Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(369)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/sandbox_policy.h

Issue 2458: Use the new dll injection blocking api of the sandbox to block... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 12 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/render_process_host.cc ('k') | chrome/browser/sandbox_policy.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROME_BROWSER_SANDBOX_POLICY_H__ 5 #ifndef CHROME_BROWSER_SANDBOX_POLICY_H_
6 #define CHROME_BROWSER_SANDBOX_POLICY_H__ 6 #define CHROME_BROWSER_SANDBOX_POLICY_H_
7 7
8 #include <string> 8 #include <string>
9 #include "sandbox/src/sandbox.h" 9 #include "sandbox/src/sandbox.h"
10 #include "webkit/activex_shim/activex_shared.h" 10 #include "webkit/activex_shim/activex_shared.h"
11 11
12 // Adds the generic policy rules to a sandbox TargetPolicy. 12 // Adds the generic policy rules to a sandbox TargetPolicy.
13 bool AddGenericPolicy(sandbox::TargetPolicy* policy); 13 bool AddGenericPolicy(sandbox::TargetPolicy* policy);
14 14
15 // Adds policy rules for unloaded the known dlls that cause chrome to crash.
16 bool AddDllEvictionPolicy(sandbox::TargetPolicy* policy);
17
15 // Adds the custom policy rules for a given plugin. If dll is activex-shim, 18 // Adds the custom policy rules for a given plugin. If dll is activex-shim,
16 // then clsid is the clsid of ActiveX control. Otherwise clsid is ignored. 19 // then clsid is the clsid of ActiveX control. Otherwise clsid is ignored.
17 // |trusted_plugins| contains the comma separate list of plugins that should 20 // |trusted_plugins| contains the comma separate list of plugins that should
18 // not be sandboxed. The plugin in the list can be either the plugin dll name 21 // not be sandboxed. The plugin in the list can be either the plugin dll name
19 // of the class id if it's an ActiveX. 22 // of the class id if it's an ActiveX.
20 bool AddPolicyForPlugin(const std::wstring &plugin_dll, 23 bool AddPolicyForPlugin(const std::wstring &plugin_dll,
21 const std::string &activex_clsid, 24 const std::string &activex_clsid,
22 const std::wstring &trusted_plugins, 25 const std::wstring &trusted_plugins,
23 sandbox::TargetPolicy* policy); 26 sandbox::TargetPolicy* policy);
24 27
25 enum PluginPolicyCategory { 28 enum PluginPolicyCategory {
26 PLUGIN_GROUP_TRUSTED, 29 PLUGIN_GROUP_TRUSTED,
27 PLUGIN_GROUP_UNTRUSTED, 30 PLUGIN_GROUP_UNTRUSTED,
28 }; 31 };
29 32
30 // Returns the policy category for the plugin dll. 33 // Returns the policy category for the plugin dll.
31 PluginPolicyCategory GetPolicyCategoryForPlugin( 34 PluginPolicyCategory GetPolicyCategoryForPlugin(
32 const std::wstring& plugin_dll, 35 const std::wstring& plugin_dll,
33 const std::wstring& activex_clsid, 36 const std::wstring& activex_clsid,
34 const std::wstring& trusted_plugins); 37 const std::wstring& trusted_plugins);
35 38
36 // Creates a sandbox without any restriction. 39 // Creates a sandbox without any restriction.
37 bool ApplyPolicyForTrustedPlugin(sandbox::TargetPolicy* policy); 40 bool ApplyPolicyForTrustedPlugin(sandbox::TargetPolicy* policy);
38 41
39 // Creates a sandbox with the plugin running in a restricted environment. 42 // Creates a sandbox with the plugin running in a restricted environment.
40 // Only the "Users" and "Everyone" groups are enabled in the token. The User SID 43 // Only the "Users" and "Everyone" groups are enabled in the token. The User SID
41 // is disabled. 44 // is disabled.
42 bool ApplyPolicyForUntrustedPlugin(sandbox::TargetPolicy* policy); 45 bool ApplyPolicyForUntrustedPlugin(sandbox::TargetPolicy* policy);
43 46
44 #endif // CHROME_BROWSER_SANDBOX_POLICY_H__ 47 #endif // CHROME_BROWSER_SANDBOX_POLICY_H_
45 48
OLDNEW
« no previous file with comments | « chrome/browser/render_process_host.cc ('k') | chrome/browser/sandbox_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698