Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/sandbox_policy.h

Issue 1867223005: Removed old AppContainer support. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix clang warning and fix test. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/sandbox.h ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <stdint.h> 9 #include <stdint.h>
10 10
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after
166 // Returns the initial integrity level used. 166 // Returns the initial integrity level used.
167 virtual IntegrityLevel GetIntegrityLevel() const = 0; 167 virtual IntegrityLevel GetIntegrityLevel() const = 0;
168 168
169 // Sets the integrity level of the process in the sandbox. The integrity level 169 // Sets the integrity level of the process in the sandbox. The integrity level
170 // will not take effect before you call LowerToken. User Interface Privilege 170 // will not take effect before you call LowerToken. User Interface Privilege
171 // Isolation is not affected by this setting and will remain off for the 171 // Isolation is not affected by this setting and will remain off for the
172 // process in the sandbox. If the integrity level is set to a level higher 172 // process in the sandbox. If the integrity level is set to a level higher
173 // than the current level, the sandbox will fail to start. 173 // than the current level, the sandbox will fail to start.
174 virtual ResultCode SetDelayedIntegrityLevel(IntegrityLevel level) = 0; 174 virtual ResultCode SetDelayedIntegrityLevel(IntegrityLevel level) = 0;
175 175
176 // Sets the AppContainer to be used for the sandboxed process. Any capability
177 // to be enabled for the process should be added before this method is invoked
178 // (by calling SetCapability() as many times as needed).
179 // The desired AppContainer must be already installed on the system, otherwise
180 // launching the sandboxed process will fail. See BrokerServices for details
181 // about installing an AppContainer.
182 // Note that currently Windows restricts the use of impersonation within
183 // AppContainers, so this function is incompatible with the use of an initial
184 // token.
185 virtual ResultCode SetAppContainer(const wchar_t* sid) = 0;
186
187 // Sets a capability to be enabled for the sandboxed process' AppContainer. 176 // Sets a capability to be enabled for the sandboxed process' AppContainer.
188 virtual ResultCode SetCapability(const wchar_t* sid) = 0; 177 virtual ResultCode SetCapability(const wchar_t* sid) = 0;
189 178
190 // Sets the LowBox token for sandboxed process. This is mutually exclusive 179 // Sets the LowBox token for sandboxed process. This is mutually exclusive
191 // with SetAppContainer method. 180 // with SetAppContainer method.
192 virtual ResultCode SetLowBox(const wchar_t* sid) = 0; 181 virtual ResultCode SetLowBox(const wchar_t* sid) = 0;
193 182
194 // Sets the mitigations enabled when the process is created. Most of these 183 // Sets the mitigations enabled when the process is created. Most of these
195 // are implemented as attributes passed via STARTUPINFOEX. So they take 184 // are implemented as attributes passed via STARTUPINFOEX. So they take
196 // effect before any thread in the target executes. The declaration of 185 // effect before any thread in the target executes. The declaration of
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
258 // Locks down the default DACL of the created lockdown and initial tokens 247 // Locks down the default DACL of the created lockdown and initial tokens
259 // to restrict what other processes are allowed to access a process' kernel 248 // to restrict what other processes are allowed to access a process' kernel
260 // resources. 249 // resources.
261 virtual void SetLockdownDefaultDacl() = 0; 250 virtual void SetLockdownDefaultDacl() = 0;
262 }; 251 };
263 252
264 } // namespace sandbox 253 } // namespace sandbox
265 254
266 255
267 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ 256 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_
OLDNEW
« no previous file with comments | « sandbox/win/src/sandbox.h ('k') | sandbox/win/src/sandbox_policy_base.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698