| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Sandbox is a sandbox library for windows processes. Use when you want a | 5 // Sandbox is a sandbox library for windows processes. Use when you want a |
| 6 // 'privileged' process and a 'locked down process' to interact with. | 6 // 'privileged' process and a 'locked down process' to interact with. |
| 7 // The privileged process is called the broker and it is started by external | 7 // The privileged process is called the broker and it is started by external |
| 8 // means (such as the user starting it). The 'sandboxed' process is called the | 8 // means (such as the user starting it). The 'sandboxed' process is called the |
| 9 // target and it is started by the broker. There can be many target processes | 9 // target and it is started by the broker. There can be many target processes |
| 10 // started by a single broker process. This library provides facilities | 10 // started by a single broker process. This library provides facilities |
| 11 // for both the broker and the target. | 11 // for both the broker and the target. |
| 12 // | 12 // |
| 13 // The design rationale and relevant documents can be found at http://go/sbox. | 13 // The design rationale and relevant documents can be found at http://go/sbox. |
| 14 // | 14 // |
| 15 // Note: this header does not include the SandboxFactory definitions because | 15 // Note: this header does not include the SandboxFactory definitions because |
| 16 // there are cases where the Sandbox library is linked against the main .exe | 16 // there are cases where the Sandbox library is linked against the main .exe |
| 17 // while its API needs to be used in a DLL. | 17 // while its API needs to be used in a DLL. |
| 18 | 18 |
| 19 #ifndef SANDBOX_WIN_SRC_SANDBOX_H_ | 19 #ifndef SANDBOX_WIN_SRC_SANDBOX_H_ |
| 20 #define SANDBOX_WIN_SRC_SANDBOX_H_ | 20 #define SANDBOX_WIN_SRC_SANDBOX_H_ |
| 21 | 21 |
| 22 #include <windows.h> | 22 #include <windows.h> |
| 23 | 23 |
| 24 #include "base/memory/ref_counted.h" |
| 24 #include "sandbox/win/src/sandbox_policy.h" | 25 #include "sandbox/win/src/sandbox_policy.h" |
| 25 #include "sandbox/win/src/sandbox_types.h" | 26 #include "sandbox/win/src/sandbox_types.h" |
| 26 | 27 |
| 27 // sandbox: Google User-Land Application Sandbox | 28 // sandbox: Google User-Land Application Sandbox |
| 28 namespace sandbox { | 29 namespace sandbox { |
| 29 | 30 |
| 30 class BrokerServices; | 31 class BrokerServices; |
| 31 class ProcessState; | 32 class ProcessState; |
| 32 class TargetPolicy; | 33 class TargetPolicy; |
| 33 class TargetServices; | 34 class TargetServices; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 49 public: | 50 public: |
| 50 // Initializes the broker. Must be called before any other on this class. | 51 // Initializes the broker. Must be called before any other on this class. |
| 51 // returns ALL_OK if successful. All other return values imply failure. | 52 // returns ALL_OK if successful. All other return values imply failure. |
| 52 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get | 53 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get |
| 53 // more information. | 54 // more information. |
| 54 virtual ResultCode Init() = 0; | 55 virtual ResultCode Init() = 0; |
| 55 | 56 |
| 56 // Returns the interface pointer to a new, empty policy object. Use this | 57 // Returns the interface pointer to a new, empty policy object. Use this |
| 57 // interface to specify the sandbox policy for new processes created by | 58 // interface to specify the sandbox policy for new processes created by |
| 58 // SpawnTarget() | 59 // SpawnTarget() |
| 59 virtual TargetPolicy* CreatePolicy() = 0; | 60 virtual scoped_refptr<TargetPolicy> CreatePolicy() = 0; |
| 60 | 61 |
| 61 // Creates a new target (child process) in a suspended state. | 62 // Creates a new target (child process) in a suspended state. |
| 62 // Parameters: | 63 // Parameters: |
| 63 // exe_path: This is the full path to the target binary. This parameter | 64 // exe_path: This is the full path to the target binary. This parameter |
| 64 // can be null and in this case the exe path must be the first argument | 65 // can be null and in this case the exe path must be the first argument |
| 65 // of the command_line. | 66 // of the command_line. |
| 66 // command_line: The arguments to be passed as command line to the new | 67 // command_line: The arguments to be passed as command line to the new |
| 67 // process. This can be null if the exe_path parameter is not null. | 68 // process. This can be null if the exe_path parameter is not null. |
| 68 // policy: This is the pointer to the policy object for the sandbox to | 69 // policy: This is the pointer to the policy object for the sandbox to |
| 69 // be created. | 70 // be created. |
| 70 // last_warning: The argument will contain an indication on whether | 71 // last_warning: The argument will contain an indication on whether |
| 71 // the process security was initialized completely, Only set if the | 72 // the process security was initialized completely, Only set if the |
| 72 // process can be used without a serious compromise in security. | 73 // process can be used without a serious compromise in security. |
| 73 // last_error: If an error or warning is returned from this method this | 74 // last_error: If an error or warning is returned from this method this |
| 74 // parameter will hold the last Win32 error value. | 75 // parameter will hold the last Win32 error value. |
| 75 // target: returns the resulting target process information such as process | 76 // target: returns the resulting target process information such as process |
| 76 // handle and PID just as if CreateProcess() had been called. The caller is | 77 // handle and PID just as if CreateProcess() had been called. The caller is |
| 77 // responsible for closing the handles returned in this structure. | 78 // responsible for closing the handles returned in this structure. |
| 78 // Returns: | 79 // Returns: |
| 79 // ALL_OK if successful. All other return values imply failure. | 80 // ALL_OK if successful. All other return values imply failure. |
| 80 virtual ResultCode SpawnTarget(const wchar_t* exe_path, | 81 virtual ResultCode SpawnTarget(const wchar_t* exe_path, |
| 81 const wchar_t* command_line, | 82 const wchar_t* command_line, |
| 82 TargetPolicy* policy, | 83 scoped_refptr<TargetPolicy> policy, |
| 83 ResultCode* last_warning, | 84 ResultCode* last_warning, |
| 84 DWORD* last_error, | 85 DWORD* last_error, |
| 85 PROCESS_INFORMATION* target) = 0; | 86 PROCESS_INFORMATION* target) = 0; |
| 86 | 87 |
| 87 // This call blocks (waits) for all the targets to terminate. | 88 // This call blocks (waits) for all the targets to terminate. |
| 88 // Returns: | 89 // Returns: |
| 89 // ALL_OK if successful. All other return values imply failure. | 90 // ALL_OK if successful. All other return values imply failure. |
| 90 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get | 91 // If the return is ERROR_GENERIC, you can call ::GetLastError() to get |
| 91 // more information. | 92 // more information. |
| 92 virtual ResultCode WaitForAllTargets() = 0; | 93 virtual ResultCode WaitForAllTargets() = 0; |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 // Returns the ProcessState object. Through that object it's possible to have | 132 // Returns the ProcessState object. Through that object it's possible to have |
| 132 // information about the current state of the process, such as whether | 133 // information about the current state of the process, such as whether |
| 133 // LowerToken has been called or not. | 134 // LowerToken has been called or not. |
| 134 virtual ProcessState* GetState() = 0; | 135 virtual ProcessState* GetState() = 0; |
| 135 }; | 136 }; |
| 136 | 137 |
| 137 } // namespace sandbox | 138 } // namespace sandbox |
| 138 | 139 |
| 139 | 140 |
| 140 #endif // SANDBOX_WIN_SRC_SANDBOX_H_ | 141 #endif // SANDBOX_WIN_SRC_SANDBOX_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2316333003:
Fix sandbox::PolicyBase leak (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master