OLD | NEW |
---|---|
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 5 #ifndef SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 6 #define SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
7 | 7 |
8 #include <accctrl.h> | 8 #include <accctrl.h> |
9 #include <windows.h> | 9 #include <windows.h> |
10 | 10 |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
75 | 75 |
76 // Returns the integrity level SDDL string associated with a given | 76 // Returns the integrity level SDDL string associated with a given |
77 // IntegrityLevel value. | 77 // IntegrityLevel value. |
78 const wchar_t* GetIntegrityLevelString(IntegrityLevel integrity_level); | 78 const wchar_t* GetIntegrityLevelString(IntegrityLevel integrity_level); |
79 | 79 |
80 // Sets the integrity level on the current process on Vista. It returns without | 80 // Sets the integrity level on the current process on Vista. It returns without |
81 // failing on XP. If the integrity level that you specify is greater than the | 81 // failing on XP. If the integrity level that you specify is greater than the |
82 // current integrity level, the function will fail. | 82 // current integrity level, the function will fail. |
83 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); | 83 DWORD SetProcessIntegrityLevel(IntegrityLevel integrity_level); |
84 | 84 |
85 // Hardens the integrity level policy on a token. This is only valid on Vista | |
cpu_(ooo_6.6-7.5)
2014/12/20 01:10:05
win7 in the comment.
| |
86 // and above. Specifically it sets the policy to block read and execute so | |
87 // that a lower privileged process cannot open the token for impersonate or | |
88 // duplicate permissions. This should limit potential security holes. | |
89 DWORD HardenTokenIntegrityLevelPolicy(HANDLE token); | |
90 | |
91 // Hardens the integrity level policy on the current process. This is only | |
92 // valid on Vista and above. Specifically it sets the policy to block read | |
cpu_(ooo_6.6-7.5)
2014/12/20 01:10:05
win7
| |
93 // and execute so that a lower privileged process cannot open the token for | |
94 // impersonate or duplicate permissions. This should limit potential security | |
95 // holes. | |
96 DWORD HardenProcessIntegrityLevelPolicy(); | |
97 | |
85 } // namespace sandbox | 98 } // namespace sandbox |
86 | 99 |
87 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ | 100 #endif // SANDBOX_SRC_RESTRICTED_TOKEN_UTILS_H__ |
OLD | NEW |