| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Sandbox is a sandbox library for windows processes. Use when you want a | 5 // Sandbox is a sandbox library for windows processes. Use when you want a |
| 6 // 'privileged' process and a 'locked down process' to interact with. | 6 // 'privileged' process and a 'locked down process' to interact with. |
| 7 // The privileged process is called the broker and it is started by external | 7 // The privileged process is called the broker and it is started by external |
| 8 // means (such as the user starting it). The 'sandboxed' process is called the | 8 // means (such as the user starting it). The 'sandboxed' process is called the |
| 9 // target and it is started by the broker. There can be many target processes | 9 // target and it is started by the broker. There can be many target processes |
| 10 // started by a single broker process. This library provides facilities | 10 // started by a single broker process. This library provides facilities |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 60 | 60 |
| 61 // Creates a new target (child process) in a suspended state. | 61 // Creates a new target (child process) in a suspended state. |
| 62 // Parameters: | 62 // Parameters: |
| 63 // exe_path: This is the full path to the target binary. This parameter | 63 // exe_path: This is the full path to the target binary. This parameter |
| 64 // can be null and in this case the exe path must be the first argument | 64 // can be null and in this case the exe path must be the first argument |
| 65 // of the command_line. | 65 // of the command_line. |
| 66 // command_line: The arguments to be passed as command line to the new | 66 // command_line: The arguments to be passed as command line to the new |
| 67 // process. This can be null if the exe_path parameter is not null. | 67 // process. This can be null if the exe_path parameter is not null. |
| 68 // policy: This is the pointer to the policy object for the sandbox to | 68 // policy: This is the pointer to the policy object for the sandbox to |
| 69 // be created. | 69 // be created. |
| 70 // last_warning: The argument will contain an indication on whether |
| 71 // the process security was initialized completely, Only set if the |
| 72 // process can be used without a serious compromise in security. |
| 73 // last_error: If an error or warning is returned from this method this |
| 74 // parameter will hold the last Win32 error value. |
| 70 // target: returns the resulting target process information such as process | 75 // target: returns the resulting target process information such as process |
| 71 // handle and PID just as if CreateProcess() had been called. The caller is | 76 // handle and PID just as if CreateProcess() had been called. The caller is |
| 72 // responsible for closing the handles returned in this structure. | 77 // responsible for closing the handles returned in this structure. |
| 73 // Returns: | 78 // Returns: |
| 74 // ALL_OK if successful. All other return values imply failure. | 79 // ALL_OK if successful. All other return values imply failure. |
| 75 virtual ResultCode SpawnTarget(const wchar_t* exe_path, | 80 virtual ResultCode SpawnTarget(const wchar_t* exe_path, |
| 76 const wchar_t* command_line, | 81 const wchar_t* command_line, |
| 77 TargetPolicy* policy, | 82 TargetPolicy* policy, |
| 83 ResultCode* last_warning, |
| 84 DWORD* last_error, |
| 78 PROCESS_INFORMATION* target) = 0; | 85 PROCESS_INFORMATION* target) = 0; |
| 79 | 86 |
| 80 // This call blocks (waits) for all the targets to terminate. | 87 // This call blocks (waits) for all the targets to terminate. |
| 81 // Returns: | 88 // Returns: |
| 82 // ALL_OK if successful. All other return values imply failure. | 89 // ALL_OK if successful. All other return values imply failure. |
| 83 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get | 90 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get |
| 84 // more information. | 91 // more information. |
| 85 virtual ResultCode WaitForAllTargets() = 0; | 92 virtual ResultCode WaitForAllTargets() = 0; |
| 86 }; | 93 }; |
| 87 | 94 |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 124 // Returns the ProcessState object. Through that object it's possible to have | 131 // Returns the ProcessState object. Through that object it's possible to have |
| 125 // information about the current state of the process, such as whether | 132 // information about the current state of the process, such as whether |
| 126 // LowerToken has been called or not. | 133 // LowerToken has been called or not. |
| 127 virtual ProcessState* GetState() = 0; | 134 virtual ProcessState* GetState() = 0; |
| 128 }; | 135 }; |
| 129 | 136 |
| 130 } // namespace sandbox | 137 } // namespace sandbox |
| 131 | 138 |
| 132 | 139 |
| 133 #endif // SANDBOX_WIN_SRC_SANDBOX_H_ | 140 #endif // SANDBOX_WIN_SRC_SANDBOX_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2130753002:
Made setting lowbox token a warning. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master