other processes are allowed to access a process' kernel |
245 // resources. | 248 // resources. |
246 virtual void SetLockdownDefaultDacl() = 0; | 249 virtual void SetLockdownDefaultDacl() = 0; |
| 250 |
| 251 // Enable OPM API redirection when in Win32k lockdown. |
| 252 virtual void SetEnableOPMRedirection() = 0; |
| 253 // Enable OPM API emulation when in Win32k lockdown. |
| 254 virtual bool GetEnableOPMRedirection() = 0; |
247 }; | 255 }; |
248 | 256 |
249 } // namespace sandbox | 257 } // namespace sandbox |
250 | 258 |
251 | 259 |
252 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 260 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
OLD | NEW |