| Index: sandbox/win/src/process_mitigations_win32k_policy.h
|
| diff --git a/sandbox/win/src/process_mitigations_win32k_policy.h b/sandbox/win/src/process_mitigations_win32k_policy.h
|
| index 32af16864505bf9fd2526ed073a4f4d9643b250a..bc39b99e348dcbf9565423b8f7baaaa81d0e3c77 100644
|
| --- a/sandbox/win/src/process_mitigations_win32k_policy.h
|
| +++ b/sandbox/win/src/process_mitigations_win32k_policy.h
|
| @@ -5,6 +5,7 @@
|
| #ifndef SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_
|
| #define SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_POLICY_H_
|
|
|
| +#include "base/strings/string16.h"
|
| #include "sandbox/win/src/crosscall_server.h"
|
| #include "sandbox/win/src/policy_low_level.h"
|
| #include "sandbox/win/src/sandbox_policy.h"
|
| @@ -13,6 +14,9 @@ namespace sandbox {
|
|
|
| enum EvalResult;
|
|
|
| +// A callback function type to get a function for testing.
|
| +typedef void* (*OverrideForTestFunction)(const char* name);
|
| +
|
| // This class centralizes most of the knowledge related to the process
|
| // mitigations Win32K lockdown policy.
|
| class ProcessMitigationsWin32KLockdownPolicy {
|
| @@ -25,6 +29,62 @@ class ProcessMitigationsWin32KLockdownPolicy {
|
| static bool GenerateRules(const wchar_t* name,
|
| TargetPolicy::Semantics semantics,
|
| LowLevelPolicy* policy);
|
| +
|
| + static uint32_t EnumDisplayMonitorsAction(const ClientInfo& client_info,
|
| + HMONITOR* monitor_list,
|
| + uint32_t monitor_list_size);
|
| + static BOOL GetMonitorInfoAction(const ClientInfo& client_info,
|
| + HMONITOR monitor,
|
| + MONITORINFO* monitor_info);
|
| +
|
| + static NTSTATUS GetSuggestedOPMProtectedOutputArraySizeAction(
|
| + const ClientInfo& client_info,
|
| + const base::string16& device_name,
|
| + uint32_t* suggested_array_size);
|
| +
|
| + static NTSTATUS CreateOPMProtectedOutputsAction(
|
| + const ClientInfo& client_info,
|
| + const base::string16& device_name,
|
| + HANDLE* protected_outputs,
|
| + uint32_t array_input_size,
|
| + uint32_t* array_output_size);
|
| +
|
| + static NTSTATUS GetCertificateSizeAction(const ClientInfo& client_info,
|
| + const base::string16& device_name,
|
| + uint32_t* cert_size);
|
| + static NTSTATUS GetCertificateAction(const ClientInfo& client_info,
|
| + const base::string16& device_name,
|
| + BYTE* cert_data,
|
| + uint32_t cert_size);
|
| + static NTSTATUS GetCertificateSizeByHandleAction(
|
| + const ClientInfo& client_info,
|
| + HANDLE protected_output,
|
| + uint32_t* cert_size);
|
| + static NTSTATUS GetCertificateByHandleAction(const ClientInfo& client_info,
|
| + HANDLE protected_output,
|
| + BYTE* cert_data,
|
| + uint32_t cert_size);
|
| + static NTSTATUS GetOPMRandomNumberAction(const ClientInfo& client_info,
|
| + HANDLE protected_output,
|
| + void* random_number);
|
| + static NTSTATUS SetOPMSigningKeyAndSequenceNumbersAction(
|
| + const ClientInfo& client_info,
|
| + HANDLE protected_output,
|
| + void* parameters);
|
| + static NTSTATUS ConfigureOPMProtectedOutputAction(
|
| + const ClientInfo& client_info,
|
| + HANDLE protected_output,
|
| + void* parameters_ptr);
|
| + static NTSTATUS GetOPMInformationAction(const ClientInfo& client_info,
|
| + HANDLE protected_output,
|
| + void* parameters_ptr,
|
| + void* requested_information_ptr);
|
| + static NTSTATUS DestroyOPMProtectedOutputAction(HANDLE protected_output);
|
| + static void SetOverrideForTestCallback(OverrideForTestFunction callback);
|
| + static OverrideForTestFunction GetOverrideForTestCallback();
|
| +
|
| + private:
|
| + static OverrideForTestFunction override_callback_;
|
| };
|
|
|
| } // namespace sandbox
|
|
|
Chromium Code Reviews
Issue 1856993003:
Implement sandbox hooks to forward OPM related GDI system calls. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master